Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how valtrieno (“we”) collects, uses, and protects your personal data when you visit valtrieno.com (the “Site”), submit a form, or communicate with us about our educational training in bathroom space planning, interior layout principles, functional design solutions, material coordination, lighting concepts, and client-focused design development.

The Data Controller for the processing described in this Privacy Policy is:

Valtrieno Education s.r.o.
Jestřebická 639/3
Čimice, 181 00 Praha, Czechia
Email: [email protected]

We do not appoint a Data Protection Officer (DPO) because our activities do not require one under applicable law for the purposes of this Site. If you have questions about this Privacy Policy or your rights, you can contact us using the email above.

2. Personal Data We Collect

We collect personal data in a few straightforward ways: when you provide it to us through forms, when you email us, and when your browser sends technical information during normal website access.

• Identity and contact data: name, email address, and (if you provide it voluntarily in a message) any other contact details.
• Form content: the text you write in a message field, including project context or learning goals you choose to share.
• Technical data: IP address, browser type, device type, operating system, language preference, and approximate location inferred from IP (country/city-level).
• Usage data: pages visited, time spent, referrer page, click paths, and interactions with page elements.
• Cookies and identifiers: cookie values and consent choices stored in your browser (see Section 4).
• Conversion events: signals that a form was submitted or a key page was reached, used for measurement where you consent to analytics or marketing cookies.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this Site. Please do not submit such data in our forms.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only for purposes that make sense for an educational website and for responding to requests. Where the GDPR applies, we rely on the following legal bases:

• Contact and registration forms: we process your data to respond to your request and provide requested information about the course (GDPR Art. 6(1)(b) contract steps and Art. 6(1)(a) consent where required).
• Analytics: we use analytics to understand how the Site is used and to improve content and usability (GDPR Art. 6(1)(a) consent).
• Marketing and remarketing: where enabled, marketing cookies help measure advertising effectiveness and support relevant messaging (GDPR Art. 6(1)(a) consent).
• Security and fraud prevention: we process limited technical data to protect the Site, detect abuse, and prevent spam submissions (GDPR Art. 6(1)(f) legitimate interests).
• Legal compliance: we may process data as required to comply with legal obligations (GDPR Art. 6(1)(c)).

Automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for users.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies, such as pixel tags and server-side event forwarding, depending on the preferences you select. We categorize cookies into three groups: Essential, Analytics, and Marketing. These categories match our Cookie Policy.

Essential cookies (always active)

Essential cookies are required for the Site to function and to remember your cookie preferences. They may include: _site_session (session continuity) and cookie_consent (your consent record). Essential cookies do not require consent.

Analytics cookies (consent required)

If you accept analytics cookies, we may use Google Analytics 4 (GA4) with IP anonymization where supported. Analytics cookies help us understand what content is useful, which pages are read, and where navigation feels unclear. Example cookies include _ga and _ga_XXXXXXXXXX with typical retention of up to 2 years, and analytics data retention of 14 months.

Marketing cookies (consent required)

If you accept marketing cookies, we may measure advertising performance and support remarketing audiences for our educational offerings. Example cookies include _gcl_au (Google Ads) and _fbp/_fbc (Meta). These cookies typically last around 90 days, but values can vary by provider.

Beyond cookies, some measurement relies on pixel tags (for example, gtag.js or Meta Pixel) and may also be implemented server-side (for example, via Meta Conversion API or Google server-side tag management). Where used, such systems may process device and browser information (like IP address and User-Agent) and may apply hashing to identifiers. These technologies are activated only if you provide consent for the relevant category.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Marketing and analytics cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent is recorded in the cookie_consent browser cookie (12 months).

You can withdraw or change consent at any time using the “Manage cookie preferences” link in the footer, or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

6. Sharing With Advertising & Service Partners

We use a limited set of service providers to operate and improve the Site. Depending on your cookie preferences, we may share certain data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion signals. Privacy information: https://policies.google.com/privacy
• Meta Platforms, Inc. (Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversion events, audience membership, and hashed identifiers where applicable. Privacy information: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance optimization. Privacy information: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. These providers act as service partners and may not use Site data for their own independent commercial purposes beyond providing services to us in accordance with their agreements and applicable policies.

7. International Transfers

Some providers (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where applicable, transfers may rely on the EU–US Data Privacy Framework (DPF) (since July 2023), the UK Extension to the DPF, the Swiss–US DPF, and/or Standard Contractual Clauses (EU 2021/914) as a fallback, as well as the UK IDTA as a fallback for UK transfers.

We take steps designed to keep transfers aligned with applicable transfer rules, including limiting the data shared to what is necessary for the purpose.

8. Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy:

• Contact and registration submissions: up to 2 years from the last interaction.
• Analytics data: 14 months (where analytics consent is given).
• Marketing cookies: retained according to the cookie lifetime (for example, around 90 days for some cookies).
• Email correspondence: kept for the duration of the relationship plus 1 year, unless a longer period is needed for recordkeeping.
• Server logs: typically 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit purposes where required.
• Legal and tax: retained as required by applicable law (often 6–10 years for certain business records).

9. Your Rights (GDPR & UK GDPR)

If the GDPR or UK GDPR applies to you, you have rights that include: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and the right to withdraw consent (Art. 7(3)). You also have the right to lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, the period may be extended by up to 60 additional days where permitted.

Supervisory authority resources: EU guidance: https://edpb.europa.eu | UK ICO: https://ico.org.uk | France CNIL: https://www.cnil.fr | Germany BfDI: https://www.bfdi.bund.de | Spain AEPD: https://www.aepd.es | Poland UODO: https://uodo.gov.pl

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own DNT handling and browser-based controls.

12. Data Deletion Requests

You can request deletion of your data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for information to verify the request. We aim to complete verified deletion requests within 30 days, except where limited retention is required by law.

13. Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights to know, delete, correct, and opt out of certain data sharing practices. In the last 12 months, we may have disclosed the following categories of personal information to service providers and, where you consent, advertising partners:

• Identifiers (name, email, IP address, device identifiers): for form handling and, with consent, advertising measurement.
• Internet or network activity (pages visited, interactions): for analytics and, with consent, advertising measurement.
• Inferences (interests and preferences inferred from interactions): for advertising optimization where marketing consent is given.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out via our cookie preferences panel.

To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before completing a request. Authorized agents must provide written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, obtain a copy of your personal data, and opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We aim to respond to appeals within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced through a notice on the Site at least 14 days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

For questions about privacy, to exercise rights, or to request deletion, contact:

Valtrieno Education s.r.o.
Jestřebická 639/3
Čimice, 181 00 Praha, Czechia
Email: [email protected]