Last updated: 30 August 2022

Your privacy matters to us

For the purposes of this privacy policy (“Policy”), “Code First Girls” (and “we”, “us” and “our”) shall mean CODE FIRST GIRLS LTD. (trading as Code First Girls) (registered office at 10 Devonshire Square, London, EC2M 4YP, with register company number: 13792640 and Information commissioner’s office reference number: ZB353476) and its related affiliates and its or their partners, members, directors, officers and employees, as the context requires. Code First Girls is the controller of your personal data which is collected in accordance with this Policy.

We are committed to being transparent with you about the data we collect about you and how it is used and shared and this Policy aims to give you information on how we collect and process your personal data through your use of our website, including applying for a place on a coding course, joining our community, or applying to become an instructor.

1. Information we collect

1.1 Applying for a place on a coding course (Classes and MOOCs)

When applying for a place on one of our courses, you will first be asked to apply and register on our website via our application form run by Hubspot. If successful in your application, you will be given instructions to join our community platform “Arlo” or “LearnDash” to access content. You will be placed in a ‘Slack’ channel, an online community for communication and teamwork. If you do not want to be placed in a Slack channel please contact

1.2 Applying to join our community or respond to an opportunity 

As part of the registration process to join our community or apply for a Code First Girls opportunity, you will be asked to provide information about yourself. This information may include but is not limited to: name, phone number, email address, education status, university, date of birth, when you left school, what is your highest qualification, country of residence, nationality, your right to work in the UK, level of tech experience, what stage you are at in your career, what sectors you would like to hear about, reasons for applying,  and link to your LinkedIn profile (optional). We also collect information on diversity and inclusion information, such as gender, ethnicity, social mobility and neurodiversity. All diversity and inclusion information is anonymous and not used individually. We use this information grouped together to report on overall diversity and inclusion statistics. 

1.3 Applying for a place on the CFGdegree or +Masters

When applying for a place on the CFGdegree or +Masters programmes, you will be asked to share additional details such as your CV and questions such as details regarding your tech experience, motivations for applying and reasons for wanting to join a particular company. In some instances, our partner companies may require additional information to be collected relating to background checks, security and further right-to-work details. If successful in your application, you will be asked to complete a ‘technical assessment’ via “Typeform” or “LearnDash”, which if successful at that stage, will be followed by a video interview, via a platform such as “MyInterview”. Once these stages are completed, you may be asked to complete a company interview or further assessment, which will be managed by the company you have applied for.  If successful in your overall application and you are offered a place on the CFGdegree or +Masters, you will then be asked to register on our community platform “Arlo” or “LearnDash”. In addition, your details will be added to a ‘Slack’ channel, being an online community for communication and teamwork, which we will use to communicate with you about volunteering, freelancing and other community activities. If you do not want to be placed in a Slack channel please contact

1.4 Applying for a role as an Instructor

When applying to be one of our course instructors, you will first be asked to share your CV with us and undertake a telephone/online interview and a technical assessment check. If successful, you will then be asked to register on our community platform “Arlo” or “LearnDash” to be able to undertake the instructor role. In addition, your details will be added to a ‘Slack’ channel, being an online community for communication and teamwork, which we will use to communicate with you about volunteering, freelancing and other community activities.

1.5 Our clients and commercial partners

As part of the commercial work we do, Code First Girls collects information which helps us administer our work. This information may include name, email address, organisation, job title, phone number and communications.

1.7 Job applications to work as an employee of Code First Girls

If you apply for a position at Code First Girls, you will be asked to complete an application form on “Typeform” or “Bamboo HR”. You will be asked to submit your CV as well as share your name, email address, phone number and career history. Your application will be treated in strict confidence.

1.8 Other information 

Technical information, such as your Internet protocol (IP) addresses, may be considered “personal data” in certain jurisdictions, such as in the European Economic Area, and will be treated in accordance with this Policy. 

Our website does not automatically collect personal data. We use cookies (a “cookie” is a piece of information sent to your browser by a website you visit), you will be able to select which cookie information you accept or don’t accept when you first land on the Code First Girls website. 

2. How we use the information we collect

2.1 For course applications

We may contact you by email or text during and after the course to check your progress, address any attendance issues and send your course completion certificate. We also send you an invitation to join a Slack channel group with other learners on your course, so instructors can keep you informed of learning tips and other administrative matters relating to the course. As part of your course application, you are invited to sign up to our marketing communications on an opt-in basis. Your name and email address will be shared with course applicants via the Slack channel group, so as to foster a community of learners who can network with and support one another. If you do not wish to join the Slack channel group, please let the Code First Girls team know by emailing In such circumstances, we process your personal data for the performance of a contract with you. 

2.2 Code First Girls community surveys and career opportunities 

From time to time we may email you to ask you about your career progression and insights about your current position. We rely on responses to these surveys to demonstrate to our corporate sponsors and other interested parties our progress towards our mission of getting more women working in the tech sector. We may also contact you with invitations to our events and news of career opportunities with our partner organisations. The legal basis on which we collect and process your data is based on our legitimate interests to enable you to contribute to the mission of Code First Girls. A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by your own rights and interests.

2.3 Instructors and host organisations

If you become a course instructor, we will use the information you share with us to assess your suitability as a Code First Girls instructor. We may email you from time to time to inform you of changes to our course curricula, opportunities to apply to undertake paid work and to keep you up to date with Code First Girls activities. As part of your instructor application, you may be invited to sign up for our marketing communications for the community. If you decide to host courses as a company or university, we will use the information you share with us to correspond with you about the course hosting. We may email you from time to time to inform you of updates to our free course activities. In such circumstances, we process your personal data for the performance of a contract with you if you become an instructor and for our legitimate interests to promote our community to you.

2.4 Applications for jobs or volunteering roles

Personal data provided by you in connection with any job application or volunteering role will be used by Code First Girls to manage and process your application, and to communicate with you about other Code First Girls commercial, volunteer and community opportunities. In such circumstances, we process your personal data for the performance of a contract with you if you become an employee or volunteer and for our legitimate interests to promote our community to you.

2.5 Analysing the Code First Girls community 

As part of Code First Girls reporting, we will download data from Hubspot, Arlo and Typeform in order to conduct analytics about our community. This information is shared with Code First Girls for the purposes of processing your community membership or an opportunity request. The legal basis on which we collect and process your data is based on our legitimate interests to enable you to contribute to the mission of Code First Girls.

2.6 Marketing 

We do not sell your contact information. We may contact you to inform you of opportunities available to you as part of the Code First Girls community. We may use your personal data to contact you to tell you about products or services we believe may be of interest to you. You may opt-out of receiving emails by following the instructions contained in each promotional email we send you. In addition, if at any time you do not wish to receive future marketing communications, you may email us at If you unsubscribe from our marketing lists, you will no longer receive marketing communications but we will continue to contact you regarding the management of your account, as applicable, other administrative matters, and to respond to your requests.

2.7 Our legal obligations

We may process your data in order to comply with legal obligations and legal processes and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

2.8 Equality and Diversity

We may also collect sensitive data via an equality and diversity form we ask you to complete as part of your application for a role with us or attendance on one of our courses. All diversity and inclusion information is anonymous and not used individually, but grouped data to report on overall diversity and inclusion statistics. 

3. Disclosure of your data

3.1 Third parties

In certain circumstances (such as our CFGdegree and +Masters applications) we may request to share your data with third parties, as part of your application for a specific role within our partner organisations. 

3.1.1 Vendors and website providers: To assist us in meeting business operations needs and to perform certain services and functions, we may share personal data with vendors and service providers, including providers of hosting services, cloud services (such as Typeform, Arlo, Hubspot and Google Drive), and other information technology services providers, email communication software and email newsletter services, advertising and marketing services, payment processors and web analytics services. We only allow our service providers to handle your data if we are satisfied they take appropriate measures to protect your data. We also impose contractual obligations on service providers relating to ensure they can only use your data to provide services to us and you.

3.1.2 Legal requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of our website, courses and community, or the public, or (v) protect against legal liability. 

3.1.3 Business transfers: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your data and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that transaction along with other assets. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

3.2 Where your data is held

Information may be held at our offices, third-party agencies, service providers, representatives and agents as described above. Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your data when this occurs, see section 3.3 below.

3.3 Transferring your data out of the EEA

To deliver the website, course or community to you, it is sometimes necessary for us to share your data outside the EEA, for example, our service providers located outside the EEA. These transfers are subject to special rules under European and UK data protection laws. Some of these non-EEA countries may not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and that all personal data will be secure. Our standard practice is to use standard data protection contract clauses which have been approved by the European Commission. If you would like further information please email us at

4. Children

Our website, courses and community is not directed to children who are under the age of 16. We do not knowingly collect personal data from children under the age of 16. If you have reason to believe that a child under the age of 16 has provided personal data to us please email us at and we will endeavour to delete that information from our databases.

5. Third-party links

Our website may include links to third-party websites, plug-ins and applications. Please remember that when you use a link to go from our website to another website or you request a service from a third party, this Policy no longer applies. Please be aware that we are not responsible or liable for the privacy practices of other websites. We encourage you to be aware when you leave our website and to read the privacy policies of every website that collects personally identifiable information. This Policy applies solely to information collected by us on our website.

Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, are subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.

We encourage you to become familiar with the privacy practices of every website you visit or third-party service provider that you deal with and to contact them if you have any questions about their respective privacy policies and practices. This Policy applies solely to personal data collected by us through our website and does not apply to these third-party websites and third-party service providers.

6. Your rights

Data protection law provides you with the following rights, which you may be able to exercise free of charge:


The right to be provided with a copy of your data.


The right to require us to correct any mistakes in your data


The right to require us to delete your data—in certain situations.

Restriction of processing

The right to require us to restrict the processing of your data—in certain circumstances, e.g. if you contest the accuracy of the data.

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.

To object

The right to object: (i) at any time to your data being processed for direct marketing (including profiling); and (ii) in certain other situations to our continued processing of your data, e.g. processing carried out for our legitimate interests.

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

If you would like to exercise any of these rights, please email us at Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. 

If you have a complaint about how we handle your data, please get in touch with us at If you are unhappy about how a complaint has been handled, you have the right to refer your complaint to the Information Commissioner’s Office. 

7. Security

We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. From time to time we implement and update administrative, technical, and physical security measures to help protect your information against unauthorised access, loss, destruction, or alteration. We limit access to your data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

However, the Internet is not a 100% secure environment so we can’t guarantee the security of the transmission or storage of your information. In particular, emails sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the website or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on our website, or third-party websites.

8. Data retention 

We will retain your data for as long as necessary to provide our services to you and fulfil transactions you have requested, or for other purposes such as collecting longitudinal data about our community’s career progress. Because these needs can vary for different data types in the context of different products or services, actual retention periods can vary significantly. If you wish us to delete your data at any time, please email

9. Changes to this Policy 

We reserve the right to modify this Policy at any time by this provision. If we make changes to this Policy, we will post the revised Policy on the Code First Girls website and update the “Last Updated” date at the top of this Policy. By continuing to use our website or providing us with personal data after we have posted an updated Policy, or notified you by other means if applicable, you agree that you will be deemed to have agreed to be bound by the replacement policy. 

10. Contact 

If you have any questions or complaints about this Policy or our information handling practices, you may contact us at our correspondence address: 

Code First Girls

10 Devonshire Square, 

London, England 

You may also email us at