This Privacy Policy explains how Brainrocket Limited (“we”, “us”, or “our”) processes your personal data in connection with your engagement with Bro Academy, including activities such as submitting registration details through our website, participating in training programmes, receiving certification, and any other related interactions or services offered under the Bro Academy initiative.

The purpose of this Privacy Policy is to provide you with a clear explanation of what personal data we collect, why we collect it, how we use it, with whom we may share it, and the rights you have as a data subject under applicable data protection laws. We also describe the security measures we apply to protect your personal data and how long we retain it.

This Privacy Policy is specifically applicable to personal data processed in the context of the Bro Academy platform and forms part of Brainrocket Limited’s broader data protection framework. If you interact with other sections of our website or services unrelated to Bro Academy, please refer to our General Privacy Policy, which applies to the processing of personal data in those contexts.

Brainrocket Limited is a company established under the laws of Cyprus. In the context of Bro Academy, we determine why and how your personal data is processed. For this reason, we act as the Data Controller under applicable data protection laws.

Our processing is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR), Cyprus Law 125(I)/2018, and, where relevant, the Directive 2002/58/EC (ePrivacy Directive) on privacy in electronic communications.

We process your personal data for specific, lawful purposes in accordance with the General Data Protection Regulation (GDPR) and the Cypriot data protection law. The table below outlines the categories of data we collect, the reasons for processing, and the relevant legal bases:

We do not process your personal data for automated decision-making or profiling, nor do we collect sensitive (special category) data in the context of Bro Academy.

We primarily collect personal data directly from you when you complete forms on our website or communicate with us. In some cases, we may also receive information from internal referrals, affiliated companies, or recruitment partners, but only where relevant and lawful.

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to comply with legal obligations, resolve disputes, protect our legal interests, and enforce agreements.The determination of appropriate retention periods is based on several factors, including:
• The nature, sensitivity, and volume of the personal data;
• The purposes for which the data was collected and processed;
• The existence of any legal, regulatory, or contractual obligations that require us to retain the data;
• The potential risk of harm from unauthorised use or disclosure;
• Whether the data may be relevant to actual or potential legal claims.
When personal data is no longer required for any lawful purpose, we will either delete it securely or anonymise it so that it can no longer be linked to an identifiable individual.

We do not sell your personal data. However, in the course of providing Bro Academy services, we may share your personal data with selected third parties, but only where such disclosure is lawful, proportionate, and subject to appropriate safeguards. These third parties may include:

a. Service Providers and Processors
‍We may engage trusted third-party service providers to support the delivery of our services, such as:IT and infrastructure providers supporting our website and registration systems;Email communication and customer support/CRM platforms;Certification and learning management systems.b. Affiliated and Related EntitiesWe may share your personal data with affiliated companies, subsidiaries, or branch offices of Brainrocket Limited, where such sharing is necessary to support administrative, operational, or technical functions related to Bro Academy.
‍
‍c. Recruitment and Talent Teams (Where Applicable)
‍In cases where a Bro Academy participant is being considered for an internship or employment opportunity, relevant data may be shared with internal HR and recruitment teams to assess suitability and manage the recruitment process.

‍d. Public Authorities and Legal Obligations
‍We may disclose personal data to law enforcement agencies, courts, regulatory bodies, or other public authorities if we are legally required to do so or if such disclosure is necessary to comply with our legal obligations or to protect our rights or the rights of others.

‍e. Professional Advisors
‍Where appropriate, we may share data with external legal counsel, auditors, or other professional advisors subject to strict confidentiality obligations.

‍f. Business Transfers
‍In the context of a corporate transaction such as a merger, acquisition, or restructuring, we may disclose personal data to the relevant parties involved, provided such sharing is compliant with applicable data protection laws.All disclosures are made on a strict need-to-know basis, and we take reasonable steps to ensure that any party receiving your personal data provides sufficient guarantees of data protection and security.

Your personal data may be transferred to countries outside the European Economic Area (EEA) where our affiliates, service providers, or partners are located.Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries with an adequacy decision. These measures ensure your data is protected and your rights remain enforceable.If you would like more information about the specific transfer mechanisms we rely on or a copy of the applicable safeguards, you may contact us by sending an email to dpo@brainrocket.com.

As a data subject, you have the following rights under applicable data protection laws:
• Right to access – You can request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to rectification – You can ask us to correct inaccurate or incomplete personal data.Right to erasure – In certain cases, you may request that we delete your personal data (e.g., when it is no longer needed).
• Right to restrict processing – You can request a temporary suspension of processing under specific conditions.
• Right to object – You can object to processing where it is based on our legitimate interests or for direct marketing.
• Right to data portability – You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have it transferred to another controller.
• Right to withdraw consent – Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint – You may raise concerns with the Cyprus Commissioner for Personal Data Protection or another competent supervisory authority.

To exercise any of your rights, you may contact us by sending an email to dpo@brainrocket.com.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, or disclosure. These include access controls, encryption, secure servers, and internal policies on data handling.While we take reasonable steps to safeguard your data, no system is completely secure. We encourage you to contact us immediately if you believe your data has been compromised.

Our website uses cookies and similar technologies to improve functionality, enable essential features, and collect analytics about usage patterns.

Some cookies are necessary for the operation of the site and cannot be disabled. Others, such as those used for performance monitoring or user experience improvements, are only placed with your consent.

You can manage your cookie preferences at any time by using the cookie settings button available on our website. This allows you to accept or reject specific categories of cookies in accordance with your preferences.

The legal basis for setting non-essential cookies is your consent (Article 6(1)(a) GDPR), while essential cookies are used based on our legitimate interest in delivering a secure and functional website (Article 6(1)(f) GDPR).

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact us at:
‍
‍Brainrocket Limited
Email: dpo@brainrocket.com
‍Post: 4 Promitheos St., 1st floor, 1065, Nicosia, Cyprus

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Your continued use of Bro Academy services following any changes will constitute your acknowledgement of the updated Policy. We recommend that you check this page regularly to remain up to date with any changes.