Privacy Policy

2. Personal Data We Collect

We collect only what we need to operate the website, respond to enquiries, and communicate about course registration and access. Depending on how you interact with the website, we may collect the following categories of data:

• Identity and contact data: name, email address, and (if you choose to provide it in your message) phone number or employer/store context.
• Form content: the text you submit in the contact form (for example, questions about the curriculum, onboarding use, or compliance topics).
• Technical data: IP address, browser type/version, device identifiers, operating system, and language settings.
• Usage data: pages you view, time spent on pages, navigation paths, referring page, and interaction events (for example, which page section you visited before submitting a form).
• Cookies and identifiers: cookies needed for site continuity and cookies used for analytics or marketing only when you consent. See Section 4 and our Cookie Policy.
• Conversion events: technical signals that a form was submitted or a thank-you page was reached (used for measurement when optional marketing/analytics tools are enabled by consent).

We do not intentionally collect special-category data (such as health information, religious beliefs, or political opinions). We do not request government ID numbers. We also do not collect payment card details on this website.

Please do not include sensitive personal information in your message. If you accidentally send such data, we will treat it with care and delete it where feasible, unless we need to keep it to respond to your request or meet legal requirements.

3. Why We Process Data & Legal Basis (GDPR Art. 6)

We process personal data for specific purposes, using the legal bases listed below. If you are in the EEA/UK, these references relate to GDPR/UK GDPR.

Contact and registration enquiries

• Purpose: to respond to your message, provide course details, and communicate about next steps for course access.
• Data: name, email, and message content.
• Legal basis: Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent, where you provide it via the consent checkbox).

Website operations, security, and fraud prevention

• Purpose: to keep the site stable, prevent abuse, and investigate suspicious activity.
• Data: IP address, device data, logs, and cookie consent state.
• Legal basis: Art. 6(1)(f) (legitimate interests in maintaining security and integrity).

Analytics (optional)

• Purpose: to understand how visitors use the website so we can improve clarity, navigation, and educational content.
• Legal basis: Art. 6(1)(a) (consent).

Marketing and advertising measurement (optional)

• Purpose: to measure ad performance, build remarketing audiences, and show relevant messages to people who have previously visited the site.
• Legal basis: Art. 6(1)(a) (consent).

Legal obligations

• Purpose: to comply with applicable legal obligations (for example, responding to lawful requests or retaining certain business records).
• Legal basis: Art. 6(1)(c) (legal obligation).

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use related technologies such as pixel tags and server-side measurement (where enabled), which can work alongside cookies to understand usage and measure conversions. You can read more detail in our Cookie Policy.

Essential cookies (always active)

Essential cookies are required for the site to function. These are set regardless of marketing or analytics preferences.

• _site_session (first-party): supports basic site continuity. Retention is typically session-based or up to 12 months depending on configuration.
• cookie_consent (first-party): stores your cookie preference selection. Retention: 12 months.
• CSRF / security tokens (first-party): may be used to protect forms from abuse. Retention: session-based.

Analytics cookies (consent required)

If you opt in, we may use Google Analytics 4 (GA4) to understand how the site is used. Where available, IP anonymization is applied. Typical cookies include _ga and _ga_XXXXXXXXXX. Data retention in GA4 is set to 14 months.

Marketing cookies (consent required)

If you opt in, we may enable marketing measurement tools (for example, Google Ads and Meta) to measure conversion events and create remarketing audiences. Typical cookies may include _gcl_au, _fbp, and _fbc.

Important: This website does not embed third-party tracking scripts by default. Optional analytics and marketing technologies are enabled only after you provide consent and only if the relevant scripts are later added by the site operator. Your cookie preference is respected through the consent state stored in your browser.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie for 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser settings. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

6. Sharing With Advertising & Service Partners

We share personal data only when needed to operate the site, respond to you, or measure performance where you have consented. Depending on the tools enabled, recipients may include:

• Google LLC (GA4, Google Ads, Tag Manager, remarketing): may receive cookie identifiers, usage events, and conversion signals when analytics/marketing consent is given. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): may receive page view and conversion signals and audience membership when marketing consent is given. Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare (CDN/security): may process IP addresses and request metadata for security, performance, and threat detection. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. Where these providers act as processors/service providers, they process data on our instructions. These providers may not use site data for their own independent commercial purposes.

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. Where applicable, transfers are handled using appropriate safeguards, such as the EU–US Data Privacy Framework (and the UK Extension to the DPF / Swiss–US DPF where relevant), and Standard Contractual Clauses (EU 2021/914) as a fallback, as well as the UK IDTA as a fallback for UK transfers.

We take steps to ensure that transferred data receives a level of protection consistent with applicable European data protection requirements.

8. Retention

We keep personal data for only as long as needed for the purpose it was collected for, unless longer retention is required by law. Typical retention periods:

• Contact and registration submissions: up to 2 years from the last interaction, to support follow-up and continuity of communication.
• Email correspondence: for the duration of the relationship and up to 1 year after the last message, unless a longer period is needed for resolving a dispute.
• Server logs: typically up to 90 days for security and troubleshooting.
• Analytics data: 14 months (where enabled by consent).
• Marketing cookies: per cookie lifetime (for example, 90 days for certain marketing cookies), where enabled by consent.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal/tax records: retained as required by applicable law (commonly 6–10 years for certain documents).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or UK, you may have the right to request:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)
• Withdraw consent (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We respond within 30 days, which may be extended by up to 60 days for complex requests.

Supervisory authority resources: EU guidance at https://edpb.europa.eu, and the UK ICO at https://ico.org.uk.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own approaches to DNT handling, as described in their privacy policies.

12. Data Deletion Requests

You may request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete verified requests within 30 days, unless we must keep certain data to comply with legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If the transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section applies to California residents when relevant. In the last 12 months, we may have collected the following categories: identifiers (such as name, email, IP address, cookie IDs), internet/network activity (pages viewed, interaction events), and inferences (interests/preferences derived from browsing activity, where marketing tools are enabled by consent).

We do not sell personal information as defined by CCPA. We may share data for cross-context behavioral advertising when you opt in to marketing cookies. California residents may opt out via the cookie preferences panel available through the footer “Manage cookie preferences” link.

Rights may include: right to know, right to delete, right to correct, right to opt out of sale/sharing, and right to non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your request. Authorized agents must provide proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, obtain a copy (portability), and opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we refuse a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. Unresolved concerns may be raised with the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a notice on the website at least 14 days before they take effect. The “Last Updated” date at the top of this page will reflect the most recent version.

18. Contact

If you have questions about this Privacy Policy or your personal data, contact:

Najverlox Education s.r.o.
Revoluční 1381
Poděbrady III, 290 01 Poděbrady, Czechia
Email: [email protected]
Phone: +420 325 611 482