Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how gelakeatm (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website and when you contact us about our Decorative Ceramic Home Decor Course. The course is focused on handmade ceramic vases and decorative interior pieces and is offered as educational training only.

Data Controller: gelakeatm s.r.o.
Registered address: Vídeňská 182/102j, 619 00 Brno, Czechia
Contact email: [email protected]
Phone: +420 547 212 973

We do not appoint a Data Protection Officer (DPO) because our processing does not involve large-scale processing of special-category data. If you have questions about privacy, you can contact us using the details above.

2. Personal Data We Collect

We collect only the data we need to operate the site, respond to requests, and improve the website. Depending on how you interact with the site, we may collect the following categories:

• Identity & contact information: name, email address, and (if you choose to contact us by phone) your phone number.
• Form content: any information you provide in registration or contact submissions (for this website, the registration form requests name and email only).
• Technical data: IP address, browser type and version, device and operating system information, language and regional settings, and approximate location derived from IP (city/region level).
• Usage data: pages viewed, time spent, referrer URL, click paths, and interactions with website elements.
• Cookies & identifiers: first-party cookies for essential site functions and your consent record; and (if you consent) third-party analytics and marketing identifiers.
• Conversion events: non-sensitive events such as a form submission success, used to understand the effectiveness of site content and advertising when you consent to marketing cookies.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this website. Please do not submit such information via our forms or email.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data for the purposes listed below and rely on the following legal bases under the EU General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR:

• Responding to registration and contact requests: We use your name and email to respond to your inquiry, share course information, and coordinate next steps. Legal basis: Art. 6(1)(b) (performance of a contract or steps prior to entering a contract) and Art. 6(1)(a) (consent, where applicable).
• Website analytics (optional): If you consent, we measure how visitors use the site so we can improve content clarity, navigation, and page performance. Legal basis: Art. 6(1)(a) (consent).
• Marketing/remarketing (optional): If you consent, we measure advertising performance and show relevant course messages to people who have visited the site. Legal basis: Art. 6(1)(a) (consent).
• Security and fraud prevention: We use technical logs and security tooling to protect the site against abuse, automated attacks, and unauthorized access. Legal basis: Art. 6(1)(f) (legitimate interests in protecting our website and users).
• Legal and compliance obligations: In limited circumstances, we may retain or disclose information to comply with legal obligations. Legal basis: Art. 6(1)(c) (legal obligation).

Automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

We use cookies and similar technologies to keep the site working, remember your preferences, and (with your consent) measure usage and advertising performance. Cookies are small text files stored on your device. We also refer to “pixel tags” and similar scripts that can transmit events such as page views or form submissions.

Essential (always active)

Essential cookies are required for the site to function and cannot be turned off via the cookie banner. Examples include:

• _site_session: supports basic session continuity and security.
• cookie_consent: stores your cookie preference choices so we can honor them.
• CSRF/security tokens: help prevent malicious submissions and protect the website.

Retention: Essential cookies are typically session-based or up to 12 months, depending on the cookie and your browser settings.

Analytics (optional, consent required)

If you consent to analytics cookies, we may use Google Analytics 4 (GA4) to understand site usage. We configure GA4 with IP anonymization where available and use it to assess aggregate trends such as which pages are read most and whether visitors can find key learning modules (clay preparation, shaping techniques, glazing methods).

Example cookies: _ga (2 years) and _ga_XXXXXXXXXX (2 years). Analytics data retention is typically 14 months in our reporting configuration.

Marketing (optional, consent required)

If you consent to marketing cookies, we may use marketing technologies associated with Google Ads and Meta to measure ad performance, create remarketing audiences, and understand which course pages are most useful before a registration request. These technologies may set cookies such as _gcl_au, _fbp, or _fbc.

Beyond cookies, advertising platforms can also use device and browser identifiers derived from signals like IP address and user-agent. Where used, server-side event transmission (for example via a conversion API) may rely on hashed identifiers. We do not intentionally collect or transmit sensitive personal data for advertising.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your choice is recorded in the cookie_consent browser cookie, typically for 12 months.

You can withdraw consent at any time by selecting “Manage cookie preferences” in the footer and adjusting your choices, or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before you withdrew consent.

6. Sharing With Advertising & Service Partners

We use a limited set of service providers to run and secure the website. Depending on your cookie consent choices, data may be shared with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, audience membership, and limited identifiers (including hashed identifiers where applicable). Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare (content delivery network and security): IP-based threat detection, performance and security logs. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. These providers act as processors or independent controllers depending on the context and product configuration. We do not permit providers to use site data for their own independent commercial purposes beyond providing and securing their services, measuring performance, and supporting advertising functionality you consent to.

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. When transfers occur, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (where applicable), the UK Extension to the DPF, the Swiss-US DPF, and/or Standard Contractual Clauses (EU 2021/914) as a fallback. For UK transfers, the UK IDTA may also be used as a fallback mechanism.

Where needed, we apply additional measures consistent with risk-based transfer assessments, such as minimizing data, restricting event parameters, and honoring consent settings.

8. Retention

We keep personal data only as long as necessary for the purposes described in this Privacy Policy:

• Registration/contact submissions: up to 2 years from the last interaction, unless a longer period is needed to handle a request or comply with legal obligations.
• Analytics data: typically 14 months in reporting configuration (where analytics cookies are enabled by consent).
• Marketing cookies: according to each cookie’s lifespan (for example 90 days), where enabled by consent.
• Email correspondence: for the duration of our relationship plus 1 year for continuity and recordkeeping, unless you request deletion and we have no legal reason to retain it.
• Server and security logs: typically 90 days, unless extended for incident investigation.
• Consent records: we may retain evidence of consent (such as cookie consent logs) for up to 3 years for audit and compliance purposes.
• Legal/tax: where applicable, data associated with invoicing or statutory retention may be kept for the period required by law (often 6–10 years).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA/UK, you may have the right to:

• Access your personal data (Art. 15)
• Rectify inaccurate or incomplete data (Art. 16)
• Erase your data in certain circumstances (Art. 17)
• Restrict processing in certain circumstances (Art. 18)
• Data portability for data you provided to us (Art. 20)
• Object to processing based on legitimate interests (Art. 21)
• Withdraw consent at any time for processing based on consent (Art. 7(3))
• Lodge a complaint with a supervisory authority (Art. 77)

To exercise rights, email [email protected]. We usually respond within 30 days. In complex cases, the response time may be extended by up to 60 additional days, and we will tell you if an extension is needed.

Supervisory authorities: EU guidance at https://edpb.europa.eu. UK authority: https://ico.org.uk. Other national authorities include Germany (https://www.bfdi.bund.de), France (https://www.cnil.fr), Poland (https://uodo.gov.pl), and Spain (https://www.aepd.es).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may offer their own controls for interest-based advertising and measurement.

12. Data Deletion Requests

You may request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity before completing the request. We aim to complete deletion within 30 days where possible.

In some cases, we may need to retain limited information to comply with legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

If we undergo a merger, acquisition, asset sale, financing, reorganization, bankruptcy, or insolvency event, personal data may be transferred to a successor or affiliate as part of that transaction. If the transfer materially changes how personal data is used, we will provide notice through the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA. In the last 12 months, we may have disclosed the following categories of personal information to service providers and advertising partners, depending on cookie consent choices:

• Identifiers (such as name, email, IP address, device IDs) to service providers and ad partners for communications, analytics, and advertising measurement.
• Internet or network activity (such as page views and interactions) to analytics and advertising providers.
• Inferences (such as interests and preferences inferred from site usage) to advertising partners where marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We do share certain data for cross-context behavioral advertising when you enable marketing cookies. California residents may opt out by using our cookie preferences panel (see “Manage cookie preferences” in the footer).

You may request to know, delete, or correct personal information, and you may opt out of sale/sharing. Submit requests by emailing [email protected] with the subject line “California Privacy Request”. We will verify your identity before responding. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example if our website features change or if we begin using new service providers. Material changes will be announced via a notice on the homepage at least 14 days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

For privacy questions or requests, contact:

gelakeatm s.r.o.
Vídeňská 182/102j, 619 00 Brno, Czechia
Email: [email protected]
Phone: +420 547 212 973