1. Data Controller
The data controller for this website is:
- SIA TwinLadder
- Address: Riga, Latvia
- Email: privacy@twinladder.lv
- Website: twinladder.lv
TwinLadder (operated by SIA TwinLadder, registered in Latvia) is committed to protecting your privacy. This policy explains what data we collect, why, and how you can control it. We keep things straightforward — no legalese where plain language will do.
2. What We Collect
We collect only what is necessary to operate the site, deliver our services, and improve your experience.
Information you provide: - Email address — when you subscribe to our newsletter or create an account - Name and organization — when you register for a course or workshop - Assessment responses — when you use our AI readiness assessment tool - Contact form submissions — when you reach out to us directly
Information collected automatically: - Pages visited and time spent — to understand which content is useful - Browser type and device — to ensure the site works well for you - Referring URL — to understand how you found us - Cookie data — as described in section 4 below
3. Legal Basis for Processing
Under the General Data Protection Regulation (GDPR), we process your data on the following legal bases:
- Consent (Art. 6(1)(a)): When you subscribe to our newsletter, opt into analytics cookies, or submit a contact form. You can withdraw consent at any time.
- Legitimate interest (Art. 6(1)(f)): For essential website functionality, security, and improving our services. We balance our interests against your rights and freedoms.
- Contract performance (Art. 6(1)(b)): When you purchase a course or workshop, we process your data to deliver the service you paid for.
- Legal obligation (Art. 6(1)(c)): To comply with applicable laws and regulations.
4. Cookies
Cookies are small text files stored on your device when you visit a website. We use them sparingly and only where they serve a clear purpose. We do not use marketing or advertising cookies.
Essential Cookies — Required for the website to function. These cannot be disabled without breaking core functionality.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| `lc_locale` | Stores your preferred language (EN or LV) | 1 year | First-party |
| `sb-*-auth-token` | Authentication session — keeps you logged in | Session / 7 days | First-party |
| `__vercel_live_token` | Deployment preview authentication (development only) | Session | First-party |
Functional Cookies — Enhance your experience by remembering preferences and usage. The site works without these, but some features may be limited.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| `nl_read_count` | Tracks how many newsletter issues you have read — used to show or hide content prompts | 1 year | First-party |
| `nl_subscribed` | Remembers whether you have subscribed, so we do not show the signup prompt repeatedly | 1 year | First-party |
| `auth_gated` | Tracks whether you have accessed gated content (inline auth prompts) | 30 days | First-party |
Analytics Cookies — Help us understand how visitors use the site. All analytics data is aggregated — we do not build individual profiles.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| `_ga` / `_ga_*` | Google Analytics — page views, session duration, traffic sources | 2 years | Third-party (Google) |
5. How to Manage Cookies
You have full control over cookies on your device.
Browser settings: All modern browsers let you view, delete, and block cookies. Check your browser's privacy or security settings. Note that blocking essential cookies may prevent parts of the site from working.
Opt out of analytics: You can opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout).
Delete specific cookies: You can delete individual cookies through your browser's developer tools or settings. Functional cookies like nl_read_count and nl_subscribed can be safely removed — the site will simply reset those preferences.
6. How We Use Your Data
We use your personal data to:
- Deliver our newsletter and intelligence updates
- Respond to your inquiries and contact form submissions
- Provide access to our platform, courses, and workshops
- Improve our website content and navigation
- Ensure security and prevent misuse
- Comply with legal obligations
7. Data Retention
We retain your data only as long as it serves a clear purpose:
| Data | Retention period | Notes |
|---|---|---|
| Newsletter subscriptions | Until you unsubscribe | Every newsletter includes an unsubscribe link |
| Course enrollment data | Duration + 2 years | Required for CPD credit verification |
| Assessment results | 1 year from completion | You can request deletion at any time |
| Analytics data | 26 months | Aggregated, not individually identifiable |
| Cookie data | As specified above | Clear via your browser at any time |
8. Third-Party Services
We use a limited number of third-party services. Each has been chosen for its data protection practices:
| Service | Purpose | Data processed |
|---|---|---|
| **Vercel** | Website hosting and deployment | Server logs, IP addresses |
| **Supabase** | Database and authentication | Account data, session tokens |
| **Google Analytics** | Website usage analytics | Page views, session data, device info |
| **Resend** | Transactional email delivery | Email addresses, delivery metadata |
We do not sell your personal data to any third party.
9. International Data Transfers
Some of our third-party service providers operate outside the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, or adequacy decisions where applicable.
10. Your Rights
Under GDPR, you have the following rights regarding your personal data. We aim to respond to all requests within 30 days.
- Access: Request a copy of all personal data we hold about you
- Rectification: Ask us to correct any inaccurate or incomplete data
- Erasure: Request deletion of your personal data (the "right to be forgotten")
- Restriction: Ask us to limit how we process your data in certain circumstances
- Data portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest, including profiling
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing
To exercise any of these rights, contact us at privacy@twinladder.lv. We will respond within 30 days.
11. Data Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS/HTTPS), access controls, and regular security reviews. No system is perfectly secure, but we take reasonable steps to protect the data entrusted to us.
12. Children
Our services are designed for professionals and organizations. We do not knowingly collect data from anyone under 16. If you believe we have inadvertently collected data from a minor, please contact us immediately.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be announced on the website. The "last updated" date at the top of this page reflects the most recent revision.
14. Supervisory Authority
If you believe we have not handled your data correctly, you have the right to lodge a complaint with:
Datu valsts inspekcija (Data State Inspectorate) - Website: www.dvi.gov.lv - Email: info@dvi.gov.lv - Address: Elijas iela 17, Riga, LV-1050, Latvia
You may also contact your local supervisory authority if you are based outside Latvia.
15. Contact
For any privacy-related questions or to exercise your rights:
- Email: privacy@twinladder.lv
- Address: SIA TwinLadder, Riga, Latvia
We aim to respond within 30 days.