Privacy Policy

itpmschool.com

Last Updated: March 23, 2026

1. Introduction

This Privacy Policy explains how Dmytro Nizhebetskyi IT Project Manager JDG, a sole proprietorship registered in Poland (“Dmytro Nizhebetskyi,” “we,” “us,” or “our”), collects, uses, stores, and protects your personal data when you use the itpmschool.com website and related services (the “Service”).

We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Polish Act on the Protection of Personal Data, and other applicable data protection legislation.

By using our Service, you acknowledge that you have read and understood this Privacy Policy. This Privacy Policy, together with our Terms of Service and Refund Policy, governs your use of the Service.

2. Data Controller

The data controller responsible for your personal data is:

Dmytro Nizhebetskyi IT Project Manager JDG

Email: dmytro@itpmschool.com

Website: itpmschool.com

If you have any questions about how we process your personal data, or wish to exercise your data subject rights, please contact us at dmytro@itpmschool.com.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you create an account, make a purchase, subscribe to our newsletter, or contact us, we may collect the following personal data: your name, email address, billing address, telephone number, account username, password, and any other information you voluntarily provide.

3.2 Data Collected Automatically

When you visit our Service, we automatically collect certain technical data, including: your IP address, browser type and version, operating system, referring URL, pages visited, time and date of your visit, time spent on pages, and other browsing statistics (“Log Data”).

3.3 Payment Data

When you make a purchase, payment data (such as credit card number and billing details) is processed directly by our third-party payment processors (Paddle, Stripe, PayPal). In accordance with PCI DSS compliance standards, we do not store full credit card numbers or security codes on our servers.

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data only when we have a lawful basis to do so. The legal bases we rely on include:

Contract Performance: Processing is necessary to perform our contract with you, such as providing access to courses, managing your account, and processing payments.
Consent: Where you have given us explicit consent, such as opting in to marketing emails or accepting non-essential cookies. You may withdraw consent at any time.
Legitimate Interests: Processing is necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights.
Legal Obligation: Processing is necessary to comply with a legal obligation, such as tax reporting or responding to lawful government requests.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

To provide, operate, and maintain the Service, including processing transactions and managing your account.
To communicate with you, including sending transactional emails, order confirmations, and responding to your inquiries.
To send marketing communications (newsletters, promotional materials) where you have given consent. You may opt out at any time using the unsubscribe link in any email.
To analyze usage of the Service and improve our products, content, and user experience.
To detect, prevent, and address fraud, security issues, and technical problems.
To comply with legal obligations, enforce our Terms of Service, and protect our rights.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

Account data (name, email, username, password): Retained for the duration of your account. Deleted within 30 days of your account deletion request.
Billing and transaction data: Retained for up to 5 years after the last transaction, in accordance with Polish tax and accounting obligations.
Log Data and analytics: Retained for up to 26 months.
Marketing consent records: Retained for as long as the consent is active, plus 3 years for compliance documentation.

When personal data is no longer required, we will securely delete or anonymize it using appropriate technical measures.

7. Cookies and Tracking Technologies

7.1 What Are Cookies

Cookies are small data files placed on your device when you visit a website. We use cookies and similar technologies to operate the Service, analyze usage, and improve your experience.

7.2 Types of Cookies We Use

Strictly Necessary Cookies: Essential for the Service to function (e.g., session management, login state). These cannot be disabled.
Analytics Cookies: Used to understand how visitors interact with the Service (e.g., Google Analytics). These are only set with your consent.
Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness. These are only set with your consent.

7.3 Cookie Consent

When you first visit our Service, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies. You can change your cookie preferences at any time through the cookie settings on our website.

You can also control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service.

7.4 Caching

The Service uses caching to improve page load times and user experience. Cache files are temporary and are not accessed by third parties except as necessary for technical support from the cache provider. We may use QUIC.cloud services for caching; their privacy policy is available at https://quic.cloud/privacy-policy/.

8. Third-Party Service Providers

We engage third-party companies and individuals to facilitate and improve the Service. These third parties have access only to the personal data necessary to perform their specific tasks and are contractually obligated to protect your data and not use it for other purposes.

8.1 Payment Processors

Paddle (https://www.paddle.com/legal/privacy): Processes payments for digital products sold through the Service.

Stripe (https://stripe.com/privacy): Processes credit card and other electronic payments.

PayPal (https://www.paypal.com/webapps/mpp/ua/privacy-full): Processes PayPal payments.

8.2 Course and Content Delivery

Podia (https://www.podia.com/privacy): Hosts and delivers digital courses and products.

8.3 Email and Marketing

ConvertKit / Kit (https://kit.com/privacy): Manages email marketing campaigns and subscriber lists.

8.4 Analytics

Google Analytics (https://policies.google.com/privacy): Collects and analyzes website usage data. We have enabled IP anonymization in Google Analytics.

8.5 Integrations

Make.com (https://www.make.com/en/privacy-notice): Provides automation and integration between our third-party service providers.

8.6 Invoicing

Quaderno (https://www.quaderno.io/privacy): Creates and manages invoices and tax compliance documentation.

8.7 AI-Powered Tools

MindPal (https://mindpal.space/privacy-policy): Provides AI agent and workflow capabilities used to deliver certain products and services. When you interact with MindPal-powered features, your input data may be processed by MindPal in accordance with their privacy policy.

9. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). When your personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

Transfers to countries that the European Commission has recognized as providing an adequate level of data protection (adequacy decisions).
Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually oblige the data recipient to protect your data.
Other legally recognized transfer mechanisms under GDPR Article 46.

By using the Service and submitting your personal data, you acknowledge that your data may be transferred internationally as described above.

10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete personal data.
Right to Erasure (“Right to Be Forgotten”): You may request deletion of your personal data, subject to legal retention requirements.
Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
Right to Data Portability: You may request a machine-readable copy of your personal data to transfer to another service provider.
Right to Object: You may object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Polish supervisory authority (Urząd Ochrony Danych Osobowych – UODO, https://uodo.gov.pl) or any other competent EU supervisory authority.

To exercise any of these rights, please contact us at dmytro@itpmschool.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

11. Marketing Communications

We may use your email address to send you newsletters, marketing materials, and other information that may be of interest to you, only where you have provided consent to receive such communications.

You may opt out of marketing communications at any time by following the unsubscribe link in any email, managing your preferences through your account settings, or contacting us directly. Opting out of marketing communications does not affect transactional emails (such as order confirmations and account notifications).

12. Children’s Privacy

The Service is not directed at anyone under the age of 16 (“Minor”). We do not knowingly collect personal data from Minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a Minor without verified parental consent, we will take steps to delete that data promptly.

13. Data Security

We are committed to protecting the security of your personal data and have implemented appropriate technical and organizational measures, including:

SSL/TLS encryption across the entire Service.
Compliance with PCI DSS standards for the secure handling of payment information.
Secure password storage with industry-standard hashing.
Access controls that restrict access to personal data based on membership level and role.

While we use commercially reasonable measures to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we will notify you and the relevant supervisory authority of any data breach in accordance with GDPR requirements.

14. Links to Third-Party Websites

The Service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third-party sites. We encourage you to read their privacy policies before providing any personal data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated Privacy Policy on this page and, where appropriate, by sending an email notification.

The “Last Updated” date at the top of this page indicates when the Privacy Policy was last revised. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy, or wish to exercise your data subject rights, please contact us: