Privacy Policy

2. Personal Data We Collect

We collect personal data that you provide directly, data generated through your use of the site, and data stored or accessed via cookies (depending on your choices). The categories below describe what we may collect.

• Identity and contact data: first name, last name, email address. We request these when you use our registration form.
• Form content: your learning goals and any text you submit in the message field. This may include details about your store setup, merchandising questions, or training topics you want to cover.
• Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location derived from IP (city/region level).
• Usage data: pages viewed, time spent on pages, click paths, page referrer, and interactions with site elements.
• Cookies and identifiers: consent state and site session data; optional analytics and marketing identifiers if you allow those categories.
• Conversion events: events such as form submissions or other actions that indicate interest in our educational programme, measured in aggregate and (where consent is given) associated with cookie identifiers.

We do not intentionally collect special-category data (such as health data, political views, religious beliefs), financial account details, or government identification numbers through this website. Please avoid including such information in free-text fields.

3. Why We Process Personal Data & Legal Basis

We process personal data for clear, limited purposes tied to running an educational website and responding to registration enquiries. Where the GDPR (and related local laws) apply, we rely on the legal bases described below.

• Responding to registration enquiries (for example, sending course details and next steps): GDPR Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent), depending on the context.
• Operating and securing the website (preventing abuse, troubleshooting, maintaining availability): GDPR Art. 6(1)(f) (legitimate interests).
• Analytics (understanding which pages are useful, improving structure and content): GDPR Art. 6(1)(a) (consent), when you enable Analytics cookies.
• Marketing and remarketing (measuring ad performance and showing relevant ads): GDPR Art. 6(1)(a) (consent), when you enable Marketing cookies.
• Legal obligations (compliance with applicable laws, responding to lawful requests): GDPR Art. 6(1)(c) (legal obligation).

Automated decision-making and profiling: we do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals (GDPR Art. 22).

4. Cookies & Tracking

Cookies are small text files stored on your device. We also refer to similar technologies (for example, pixel tags and server-side event transmission) as “tracking” in this section. Your cookie preferences are controlled through our cookie banner and the “Manage cookie preferences” link in the footer.

Essential cookies (always active)

Essential cookies are required for the website to function. They maintain basic session continuity and store your consent preferences.

• _site_session: helps maintain site session continuity.
• cookie_consent: stores your cookie consent choice.

Retention: Essential cookies are retained for the duration of the session up to 12 months, depending on the cookie.

Analytics cookies (optional, consent required)

Analytics cookies help us understand how the site is used. When enabled, we may use Google Analytics 4 (GA4) with IP anonymization where supported by configuration and regional settings. Example analytics cookies include _ga and _ga_XXXXXXXXXX. Data retention is typically set to 14 months in GA4.

Marketing cookies (optional, consent required)

Marketing cookies are used to measure advertising performance and to show relevant ads. When enabled, we may use technologies associated with Google Ads and Meta advertising products. Example marketing cookies include _gcl_au, _fbp, and _fbc (where a click identifier is present).

Beyond cookies, some advertising systems can use pixel tags, and events may be transmitted server-to-server (for example, via Meta Conversion API or server-side tag management). Where applicable, identifiers may be hashed before transmission. These technologies only activate for analytics/marketing purposes when you give consent for the relevant category.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie for up to 12 months.

You may withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser settings. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We use a limited set of partners to operate the site and, where you consent, to measure and improve advertising. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion signals. Privacy policy: https://policies.google.com/privacy.
• Meta Platforms (Pixel, Custom/Lookalike Audiences, Conversion API): may receive page view and conversion event data, audience membership, and hashed identifiers where applicable. Privacy policy: https://www.facebook.com/privacy/policy.
• Cloudflare (content delivery and security): may process IP-based threat detection and performance data. Privacy policy: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes. They process data on our behalf to provide their services, subject to their contractual terms and privacy safeguards.

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. Where transfers occur, we rely on recognized safeguards such as the EU-US Data Privacy Framework (including the UK Extension where applicable) and, where needed, Standard Contractual Clauses (EU 2021/914) or UK IDTA-based mechanisms as a fallback.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer retention period is required by law.

• Registration submissions: up to 2 years from the last interaction, unless you request deletion sooner.
• Analytics data: typically 14 months in GA4 (where enabled by consent).
• Marketing cookies: retained according to cookie lifetimes (for example, 90 days for certain ad cookies), where enabled by consent.
• Email correspondence: retained for the duration of the relationship plus up to 1 year for continuity and audit.
• Server/security logs: typically 90 days, unless needed longer for incident investigation.
• Cookie consent records: up to 3 years for compliance auditing.
• Legal/tax: retained as required by applicable law (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights related to your personal data, including:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, contact us at [email protected]. We aim to respond within 30 days. For complex requests, we may extend by up to 60 days as permitted by law.

Supervisory authorities: EU guidance is available at https://edpb.europa.eu. UK guidance is available at https://ico.org.uk. You may also contact your local authority, such as https://www.cnil.fr (France), https://uodo.gov.pl (Poland), or https://www.aepd.es (Spain).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling and controls.

12. Data Deletion Requests

If you want your data deleted, email [email protected] with the subject line “Data Deletion Request”. We may ask for additional information to verify your identity before fulfilling the request. We aim to complete deletion within 30 days, unless we must retain certain records to comply with legal obligations.

13. Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section applies to California residents where the CCPA/CPRA applies.

Categories of personal information disclosed in the past 12 months may include: identifiers (name, email, IP address, device identifiers), internet or network activity (pages visited, interactions), and inferences (interests or preferences derived from usage data). These may be shared with service providers and, where you consent to marketing cookies, with advertising partners for cross-context behavioral advertising.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising; California residents may opt out via our cookie preferences panel.

Rights may include the right to know, delete, correct, and opt out of sale/sharing, as well as non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before processing. Authorized agents must provide written proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, obtain a copy of personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If a request is refused, you can appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a notice on the homepage at least 14 days before the updated policy takes effect. The “Last Updated” date at the top of this page is refreshed with every revision.

18. Contact

For questions, requests, or complaints related to privacy, contact:

fymntralo LLC
Sadová 79/7, Malšova Lhota, 500 09 Hradec Králové, Czechia
Email: [email protected]