Privacy Policy

2. Personal Data We Collect

We collect the minimum information needed to operate the site, respond to registration requests, and improve the learning experience. Depending on how you use the site, we may collect:

• Identity and contact information: name and email address when you submit the registration form.
• Form content: the information you type into our forms (for example, your name as provided and your email address).
• Technical information: IP address, browser type, device type, operating system, language preference, and approximate location inferred from IP (city/region level).
• Usage information: pages viewed, time on page, referrer/entry page, click paths, and interaction events (for example, clicks on navigation or form submission attempts).
• Cookies and identifiers: consent status and analytics/marketing identifiers where enabled by your cookie preferences (see Section 4 and our Cookie Policy).
• Conversion events: whether a registration form was submitted successfully and which page it came from.

We do not intentionally collect special-category personal data (such as health data, religious or political beliefs), financial account details, or government identification numbers through this website. Please do not send that type of information to us.

3. Why We Process Personal Data and Our Legal Bases

We process personal data only when we have a lawful basis under applicable data protection laws (including the UK GDPR and EU GDPR where relevant). Our main purposes and legal bases are:

• Registration and communications: to respond to your registration request, provide access details, and send operational messages about the training. Legal basis: Article 6(1)(b) (performance of a contract or steps prior to entering a contract) and Article 6(1)(a) (consent) where you provide consent via the form.
• Analytics: to understand how visitors use the site and improve content structure and clarity. Legal basis: Article 6(1)(a) (consent) where analytics cookies are enabled.
• Marketing and remarketing: to measure ad performance and show relevant advertising. Legal basis: Article 6(1)(a) (consent) where marketing cookies are enabled.
• Security and fraud prevention: to protect the site and prevent abuse (for example, bot traffic and malicious requests). Legal basis: Article 6(1)(f) (legitimate interests in keeping the site secure).
• Legal and compliance: to comply with legal obligations and respond to lawful requests. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you within the meaning of Article 22.

4. Cookies and Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags, local storage, and server-side logging to make the site work and to understand how it is used. You can read more in our Cookie Policy.

We group cookies into three categories:

• Essential cookies (always active): required for core functionality. Examples include _site_session and cookie_consent. Retention ranges from session-only to up to 12 months.
• Analytics cookies (consent required): used to measure usage and improve content. We may use Google Analytics 4 with IP anonymisation. Examples include _ga and _ga_XXXXXXXXXX. Typical retention is up to 2 years, with analytics data retention commonly set to 14 months.
• Marketing cookies (consent required): used for conversion measurement, remarketing, and audience building. Examples include _gcl_au, _fbp, and _fbc, typically retained for around 90 days.

Beyond cookies, advertising and analytics partners may also process identifiers derived from IP address and browser/device information (for example, user agent strings) in order to provide aggregated reporting, attribution, and fraud prevention.

5. Consent and How You Can Change Your Preferences

Users in the EEA and UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie (typically for 12 months).

You can change or withdraw consent at any time by using the “Manage cookie preferences” link in the footer. You can also remove cookies through your browser settings. Withdrawal of consent does not affect processing that occurred before the withdrawal.

6. Sharing With Advertising and Service Partners

We use a small set of service providers to operate and improve the site. Depending on your cookie preferences, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage events, and conversion events. Privacy information: https://policies.google.com/privacy.
• Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API): may receive page view events, conversion events, audience membership signals, and hashed identifiers where implemented. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): may process IP-based request data for security and performance purposes. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. Where these providers act as processors or service providers, they are not permitted to use site data for their own independent commercial purposes beyond providing services to us, subject to their contractual and policy frameworks.

7. International Data Transfers

Some of our service providers may process data outside the UK or EEA, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as:

• EU-US Data Privacy Framework (where applicable), including the UK Extension and Swiss-US framework where relevant.
• Standard Contractual Clauses (EU 2021/914) as a fallback safeguard.
• UK International Data Transfer Agreement (IDTA) as a fallback safeguard.

We also apply practical measures where possible, such as minimising data shared and using consent-based activation for analytics and marketing tags.

8. Data Retention

We keep personal data only as long as necessary for the purposes described in this policy:

• Registration submissions: up to 2 years from the last interaction, unless a longer period is needed for dispute handling or legal compliance.
• Email correspondence: for the duration of the relationship and typically up to 1 year afterward, unless retention is required for legitimate reasons (for example, resolving an ongoing issue).
• Analytics data: typically 14 months (subject to configuration) and only where you consent to analytics cookies.
• Marketing cookies: retained according to cookie lifetimes (often around 90 days) and only where you consent.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal obligations: where required by law, we may retain certain records for longer periods (commonly 6–10 years for certain business records).

9. Your Rights

Depending on your location and applicable law (including GDPR and UK GDPR), you may have rights in relation to your personal data:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. This period may be extended by up to 60 additional days for complex requests, in which case we will explain why.

Supervisory authority resources: https://edpb.europa.eu/ and UK ICO: https://ico.org.uk/.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that personal data from a child under 16 has been collected without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own mechanisms for handling similar preference signals.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We will complete deletion within 30 days where possible, except where limited retention is required by law or for legitimate interests (for example, security logs).

13. Business Transfers

If paviprexo is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor or potential successor as part of that transaction. If such a transfer materially changes how personal data is used, we will provide a notice on the site.

14. California Privacy Notice (CCPA and CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). In the past 12 months, we may have collected the following categories of personal information:

• Identifiers: name, email, IP address, cookie identifiers (shared with service providers and advertising partners depending on consent).
• Internet or other electronic network activity information: browsing interactions with our site (used for analytics and advertising where enabled).
• Inferences: interests or preferences derived from site usage for advertising measurement and audience building where marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioural advertising when you enable marketing cookies. California residents may opt out of sharing by adjusting cookie preferences using the footer link.

You may have the right to know, delete, correct, and opt out of sale or sharing, and the right to non-discrimination for exercising your rights. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your identity before processing the request. Authorised agents may submit requests with proof of authorisation.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline to take action, you may appeal by emailing the subject line “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will announce them via a notice on the website at least 14 days before the changes take effect. The “Last Updated” date at the top of this page indicates when the policy was last revised.

18. Contact

If you have questions about this Privacy Policy or how paviprexo handles personal data, contact us:

• Email: [email protected]
• Postal address: 127a Main Road, Duston, Northampton, NN5 6RA, United Kingdom