Skip to main content

Privacy Policy

Last Updated: March 12, 2026

1. Introduction and Controller Identity

This Privacy Policy explains how gohrvexa ("we", "us", "our") collects, uses, and protects personal data when you visit our website and when you contact us through our registration or enquiry forms. We provide educational training content focused on jewelry making and craftsmanship. This policy is written to be clear and practical, so you can understand what data is collected, why it is collected, and what choices you have.

Data Controller: Gohrvexa Craft Education Ltd, 2 Lower St. Clere, Kemsing, Sevenoaks TN15 6NL, United Kingdom. You can contact us at [email protected].

We do not appoint a Data Protection Officer (DPO) because our activities do not involve large-scale processing of special-category data. If you have a privacy question, the fastest route is email; you may also write to the registered address above.

2. Personal Data We Collect

We collect the minimum data needed to run a reliable educational website, respond to messages, and (where you agree) understand site usage and advertising performance. The specific data we may collect includes:

  • Identity and contact details: name and email address you submit via our forms.
  • Form content: any text you choose to include in a message field (for example, a question about tools or modules). If you keep notes concise, our processing stays concise too.
  • Technical information: IP address, browser type, device type, operating system, language settings, and approximate location derived from IP (city or region level).
  • Usage information: pages viewed, time on page, referral source, and interaction events (for example, a form submission or a click on a key page section).
  • Cookies and identifiers: cookie identifiers and consent choices stored in your browser, as described in Section 4 and in our Cookie Policy.
  • Conversion events: signals that a registration was submitted, used for reporting and troubleshooting (for example, ensuring the form endpoint is functioning).

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers. Please do not include sensitive information in your message to us. If you do, we will treat it with care and limit internal access, but we still prefer that it is not sent.

3. Why We Process Personal Data and Our Legal Basis

If you are in the UK or EEA, the General Data Protection Regulation (GDPR) and UK GDPR require a legal basis for processing. We use the following bases depending on context:

  • Contact and registration forms: we process your name and email to respond to your request and provide requested updates. Legal basis: Article 6(1)(b) (steps at your request prior to entering a contract) and, where you explicitly agree to be contacted, Article 6(1)(a) (consent).
  • Analytics: if you consent to analytics cookies, we process usage data to understand what content is helpful and where navigation can be improved. Legal basis: Article 6(1)(a) (consent).
  • Marketing and remarketing: if you consent to marketing cookies, we may measure ad performance and create audiences for relevant educational offers. Legal basis: Article 6(1)(a) (consent).
  • Security and fraud prevention: we process technical data (such as IP and request metadata) to protect the website from abuse, bot traffic, and attacks. Legal basis: Article 6(1)(f) (legitimate interests).
  • Legal compliance: we may retain some records to comply with legal obligations or to handle disputes. Legal basis: Article 6(1)(c) (legal obligation) and/or Article 6(1)(f) (legitimate interests).

Automated decision-making (Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Any advertising audience building is limited to marketing measurement and relevance, and it does not create legal effects for you.

4. Cookies and Tracking

Cookies are small text files stored on your device. We also refer to similar technologies such as pixel tags and server-side event signals. We group cookies into three categories that match our consent choices:

Essential cookies (always active)

Essential cookies are required for the website to function. They support basic site continuity and remember your cookie choices. These cookies do not require consent under UK and EU rules when they are strictly necessary.

  • _site_session (first-party): helps maintain basic session continuity. Retention varies (session to a limited period).
  • cookie_consent (first-party): stores your preferences for essential, analytics, and marketing categories. Retention: up to 12 months.

Analytics cookies (optional)

Analytics cookies help us understand which pages are useful and where the learning path feels unclear. When enabled, we may use Google Analytics 4 (GA4) with IP anonymization settings. Examples include _ga and _ga_XXXXXXXXXX. Data retention is typically set to 14 months.

Marketing cookies (optional)

Marketing cookies are used for advertising measurement and showing relevant educational offers. When enabled, we may use Google Ads and Meta technologies such as the Meta Pixel. Examples include _gcl_au (Google Ads), _fbp and _fbc (Meta). Typical retention for these identifiers is around 90 days, depending on provider settings.

Beyond cookies, some providers also rely on pixel tags (loaded in your browser) and may support server-side event sending (for example, conversion APIs). If we use server-side event sending, it may include limited identifiers (such as hashed values) to reduce duplication and improve measurement accuracy. Where consent is required, we treat such marketing/analytics events as subject to your cookie preferences.

5. Consent in the UK and EEA

Users in the EEA and UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (retention up to 12 months).

You can withdraw consent at any time by using the "Manage cookie preferences" link in the website footer, or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

6. Sharing With Advertising and Service Partners

We share personal data only when it is necessary to operate the website, respond to messages, or (where you consent) measure performance. We do not sell personal data. Our partners may include:

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy.
  • Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, conversion measurement): may receive page view and conversion signals, and cookie identifiers where enabled. Privacy policy: https://www.facebook.com/privacy/policy.
  • Cloudflare (CDN and security): may process IP addresses and request metadata for threat detection and performance. Privacy policy: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us. Some providers act as independent controllers for parts of their processing; their own policies explain how they handle data within their platforms.

7. International Transfers

Some of our service providers are based outside the UK and EEA, including in the United States. When personal data is transferred internationally, we rely on appropriate safeguards, such as:

  • The EU-US Data Privacy Framework (DPF) (where applicable), including the UK Extension to the DPF and Swiss-US DPF for relevant transfers.
  • Standard Contractual Clauses (EU 2021/914) as a fallback where needed.
  • UK International Data Transfer Agreement (IDTA) as a fallback for UK transfers where needed.

If you would like details about the safeguards applicable to a specific transfer, contact us at [email protected].

8. Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Contact and registration submissions: typically up to 2 years from the last meaningful interaction.
  • Email correspondence: for the duration of the relationship, plus up to 1 year for continuity and auditability.
  • Analytics data: typically 14 months, depending on provider settings and your consent.
  • Marketing cookies: retained per cookie lifetime (often 90 days) and only where you consent.
  • Server logs: typically up to 90 days for security and troubleshooting.
  • Cookie consent record: up to 3 years for audit and compliance documentation.
  • Legal obligations: if we must retain data to comply with a legal requirement, we retain it for the period required by law.

9. Your Rights (GDPR and UK GDPR)

If you are in the UK or EEA, you may have the right to request:

  • Access to your personal data (Article 15).
  • Rectification of inaccurate or incomplete data (Article 16).
  • Erasure in certain situations (Article 17).
  • Restriction of processing in certain situations (Article 18).
  • Data portability in certain situations (Article 20).
  • Objection to processing based on legitimate interests (Article 21).
  • Withdrawal of consent at any time where processing is based on consent (Article 7(3)).
  • The right to lodge a complaint with a supervisory authority (Article 77).

To exercise a right, email [email protected]. We aim to respond within 30 days. For complex requests, we may extend the response time by up to 60 days as permitted by law, and we will tell you if an extension is needed.

Supervisory authorities: UK Information Commissioner's Office (ICO): https://ico.org.uk/. For EEA guidance, see the European Data Protection Board: https://edpb.europa.eu/.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to "Do Not Track" (DNT) signals sent by browsers. Third-party providers may have their own approaches to DNT, described in their respective privacy policies.

12. Data Deletion Requests

You can request deletion of your personal data by emailing us with the subject line "Data Deletion Request". We may ask for limited information to verify identity and locate relevant records. Where we cannot delete data due to a legal obligation, we will restrict its use and explain the reason.

We aim to complete deletion requests within 30 days of verification. In practice, most requests are simpler: removing a registration record and associated email history, while keeping a minimal suppression note to ensure we do not re-contact you in error.

13. Business Transfers

If we undergo a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If such a transfer materially changes how personal data is used, we will provide a notice on the website.

14. California Privacy Notice (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), as amended by the CPRA. Over the past 12 months, we may have collected the following categories of personal information:

  • Identifiers (such as name, email, IP address, cookie IDs) shared with service providers and, where you consent, advertising partners.
  • Internet or network activity (pages viewed, interactions) used for analytics and advertising measurement where you consent.
  • Inferences (such as interests derived from page interactions) used for advertising relevance where you consent.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using our cookie preferences panel (available via the footer link "Manage cookie preferences").

California rights may include: the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject "California Privacy Request". We will verify your request before fulfilling it. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, data portability, and opt-out of targeted advertising. We do not sell personal data or engage in profiling producing legal or similarly significant effects.

To submit a request, email [email protected] with the subject "Virginia Privacy Request". If we deny a request, you may appeal by emailing "Appeal of Refusal — Privacy Request". We aim to respond to appeals within 60 days. If the appeal is not resolved, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject "Nevada Do Not Sell Request". We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how we operate the site. If we make material changes, we will post a notice on the homepage at least 14 days before the changes take effect where practicable. The "Last Updated" date at the top of this page is refreshed with every revision.

18. Contact

For privacy questions, requests, or concerns, contact:

Gohrvexa Craft Education Ltd
2 Lower St. Clere
Kemsing, Sevenoaks TN15 6NL, United Kingdom

Email: [email protected]