Privacy Policy – Young Global Leaders Programme

Version: 1.0.2 Last Updated: 13 May 2026 Effective Date: 13 May 2026

What you’ll find here, in plain language

Do you sell my data? No, never.

Who sees my data? Only the service providers we need to operate the Platform (Razorpay for payments, Vimeo for videos, Cloudflare for security, etc.) – under appropriate data protection safeguards.

Can I delete my data? Yes. Contact [email protected] and we will process your deletion request.

Will I get marketing e-mails? Only if you explicitly opt in – we plan to introduce an opt-in newsletter, but it is not active yet.

What about minors? The Platform is for adults. We do not target minors and do not engage in tracking, behavioural monitoring, or targeted advertising directed at minors.

Who do I contact with questions? [email protected]

Related Policies

This Privacy Policy works together with our Terms of Service and Cookie Policy. Together, these documents explain how the Platform operates and how your personal data is handled.

1. Who We Are

Data Controller: 2047.academy, a Swiss social enterprise Address: Rue de Zurich 36, CH-1201 Geneva, Switzerland General Privacy Contact: [email protected] Grievance Officer (India): Dr. Ernst von Kimakowitz – [email protected]

This Privacy Policy applies to all visitors and users of www.2047.academy and related services. We are committed to processing your personal data in accordance with applicable Indian and Swiss data protection law.

2. What Data We Collect and Why

We collect personal data only for specific, defined purposes. The table below sets out what we collect, why we collect it, on what basis, and how long we keep it.

Category of Data	Examples	Purpose	Legal Basis	Retention
Account Data	Name, e-mail, billing region, password (hashed)	Create and operate your account; deliver course access	Contract performance	Active account + 12 months after closure
Learning Data	Course enrollments, quiz responses, video progress (LearnDash), certificates	Provide the learning experience; track your progress; issue certificates	Contract performance	Active account + 12 months
User-Generated Content	Forum posts, quiz responses, project submissions, comments	Operate community features and educational activities within the Platform	Contract performance / your consent	Until you delete it or close your account
Transaction Data	Payment status, invoice records, billing region (we do not store card numbers or UPI credentials – these are handled by Razorpay)	Process enrollments; comply with accounting and tax obligations	Contract performance / legal obligation	10 years (accounting retention under Swiss law)
Communication Data	Support e-mails, grievance correspondence, your responses to our service messages, related metadata	Respond to your inquiries; handle complaints; document grievance resolution; send transactional and service communications (see Section 9)	Contract performance / legal obligation	3 years after last interaction
Technical Data	IP address, browser type, device identifiers, security logs	Protect the Platform against fraud and abuse; ensure availability and integrity	Legitimate operational interests permitted by law (see Section 5)	60–90 days
Cookies & Analytics Data	See our Cookie Policy for full details	Site functionality (strictly necessary); with consent: usage analytics	Consent (for non-essential cookies)	Up to 26 months for analytics; varies by cookie

We do not collect or process sensitive personal data (such as health data, biometric data, or financial credentials beyond payment status) in the ordinary course of operating the Platform.

Future processing. We plan to introduce an opt-in newsletter and educational marketing communications in the future. Should we launch such marketing communications, we will update this Privacy Policy before activation, notify existing users in advance, and rely exclusively on your explicit consent. Until then, we do not process personal data for marketing purposes.

3. Children and Minors

The Platform is intended for adult users. We do not actively target minors and discourage registration by individuals under 18. We rely on self-declaration during registration and currently do not operate a dedicated technical mechanism to verify parental consent for minors. Where we become aware that an account belongs to a minor without verified parental consent, we may suspend the account and delete the associated personal data.

Regardless of registration status, we do not engage in tracking, behavioural monitoring, or targeted advertising directed at minors.

Full details on age requirements and our approach to minors are set out in Section 1 of our Terms of Service.

4. Cookies and Tracking

We use cookies and similar technologies to operate the Platform, ensure security, and (with your consent) measure site usage. Strictly necessary cookies are loaded by default; analytics and similar non-essential cookies are placed only with your informed consent.

For full details, including categories of cookies, their duration, and how to manage your preferences, please see our Cookie Policy.

5. Legal Bases for Processing

We rely on the following legal bases for processing your personal data:

Contract performance – to provide the courses and services you have signed up for, including course access, progress tracking, community features, transactional and service communications, and customer support.
Legal obligation – where we are required by law to retain data (e.g., financial records under Swiss accounting law), to respond to lawful requests from authorities, or to comply with tax obligations.
Your consent – for non-essential cookies and analytics, future marketing communications, and any processing that goes beyond what is necessary for the contract.
Legitimate operational interests permitted by law – limited to security-related processing such as fraud prevention, abuse detection, and log retention for incident response, where applicable law permits such processing without separate consent.

For users in India: Where Indian data protection law requires explicit consent for specific processing activities, we rely on your consent rather than other legal bases.

6. Withdrawal of Consent

Where we process your personal data on the basis of consent, you have the right to withdraw that consent at any time. Withdrawal is as easy as giving consent:

Non-essential cookies: Reopen the consent banner via the “Manage Preferences” link in our Cookie Policy.
User-generated content and account deletion: You can request deletion of your forum posts, quiz responses, project submissions, or your entire account by contacting [email protected]. Where account self-deletion is technically available within your account settings, you may also use that option. We will confirm deletion within a reasonable timeframe.
Any other consent-based processing: Contact [email protected].

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. After withdrawal, we will stop the relevant processing and delete the associated data, unless we are required to retain it under applicable law.

7. Third-Party Service Providers and International Transfers

We work with carefully selected service providers to operate the Platform. Each provider processes personal data only on our instructions and under appropriate data protection safeguards (such as standard contractual clauses or recognised data privacy frameworks where applicable).

Service Provider	Purpose	Country / Region
Razorpay	Payment processing	India
StellarWP / Nexcess	Platform hosting	USA
SolidWP	Security and backups	USA
Google (Analytics, related services)	Web analytics (consent-based)	USA
Vimeo	Course video hosting and playback	USA
Cloudflare	Security, bot protection, content delivery	Global / USA
IONOS	DNS and e-mail services	Germany

Because we operate from Switzerland and serve learners primarily in India, your personal data may be transferred to and processed in countries outside your country of residence. We ensure that such transfers are subject to appropriate safeguards consistent with applicable data protection law.

We do not sell your personal data to third parties.

8. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

encrypted transmission (TLS/HTTPS) for all data exchanged with the Platform;
access controls limiting personal data to authorised personnel only;
regular backups via our security service provider;
continuous monitoring against fraud, abuse, and unauthorised access via Cloudflare and SolidWP;
staff awareness and confidentiality commitments regarding data protection.

No system is fully immune to risk. If a data breach occurs that is likely to result in a high risk to your rights, we will notify the competent authorities and affected individuals as required by applicable law (see Section 13).

9. Communications We Send You

We may send you the following types of communications. Each type has a different purpose and a different legal basis.

Transactional communications – essential messages directly related to your account or transactions, such as:

registration and login confirmations
password reset e-mails
payment receipts and invoices
refund confirmations
grievance acknowledgements

These messages are necessary to operate your account and fulfil our contract with you. They cannot be opted out of while you have an active account.

Service communications – operational and educational messages directly related to the courses or services you are using, such as:

course progress updates and learning reminders
new content or modules within courses you are enrolled in
scheduled maintenance, downtime, or technical updates
changes to our Terms of Service, Privacy Policy, or Cookie Policy
security alerts and important platform notices

These messages are part of providing the service you signed up for and are sent on the basis of our contractual relationship with you. While you have an active account, you cannot fully opt out of these messages, as they are essential to your safe and effective use of the Platform. However, you may always adjust notification preferences where such options are offered in your account settings.

Marketing communications – we plan to introduce optional marketing communications in the future, such as newsletters, course recommendations, and educational content beyond your enrolled courses. These will be sent only with your explicit, separate consent and can be withdrawn at any time via the unsubscribe link in every marketing message or by contacting [email protected]. We will update this Privacy Policy before activating marketing communications and notify existing users in advance.

Important: We will never disguise marketing as service communications. If a message is primarily promotional in nature, it will be treated as marketing and require your prior consent.

10. Data Retention

We retain personal data only as long as necessary for the purposes set out in Section 2 or as required by applicable law. Detailed retention periods are listed in the table in Section 2.

When the retention period ends, or when you exercise your right to deletion (Section 11), we will delete or anonymise the relevant data, unless we are legally required to retain it longer (for example, for accounting or tax purposes).

11. Your Rights

You have the following rights regarding your personal data. You can exercise any of these rights by contacting [email protected].

Right to Information – You can ask us for details about how we process your personal data, including the purposes, recipients, retention periods, and the legal basis we rely on.

Right to Access – You can request a copy of the personal data we hold about you.

Right to Correction – You can ask us to correct inaccurate or incomplete personal data.

Right to Deletion – You can ask us to delete your personal data, subject to any legal retention obligations we may have (e.g., financial records).

Right to Withdraw Consent – Where processing is based on your consent, you can withdraw it at any time (see Section 6).

Right to Restrict Processing – You can ask us to limit the processing of your personal data in certain circumstances (for example, while a correction request is being reviewed).

Right to Data Portability – You can request a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format.

Right to Object – You can object to processing that is based on our legitimate operational interests.

Right to Nominate (India) – If you are based in India, you may nominate another individual to exercise your rights under Indian data protection law in the event of your death or incapacity. Contact [email protected] to register a nomination.

Right to Lodge a Complaint – You can lodge a complaint with the competent supervisory authority (see Section 14).

Response times: We aim to respond to your request within 30 days (Switzerland) or within the timeframe required by Indian data protection law for users in India. In exceptional cases (e.g., complex requests requiring extensive review), we may extend this period and will inform you accordingly with reasons.

12. Automated Decision-Making

We do not engage in automated decision-making, including profiling, that produces legal effects concerning you or significantly affects you in a comparable manner.

13. Data Breach Notification

In the unlikely event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:

notify the competent supervisory authority (the Swiss Federal Data Protection and Information Commissioner and/or the Data Protection Board of India) as quickly as possible, in accordance with applicable law;
inform you directly where the breach is likely to result in a high risk to you personally, including a description of the breach, the data affected, and the measures we have taken or recommend;
document the breach internally for review and continuous improvement of our security measures.

14. Grievances and Complaints

Step 1 – Contact us directly. If you have any concern about how we process your personal data, please first contact:

General privacy inquiries: [email protected]
Grievance Officer (India): Dr. Ernst von Kimakowitz – [email protected]

We will acknowledge your complaint within 48 hours and aim to resolve it within one month.

Step 2 – Escalate to a supervisory authority. If you are not satisfied with our response, you have the right to lodge a complaint with:

Switzerland: The Swiss Federal Data Protection and Information Commissioner (FDPIC) – www.edoeb.admin.ch
India: The Data Protection Board of India (once operational) and/or the relevant Consumer Disputes Redressal Commission for consumer-related personal data matters
National Consumer Helpline (India): 1915 or consumerhelpline.gov.in

15. Changes to This Privacy Policy

Editorial changes (clarifications, typographical corrections, updates to contact details) may be made at any time and will be reflected in the version number and date below.

Material changes (changes to data categories, purposes, recipients, retention periods, your rights, the introduction of marketing communications, or substantive changes to the types of service communications we send) will be communicated via e-mail or a prominent notice on the Platform at least 14 days before taking effect. Where required by applicable law, we will request your explicit re-acceptance.

16. Contact and Language

2047 Academy Rue de Zurich 36, CH-1201 Geneva, Switzerland

Purpose	E-Mail
Privacy & Data Rights	[email protected]
Grievance Officer (India)	[email protected]
General Support	[email protected]

This Privacy Policy is provided in English. If you require this information in another language listed in the Eighth Schedule to the Constitution of India, please contact [email protected] and we will provide reasonable accommodation.