Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how erivadlix (“we”) collects, uses, and protects your personal data when you visit erivadlix.com (the “Site”) and when you contact us through forms on the Site. We operate as an education provider focused on sportswear manufacturing concepts, including pattern making, cutting workflows, sewing operations, and quality control practices.

Data Controller: Erivadlix Education Ltd (“Controller”).

• Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
• Contact email: [email protected]

Effective Date: March 12, 2026.

We do not appoint a Data Protection Officer for this Site because we do not carry out large-scale processing of special-category data. If that changes, we will update this Privacy Policy accordingly.

2. Personal Data We Collect

We collect information that you provide directly and information that is generated when you use the Site. The specific items depend on how you interact with the Site.

2.1 Identity and contact information

• Name (for example, when you complete the registration form).
• Email address (for example, to respond to your request and send course updates you asked for).

2.2 Form content

If you submit a form, we collect the fields included in that form (typically name and email). If a future form includes an optional message field, any details you choose to share would also be collected. Please do not include sensitive personal data in free-text fields.

2.3 Technical and device data

• IP address and approximate location derived from IP (city/region level).
• Browser type and version, device type, operating system, and language settings.
• Log data for security and troubleshooting (for example, timestamps and requested URLs).

2.4 Usage data

• Pages viewed, time spent on pages, and navigation paths.
• Referrer information (for example, the site you came from, if provided by your browser).
• Interactions such as clicks on navigation links and call-to-action buttons.

2.5 Cookies and identifiers

We use cookies and similar technologies to keep the Site functioning, remember your cookie preferences, and (with consent where required) measure and improve performance and advertising relevance. See Section 4 and our Cookie Policy for details.

2.6 What we do not intentionally collect

We do not intentionally collect special-category data (such as health information, religious beliefs, or political opinions), financial account details, or government-issued identifiers through this Site. If you send such information to us, we will treat it with care, but we may delete it where it is not necessary for the purpose it was sent.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

When GDPR or UK GDPR applies, we rely on the legal bases below. Where other laws apply, we process personal data under equivalent lawful grounds.

3.1 Contact and registration requests

• Purpose: Respond to your registration request, send enrollment details and course updates you asked for, and manage communications.
• Legal basis: GDPR Art. 6(1)(b) (steps at your request prior to entering into a contract) and Art. 6(1)(a) (consent, where applicable to the specific communication).

3.2 Analytics and performance measurement

• Purpose: Understand how the Site is used, improve content sequencing (for example, module pages), and reduce friction in the registration flow.
• Legal basis: GDPR Art. 6(1)(a) (consent) where required for non-essential cookies and similar tracking.

3.3 Marketing and advertising measurement

• Purpose: Measure conversions, attribute campaign performance, and (where enabled) show more relevant ads to people who have previously visited the Site.
• Legal basis: GDPR Art. 6(1)(a) (consent) where required.

3.4 Security and fraud prevention

• Purpose: Protect the Site, prevent abuse, detect malicious traffic, and maintain service reliability.
• Legal basis: GDPR Art. 6(1)(f) (legitimate interests). Our legitimate interest is maintaining the integrity and security of the Site.

3.5 Legal compliance

• Purpose: Comply with applicable laws, respond to lawful requests, and maintain necessary records.
• Legal basis: GDPR Art. 6(1)(c) (legal obligation).

3.6 Automated decision-making (GDPR Art. 22)

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies (such as pixel tags) and, in some cases, server-side events. Cookie categories on this Site align with our consent controls and our Cookie Policy.

4.1 Essential cookies (always active)

These are required for the Site to function and cannot be switched off in our system. They include:

• _site_session to support basic site continuity and security.
• cookie_consent to store your cookie preference selections.
• Security-related cookies (for example, CSRF protection where applicable).

Retention: session to 12 months depending on the cookie.

4.2 Analytics cookies (consent)

With your consent, we may use Google Analytics 4 (GA4) to understand how users navigate the Site. Where configured, IP anonymization is used. Example cookies:

• _ga (typically up to 2 years).
• _ga_XXXXXXXXXX (GA4 session state, typically up to 2 years).

Analytics data retention is typically set to 14 months in GA4 settings.

4.3 Marketing cookies (consent)

With your consent, we may use marketing cookies from advertising platforms to measure conversion performance and support remarketing. Examples:

• _gcl_au (Google Ads conversion linker, typically 90 days).
• _fbp (Meta browser identifier, typically 90 days).
• _fbc (Meta click identifier, typically 90 days when present).

Marketing tracking may include pixel tags (for example, Google tag or Meta Pixel) and can be paired with server-side measurement (such as Conversion API) depending on our configuration. Where used, identifiers may be hashed before being transmitted.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).

Consent is recorded in the cookie_consent cookie (typically 12 months). You can withdraw or change your choices at any time by selecting “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing With Advertising & Service Partners

We share personal data only as needed to operate the Site and run our education business. We do not sell personal data.

6.1 Google LLC

If enabled, Google services may process cookie identifiers, usage data, and conversion events to provide analytics and advertising measurement. Google’s privacy information is available at policies.google.com/privacy.

6.2 Meta Platforms, Inc.

If enabled, Meta services may process page views and conversion events for measurement and audience building (for example, remarketing and lookalike audiences). Meta’s privacy information is available at facebook.com/privacy/policy.

6.3 Cloudflare

We may use Cloudflare for content delivery and security. Cloudflare may process IP-based data to detect threats and maintain performance. Cloudflare’s privacy information is available at cloudflare.com/privacypolicy/.

We do not permit these providers to use Site data for their own independent commercial purposes beyond providing services to us, subject to their contractual and platform obligations.

7. International Transfers

Some of our service providers may process data outside the EEA/UK, including in the United States. Where required, transfers are made using appropriate safeguards, such as:

• EU–US Data Privacy Framework (DPF) (primary, where applicable).
• UK Extension to the EU–US DPF, and Swiss–US DPF, where applicable.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Agreement (IDTA) as a fallback mechanism.

If you want more information about transfer safeguards used for a specific provider, contact us at [email protected].

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy and as required by law. Typical retention periods are:

• Registration submissions: up to 2 years from the last interaction, unless you request deletion earlier.
• Email correspondence: for the duration of the relationship, plus up to 1 year for context and recordkeeping.
• Analytics data: typically 14 months (platform setting), plus any shorter cookie lifetimes.
• Marketing cookies: according to the cookie lifetime (often 90 days).
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit purposes.
• Legal/tax records: retained as required by applicable law (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

Where GDPR or UK GDPR applies, you have the right to:

• Access your personal data (Art. 15).
• Correct inaccurate or incomplete data (Art. 16).
• Request deletion (Art. 17).
• Restrict processing (Art. 18).
• Data portability (Art. 20).
• Object to processing (Art. 21).
• Withdraw consent at any time (Art. 7(3)) for processing based on consent.
• Lodge a complaint with a supervisory authority (Art. 77).

To exercise rights, email [email protected]. We usually respond within 30 days. If a request is complex, we may extend by up to 60 additional days as permitted by law.

Supervisory authority resources:

• EU guidance: edpb.europa.eu
• United Kingdom (ICO): ico.org.uk
• Germany (BfDI): bfdi.bund.de
• France (CNIL): cnil.fr
• Poland (UODO): uodo.gov.pl
• Spain (AEPD): aepd.es

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This Site does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may have their own handling of DNT signals.

12. Data Deletion Requests

To request deletion of personal data, email [email protected] with the subject line “Data Deletion Request”. We may request additional information to verify identity before completing a deletion request. We aim to complete verified deletion requests within 30 days, unless legal obligations require us to keep certain records.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor entity or other relevant third party. If the transfer materially changes how personal data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

This section applies to California residents where the CCPA/CPRA applies. In the last 12 months, we may have collected:

• Identifiers (such as name, email, IP address, cookie IDs) shared with service providers and, where enabled and consented, advertising partners.
• Internet or network activity (such as browsing interactions) shared with analytics and advertising providers when enabled.
• Inferences (such as interests or preferences inferred from browsing activity) used to improve content and advertising relevance where enabled.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out via our cookie preferences panel.

California rights include: Know, Delete, Correct, Opt-Out of sale/sharing, and Non-Discrimination. Requests can be submitted by emailing [email protected] with the subject “California Privacy Request”. We may verify your identity. Authorized agents must provide written proof of authorization.

15. Virginia (VCDPA)

Where applicable, Virginia residents have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we deny your request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If unresolved, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice on the homepage at least 14 days before the change takes effect. The “Last Updated” date at the top of this page reflects the most recent version.

18. Contact

For questions about this Privacy Policy or our data practices, contact:

• Erivadlix Education Ltd
• Registered Address: 128 City Road, London, EC1V 2NX, United Kingdom
• Email: [email protected]