Privacy Policy

2. Personal Data We Collect

The type of information we collect depends on how you use the site. We collect only what is needed to operate the website, respond to enquiries, and manage course interest.

• Identity and contact information you provide, such as your name, email address, and phone number (if you choose to include it in a message).
• Form content, including the message or notes you submit (for example, details about your garden project, learning goals, or preferred schedule).
• Technical data, such as IP address, browser type, device and operating system, language settings, and approximate location inferred from IP (city/region level).
• Usage data, such as pages viewed, time on page, referral source, and click paths that help us understand which content is useful.
• Cookies and identifiers, including consent state, session continuity, and analytics/marketing identifiers when you choose those categories in the cookie panel.
• Conversion events, such as when a form is submitted or when a page is viewed after a campaign click, where consent is provided.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers. Please avoid including sensitive personal information in free-text form fields.

3. Why We Process Data & Legal Basis (GDPR Art. 6)

Where the EU General Data Protection Regulation (GDPR) applies, we rely on the following legal bases to process personal data:

• Course registration or contact requests: Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where you actively request information and agree to be contacted.
• Analytics (when enabled): Art. 6(1)(a) consent. We only activate analytics technologies after you choose Analytics cookies.
• Marketing and remarketing (when enabled): Art. 6(1)(a) consent. We only activate marketing technologies after you choose Marketing cookies.
• Security, abuse prevention, and service stability: Art. 6(1)(f) legitimate interests, such as protecting the website from fraud, automated abuse, and technical attacks.
• Legal compliance: Art. 6(1)(c) where we must comply with a legal obligation.

Automated decision-making (GDPR Art. 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you.

4. Cookies & Tracking Technologies

We use cookies and similar technologies for three categories: Essential, Analytics, and Marketing. You can manage these choices at any time using the “Manage cookie preferences” link in the footer. Unless you consent, Analytics and Marketing tools stay off.

Essential (always active)

Essential cookies are required for basic site functions such as session continuity and remembering your cookie choice. Examples include _site_session and cookie_consent. These cookies may be set without consent because the site cannot operate properly without them. Retention is typically session-based up to 12 months for consent storage.

Analytics (consent required)

When you enable Analytics cookies, we may use Google Analytics 4 (GA4) to understand how visitors use the website. Where possible, we configure analytics to reduce identifiability, such as IP anonymization. Typical cookies include _ga and _ga_XXXXXXXXXX. Data retention is set to 14 months.

Marketing (consent required)

When you enable Marketing cookies, we may use marketing tags for conversion measurement and remarketing, such as Google Ads and Meta Pixel. Typical cookies include _gcl_au, _fbp, and _fbc. These technologies help measure campaign effectiveness and may support custom and lookalike audiences, where available.

Beyond cookies, some tracking can occur through pixel tags and server-side event forwarding (for example via Meta Conversion API or server-side tag management). Where we use these tools, we apply them only when consent is present for the relevant category and we limit data to what is necessary for measurement.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie (stored for 12 months).

You may withdraw consent at any time via “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

6. Sharing With Advertising & Service Partners

We share limited data with service providers that help us run the site and measure performance, depending on your consent settings. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage events, and conversions (when enabled). Privacy: https://policies.google.com/privacy
• Meta Platforms (Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, and audience membership (when enabled). Privacy: https://www.facebook.com/privacy/policy
• Cloudflare (content delivery and security): network information such as IP address for threat detection and delivery performance. Privacy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes, beyond providing services to us as processors or service providers under applicable terms.

7. International Transfers

Some providers (such as Google or Meta) may process data in the United States or other countries outside the EEA/UK. Where personal data is transferred internationally, we rely on mechanisms such as the EU-US Data Privacy Framework (and the UK Extension and Swiss-US DPF where relevant), and where needed, Standard Contractual Clauses (EU 2021/914) as a fallback. We apply reasonable safeguards to protect data during transfer and processing.

8. Retention

We keep personal data only as long as needed for the purposes described in this policy:

• Contact and registration submissions: up to 2 years from the last interaction, unless a longer period is needed for legitimate operational reasons (for example, resolving a request) or legal obligations.
• Analytics data: 14 months (where enabled).
• Marketing cookies: for the cookie lifetime listed in our Cookie Policy (where enabled).
• Email correspondence: for the duration of the relationship plus up to 1 year for continuity and audit.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years where needed for compliance/audit evidence.
• Legal or tax requirements: where applicable, we retain required records for statutory periods (often 6–10 years).

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies to you, you may have the right to request:

• Access (Art. 15)
• Rectification (Art. 16)
• Erasure (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection (Art. 21)
• Withdraw consent at any time (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

To exercise rights, email [email protected]. We generally respond within 30 days. For complex requests, this may be extended by up to 60 days, and we will explain why.

Supervisory authority references (by region): EU guidance https://edpb.europa.eu; UK ICO https://ico.org.uk; France CNIL https://www.cnil.fr; Germany BfDI https://www.bfdi.bund.de; Spain AEPD https://www.aepd.es; Poland UODO https://uodo.gov.pl.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete the data promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may have their own handling of DNT or similar mechanisms.

12. Data Deletion Requests

You can request deletion of personal data by emailing us with the subject line “Data Deletion Request”. We may ask for information to verify your identity. Where deletion is required, we aim to complete it within 30 days, unless we must retain certain records to comply with legal obligations.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If the transfer materially changes how data is used, we will provide notice on the website.

14. California (CCPA/CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA, including the right to know, delete, correct, and opt out of sale or sharing for cross-context behavioral advertising.

Categories of personal information we may disclose in the past 12 months include: identifiers (name, email, IP, device IDs), internet/network activity information (pages viewed, interactions), and inferences (interests/preferences) where marketing tools are enabled. We do not sell personal information as defined by CCPA. We may share certain data for cross-context behavioral advertising when Marketing cookies are enabled; California residents can opt out using our cookie preferences panel.

To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your request as required. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If you wish to appeal a refusal, use the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in how the website operates or to meet legal requirements. Material changes will be announced via a prominent notice on the website at least 14 days before taking effect. The “Last Updated” date at the top of this page is refreshed with every revision.

18. Contact

For privacy questions or requests, contact:

Wejpirelxo Learning GmbH
Petrohradská 1570/5
Vršovice, 101 00 Praha, Czechia
Email: [email protected]
Phone: +420 212 242 186