GDPR / Legal

Data protection and privacy policy.

Data Controller

Asociatia CoderDojo Oradea, with registered office at Str. Ady Endre nr. 83, Sc. C, Ap. 16, Oradea, Bihor County, Romania.

Contact:

Data We Collect

When you register on this platform, we collect:

  • Username
  • Email address
  • Password (stored as a cryptographic hash, never in plain text)

Children and Parental Consent

Our programs serve children ages 7-17. For minors under 16 years of age, parental consent is collected on paper form at our physical location before participation in any program or registration on this platform, in accordance with Article 8 of GDPR.

Purpose of Processing

  • Account authentication and access control
  • Communication about programs and events
  • Competition team coordination (for authenticated members)

Legal Basis

We process your data based on your consent (provided at registration) and our legitimate interest in operating educational programs under Regulation (EU) 2016/679 (GDPR). For minors, processing is based on parental consent.

Data Retention

Account data is retained for the duration of your account. You may request deletion at any time by contacting us.

Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing

To exercise any of these rights, contact us at .

Cookies

This site uses only essential cookies required for authentication, session management, and language preference. We do not use tracking cookies or third-party analytics cookies.

Third-Party Services

This site loads resources from external Content Delivery Networks (CDNs) to provide functionality. When you visit our pages, your browser connects to these services, which may receive your IP address, browser type, and referring page:

  • cdnjs.cloudflare.com — Font Awesome icons (Cloudflare Privacy Policy)
  • cdn.jsdelivr.net — Bootstrap framework, KaTeX math rendering (jsDelivr Privacy Policy)
  • unpkg.com — HTMX library (unpkg)
  • cdn.plot.ly — Plotly.js charts, used only on authenticated dashboard pages
  • gravatar.com — User avatar images. An MD5 hash of the user's email address is sent to Automattic's Gravatar service to retrieve profile images. Users may opt out by uploading a custom avatar. (Automattic Privacy Policy)

No personal data beyond what is technically necessary for loading these resources is shared with these providers.

Data Security

We implement appropriate technical and organizational measures to protect your data, including encrypted password storage, HTTPS transport, Content Security Policy headers, and role-based access control.

Last updated: March 2026