CodeLinja>_

Privacy Policy

Last updated: April 16, 2026

1) Who We Are

CodeLinja Oy (Business ID: 3562133-3) Helsinki, Finland Email: contact@codelinja.com

CodeLinja Oy is the controller of your personal data for the purposes described in this Privacy Policy.

2) Scope

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use the CodeLinja platform and related services.

3) Personal Data We Collect

We may collect the following categories of personal data:

  • Account data:

    name, email address, password hash.

  • Optional marketing contact data:

    mobile phone number (only if you choose to provide it and consent to SMS/phone marketing).

  • Learning and usage data:

    course enrollment, progress, activity logs, and support interactions.

  • Technical data:

    IP address, browser/device information, log data, cookie identifiers.

  • Payment and billing data:

    transaction and billing information from payment providers (we do not store full card details).

4) Purposes of Processing and Legal Bases (GDPR)

We process personal data for these purposes:

  • Account registration, authentication, and course access

    — performance of a contract (Article 6(1)(b)).

  • Payments, invoicing, accounting, and tax compliance

    — legal obligation (Article 6(1)(c)) and contract where applicable.

  • Security, fraud prevention, and service integrity

    — legitimate interest (Article 6(1)(f)).

  • Email marketing communications

    — consent (Article 6(1)(a)).

  • SMS/phone marketing communications

    — consent (Article 6(1)(a)).

  • Analytics and non-essential cookies

    — consent (Article 6(1)(a)).

Where processing is based on consent, you may withdraw consent at any time.

5) Marketing Consent

Marketing consent is:

  • optional,

  • separate from acceptance of Terms,

  • granular by channel (email and SMS/phone),

  • withdrawable at any time via account settings or by contacting us.

If you withdraw consent, we stop marketing for that channel and keep only minimal suppression data to honor your opt-out.

6) Cookies and Similar Technologies

We use a consent tool for non-essential cookies.

  • Strictly necessary cookies:

    always active.

  • Analytics cookies:

    only with consent.

  • Marketing cookies:

    only with consent.

You can change preferences at any time via our cookie settings.

7) Sharing of Personal Data

We do not sell personal data.

We may share personal data with trusted processors providing services such as:

  • hosting and cloud infrastructure,

  • payment processing,

  • email delivery,

  • CMS/content delivery,

  • analytics/monitoring,

  • customer support tools.

All processors are bound by data processing agreements and act on our instructions.

8) International Data Transfers

Data is primarily hosted in the EU/EEA where possible. If personal data is transferred outside the EU/EEA, we rely on appropriate safeguards, including:

  • adequacy decisions, or

  • Standard Contractual Clauses (SCCs), with supplementary measures where required.

India processing note: CodeLinja does not conduct routine marketing-data transfers to India. If India-based processing is introduced, we will implement applicable safeguards and update this Policy before such processing begins.

9) Data Retention

We keep personal data only as long as necessary:

  • Account data:

    deleted or anonymized within 30 days after account closure, unless legal retention applies.

  • Marketing preference/consent records:

    retained while relevant and up to 3 years after withdrawal for compliance evidence.

  • Suppression records:

    retained as needed to prevent unwanted marketing.

  • Transaction/tax records:

    retained for 7 years (or as required by law).

  • Backups:

    retained on a rolling cycle and deleted per backup schedule.

10) Your Rights

Under GDPR, you may have rights to:

  • access,

  • rectification,

  • erasure,

  • restriction,

  • objection,

  • data portability,

  • withdraw consent at any time,

  • lodge a complaint with a supervisory authority.

To exercise rights, contact: contact@codelinja.com We aim to respond within one month.

Supervisory authority in Finland: Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto), tietosuoja.fi.

11) Data Security

We implement appropriate technical and organizational measures, including encryption in transit, secure password hashing, access controls, and monitoring.

12) Children

Our services are not intended for individuals under 16 years old. We do not knowingly collect personal data from children under 16.

13) India DPDP Notice

Where applicable, processing involving India may also be subject to the Digital Personal Data Protection Act, 2023. CodeLinja acts as Data Fiduciary for such processing. For grievances related to personal data, contact: contact@codelinja.com. We will address requests within applicable legal timelines.

14) Changes to This Policy

We may update this Policy from time to time. For material changes, we will provide prominent notice and request fresh consent where legally required.

15) Contact

For privacy questions or requests: contact@codelinja.com