Privacy Policy

2. Personal Data We Collect

We collect personal data in a few predictable places: when you fill in a form on this website, when you browse pages, and when cookies are stored in your browser. The exact categories can differ depending on whether you only read pages or whether you submit a registration or contact request.

The categories of personal data we may collect include:

• Identity and contact data: name, email address, and (if you choose to share it) any other contact details included in your message.
• Form content: messages, questions, learning goals, team context, scheduling notes, and other details you type into form fields.
• Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location derived from IP (city/region level).
• Usage data: pages viewed, time spent, referrer page, click paths, and interactions with navigation, FAQ accordions, or consent controls.
• Cookies and identifiers: cookie IDs and consent records, as described in Section 4.
• Conversion events: whether you submitted a form and which page led to that submission (for example, a registration form submission event).

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government-issued identifiers through our standard forms. Please do not include such information in your message.

3. Why We Process Personal Data & Legal Basis

We process personal data only when we have a lawful basis. The lawful basis depends on the purpose of processing and whether cookies beyond essential operation are enabled. Where GDPR applies, the relevant legal bases include:

3.1 Contact and registration forms

When you submit your name and email (and any optional message), we use that information to respond to your request, provide course details, and coordinate next steps. The legal bases are:

• GDPR Art. 6(1)(b) (contract / pre-contract steps) when you request information or scheduling that could lead to course delivery.
• GDPR Art. 6(1)(a) (consent) where you explicitly consent to being contacted through the checkbox in the form.

3.2 Analytics

If you consent to analytics cookies, we may measure usage (for example, which pages are most read and where visitors stop). This helps us improve course explanations, module navigation, and clarity of educational material. The legal basis is GDPR Art. 6(1)(a) (consent).

3.3 Marketing and advertising measurement

If you consent to marketing cookies, we may measure ad performance and show more relevant educational messages to people who previously visited the website (remarketing). The legal basis is GDPR Art. 6(1)(a) (consent).

3.4 Security, abuse prevention, and service reliability

We process limited technical data (such as IP address and request metadata) to keep the website secure, detect malicious traffic, and maintain availability. The legal basis is GDPR Art. 6(1)(f) (legitimate interests), balanced against your rights and freedoms.

3.5 Legal obligations

If we must retain or disclose information to comply with legal obligations (for example, lawful requests, accounting obligations for invoicing where applicable, or dispute handling), the legal basis is GDPR Art. 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you under GDPR Art. 22.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and, where enabled, server-side conversion signals. Our cookie categories match the choices you can control via the cookie banner and the cookie preferences modal.

4.1 Essential cookies (always active)

Essential cookies are required for the website to function. They support basic session continuity and store your cookie choices. These cookies do not require consent.

• Examples: _site_session, cookie_consent, and CSRF-related cookies where applicable.
• Retention: session to 12 months depending on the cookie.

4.2 Analytics cookies (consent required)

Analytics cookies help us understand how visitors use the site. When enabled, we use Google Analytics 4 (GA4) with IP anonymization and a standard retention setting of 14 months for analytics data.

• Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Purpose: aggregated measurement such as page views, engagement, and navigation paths.

4.3 Marketing cookies (consent required)

Marketing cookies are used to measure advertising and, where enabled, to create remarketing audiences or lookalike audiences and to attribute conversions. Typical providers are Google Ads and Meta Platforms. These tools may process cookie IDs, device information, and event data (for example, a form submission) for ad measurement.

• Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when click ID is present).
• Purpose: conversion attribution, frequency measurement, and more relevant educational advertising messages.

4.4 Beyond cookies

Depending on consent, tracking can include pixel tags (for example, gtag.js for Google and Meta Pixel) and server-side signals such as Meta Conversion API or server-side Google Tag Manager. Where used, these systems may transmit event data and may use hashed identifiers (for example, hashed email) to improve matching. We do not attempt to identify you from browsing alone; identification typically occurs only when you submit a form.

5. Consent and Cookie Preferences (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie for 12 months.

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser settings. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We share data with service providers only as needed to operate the website, handle communications, and (where you consent) measure and improve our outreach. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie IDs, usage data, and conversion events. https://policies.google.com/privacy
• Meta Platforms (Pixel, Custom/Lookalike Audiences, Conversion API): page view events, conversion events, audience membership, and hashed identifiers where enabled. https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance optimization. https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes. They may process data as processors or as separate controllers depending on the tool and configuration. Where required, we rely on appropriate agreements and safeguards.

7. International Transfers

Some providers process data outside the EEA/UK, including in the United States. When we transfer personal data internationally, we use appropriate safeguards such as:

• EU-US Data Privacy Framework (DPF) as a primary safeguard where applicable (since July 2023).
• UK Extension to the DPF and Swiss-US DPF where relevant.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Agreement (IDTA) as a fallback mechanism.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer retention is required by law. Our typical retention periods are:

• Contact and registration submissions: up to 2 years from the last interaction.
• Analytics data: 14 months (standard GA4 retention setting).
• Marketing cookies: for the lifetime of the cookie (for example, 90 days) or until you withdraw consent.
• Email correspondence: the duration of the relationship plus 1 year where needed for continuity.
• Server logs: typically 90 days for security and troubleshooting.
• Cookie consent records: up to 3 years for audit purposes.
• Legal and tax: as required by applicable law (often 6–10 years for invoices and accounting records when applicable).

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies, you may have the right to:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction (Art. 18)
• Data portability (Art. 20)
• Object (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, we may extend the timeframe by up to 60 days as permitted by law.

Supervisory authority information:

• EU guidance: https://edpb.europa.eu
• UK ICO: https://ico.org.uk
• Czech authority (UOOU): https://www.uoou.cz
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) signals. Third-party providers may have their own approaches to DNT handling.

12. Data Deletion Requests

You can request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity before deleting data. We aim to complete verified requests within 30 days, except where we must retain limited data to comply with legal obligations.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). In the past 12 months, the categories of personal information we may collect include identifiers (name, email, IP, device IDs) and internet/network activity (usage data). We may share these categories with service providers and, if you consent to marketing cookies, with advertising partners for measurement and cross-context behavioral advertising.

We do not sell personal information as defined by CCPA. We do share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using the cookie preferences panel.

Rights may include: the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before fulfilling requests. Authorized agents must provide written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and opt-out of targeted advertising. We do not sell personal data, and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we deny a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, tools, or legal requirements. Material changes will be announced via a notice on the website at least 14 days before taking effect when feasible. The “Last Updated” date at the top of this page indicates when this policy was last revised.

18. Contact

If you have questions about privacy, data processing, or cookie choices, contact:

• Beqltriva Education s.r.o.
• Líšnice 309, 252 10 Líšnice, Czechia
• [email protected]