Privacy Policy

2. Personal Data We Collect

We collect the minimum information needed to run the site, respond to registration requests, and improve our educational content. The types of personal data we may collect include:

• Identity and contact data: name and email address (and phone number only if you choose to call us). Our registration form does not require a phone number.
• Form content: information you submit in form fields (for example, what you want to start with: scarf foundations, socks in the round, or help choosing a starting path).
• Technical data: IP address, browser type and version, device type, operating system, and language settings.
• Usage data: pages viewed, time on page, referrer URL, and click paths (collected only when you consent to analytics cookies).
• Cookies and identifiers: cookie identifiers and consent records as described in Section 4.
• Conversion events: a record that a registration form was submitted or that a user reached a thank-you page (used for measuring site performance and, if consented, advertising attribution).

We do not intentionally collect special-category personal data (such as health information, religious beliefs, or political opinions). We also do not request government identification numbers or financial account details through this website. Please do not include sensitive information in your messages.

3. Why We Process Personal Data & Legal Basis

Under the UK GDPR and EU GDPR (where applicable), we process personal data only where we have a lawful basis. The most common reasons we process data on this site are:

• Contact and registration requests: to reply to you, provide course information, and guide you to a suitable learning path. Legal basis: Article 6(1)(b) (steps prior to entering a contract) and Article 6(1)(a) (consent) when you submit the form and confirm consent.
• Analytics and site improvement: to understand which lessons and pages are most useful and to improve navigation and clarity. Legal basis: Article 6(1)(a) (consent) for analytics cookies.
• Marketing and advertising measurement: to measure ad performance and show more relevant ads, including remarketing and lookalike audiences. Legal basis: Article 6(1)(a) (consent) for marketing cookies.
• Security and fraud prevention: to protect the site, detect abusive traffic, and keep services reliable. Legal basis: Article 6(1)(f) (legitimate interests).
• Legal compliance: to comply with applicable laws, handle disputes, or respond to lawful requests. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects. If we run advertising campaigns, those platforms may use their own systems to place ads, but we do not use those systems to make decisions that would significantly affect you.

4. Cookies & Tracking

Cookies are small text files stored on your device. Some are essential for the website to function; others help us understand usage or measure advertising. We also refer to similar technologies such as pixel tags and server-side event forwarding, which may transmit event information such as page views or form submissions.

Essential cookies (always active)

Essential cookies support basic functions like session continuity and recording your cookie preferences. These do not require consent because they are necessary to provide the website.

• _site_session (first-party): supports session continuity. Retention: session.
• cookie_consent (first-party): stores your cookie preference choices. Retention: up to 12 months.

Analytics cookies (consent required)

If you accept analytics cookies, we may use Google Analytics 4 (GA4) with IP anonymization settings to understand how visitors use the website (for example, which lesson descriptions are read most). Example cookies include:

• _ga (third-party): GA4 user identifier. Retention: up to 2 years.
• _ga_XXXXXXXXXX (third-party): GA4 session state. Retention: up to 2 years.

Analytics data retention is typically set to 14 months within the analytics service configuration.

Marketing cookies (consent required)

If you accept marketing cookies, we may use Google Ads and Meta (Facebook/Instagram) tracking technologies to measure conversions, build remarketing audiences, and improve ad relevance. Example cookies include:

• _gcl_au (third-party): Google Ads conversion linker. Retention: up to 90 days.
• _fbp (third-party): Meta Pixel browser identifier. Retention: up to 90 days.
• _fbc (third-party): Meta click identifier when a click ID is present. Retention: up to 90 days.

Beyond cookies, advertising measurement may use pixel tags (for example, Meta Pixel or Google tags) and may also be supported through server-side measurement (for example, Meta Conversion API or server-side Google Tag Manager). In those cases, identifiers can include cookie values, IP address and user agent combinations, and (where supported and consented) hashed identifiers.

For a detailed cookie explanation and a cookie table, please read our Cookie Policy. You can change your cookie preferences at any time using “Manage cookie preferences” in the footer.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent choice is stored in the cookie_consent browser cookie for up to 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” control in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We share limited information with service providers that help us operate the website and measure performance. We do not sell personal data. Depending on your cookie choices, we may share data with:

• Google LLC (Google Analytics 4, Google Ads, tag management and remarketing): cookie IDs, usage data, and conversion events. Privacy information: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, and audience membership, potentially including hashed identifiers when available and consented. Privacy information: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance delivery. Privacy information: https://www.cloudflare.com/privacypolicy/

These providers act as processors or service providers for the purposes described above. We do not permit them to use website data for their own independent commercial purposes.

7. International Transfers

Some of our service providers (such as Google and Meta) may process data outside the UK/EEA, including in the United States. When data is transferred internationally, we rely on appropriate safeguards such as:

• EU–US Data Privacy Framework (DPF) (primary mechanism since July 2023), including the UK Extension and the Swiss–US DPF where relevant
• Standard Contractual Clauses (EU 2021/914) as a fallback
• UK International Data Transfer Agreement (IDTA) as a fallback

You can request additional information about transfer safeguards by emailing [email protected].

8. Data Retention

We keep personal data only as long as needed for the purposes described in this policy:

• Contact and registration submissions: up to 2 years from the last interaction.
• Email correspondence: for the duration of the relationship, then typically 1 year for reference.
• Server logs: typically up to 90 days for security and troubleshooting.
• Analytics: typically 14 months retention within analytics settings, plus cookie lifetimes listed in Section 4.
• Marketing cookies: per cookie lifetime (for example, 90 days).
• Cookie consent record: up to 3 years for audit and compliance evidence.
• Legal and tax records: retained as required by applicable law (often 6 to 10 years depending on record type).

9. Your Rights (GDPR & UK GDPR)

If the UK GDPR or EU GDPR applies to you, you may have the right to:

• Access (Article 15)
• Rectification (Article 16)
• Erasure (Article 17)
• Restriction (Article 18)
• Data portability (Article 20)
• Objection (Article 21)
• Withdraw consent at any time (Article 7(3))
• Lodge a complaint with a supervisory authority (Article 77)

To exercise rights, email [email protected]. We typically respond within 30 days. For complex requests, this may be extended by up to 60 additional days, and we will explain why.

Supervisory authority information:

• EU overview: https://edpb.europa.eu
• UK (ICO): https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling of DNT signals.

12. Account & Data Deletion Requests

We do not provide user accounts on this website. If you would like us to delete personal data we hold about you, email [email protected] with the subject line “Data Deletion Request”. We will complete the request within 30 days after verifying your identity, unless we are required by law to keep certain records.

13. Business Transfers

If Qezvorant Learning Studio Ltd is involved in a merger, acquisition, asset sale, financing, insolvency, or similar event, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on this website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. In the past 12 months, we may have disclosed the following categories of personal information:

• Identifiers (name, email, IP address, cookie IDs): disclosed to service providers and advertising partners when consented.
• Internet or network activity information (usage data): disclosed to analytics and advertising providers when consented.
• Inferences (interests or preferences derived from browsing): disclosed to advertising partners when marketing cookies are enabled.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out of sharing for targeted advertising using our cookie preferences controls (see the “Manage cookie preferences” link in the footer).

Rights may include: the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before processing. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, data portability, and opting out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

Appeals: if you believe we have refused a request incorrectly, email us with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If unresolved, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information as defined by Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a notice on the homepage at least 14 days before the change takes effect. The “Last Updated” date at the top of this page will change whenever we revise the policy.

18. Contact

If you have questions about privacy, your data, or your rights, please contact:

Qezvorant Learning Studio Ltd
THE OLD WORKSHOP, 1 ECCLESALL ROAD SOUTH, Sheffield City Centre, S11 9PA, United Kingdom
Email: [email protected]
Telephone: +44 114 268 5319