Privacy Policy

1. Introduction and Controller Identity

The data controller for personal data processed through this website is Tirqelvox Learning Ltd, with its registered address at Družstevní 552, 533 03 Dašice, Czechia. For privacy questions, you can contact us at [email protected].

We operate an educational cooking website and training programme focused on home cooking skills, food preparation methods, kitchen organization, and recipe development. This Privacy Policy applies to information collected through our website pages, cookie preferences interface, and contact/registration forms.

2. Personal Data We Collect

We collect only the information needed to operate the site, respond to enquiries, and improve educational content. Depending on how you interact with the site, we may collect:

• Identity and contact data: your name and email address when you register interest or contact us.
• Form content: anything you choose to include in a message field on the Contact Form page (for example, what you want to learn, schedule preferences, or equipment questions).
• Technical data: IP address, browser type, device type, operating system, and language settings.
• Usage data: page views, time spent on pages, referral source, and click paths, where enabled by analytics consent.
• Cookies and identifiers: cookie choices stored in your browser and cookie identifiers used by analytics/marketing tools when you opt in.
• Conversion events: whether a form submission was completed, used to measure site performance and (when consented) advertising effectiveness.

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers through this site. Please do not include sensitive information in form messages.

3. Why We Process Personal Data and Legal Bases

We process personal data for clear, limited purposes. Where the GDPR applies, our legal bases under Article 6 are:

• Responding to registration and contact requests: to reply with course details, learning format, and next steps (Article 6(1)(b) contract and Article 6(1)(a) consent where required by local rules or where you provide optional information).
• Providing and maintaining the website: to deliver pages, protect availability, and prevent abuse (Article 6(1)(f) legitimate interests).
• Analytics: to understand how visitors use the site and improve lessons and navigation (Article 6(1)(a) consent).
• Marketing and remarketing: to measure advertising performance and show relevant content (Article 6(1)(a) consent).
• Security and fraud prevention: to detect malicious traffic and protect site integrity (Article 6(1)(f) legitimate interests).
• Legal compliance: to comply with applicable laws and respond to lawful requests (Article 6(1)(c) legal obligation).

Automated Decision-Making (GDPR Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

4. Cookies and Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and, in some cases, server-side event forwarding. Our cookie categories match our Cookie Policy at /cookie-policy/.

Essential cookies (always active)

Essential cookies support core functions such as session continuity and storing your cookie choices. These do not require consent because the site cannot function properly without them. Examples include _site_session and cookie_consent. Retention ranges from session to 12 months, depending on the cookie.

Analytics cookies (opt-in)

When you opt in to analytics, we may use Google Analytics 4 (GA4) to understand page usage and improve content. Analytics cookies may include _ga and _ga_XXXXXXXXXX. We configure analytics to reduce data where possible (for example, IP anonymization where supported). Analytics reporting retention is typically 14 months.

Marketing cookies (opt-in)

When you opt in to marketing, we may use technologies like Google Ads conversion linker and Meta Pixel to measure campaigns and deliver relevant content. Marketing cookies may include _gcl_au, _fbp, and _fbc. These identifiers are used for conversion attribution, remarketing, and building audiences such as custom and lookalike audiences.

Beyond cookies, pixels and server-side integrations can transmit event data (such as page views or form completion) along with technical information like IP address and user agent. Where server-side events are used, identifiers may be hashed before transmission, depending on the provider and configuration.

5. Consent and Managing Your Preferences

Users in the EEA and the UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)).

Your consent choice is recorded in the cookie_consent cookie (typically for 12 months). You can withdraw consent at any time by using the "Manage cookie preferences" link in the footer or by clearing cookies in your browser. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Service Providers and Advertising Partners

We use selected service providers to operate the website and, when you consent, to perform analytics and marketing measurement. Depending on your cookie choices, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, tag management): cookie identifiers, usage data, conversion events, and remarketing audience signals.
• Meta Platforms (Meta Pixel and related measurement): page view events, conversions, audience membership signals, and limited identifiers (which may be hashed depending on configuration).
• Cloudflare (security and performance): IP-based threat detection and content delivery.

We do not sell personal data. We use service providers and partners to process data on our behalf and according to our instructions. These providers may have their own privacy notices describing how they handle data in their systems.

7. International Transfers

Some providers may process data outside the EEA or the UK, including in the United States. Where applicable, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (including the UK Extension and Swiss-US DPF where relevant) and, where needed, Standard Contractual Clauses (EU 2021/914) or UK IDTA as a fallback.

We take steps to limit transferred data to what is necessary for the relevant purpose and to apply security measures suitable for the sensitivity of the data.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law. Typical retention periods are:

• Contact and registration submissions: up to 2 years from the last interaction, unless you ask us to delete it sooner.
• Email correspondence: for the duration of the relationship and up to 1 additional year for continuity.
• Server logs: typically up to 90 days for security and troubleshooting.
• Analytics data: typically 14 months in reporting tools (where enabled by consent).
• Marketing cookies: retained based on cookie lifetimes (for example, 90 days for some marketing identifiers) when enabled by consent.
• Cookie consent record: we may retain a record for up to 3 years for audit purposes.
• Legal obligations: certain records may be kept longer where required by applicable law.

9. Your Rights (GDPR and UK GDPR)

Where GDPR or UK GDPR applies, you may have the right to request access to, rectification of, or deletion of your personal data; restrict or object to processing; and request data portability. You also have the right to withdraw consent at any time for processing based on consent.

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We usually respond within 30 days. If a request is complex, we may extend the response time by up to 60 additional days and will explain why.

Supervisory authorities: EU guidance is available via the European Data Protection Board at https://edpb.europa.eu. UK residents can contact the ICO at https://ico.org.uk.

10. Children’s Privacy

This website is not directed to individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly.

11. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting. This website does not respond to DNT signals. Third-party providers may have their own approaches to DNT and similar signals.

12. Data Deletion Requests

You can request deletion by emailing [email protected] with the subject line "Data Deletion Request". To protect privacy, we may ask for reasonable verification of identity before completing the request. We aim to complete deletion within 30 days after verification, unless we must retain certain information to comply with legal obligations.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer would materially change how personal data is used, we will provide notice on the website.

14. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act as amended by the CPRA. In the last 12 months, we may have collected the following categories of personal information:

• Identifiers: name, email, IP address, and cookie IDs (used to respond to requests and, if you consent, to measure marketing).
• Internet or network activity: page interactions and usage data (analytics and advertising measurement if consented).
• Inferences: preferences inferred from site interactions for advertising relevance, where marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when you enable marketing cookies. California residents can opt out via cookie preferences (footer link) and can submit requests by emailing [email protected] with the subject line "California Privacy Request". We will verify your identity before fulfilling certain requests. We will not discriminate against you for exercising your rights.

15. Virginia Privacy Notice (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. Submit requests by emailing [email protected] with the subject line "Virginia Privacy Request".

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we decline your request, you can appeal by emailing with the subject line "Appeal of Refusal — Privacy Request". We will respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line "Nevada Do Not Sell Request". We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or site features. If we make material changes, we will post a notice on the website at least 14 days before the changes take effect. The "Last Updated" date at the top indicates the most recent revision.

18. Contact

For privacy enquiries, data requests, or questions about this policy, contact:

• Controller: Tirqelvox Learning Ltd
• Address: Družstevní 552, 533 03 Dašice, Czechia
• Email: [email protected]