Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how tojmirhel (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website and when you contact us through our forms. The website provides educational information about our online course focused on electronics sales, retail operations, and e-commerce fundamentals.

Data Controller: Tojmirhel Education LLC, Thomayerova 590/9, České Budějovice 7, 370 01 České Budějovice, Czechia. You can contact us about privacy at [email protected].

Effective Date: March 14, 2026. We do not appoint a Data Protection Officer for this website. If you have questions about this policy, contact us using the email above and we will route your request to the appropriate person.

2. Personal Data We Collect

We collect personal data that you choose to provide and limited technical data necessary to operate and secure the site. The categories below describe the types of information we may process:

• Identity and contact information: name (if you provide it), email address, and any other details you include in your message.
• Form content: the message text you send to us, including course interests (for example: TVs, laptops, phones, audio, smart home), and operational topics (for example: returns triage, SKU hygiene, inventory cycle counts, merchandising routines).
• Technical information: IP address, browser type, device type, operating system, language settings, approximate location derived from IP (city/region-level), and basic diagnostic signals (for example: page load errors).
• Usage information: pages visited, time spent, referrer information, and interaction events (for example: clicking a navigation link or submitting a form). These are collected only if you consent to analytics cookies where required.
• Cookies and identifiers: cookie preferences and session continuity identifiers (see Section 4). Optional analytics and marketing identifiers are used only if you consent to those categories.
• Conversion events: an event that a form was submitted or a page was visited, which may be used for measurement if marketing cookies are enabled.

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers through our standard website forms. Please do not send sensitive personal information in form messages.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only for specific purposes and on a lawful basis under GDPR/UK GDPR where applicable. Our typical purposes and legal bases include:

• Responding to contact and registration requests: We use your email and message to reply, clarify your request, and share course access information. Legal basis: Art. 6(1)(b) (steps prior to entering into a contract) and, where you provide consent to be contacted, Art. 6(1)(a).
• Site functionality and security: We use limited technical data and essential cookies to keep the site reliable, prevent abuse, and troubleshoot issues. Legal basis: Art. 6(1)(f) (legitimate interests) and, for essential cookies that are strictly necessary, the applicable ePrivacy rules.
• Analytics to improve content: If you consent, we may use analytics to understand which pages and course topics are most useful (for example: curriculum sections, learning outcomes, or FAQ). Legal basis: Art. 6(1)(a) (consent).
• Marketing measurement and remarketing: If you consent, marketing cookies may help measure the performance of ads and show relevant messages. Legal basis: Art. 6(1)(a) (consent).
• Legal compliance: We may process data to comply with applicable laws, handle lawful requests, or defend legal claims. Legal basis: Art. 6(1)(c) and Art. 6(1)(f).

Automated decision-making and profiling (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also refer to similar technologies such as pixel tags and server-side event forwarding. Our site uses three categories of cookies, aligned with our Cookie Policy:

Essential cookies (always active)

Essential cookies are required for core site functionality, security, and remembering your privacy choices. These do not require consent where permitted by law. Examples include:

• _site_session: maintains session continuity (typically session-based).
• cookie_consent: stores your cookie preference choices (typically 12 months).
• CSRF/security signals: used to help prevent fraudulent submissions and abuse.

Analytics cookies (optional, consent-based)

If you opt in, analytics cookies help us understand how the site is used so we can improve clarity and navigation. We commonly use Google Analytics 4 (GA4) configured to reduce identifiability (for example, IP anonymization where available). Example cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically set to 14 months.

Marketing cookies (optional, consent-based)

If you opt in, marketing cookies can be used to measure ad performance, build remarketing audiences, and attribute conversions. Examples may include _gcl_au (Google Ads) and _fbp / _fbc (Meta). These cookies typically have retention periods around 90 days, depending on the provider’s settings.

Beyond cookies, some providers may use pixel tags and server-side event forwarding that rely on a combination of device signals (for example: IP address and User-Agent). Where required, we treat these as analytics/marketing technologies and enable them only after consent.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your consent is recorded in the cookie_consent browser cookie (typically 12 months). You may withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser settings. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing With Advertising & Service Partners

We use a small number of service providers to operate and measure our website. Depending on your consent choices, we may share limited data with the following categories of partners:

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Policies: https://policies.google.com/privacy.
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversion events, and audience membership; where implemented, certain identifiers may be hashed before transmission. Policies: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): IP-based threat detection and performance routing. Policies: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. Where we use advertising and analytics providers, they act as processors or service providers for us, and we configure tools to the extent possible to limit use of data beyond providing services to us. These providers may process data on infrastructure outside your country (see Section 7).

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. When transfers occur, we rely on recognized transfer mechanisms such as the EU–US Data Privacy Framework (and the UK Extension where applicable) or Standard Contractual Clauses (EU 2021/914) as a fallback, as well as additional safeguards when needed. For Switzerland, we may rely on the Swiss–US Data Privacy Framework and related contractual protections.

8. Retention

We keep personal data only for as long as needed for the purposes described in this policy:

• Contact and registration submissions: up to 2 years from the last interaction, unless a longer period is needed for dispute handling or legal obligations.
• Email correspondence: for the duration of the relationship plus up to 1 year for continuity and recordkeeping.
• Analytics data: typically 14 months (tool setting), subject to your consent and provider controls.
• Marketing cookie identifiers: based on cookie lifetime (often around 90 days), subject to your consent.
• Server logs and security records: typically up to 90 days, unless needed longer to investigate abuse or security incidents.
• Cookie consent records: preference cookie up to 12 months; audit records (where needed) up to 3 years.
• Legal and compliance records: retained as required by law (for example, accounting records where applicable may be retained for 6–10 years).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have the right to request access to your personal data (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and to object (Art. 21). You also have the right to withdraw consent at any time (Art. 7(3)) where processing is based on consent. You may lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email [email protected]. We typically respond within 30 days. For complex requests, we may extend by up to 60 additional days as permitted by law. We may request reasonable information to verify your identity before fulfilling a request.

Supervisory authorities include:

• EU guidance: https://edpb.europa.eu
• United Kingdom (ICO): https://ico.org.uk
• France (CNIL): https://www.cnil.fr
• Germany (BfDI): https://www.bfdi.bund.de
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided us with personal data without verifiable parental consent, please contact us and we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We will complete the request within 30 days after verifying identity, unless we must retain certain records for legal compliance, dispute resolution, or security.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, reorganization, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide a notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA. In the past 12 months, we may have collected the following categories of information: identifiers (such as name, email, IP address, and cookie identifiers) and internet/network activity information (such as pages viewed and interactions), depending on your consent settings.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising if you enable marketing cookies; you can opt out by using our cookie preferences panel (“Manage cookie preferences” in the footer).

Rights may include: the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination for exercising rights. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before responding. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act, including access, correction, deletion, portability, and the ability to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If your appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post a notice on the homepage at least 14 days before changes take effect. The “Last Updated” date at the top of this page reflects the latest revision.

18. Contact

For privacy questions, requests, or concerns, contact:

• Tojmirhel Education LLC
• Thomayerova 590/9, České Budějovice 7, 370 01 České Budějovice, Czechia
• Email: [email protected]
• Phone: +420 387 312 894