Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how ardvexon (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website and when you contact us or register interest in our online course about communication skills and customer service in toy retail.

Data Controller: Ardvexon Education s.r.o., Za cihelnou 544, Černý Vůl, 252 62 Statenice, Czechia. You can reach us at [email protected].

This website is designed to provide educational information and training materials. It does not sell toys and does not provide commercial retail services.

2. Personal Data We Collect

We collect the minimum data needed to run the site, respond to messages, and provide course information. Depending on how you interact with the website, we may collect:

• Identity and contact data: name, email address, and (if you choose to provide it in a message) a phone number or workplace details.
• Form content: the text you write in the contact form, including any project details, training questions, or store context you include.
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location derived from IP (city-level).
• Usage data: pages viewed, time spent on pages, referrer URL, and click paths (for example, which navigation items were used).
• Cookies and identifiers: cookies needed for site function and your cookie preference choice, and (only if you consent) analytics and marketing identifiers described in Section 4.
• Conversion events: basic events related to form submissions and page views used to measure whether our pages and ads are working (only where consent applies).

We do not intentionally collect special-category data (such as health data, religious beliefs, or political opinions). Please do not include sensitive information in free-text form fields. We also do not request financial account details or government-issued identification.

3. Why We Process Data & Legal Basis (GDPR Art. 6)

We process personal data only where there is a lawful basis. Depending on the context, the legal basis under the GDPR (and UK GDPR where applicable) may be:

• Contact and registration forms: to respond to your request and provide course details (Art. 6(1)(b) contract or pre-contract steps), and where required for follow-up communication (Art. 6(1)(a) consent).
• Analytics (optional): to understand which pages are helpful and improve training content (Art. 6(1)(a) consent).
• Marketing/remarketing (optional): to measure advertising performance and show relevant messages to people who previously visited the site (Art. 6(1)(a) consent).
• Security and fraud prevention: to keep the website stable, prevent abuse, and investigate suspicious activity (Art. 6(1)(f) legitimate interests).
• Legal obligations: where we must comply with legal or regulatory requirements (Art. 6(1)(c)).

Automated decision-making (GDPR Art. 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects. If we use advertising audiences, they are used for measurement and reach, not for decisions about you as an individual.

4. Cookies & Tracking (Essential, Analytics, Marketing)

We use cookies and similar technologies (such as pixel tags) to operate the site and, if you consent, to measure and improve our content and advertising. Cookies are small text files stored on your device. Some cookies are first-party (set by our website) and some are third-party (set by partners like analytics and advertising providers).

Essential cookies (always active)

Essential cookies are required for the site to function and cannot be switched off via our cookie banner. Examples include:

• _site_session (session continuity)
• cookie_consent (stores your cookie preference choice for up to 12 months)
• Security-related cookies such as CSRF protection where applicable

Retention: session to 12 months depending on the cookie.

Analytics cookies (consent)

If you opt in, we may use Google Analytics 4 (GA4) with IP anonymization to understand how people use the site. Common cookies include _ga and _ga_XXXXXXXXXX. We use analytics to identify which pages help training teams most, which sections cause confusion, and which content is most practical for shop-floor use.

Data retention in GA4 is typically set to 14 months.

Marketing cookies (consent)

If you opt in, we may use marketing cookies for advertising measurement and remarketing, such as Google Ads conversion linking (_gcl_au) and Meta Pixel identifiers (_fbp, _fbc). These technologies help us understand whether an advertisement led to a visit or a form submission, and they allow the creation of remarketing and lookalike audiences.

Beyond cookies, some partners may use pixel tags and server-side event forwarding (for example, Meta Conversion API or server-side tag management). Where server-side measurement is used, identifiers may be hashed before transfer.

For more cookie-specific details, please read our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie and kept for up to 12 months.

You can withdraw consent at any time using the “Manage cookie preferences” link in the footer, or by clearing cookies in your browser. Withdrawal does not affect processing that was lawfully carried out before your withdrawal.

6. Sharing With Advertising & Service Partners

We use selected service providers to operate the site and, if you consent, to measure and improve our marketing. Depending on your cookie preferences, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy information: https://policies.google.com/privacy.
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, and audience membership based on identifiers when consent is given. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): IP-based threat detection and performance delivery. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. These providers process data as service partners to provide their services. We do not permit them to use site data for their own independent commercial purposes.

7. International Transfers

Some of our service partners may process data outside the EEA/UK (including in the United States). Where this occurs, transfers may rely on the EU-US Data Privacy Framework (including the UK Extension and Swiss-US DPF where relevant). If needed, we also rely on Standard Contractual Clauses (EU 2021/914) or the UK International Data Transfer Agreement (IDTA) as fallback safeguards.

8. Data Retention

We keep personal data only as long as needed for the purpose it was collected:

• Contact and registration submissions: up to 2 years from the last interaction.
• Email correspondence: for the relationship duration and up to 1 additional year.
• Analytics data: typically 14 months (where enabled by consent).
• Marketing cookies: per cookie lifetime (for example, 90 days for certain advertising identifiers), where enabled by consent.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit and compliance evidence.
• Legal and accounting: where required by law (often 6–10 years for invoice-related records, where applicable).

9. Your Rights (GDPR & UK GDPR)

Where GDPR or UK GDPR applies, you may have the right to:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. If a request is complex, we may extend by up to 60 additional days and will explain why.

Supervisory authority resources: https://edpb.europa.eu (EU), https://ico.org.uk (UK), https://www.cnil.fr (France), https://www.bfdi.bund.de (Germany), https://uodo.gov.pl (Poland), https://www.aepd.es (Spain).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own handling for DNT and similar settings.

12. Data Deletion Requests

To request deletion of your data, email us at [email protected] with the subject line “Data Deletion Request”. We may ask for additional information to verify your identity and locate your data. We aim to complete deletion within 30 days after verification, except where we must retain specific records to comply with legal obligations.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, reorganization, or insolvency, personal data may be transferred to a successor or affiliated entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights to know, delete, correct, and opt out of the sale or sharing of personal information. Over the past 12 months, we may have disclosed the following categories for business purposes:

• Identifiers (name, email, IP address, device identifiers) shared with service providers and, with consent, advertising partners.
• Internet or network activity (pages viewed, interactions) shared with analytics and advertising providers where enabled.
• Inferences (interests or preferences inferred from site interactions) used for advertising audiences when marketing cookies are enabled.

We do not sell personal information as defined by the CCPA. We may share data for cross-context behavioral advertising when you opt in to marketing cookies. You can opt out at any time using our cookie preferences panel.

To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your request before processing it. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, obtain a copy of your personal data, and opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will display a notice on the homepage at least 14 days before the change takes effect. The “Last Updated” date at the top of this page reflects the latest revision.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

• Legal entity: Ardvexon Education s.r.o.
• Address: Za cihelnou 544, Černý Vůl, 252 62 Statenice, Czechia
• Email: [email protected]