Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how vecmobrix (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website and interact with our educational materials and enquiry forms. This policy applies to our online course website and related pages, including registration and contact forms.

Data Controller: Vecmobrix Education Ltd, Blanická 152, 257 03 Jankov, Czechia. You can contact us at [email protected].

Effective Date: March 12, 2026. If we materially change how we use personal data, we will post an update and adjust the “Last Updated” date.

2. Personal Data We Collect

We collect only the personal data needed to operate this educational website, respond to enquiries, and improve content. The categories below describe what may be collected depending on how you use the site:

• Identity and contact information: name, email address, and any other details you provide in your message.
• Form content: messages, learning goals, questions about the course, and any other information you choose to include.
• Technical information: IP address, browser type, device type, operating system, language settings, and approximate location derived from IP (city/region level).
• Usage information: pages viewed, time spent on pages, referring page, click paths, and interactions such as opening FAQs or submitting forms.
• Cookies and identifiers: cookie identifiers and consent state (see Section 4), including first-party cookies used for session continuity and your cookie preferences.
• Conversion events: events related to form submissions or other actions that indicate interest in the course, used for measurement when marketing cookies are enabled.

We do not intentionally collect special-category personal data (for example, data revealing health information, religious beliefs, political opinions), financial account details, or government-issued identification numbers through our standard forms. Please do not include such information in messages.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data for the purposes below. Where the GDPR or UK GDPR applies, our legal bases are:

• Responding to enquiries and registration requests (contact/registration forms): GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent via the form consent checkbox).
• Website analytics (if enabled): GDPR Art. 6(1)(a) (consent).
• Marketing and remarketing measurement (if enabled): GDPR Art. 6(1)(a) (consent).
• Security, troubleshooting, and fraud prevention: GDPR Art. 6(1)(f) (legitimate interests in protecting the site and users).
• Legal obligations (where applicable): GDPR Art. 6(1)(c).

Automated Decision-Making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you.

4. Cookies & Tracking

We use cookies and similar technologies to ensure the site functions correctly and to measure usage and marketing performance when you consent. Cookies are small text files stored in your browser. We group cookies into the categories below, which match the choices available in our cookie preferences panel.

Essential cookies (always active)

Essential cookies are required for basic site functionality and to remember your cookie preferences. These cookies do not require consent. Examples include _site_session (session continuity) and cookie_consent (stores your cookie choices). Retention ranges from session-based to up to 12 months depending on the cookie.

Analytics cookies (consent required)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand how visitors use our content (for example, which curriculum sections are most read). We aim to configure analytics in a privacy-conscious way, including IP anonymization where supported. Typical GA4 cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is generally set to 14 months.

Marketing cookies (consent required)

If you enable marketing cookies, we may use advertising measurement and remarketing tools (such as Google Ads and the Meta Pixel). These cookies and tags can help us understand whether a visitor reached our site from an ad and whether they completed a conversion event such as a form submission. Typical cookies include _gcl_au, _fbp, and _fbc (when applicable). Marketing cookies typically persist for around 90 days.

Beyond cookies, advertising and analytics may involve pixel tags and server-side measurement depending on your consent settings and the configuration of our partners. If later added, these tools may use identifiers derived from IP address and browser signals (such as User-Agent) for attribution and fraud detection. We do not use these technologies unless you have enabled the relevant category in cookie preferences.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (typically for 12 months).

You can withdraw or change consent at any time by selecting “Manage cookie preferences” in the footer of our website, or by clearing cookies in your browser. Withdrawing consent does not affect processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We use service providers to operate and secure the site and, when consented, to measure performance. Depending on your cookie preferences, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage events, and conversion events. Privacy information: https://policies.google.com/privacy.
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page view events, conversion events, audience membership signals, and (where implemented) hashed identifiers. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): IP-based threat detection and performance optimization. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. We do not permit these providers to use site data for their own independent commercial purposes, and we only enable analytics and marketing partners when you consent.

7. International Transfers

Some providers (for example, Google and Meta) may process data outside the EEA/UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as the EU–US Data Privacy Framework (DPF) (where applicable), the UK Extension to the DPF (where applicable), and Standard Contractual Clauses (EU 2021/914) as a fallback. For UK transfers, we may use the UK International Data Transfer Agreement (IDTA) as a fallback.

8. Data Retention

We keep personal data only for as long as needed for the purposes described in this policy:

• Contact and registration submissions: typically up to 2 years from the last interaction, so we can follow up and maintain continuity of support.
• Email correspondence: for the duration of the relationship, plus up to 1 year, unless a longer period is required for dispute handling.
• Analytics data: typically 14 months (depending on settings and provider defaults).
• Marketing cookies: for the cookie lifetime (for example, around 90 days for certain marketing cookies).
• Server security logs: typically up to 90 days, unless needed longer to investigate abuse or security incidents.
• Cookie consent record: up to 3 years for audit and compliance purposes (where applicable).
• Legal and tax obligations: as required by law (often 6–10 years for relevant records, if any apply).

9. Your Rights (GDPR & UK GDPR)

If GDPR/UK GDPR applies, you may have rights including: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and the right to withdraw consent at any time (Art. 7(3)). You also have the right to lodge a complaint with a supervisory authority (Art. 77).

To exercise rights, contact [email protected]. We aim to respond within 30 days, extendable by up to 60 additional days for complex requests.

Supervisory authority resources: EU: https://edpb.europa.eu; UK: https://ico.org.uk; Czech Republic: https://uoou.gov.cz.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have received personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling; you can review their privacy documentation for details.

12. Data Deletion Requests

You may request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for limited information to verify identity. We aim to complete deletion within 30 days where applicable, while retaining only what is required by law or necessary to establish, exercise, or defend legal claims.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of the transaction. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California Privacy Notice (CCPA/CPRA)

This section applies to California residents when the California Consumer Privacy Act (as amended by the CPRA) applies. Over the past 12 months, we may have collected the categories of personal information described in Section 2, including:

• Identifiers (such as name, email, IP address, cookie identifiers) shared with service providers and, where marketing consent is enabled, advertising partners.
• Internet/network activity (such as pages viewed and interactions) shared with analytics and advertising providers depending on cookie preferences.
• Inferences (such as interest categories derived from browsing activity) used for advertising measurement when marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies. You can opt out by disabling marketing cookies in the cookie preferences panel.

California residents may have rights to know, delete, correct, and opt out of sale/sharing, as well as the right to non-discrimination. Submit requests by emailing [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents must provide proof of authorization.

15. Virginia Privacy Notice (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects.

Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days.

16. Nevada Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will post a notice on the website at least 14 days before the new terms take effect. Every revision will update the “Last Updated” date at the top of this page.

18. Contact

For privacy questions, data requests, or concerns, contact:

• Legal entity: Vecmobrix Education Ltd
• Registered address: Blanická 152, 257 03 Jankov, Czechia
• Email: [email protected]
• Phone: +420 233 090 412