Privacy Policy

1) Personal Data We Collect

The information we collect depends on how you use the site. We aim to keep collection minimal and relevant to providing course information and responding to requests.

• Identity and contact details: first name, last name, email address, and (if you choose to call us) your phone number as shown in call logs.
• Form content: the content of messages you send through our contact form (for example, your questions about bouquet mechanics, tool lists, seasonal assignments, or course scope).
• Technical data: IP address, browser type, device/operating system, language, and approximate location inferred from IP (country/city level).
• Usage data: pages viewed, time spent, referrer page, and click paths (where enabled by analytics consent).
• Cookies and identifiers: essential cookies used for site continuity and consent storage, plus optional analytics and marketing cookies if you enable them.
• Conversion events: signals such as a submitted registration or contact form, used to measure whether site content is effective (only where marketing or analytics consent is granted).

We do not intentionally collect special-category data (such as health data, religious beliefs, or political opinions). Please do not include sensitive information in forms. We also do not request government identification numbers or financial account details for course inquiries on this website.

2) Why We Process Personal Data and Legal Basis (GDPR Art. 6)

We process personal data only where we have a lawful basis under the GDPR and applicable local laws.

• Course inquiries and registration interest: We use your name and email to reply with course details, scope, and next steps. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent, where required by form design and your explicit action).
• Customer support and correspondence: We may keep a record of communications to resolve questions consistently (for example, tool recommendations, flower conditioning routines, or bouquet handle finishing). Legal basis: Art. 6(1)(f) (legitimate interest in managing and improving support) and Art. 6(1)(b) where applicable.
• Site security and fraud prevention: Protecting the site from abuse, spam, and automated submissions. Legal basis: Art. 6(1)(f) legitimate interests.
• Analytics (optional): Understanding which pages are useful and where visitors drop off, so we can improve content clarity. Legal basis: Art. 6(1)(a) consent.
• Marketing and remarketing (optional): Measuring advertising performance and showing relevant ads to people who have engaged with the site. Legal basis: Art. 6(1)(a) consent.
• Legal obligations: When required by law (for example, statutory retention related to invoicing if a separate contractual relationship is established outside this website). Legal basis: Art. 6(1)(c) legal obligation.

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

3) How We Use Your Data in Practice

In day-to-day operations, personal data is used in a limited, practical way. A typical workflow is: you submit a form, we receive the message, and we reply by email with the requested information. We may categorize messages (for example, “curriculum question” or “registration interest”) to route them efficiently.

If you contact us about specific floristry topics—such as spiral binding grip position, negative space control, or ethylene sensitivity in certain blooms—your message content helps us respond accurately. We do not use this information to infer sensitive personal characteristics, and we do not sell your data.

4) Cookies and Tracking

We use cookies and similar technologies to operate the website and, if you choose, to understand usage and measure advertising. Cookies are small text files stored on your device. In addition to cookies, some providers use pixel tags and server-side signals to record events such as page views or form submissions.

Beyond cookies: when marketing consent is enabled, advertising platforms may use device identifiers derived from signals such as IP address and User-Agent. Some implementations may also support server-to-server event forwarding (for example, Meta Conversion API or server-side Google Tag Manager), which can send event data in a more reliable way. If such tools are used, we limit event payloads and may hash identifiers before sharing where appropriate.

5) Consent and How to Change Your Preferences

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent is recorded in the cookie_consent browser cookie, typically for 12 months.

You can change your mind at any time by selecting “Manage cookie preferences” in the footer. You can also clear cookies in your browser. Withdrawing consent does not affect the lawfulness of processing before withdrawal.

6) Sharing With Advertising and Service Partners

We use service providers to operate and improve the site. Depending on your cookie choices, we may share limited data with advertising and analytics partners. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, conversions, and remarketing lists. Privacy information: https://policies.google.com/privacy.
• Meta Platforms, Inc. (Meta Pixel, custom/lookalike audiences, conversion measurement): page events, conversions, and audience membership signals; may include hashed identifiers where used. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): IP-based threat detection and traffic management. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes. They process data on our instructions or as separate controllers depending on the product, and the applicable terms and policies may differ by region.

7) International Transfers

Some providers (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where relevant, transfers may rely on the EU–US Data Privacy Framework (DPF) and the UK Extension to the DPF, with Standard Contractual Clauses (EU 2021/914) and the UK International Data Transfer Agreement (IDTA) used as fallback mechanisms.

8) Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy.

• Contact and registration submissions: typically up to 2 years from the last interaction.
• Email correspondence: for the duration of the relationship plus 1 year, unless a longer period is needed to resolve an issue.
• Analytics: typically 14 months (where enabled by consent).
• Marketing cookies: per cookie lifetime (often 90 days), unless you withdraw consent earlier.
• Server logs: typically up to 90 days for security and troubleshooting.
• Consent records: cookie consent records may be retained up to 3 years for audit purposes.
• Legal and tax: where applicable, retained as required by law (often 6–10 years for invoicing records outside the website workflow).

9) Your Rights (GDPR and UK GDPR)

Depending on your location, you may have rights over your personal data. Under GDPR/UK GDPR, these include:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We typically respond within 30 days, and we may extend by up to 60 days for complex requests.

Supervisory authority information: EU guidance is available via https://edpb.europa.eu. UK residents can contact the ICO: https://ico.org.uk.

10) Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11) Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling.

12) Account and Data Deletion Requests

We do not provide user accounts on this website. If you would like us to delete data associated with a prior inquiry, email [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable verification to protect against unauthorized deletion. We aim to complete requests within 30 days.

13) Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If the transfer materially changes how data is used, we will provide notice on the website.

14) California (CCPA / CPRA)

If you are a California resident, you may have additional privacy rights under the CCPA/CPRA. Over the past 12 months, we may have disclosed the following categories of personal information for business purposes:

• Identifiers (name, email, IP address, cookie IDs) to service providers and, if you consent, advertising partners.
• Internet or network activity (pages viewed, interactions) to analytics and advertising providers where enabled by consent.
• Inferences (such as interests based on site interaction) to advertising partners where enabled by consent.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out by using the cookie preferences panel (see “Manage cookie preferences” in the footer).

Requests to know, delete, or correct: email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents must provide written proof of authorization.

15) Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”. If we deny your request, you can appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days.

16) Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the website at least 14 days before they take effect. The “Last Updated” date at the top will reflect the latest revision.

18) Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

• Beltrarvo Training Ltd
• Tř. Maršála Malinovského 269, Sady, 686 01 Uherské Hradiště, Czechia
• Email: [email protected]
• Phone: +420 572 551 746