Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how kajvorexu (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website and when you register interest in our online sewing and tailoring course focused on dresses and outerwear. It also explains your rights and the choices available to you, including how to manage cookies and similar technologies.

Data controller (the party responsible for deciding how your personal data is processed): kajvorexu. Our registered address for privacy correspondence is Catherine House, 76 Gloucester Place, Marylebone, London W1U 6HJ, United Kingdom. Our contact email is [email protected].

This policy is written in plain language and is intended to support transparency. If any part is unclear, email us and we will explain the point in practical terms, including what it means for your registration details and your website browsing activity.

2. Personal Data We Collect

We collect personal data in a few different ways: (a) data you provide directly when you complete a registration form, (b) data collected automatically when you use the website, and (c) data generated as part of basic security and operational logging. The specific categories are listed below.

• Identity and contact data: full name, email address, and any other contact details you choose to provide in communications. Our registration flow requests only the essentials.
• Form content: the information you submit through forms, including fields and metadata such as submission time. If you contact us by email, we also process the contents of your message and our reply.
• Technical data: IP address, browser type and version, device type, operating system, language preferences, and approximate location derived from IP (for fraud prevention and security).
• Usage data: pages viewed, time spent on pages, navigation paths, and referrer information. This data is typically aggregated and used to understand how people find and use the course website.
• Cookies and identifiers: cookie IDs and similar identifiers stored on your device, which support essential functions and, if you consent, analytics and marketing measurement. Details appear in Section 4 and our Cookie Policy at /cookie-policy/.
• Conversion events: events such as viewing key pages or submitting a registration form, which may be used for attribution and to understand which content helps users find the right programme information.

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers. Please do not include sensitive details in free-text communications. If you send sensitive information to us, we will handle it with care, but we ask that you limit messages to what is necessary for your question about course access and learning logistics.

3. Why We Process Your Data & Legal Basis (GDPR Article 6)

We process personal data only where we have a valid legal basis and a clear purpose. The typical purposes and legal bases under the UK GDPR and EU GDPR include:

• Registration and contact handling: to respond to your registration request, deliver confirmation messages, and provide course access information. Legal basis: Article 6(1)(b) (steps prior to entering into a contract) and, where required, Article 6(1)(a) (consent).
• Website analytics (optional): to understand usage patterns and improve the structure of lessons pages, programme information, and navigation. Legal basis: Article 6(1)(a) (consent).
• Marketing measurement and remarketing (optional): to measure the effectiveness of advertising and show relevant messages to people who have interacted with the site. Legal basis: Article 6(1)(a) (consent).
• Security and fraud prevention: to protect the website and our systems, detect abusive traffic, and prevent unauthorised access. Legal basis: Article 6(1)(f) (legitimate interests), balanced against user rights and expectations.
• Legal obligations: to comply with applicable laws and to respond to lawful requests. Legal basis: Article 6(1)(c).

Automated decision-making and profiling (GDPR Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects. If we use advertising audiences, they are used for measurement and delivery of ads, not to make decisions that determine eligibility for services or create legal effects.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event signals. These tools help the website function, support security, and—if you consent—provide analytics and marketing measurement.

We use three categories of cookies and tracking. These categories match our Cookie Policy and the cookie preferences panel accessible via “Manage cookie preferences” in the website footer:

• Essential: required for core functions, such as maintaining a basic site session and storing your consent choices. These do not require consent and are always active.
• Analytics (optional): used to understand how the site is used. Example provider: Google Analytics 4 with IP anonymisation. Typical cookies include _ga (2 years) and _ga_XXXXXXXXXX (2 years). Analytics data retention is typically 14 months.
• Marketing (optional): used for advertising measurement, remarketing, and conversion attribution. Typical cookies include _gcl_au (90 days), _fbp (90 days), and _fbc (90 days when a click identifier is set).

In addition to cookie-based identifiers, advertising and analytics tools may process device and event information such as IP address and user-agent strings. If server-side measurement is enabled in the future, identifiers may be hashed before sharing, depending on the configuration.

5. Consent (EEA and UK)

Users in the EEA and UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie for up to 12 months.

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

6. Sharing With Advertising and Service Partners

We use service providers to operate and improve the website and to measure marketing performance. Depending on your cookie choices, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy information: https://policies.google.com/privacy.
• Meta Platforms (Pixel, Custom Audiences, lookalike audiences, conversions): page events, conversion events, and audience membership. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security services): IP-based threat detection and performance routing. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. Where we use advertising and analytics providers, the intention is measurement and site improvement, not independent commercial use by the provider. Providers may process data according to their own roles and configurations, and some may act as independent controllers for certain processing activities. We recommend reviewing provider privacy documentation for more detail.

7. International Transfers

Some service providers may process data outside the UK or EEA, including in the United States. Where required, transfers are supported by appropriate safeguards such as the EU–US Data Privacy Framework (and its UK Extension and Swiss–US variant where applicable) and, as a fallback, Standard Contractual Clauses (EU 2021/914) and UK transfer mechanisms (such as the UK IDTA).

We take reasonable steps to ensure that international transfers protect personal data in a manner consistent with applicable privacy law, including limiting data shared to what is relevant for the stated purpose.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy. Typical retention periods are:

• Registration submissions: up to 2 years from the last interaction, unless a longer period is required for operational or legal reasons.
• Email correspondence: for the duration of the relationship and typically 1 additional year for continuity and reference, unless you request deletion and we have no legal reason to retain it.
• Analytics data: typically 14 months, subject to provider settings and your consent choices.
• Marketing cookies: for the lifetime of the cookies (often 90 days) unless deleted earlier.
• Security logs: typically 90 days, unless a longer period is needed to investigate abuse or incidents.
• Cookie consent record: up to 3 years for audit purposes.
• Legal and compliance records: retained as required by applicable law.

Where possible, we either delete data or anonymise it so it no longer identifies a person.

9. Your Rights (GDPR and UK GDPR)

Depending on your location, you may have rights over your personal data, including:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We generally respond within 30 days. In complex cases, we may extend by up to 60 additional days and will explain the reason for the extension.

If you wish to lodge a complaint, you can contact your local authority. Helpful directories include: the European Data Protection Board https://edpb.europa.eu and the UK Information Commissioner’s Office https://ico.org.uk.

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without appropriate consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may offer their own controls or extensions that help limit tracking. You can also control cookies through our cookie preferences panel.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable information to verify your identity and locate your data. We aim to complete deletion within 30 days after verification, unless we must retain limited information to comply with legal obligations.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency event, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will notify users through a prominent notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (as amended by the CPRA). Over the past 12 months, we may have collected the following categories of personal information: identifiers (such as name, email, IP address, and device identifiers), internet or network activity information (such as browsing interactions), and inferences (such as preferences derived from site interactions for advertising measurement).

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioural advertising depending on your cookie preferences. California residents may opt out of sharing for cross-context behavioural advertising via our cookie preferences panel.

You may request to know, delete, or correct personal information, and you have the right to non-discrimination for exercising your rights. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your request using reasonable methods. Authorised agents may submit requests with written permission.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act, including rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If you believe we have refused a request incorrectly, you can appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will post a notice on the website at least 14 days before the change takes effect. The “Last Updated” date at the top of the page shows the latest revision.

18. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

• kajvorexu
• Email: [email protected]
• Address: Catherine House, 76 Gloucester Place, Marylebone, London W1U 6HJ, United Kingdom