Skip to main content

Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy explains how cofrvianx (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit this website and when you submit a registration request or a contact enquiry for our seasonal outerwear product expertise course. This website is provided by Cofrvianx Learning s.r.o., registered at Bořivojova 878/35, Žižkov (Praha 3), 130 00 Praha, Czechia.

1. Introduction and Controller Identity

Cofrvianx Learning s.r.o. is the data controller for the personal data processed in connection with this website. That means we decide why and how your personal data is processed. You can contact us at [email protected].

This website is an educational site that promotes training about seasonal outerwear product expertise and customer consulting. It does not sell clothing products or provide commercial retail services. The data we collect is limited to what is needed to respond to enquiries, manage the site, and (if you choose) measure usage and advertising performance.

Effective Date: March 12, 2026.

2. Personal Data We Collect

We collect personal data in a few different ways, depending on what you do on the site. The categories below describe what we may collect.

  • Identity and contact data: name, email address, and any other contact details you choose to provide.
  • Form content: the information you submit in forms, such as messages, questions about the course, and training context (for example, retail role or product categories you want to focus on).
  • Technical data: IP address, browser type and version, device type, operating system, time zone, and language settings.
  • Usage data: pages visited, time spent on pages, referrer URLs, click paths, and interactions with site elements.
  • Cookies and identifiers: first-party cookies used for site continuity and your consent preferences, and (with consent) third-party cookies for analytics or marketing measurement.
  • Conversion events: events that indicate a form was submitted or a key page was viewed, used for site measurement and advertising attribution where enabled by consent.

We do not intentionally collect special-category data (such as health, religion, political opinions), financial account details, or government identification numbers through this website. Please do not include such information in free-text messages.

3. Why We Process Personal Data and Legal Basis (GDPR Article 6)

We process personal data only when we have a lawful basis. The lawful basis can differ depending on the purpose.

  • Responding to enquiries and registration requests: to reply to you, provide information about course access, and manage follow-up communications. Legal basis: Article 6(1)(b) (steps prior to entering a contract) and Article 6(1)(a) (consent) where you explicitly consent to being contacted.
  • Website analytics: to understand how visitors use our pages and improve the site’s structure and content. Legal basis: Article 6(1)(a) (consent) for analytics cookies and similar technologies where required.
  • Marketing and advertising measurement: to measure conversions, build remarketing audiences, and improve the relevance of advertising. Legal basis: Article 6(1)(a) (consent) for marketing cookies and similar technologies where required.
  • Security and fraud prevention: to protect the website from abuse, detect anomalies, and maintain availability. Legal basis: Article 6(1)(f) (legitimate interests) in maintaining a secure service.
  • Legal obligations: where we must comply with applicable laws, such as responding to lawful requests from authorities. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (GDPR Article 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies and Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags, which can record events like page views and form submissions. Cookies and pixels fall into three categories on this site: essential, analytics, and marketing. Your choices can be managed via the “Manage cookie preferences” link in the footer.

Essential (always active)

These are required for the site to function and for you to save your consent preferences. Essential cookies do not require consent in many jurisdictions because they are necessary for the service you request.

  • _site_session: supports basic session continuity. Retention: session.
  • cookie_consent: stores your cookie preferences. Retention: up to 12 months.

Analytics (requires consent)

If you opt in, we may use Google Analytics 4 (GA4) to measure traffic patterns. Where enabled, IP addresses are anonymized or truncated in line with typical GA4 configurations. Analytics cookies commonly include _ga and _ga_XXXXXXXXXX. Typical retention: up to 2 years for cookies and 14 months for analytics data retention settings.

Marketing (requires consent)

If you opt in, marketing technologies may be used to measure advertising performance and build audiences for remarketing. Common cookies can include _gcl_au (Google Ads) and _fbp/_fbc (Meta). Typical retention is 90 days for advertising cookies.

Beyond cookies, advertising measurement may use pixel tags (for example, gtag.js or Meta Pixel) and in some cases server-side collection (for example, Meta Conversion API or server-side tagging). Where used, these features are activated only after marketing consent and are configured to avoid collecting sensitive data. Some providers may derive device identifiers from signals such as IP address and user agent.

5. Consent Management (EEA and UK)

Users in the EEA and UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (typically up to 12 months).

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

6. Sharing With Advertising and Service Partners

We may share limited data with service partners to run the website and (when you consent) to measure and improve advertising. We do not sell personal data.

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion events depending on your consent choice. Privacy information: https://policies.google.com/privacy
  • Meta Platforms (Meta Pixel, Custom Audiences, Conversion API): may receive page views, conversion events, and audience signals depending on your consent choice. Privacy information: https://www.facebook.com/privacy/policy
  • Cloudflare (CDN and security): may process IP-based signals to protect the site from abuse and improve performance. Privacy information: https://www.cloudflare.com/privacypolicy/

These providers act as processors or independent controllers depending on the context. Where we use them as processors, we require appropriate contractual safeguards. We do not permit these providers to use site data for their own independent commercial purposes beyond providing the contracted services, subject to their platform terms.

7. International Data Transfers

Some of our service providers may process data outside the EEA or UK, including in the United States. When transfers occur, we rely on recognized transfer mechanisms such as the EU–US Data Privacy Framework (and the UK Extension, where applicable) and, where needed, Standard Contractual Clauses (EU 2021/914) or the UK International Data Transfer Agreement as a fallback.

We also use additional safeguards where practical, such as limiting the data shared, using IP anonymization for analytics where available, and applying access controls.

8. Data Retention

We keep personal data only for as long as needed for the purpose it was collected, unless a longer period is required by law. Typical retention periods are:

  • Contact and registration submissions: up to 2 years from the last meaningful interaction.
  • Email correspondence: for the duration of the relationship, plus up to 1 year for continuity and audit.
  • Server logs (security and diagnostics): typically up to 90 days.
  • Analytics data: commonly 14 months (depending on configuration), with cookie lifetimes typically up to 2 years where enabled by consent.
  • Marketing cookies: typically 90 days, subject to your consent and provider settings.
  • Cookie consent record: up to 3 years for audit and compliance evidence, where required.
  • Legal and tax records: retained as required by applicable law (often 6–10 years for invoicing and accounting records where relevant).

9. Your Rights (GDPR and UK GDPR)

If GDPR or UK GDPR applies to you, you have rights over your personal data. These include:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time (Article 7(3))
  • Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We typically respond within 30 days. In complex cases, we may extend the response time by up to 60 additional days and will explain why.

Supervisory authority resources: EU (EDPB): https://edpb.europa.eu and UK (ICO): https://ico.org.uk.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that personal data from a child under 16 has been collected without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out settings.

12. Data Deletion Requests

If you want us to delete personal data we hold about you, contact us by email with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete deletion within 30 days, except where retention is required by law or where data must be kept to establish, exercise, or defend legal claims.

13. Business Transfers

If our business is involved in a merger, acquisition, asset sale, financing, reorganization, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California Privacy Notice (CCPA and CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act as amended by the CPRA applies. In the past 12 months, we may have collected the following categories: identifiers (such as name, email, IP address, cookie identifiers), internet or network activity information (such as browsing interactions), and inferences (such as interests derived from browsing activity) where you have consented to marketing cookies.

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out of sharing for targeted advertising via the cookie preferences panel linked in the footer.

California rights may include the right to know, delete, correct, and opt out of sale or sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may request information to verify your identity. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act applies, you may have rights to access, correct, delete, obtain a copy of your personal data, and to opt out of targeted advertising. Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects. If we deny a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes to our practices, technology, legal requirements, or business operations. Material changes will be announced via a notice on the homepage at least 14 days before they take effect. The “Last Updated” date will also be revised whenever we publish changes.

18. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact:

Cofrvianx Learning s.r.o.
Bořivojova 878/35
Žižkov (Praha 3), 130 00 Praha, Czechia
Email: [email protected]