Privacy Policy

2. Personal Data We Collect

We collect only the data that is reasonably necessary to respond to inquiries, operate the website, and improve our marketing and learning content. The categories below describe what we may collect depending on how you use the site and which cookie preferences you choose.

• Identity & contact details: name and email address (and, if you provide it in a message, other contact information).
• Form content: the information you type into forms, such as questions about the course, your preferred learning pace, or the sales channel you plan to use.
• Technical data: IP address, browser type, device type, operating system, and language settings.
• Usage data: pages viewed, time on page, referring URL, and click paths (for example, whether visitors read the Course Program page before submitting a form).
• Cookies & identifiers: identifiers stored in cookies or similar technologies (see Section 4) that help remember your cookie choices, measure traffic, or attribute conversions.
• Conversion events: events such as form submissions or button clicks used to understand whether content is useful and how people navigate the site.

We do not intentionally request special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers. Please do not include sensitive information in free-text fields.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only when we have a lawful basis. The legal basis depends on the activity and on your cookie choices.

• Responding to inquiries and providing course information: when you submit a form requesting registration details or contact us by email, we process your data to take steps at your request prior to entering into a contract (GDPR Art. 6(1)(b)) and, where applicable, based on your consent (GDPR Art. 6(1)(a)).
• Analytics: if you accept analytics cookies, we process usage data to understand how visitors use the site and how to improve content and navigation (GDPR Art. 6(1)(a) consent).
• Marketing and advertising measurement: if you accept marketing cookies, we may process identifiers and conversion events to measure advertising performance and build remarketing audiences (GDPR Art. 6(1)(a) consent).
• Security and fraud prevention: we process technical and usage data to protect the website, detect abuse, and maintain service reliability (GDPR Art. 6(1)(f) legitimate interests).
• Legal compliance: we may keep certain records when required by law or to defend legal claims (GDPR Art. 6(1)(c) legal obligation).

Automated Decision-Making (GDPR Art. 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event forwarding where relevant. Your cookie choices determine whether analytics and marketing technologies activate. Essential cookies are required to operate the site and remember your consent selections.

In addition to cookies, our advertising partners may use pixel tags (for example, Google tags or Meta Pixel) to receive event data such as page views or form submissions. Where server-side integrations are used, we may send limited event data (and, where applicable, hashed identifiers) to improve measurement. These integrations are activated only if you consent to the relevant category.

For more details, see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Consent is recorded in the cookie_consent browser cookie (12 months).

You may withdraw consent at any time using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We use a small set of vendors to help deliver the website, secure it, and (if you consent) measure performance and marketing. We do not sell personal data.

• Google LLC: Google Analytics 4, Google Ads measurement, Google Tag Manager, and remarketing features (if enabled by consent). Data may include cookie identifiers, usage data, conversions, and audience membership. See https://policies.google.com/privacy.
• Meta Platforms: Meta advertising measurement and remarketing (if enabled by consent). Data may include page views, conversions, cookie identifiers, and (where applicable) hashed identifiers. See https://www.facebook.com/privacy/policy.
• Cloudflare: content delivery and security services that may process IP addresses and device data for threat detection and performance. See https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us and operating their platforms as described in their policies.

7. International Transfers

Some of our service partners are located outside the EEA/UK (including the United States). Where personal data is transferred internationally, we rely on appropriate safeguards such as the EU–US Data Privacy Framework (and the UK Extension, where applicable), the Swiss–US Data Privacy Framework, and Standard Contractual Clauses (EU 2021/914) as a fallback. For the UK, we may also rely on the UK International Data Transfer Addendum (IDTA) as a fallback where relevant.

You can request further details about transfer safeguards by contacting us at [email protected].

8. Retention

We keep personal data only as long as necessary for the purposes described in this policy, unless a longer period is required by law.

• Contact submissions: up to 2 years from the last interaction.
• Email correspondence: for the duration of the relationship plus up to 1 year, unless longer retention is required for legal reasons.
• Server logs: typically up to 90 days, unless needed for security investigations.
• Analytics data: typically 14 months in GA4 settings (if analytics cookies are accepted).
• Marketing cookies: retained for the cookie lifetime (for example, 90 days for certain marketing cookies), unless cleared earlier.
• Cookie consent record: up to 3 years for audit purposes.
• Legal and tax records: retained as required by applicable law (often 6–10 years for invoicing and accounting records where applicable).

9. Your Rights (GDPR & UK GDPR)

If GDPR/UK GDPR applies to you, you may have the right to request access to your personal data, rectification, erasure, restriction of processing, data portability, and to object to processing. Where we rely on consent, you also have the right to withdraw consent at any time (GDPR Art. 7(3)).

• Access (Art. 15) to obtain a copy of your personal data.
• Rectification (Art. 16) to correct inaccurate or incomplete data.
• Erasure (Art. 17) in certain situations (also called the “right to be forgotten”).
• Restriction (Art. 18) to limit processing in certain circumstances.
• Portability (Art. 20) to receive certain data in a structured, commonly used format.
• Objection (Art. 21) to processing based on legitimate interests, and to direct marketing.

To exercise your rights, email [email protected]. We normally respond within 30 days, and this may be extended by up to 60 days for complex requests. We may ask for information to verify your identity.

You also have the right to lodge a complaint with a supervisory authority. Helpful starting points: https://edpb.europa.eu (EU) and https://ico.org.uk (UK).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own approaches to similar signals.

12. Data Deletion Requests

If you would like us to delete personal data associated with your email address, contact us at [email protected] with the subject line “Data Deletion Request”. We will complete deletion within 30 days after identity verification, except where limited retention is required by law or for the establishment, exercise, or defence of legal claims.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how your personal data is used, we will provide notice on the website.

14. California (CCPA/CPRA)

If you are a California resident, you may have rights regarding your personal information under the California Consumer Privacy Act as amended by the CPRA. In the past 12 months, we may have disclosed the following categories to service providers and advertising partners:

• Identifiers (such as name, email, IP address, cookie identifiers) for customer support, analytics (with consent), and advertising measurement (with consent).
• Internet or network activity (such as page views and interactions) for analytics and advertising measurement (with consent).
• Inferences (such as interests or preferences based on browsing) for advertising audiences (with consent).

We do not sell personal information as defined by the CCPA. We do share certain information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out by using our cookie preferences panel (via “Manage cookie preferences” in the footer).

Requests: email [email protected] with the subject “California Privacy Request”. We will verify your identity before responding. You may also use an authorised agent with written permission.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, or obtain a copy of your personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we deny your request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If a change is material, we will announce it on the website at least 14 days before it takes effect. Every update will be reflected by changing the “Last Updated” date at the top of this page.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

• Yelfvarin Education s.r.o.
• Zápasnická 881/4, Hostivař, 102 00 Prague, Czech Republic
• [email protected]