Effective date: [25 September 2025] • Last updated: [25 September 2025]
Controller: Lithuanian Innovation Centre (LIC)
Role: EdTech4BY implementing body
Address: Mokslininkų g. 2, LT-08412 Vilnius, Lithuamia
Email (privacy): lic@lic.lt
Phone: +370 5 235 61 16
This Privacy Notice explains how the EdTech4BY project processes personal data on the public website byedtech.eu (the “Website”) and within the EdTech4BY Learning Management System (the “LMS”), in line with the EU General Data Protection Regulation (GDPR).
Funding oversight: Central Project Management Agency (CPMA), Ministry of Finance of the Republic of Lithuania.
LIC may engage vetted providers (hosting, LMS, analytics, email, event tools) as Processors under GDPR Article 28, based on written data processing agreements.
We collect only what is necessary for defined purposes.
A) Website (byedtech.eu)
Contact forms / inquiries: name, email, message content (to respond and follow up).
Legal basis: Legitimate interests (Art. 6(1)(f)); Consent (Art. 6(1)(a)) where applicable.
Event / application forms: name, surname, email, phone, country of residence, organisation, role/position, areas of interest, motivation/fit, optional notes (to evaluate participation, communicate logistics, manage the programme).
Legal basis: Contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f)); Consent for optional communications.
Newsletter (optional): name, email, preferences (to send updates).
Legal basis: Consent (Art. 6(1)(a)); unsubscribe anytime.
Website usage data & cookies: IP, device/browser info, pages viewed, timestamps; essential and (if enabled) analytics/preference cookies (to ensure security and improve content).
Legal basis: Legitimate interests (security/metrics); Consent for non-essential cookies.
B) LMS
Account data: name, email, organisation, user role (learner/mentor/tutor/admin), optional profile fields/avatar (to create and administer accounts).
Legal basis: Contract (Art. 6(1)(b)).
Learning records: enrolments, progress, assessments, certificates/badges, forum posts/messages, feedback (to deliver training, verify completion, improve quality).
Legal basis: Contract; Legitimate interests for programme quality and reporting.
Support & security logs: helpdesk tickets, technical logs incl. IP/timestamps (to ensure availability, diagnose incidents, protect systems).
Legal basis: Legitimate interests; Legal obligation where applicable.
Surveys & evaluation (optional): programme feedback and impact (to improve services).
Legal basis: Consent or Legitimate interests with opt-out.
Special categories: We do not intentionally collect special category data (Art. 9). Please avoid submitting sensitive data unless explicitly requested with appropriate safeguards.
Directly from you: forms, LMS registration and use, support, surveys.
Automatically: system and security logs, essential cookies.
Partners/referrals: only where lawful and necessary for programme delivery (e.g., joint events).
LIC staff on a need-to-know basis to operate the Website/LMS and the programme.
Processors (e.g., cloud/LMS hosting, email tools, analytics, event platforms) under Article 28 contracts.
Funding/oversight bodies (e.g., CPMA) for required monitoring, reporting, auditing.
Public disclosures mandated by the funder (e.g., publishing lists of selected participants/beneficiaries) — we disclose only what’s required.
We do not sell personal data.
Processing is primarily within the EEA. If transfers outside the EEA occur (e.g., to a Processor), we use GDPR-compliant safeguards such as EU Standard Contractual Clauses (SCCs) and, where needed, transfer risk assessments and supplementary measures.
We keep data only as long as needed for the stated purposes or as required by law/funders, then delete or anonymise it.
| Category | Typical retention |
|---|---|
| Website inquiries | Up to 12 months after resolution |
| Event/applications | Programme duration + up to 5 years for audit/reporting (if required); otherwise up to 24 months |
| Newsletter data | Until withdrawal of consent or inactivity (e.g., 24 months) |
| LMS accounts & learning records | Programme duration + up to 5 years for verification/reporting; certificates may be retained longer if you request persistent verification |
| Security/technical logs | 6–24 months, depending on necessity |
| Financial/contractual records | As required by law (typically 5–10 years) |
Subject to conditions/exceptions, you may:
To exercise rights: lic@lic.lt
(we may verify identity).
Supervisory authority: State Data Protection Inspectorate (VDAI), Lithuania (or your local EU/EEA authority).
We use:
Essential cookies (strictly necessary for security, login/session, load balancing).
Analytics cookies (optional) to understand usage and improve content.
Preference cookies (optional) to remember choices (e.g., language).
Non-essential cookies load only with your consent via the Cookie Banner/Settings. You can also control cookies in your browser.
We apply appropriate technical and organisational measures: role-based access, least-privilege, encryption in transit (and at rest where feasible), backups, network protections, staff confidentiality, secure development/patching, vendor due diligence, and incident response. No system is perfectly secure, but we continuously improve controls.
If a personal data breach occurs, we assess impact, mitigate risks, and notify the supervisory authority within 72 hours where required. If there’s likely high risk to you, we will inform you without undue delay.
The Website and LMS are intended for adults and older students engaged in the programme. We do not knowingly collect data from children under 16 without required parental/guardian consent.
We may update this Notice. The effective date above shows the latest version. Material changes will be communicated via the Website/LMS or email where appropriate.
