Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how nogvarelt ("we", "us", or "our") collects, uses, and protects personal data when you visit our website and when you request course information through our forms. The course is operated by Nogvarelt Education s.r.o., which is the data controller responsible for your personal data for the activities described in this Privacy Policy.

Data Controller: Nogvarelt Education s.r.o.
Registered Address: Horácké náměstí 1473/11, Řečkovice, 621 00 Brno, Czechia
Contact Email: [email protected]
Telephone: +420 541 110 842

Our website is intended to provide information about an educational course in book sales, book retail management, and online bookstore operations. This Privacy Policy applies to visitors, prospective learners, and anyone who contacts us using the website.

2. Personal Data We Collect

The types of personal data we collect depend on how you interact with the website. We aim to collect only what is necessary for legitimate operational, security, and communications purposes.

• Identity and contact data: name, email address, and (if you choose to provide it elsewhere) phone number.
• Form submissions: the information you enter into forms, including any message content if a form includes a message field on other pages of the site.
• Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location inferred from IP address.
• Usage data: pages viewed, time spent on pages, referring URLs, click paths, and interactions with site elements.
• Cookies and identifiers: cookies or similar technologies that store your consent choice and support essential site functionality (see Section 4).
• Conversion events: information about whether a requested action happened (for example, a form submission), typically recorded as an event rather than as free-form text.

We do not intentionally collect special-category personal data (such as health data, religious beliefs, political opinions), financial account details, or government-issued identification numbers through this website. Please do not submit such information in form fields.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only when we have a lawful basis under the General Data Protection Regulation (GDPR) and, where applicable, UK GDPR and other relevant privacy laws.

• Responding to inquiries and providing course information: when you submit a form, we use your details to respond and provide requested information. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where you provide explicit consent via the form checkbox.
• Analytics and performance measurement: if you consent, we use analytics cookies to understand traffic and improve content. Legal basis: GDPR Art. 6(1)(a) (consent).
• Marketing and remarketing: if you consent, we may use marketing cookies to measure advertising performance and build audiences. Legal basis: GDPR Art. 6(1)(a) (consent).
• Security, abuse prevention, and fraud detection: we process technical information (such as IP address and logs) to secure the website and prevent misuse. Legal basis: GDPR Art. 6(1)(f) (legitimate interests).
• Legal compliance: where needed, we process data to comply with applicable legal obligations. Legal basis: GDPR Art. 6(1)(c) (legal obligation).

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We use cookies and similar technologies to keep the site working, remember your preferences, and (with consent) measure traffic and advertising effectiveness. Some tracking can also occur through pixel tags or server-side event forwarding. Details about categories and control options are also described in our Cookie Policy.

Essential cookies (always active)

Essential cookies are required for core functionality, such as keeping a session stable and storing your cookie consent choice. These cookies do not require consent in the EEA/UK because they are necessary to provide the service you request.

• Examples: _site_session, cookie_consent, and security-related cookies such as CSRF tokens when used.
• Typical retention: session to 12 months depending on purpose.

Analytics cookies (consent required)

If you opt in, analytics cookies help us understand how visitors use the site (for example, which pages are visited most often, and which content is helpful). We use Google Analytics 4 (GA4) where enabled, configured to minimize data collection and to support IP anonymization where applicable. Analytics data is used in aggregate for site improvements.

• Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Analytics retention: 14 months for analytics event data, unless configured otherwise.

Marketing cookies (consent required)

If you opt in, marketing cookies help measure ad performance and support remarketing. This can include building audiences (for example, people who visited a page) and attributing conversions (for example, a form request) back to an advertising click.

• Examples: _gcl_au (Google Ads, 90 days), _fbp (Meta Pixel, 90 days), _fbc (Meta click ID when set, 90 days).
• Beyond cookies: pixel tags (such as Google Tag Manager and Meta Pixel) and server-side conversion events may also be used when enabled, and may rely on device signals like IP address and User-Agent.

We do not run third-party analytics or marketing scripts until the relevant cookie category is enabled through your consent choice. You can change your choice at any time using the “Manage cookie preferences” link in the footer.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie and is stored for up to 12 months unless you change it sooner.

You may withdraw consent at any time by using the cookie preferences controls available from the footer, or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

6. Sharing With Advertising & Service Partners

We share personal data only when necessary to operate the website, provide requested information, or measure the performance of our content and advertising (where you consent). We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, conversion events, and audience membership where enabled and consented. Reference: https://policies.google.com/privacy
• Meta Platforms (Meta Pixel, Custom Audiences, Lookalike Audiences, Conversion API where enabled): page views, conversion events, and audience membership; may include hashed identifiers when configured. Reference: https://www.facebook.com/privacy/policy
• Cloudflare (content delivery and security): IP-based threat detection and site performance delivery. Reference: https://www.cloudflare.com/privacypolicy/

These providers act as service providers/processors for the site. We do not permit them to use site data for their own independent commercial purposes beyond providing contracted services, subject to their terms and configurations.

7. International Transfers

Some of our service providers may process data outside the EEA/UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (and UK Extension where applicable) and, where necessary, Standard Contractual Clauses (EU 2021/914) or comparable UK transfer mechanisms (such as the UK IDTA) as a fallback.

We take steps to ensure transferred data receives an adequate level of protection consistent with applicable laws.

8. Retention

We retain personal data only for as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Contact and registration requests: up to 2 years from the last interaction.
• Analytics: 14 months for analytics event retention (subject to configuration), and cookies up to their stated lifetime.
• Marketing cookies: per cookie lifetime (commonly 90 days for ad cookies).
• Email correspondence: for the duration of the relationship and up to 1 year thereafter for continuity and audit.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit and compliance evidence.
• Legal and accounting records: retained as required by applicable law (often 6 to 10 years for invoicing and tax documentation, where relevant).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA/UK (and in many other jurisdictions with similar rights), you may have the right to:

• Request access to your personal data (GDPR Art. 15).
• Request rectification of inaccurate or incomplete data (Art. 16).
• Request erasure of your data in certain circumstances (Art. 17).
• Request restriction of processing (Art. 18).
• Request data portability (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time where processing is based on consent (Art. 7(3)).
• Lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email [email protected]. We typically respond within 30 days, and may extend by up to 60 days for complex requests, as permitted by law.

Supervisory authority resources: https://edpb.europa.eu and the UK ICO: https://ico.org.uk.

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own DNT handling and privacy controls.

12. Data Deletion Requests

If you would like us to delete personal data we hold about you, email [email protected] with the subject line “Data Deletion Request”. For security, we may ask you to verify your identity before completing the request. We aim to complete valid deletion requests within 30 days, unless retention is required by law.

13. Business Transfers

If Nogvarelt Education s.r.o. is involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA/CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your rights.

In the past 12 months, we may have disclosed the following categories of personal information:

• Identifiers (such as name, email, IP address, cookie IDs) to service providers and, where you consent, advertising partners.
• Internet or other network activity (such as page views and interactions) to analytics providers and, where you consent, advertising partners.
• Inferences (such as interests based on pages visited) to advertising partners, where you consent.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using our cookie preferences panel (accessible from the footer).

To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before responding. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, data portability, and the right to opt out of targeted advertising.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

If we decline to act on your request, you may appeal by emailing us with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service providers. If we make material changes, we will provide a notice on the website at least 14 days before the changes take effect. The “Last Updated” date at the top of this page will be revised when updates are published.

18. Contact

If you have questions about this Privacy Policy or our privacy practices, contact:

Nogvarelt Education s.r.o.
Horácké náměstí 1473/11, Řečkovice, 621 00 Brno, Czechia
Email: [email protected]
Telephone: +420 541 110 842