D Day Leadership Academy (DLA) Privacy Policy
Last updated: December 21, 2025
Who we are
D Day Leadership Academy (DLA, “we,” “us”) operates leadership and historical education programs, including student scholarships, educator experiences, adult programming, and The Normandy Passage. We are responsible for your personal data when you visit our websites, donate, purchase merchandise, apply, enroll, participate in a program, or communicate with us.
Controller: D Day Leadership Academy
Address: 5856 S Lowell Blvd. #271 Littleton, CO 80123
Privacy email: privacy@ddayleadershipacademy.com
Scope
This policy covers personal data we collect through our websites and online forms, donations and payment flows, admissions and enrollment flows, electronic signatures, email and text messages, our customer relationship and operations systems, and on site program operations in the United States, France, and elsewhere. It does not cover third party sites or services we do not control.
What we collect
We collect only what we need for program delivery, safeguarding, operations, and communications. Identity and contact information may include your name, email, phone number, mailing address, emergency contact details, and your role or seat type where applicable. Program and operations information may include cohort choice, standards acknowledgments, signed program documents, logistics notes, and other information needed to coordinate your experience. Medical and fitness basics may include limited health or fitness confirmations and information necessary for safety or accommodations. We minimize collection and restrict access. Payment and billing information may include amounts paid, balance due, and refund status. Card numbers are handled by our payment processor and are not stored in full by DLA. Communications information may include your email or text preferences, messages you send us, consent logs, and support requests. Technical data may include IP address, device and browser information, and cookie or analytics data as described below. For participants aged fourteen to seventeen, we collect personal and medical information only with necessary parent or guardian consent.
Legal bases for processing
For visitors and participants in the European Economic Area or United Kingdom, we rely on the legal bases under the General Data Protection Regulation, including contract, legitimate interests, consent, legal obligation, and where applicable vital interests and special category data for limited health and safety needs.
How we use personal data
We use personal data to manage admissions and enrollment, process donations and payments, store electronic signature packets, coordinate safety and logistics, send operational and transactional messages, send program updates where you have agreed to receive them, maintain security and incident response records, and meet legal, accounting, and insurance obligations. We do not sell personal data.
Sharing and service providers
We share data only with trusted service providers and only for the purposes described in this policy, including payment processors, electronic signature providers, customer relationship and communications tools, hosting and IT providers, analytics services, and insurance, legal, and compliance advisers where needed. We may also share data with public authorities where law or safety requires it. Providers are under contracts that require appropriate data protection.
International transfers
If personal data is transferred outside the European Economic Area or United Kingdom, we rely on lawful safeguards such as adequacy decisions or standard contractual clauses. Copies of safeguards are available on request where required by law.
Cookies and analytics
Our sites use cookies and similar technologies. Necessary cookies support site operation, sessions, security, and fraud prevention and cannot be turned off in our systems. Analytics and functional cookies are used with your consent to understand how the site is used, fix issues, and improve performance. You can use our cookie banner to accept all, reject non essential cookies, or manage preferences, and you can adjust your browser settings.
Retention
We keep personal data only as long as needed for the purposes described above, then delete or anonymize it securely. Typical periods include admissions and consent records for approximately six years after program completion, financial records for seven to ten years in line with tax law, incident and safety logs for about six years or longer if required, and marketing preferences until you opt out or we remove the record after inactivity. A detailed retention and deletion schedule is maintained separately by DLA.
Security
We use administrative, technical, and physical safeguards such as role based access, encryption in transit, secure hosting, staff training, incident response procedures, and vendor diligence. No system is perfectly secure, but we act quickly on suspected breaches and follow legal notification duties.
Your rights
Depending on your location, you may have rights to access, correct, delete, restrict or object to certain processing, request transfer of your data, and withdraw consent where processing is based on consent. To exercise rights, contact us at privacy@ddayleadershipacademy.com. You can also lodge a complaint with your local data protection authority where applicable.
Marketing and texts
We send transactional messages about enrollment, payments, logistics, and safety as part of the service. Marketing emails or texts are sent only with your consent, and you can opt out at any time using the unsubscribe link or by replying STOP where supported. Carrier messaging and data rates may apply.
Children’s privacy
We do not market to children. Some participants may be aged fourteen to seventeen and attend with a parent or guardian. For minors, we collect only what is necessary for safety and delivery and we do so with parent or guardian consent.
Third party links
Our sites may link to external services such as airlines, museums, travel providers, donation processors, or social media. Their privacy practices govern those sites. We are not responsible for their content, security, or policies.
Changes to this policy
We may update this Privacy Policy to reflect changes in operations, law, or security practice. When we make material changes, we will post the new policy with a revised “Last updated” date and, where required, seek renewed consent.
Contact
Questions or requests about this policy or your personal data can be sent to privacy@ddayleadershipacademy.com.