Skip to main content

Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy explains how hanvrion (“we”, “us”, “our”) collects, uses, and protects personal data when you visit this website (the “Site”) and when you contact us about our footwear sales and retail operations course.

This Site provides educational resources only and does not guarantee business or employment outcomes.

1) Introduction & Controller Identity

Hanvrion Education Ltd is the data controller for personal data processed via this Site. That means we determine the purposes and means of processing your personal data when you browse the Site, register interest in the course, or send us a message.

Controller details:

  • Legal entity: Hanvrion Education Ltd
  • Registered address: City Tower, HvÄ›zdova 1716/2b, Nusle, 140 00 Prague, Czechia
  • Email: [email protected]
  • Phone: +420 226 203 987

We do not currently appoint a Data Protection Officer (DPO). If you have any privacy questions, contact us using the email above and include “Privacy” in the subject line so we can route it quickly.

2) Personal Data We Collect

The data we collect depends on how you use the Site. We collect the following categories of personal data where applicable:

  • Identity and contact data: name (if you provide it), email address, phone number (if you choose to call or include it).
  • Form content: information you include in a registration or contact form, such as your role (store staff, manager, solo seller) and the topics you want to improve (for example: fit conversations, returns handling, stock accuracy, merchandising resets, online selling templates).
  • Technical data: IP address, device type, browser type and version, operating system, language settings, and similar basic device identifiers used for security and compatibility.
  • Usage data: pages viewed, time spent, referral source, broad click paths, and interactions that help us understand which curriculum sections are most useful.
  • Cookies and identifiers: identifiers stored in your browser for session continuity and, if you consent, analytics and marketing measurement (see Section 4).
  • Conversion events: events such as a form submission or a visit to a confirmation page, used to measure the effectiveness of content and campaigns.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, payment card data, or government identification numbers through this Site. Please do not include those details in free-text fields.

3) Why We Process Personal Data & Legal Bases

We process personal data for specific purposes, each with a lawful basis under GDPR Article 6 where GDPR/UK GDPR applies:

  • Responding to your registration or contact request (for example, sending course access details or scheduling information): GDPR Art. 6(1)(b) (steps to enter into a contract) and, where we rely on your explicit opt-in checkbox, Art. 6(1)(a) (consent).
  • Operating and securing the Site (preventing abuse, debugging, protecting availability): GDPR Art. 6(1)(f) (legitimate interests).
  • Analytics to improve content and navigation (only if enabled via cookie preferences): GDPR Art. 6(1)(a) (consent).
  • Marketing and advertising measurement/remarketing (only if enabled via cookie preferences): GDPR Art. 6(1)(a) (consent).
  • Legal compliance (for example, responding to lawful requests or maintaining records): GDPR Art. 6(1)(c) (legal obligation).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you within the meaning of GDPR Article 22.

4) Cookies & Tracking Technologies

We use cookies and similar technologies to keep the Site working and, if you opt in, to understand usage and measure marketing performance. Cookies are small text files stored on your device. We also reference “pixel tags” and similar tracking mechanisms that may load when consented.

Essential cookies (always active)

Essential cookies are required for core functionality, such as maintaining your session and storing your cookie preferences choice. These do not require consent.

  • _site_session: session continuity and basic stability. Retention: session to 7 days.
  • cookie_consent: stores your cookie preferences selection. Retention: 12 months.
  • CSRF and security controls: technical safeguards that help prevent abuse. Retention varies by implementation.

Analytics cookies (consent)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand how people use the Site. Where supported, IP anonymization is applied. Analytics data helps us decide which curriculum topics need clearer examples (for instance: sell-through definitions, cycle count cadence, size run accuracy, or return reason categorisation).

  • _ga (example retention: 2 years) and _ga_XXXXXXXXXX (example retention: 2 years) may be set by GA4.
  • Analytics data retention is typically configured to 14 months.

Marketing cookies (consent)

If you enable marketing cookies, we may measure advertising performance and build audiences for remarketing or lookalike modelling. This can involve identifiers such as cookie IDs and conversion events. Marketing cookies can support attribution, frequency control, and reducing irrelevant ads.

  • _gcl_au (Google Ads, 90 days).
  • _fbp (Meta, 90 days) and _fbc (Meta, 90 days when a click ID is present).

Beyond cookies, some partners support server-side conversion measurement (for example via a conversion API). Where used, identifiers may be hashed before transmission. The activation of optional tracking depends on your cookie settings.

For more detail on cookies, see our Cookie Policy.

5) Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your selection is recorded in the cookie_consent cookie (stored for 12 months unless you clear cookies).

You can withdraw consent at any time by selecting “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

6) Sharing With Advertising & Service Partners

We share personal data only as needed to operate the Site, respond to requests, and (if you consent) perform analytics and marketing measurement. We do not sell personal data.

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager / remarketing where enabled): cookie identifiers, usage data, and conversion events. Reference: https://policies.google.com/privacy
  • Meta Platforms, Inc. (Pixel, Custom/Lookalike Audiences, Conversion API where enabled): page views, conversion events, audience membership signals, and potentially hashed identifiers. Reference: https://www.facebook.com/privacy/policy
  • Cloudflare, Inc. (content delivery network and security): IP-based threat detection and performance delivery. Reference: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their contractual and platform terms.

7) International Transfers

Some providers we use may process data outside the EEA/UK, including in the United States. Where applicable, we rely on appropriate safeguards for international transfers, including:

  • EU–US Data Privacy Framework (DPF) and the UK Extension to the DPF, where a provider is certified and the transfer falls within scope.
  • Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
  • UK International Data Transfer Addendum / IDTA where applicable.

Where required, we assess transfer risks and apply additional protections appropriate to the data and processing context.

8) Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Contact and registration submissions: up to 2 years from the last interaction, unless a longer period is needed to resolve a request or dispute.
  • Analytics data: typically 14 months (depending on configuration) and subject to cookie lifetime and platform settings.
  • Marketing cookies: per cookie lifetime (for example, 90 days for common identifiers) unless you withdraw consent earlier.
  • Email correspondence: for the duration of our relationship plus up to 1 year for continuity and audit.
  • Server logs: typically up to 90 days for security and troubleshooting.
  • Cookie consent records: up to 3 years where needed for audit and compliance evidence.
  • Legal/tax records: retained as required by applicable law (often 6–10 years for relevant records).

9) Your Rights (GDPR & UK GDPR)

If GDPR/UK GDPR applies to you, you may have the following rights, subject to conditions and exceptions:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise a right, email [email protected]. We aim to respond within 30 days. For complex requests, this may be extended by up to 60 days, as permitted by law.

Supervisory authority references (depending on your location): EU guidance at https://edpb.europa.eu, UK ICO at https://ico.org.uk, Czech DPA at https://uoou.gov.cz.

10) Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete it promptly.

11) Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own controls and settings.

12) Data Deletion Requests

You can request deletion of personal data by emailing us with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity before completing the request. Requests are typically completed within 30 days, unless legal obligations require limited retention.

13) Business Transfers

In the event of a merger, acquisition, asset sale, financing, reorganization, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the Site.

14) California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the CPRA, is applicable.

In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers (name, email, IP address, device identifiers) for responding to requests and, if consented, analytics/advertising measurement.
  • Internet or network activity (pages viewed, interactions) for analytics and performance monitoring.
  • Inferences (interests and preferences) derived from site interactions for advertising measurement where enabled.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using the cookie preferences panel (via “Manage cookie preferences” in the footer) and disabling Marketing cookies.

California rights may include the right to know, delete, correct, and opt out of sale/sharing, as well as the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents must provide proof of authorization.

15) Virginia (VCDPA)

If the Virginia Consumer Data Protection Act (VCDPA) applies to you, you may have rights including access, correction, deletion, portability, and the right to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data and we do not engage in profiling producing legal or similarly significant effects. If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If unresolved, you may contact the Virginia Attorney General.

16) Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17) Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how the Site operates. Material changes will be announced via a prominent notice on the Site at least 14 days before they take effect. The “Last Updated” date at the top indicates when this policy was last revised.

18) Contact

If you have questions about this Privacy Policy or how we handle your personal data, contact: