Skip to main content

Privacy Policy

Last Updated: March 14, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how tudelniko (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit tudelniko.com (the “Site”) or when you contact us about our outdoor clothing sales course. We created this policy to be readable without legal training, while still being specific enough that you can understand what happens to your information.

Data Controller: Tudelniko Education LLC, Nerudova 1210, 763 61 Napajedla, Czech Republic. For privacy questions or requests, email [email protected]. You can also reach us by phone at +420 577 110 984.

We do not currently appoint a dedicated Data Protection Officer (DPO). If your request is complex, we may ask for additional information to verify identity and to ensure we address the correct data.

2. Personal Data We Collect

We collect information that helps us respond to course questions, provide registration details, and operate the Site reliably. The categories below reflect what is typically collected in a lead-generation, course-information website with optional analytics and marketing measurement.

  • Identity and contact data: your name, email address, phone number (if provided), employer or organization name (if you include it), and similar contact details.
  • Form submission content: messages you write to us, such as what categories you sell (shells, insulation, footwear), what you want to improve (consultation flow, size guidance, merchandising), and any other details you choose to provide.
  • Technical data: IP address, browser type and version, device type, operating system, language setting, time zone, and approximate location inferred from IP (country/region level).
  • Usage data: pages viewed, time on page, referrer source, click paths, and interactions such as opening course pages or contacting us. This is typically collected through analytics tools, but only when you have provided consent for analytics cookies.
  • Cookies and identifiers: essential cookies that keep the site functioning and remember consent choices; optional analytics and marketing identifiers if you consent. Details are in Section 4 and in our Cookie Policy.
  • Conversion events: events related to registration or contact submissions (for example, successful form submission). These events may be measured by analytics/marketing tools only after consent.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this Site. Please do not include sensitive information in the message field of any form.

3. Why We Process Your Data & Legal Basis (GDPR Art. 6)

We process personal data only when we have a lawful basis under the GDPR (and UK GDPR where applicable). The basis can depend on the context and on the choices you make about cookies.

  • Contact and registration forms: we use your details to respond to you and to provide course information or onboarding steps. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent, where you explicitly provide information and consent to be contacted).
  • Analytics: we use analytics to understand how visitors use the site (for example, which curriculum sections are most visited), so we can improve structure and clarity. Legal basis: GDPR Art. 6(1)(a) consent.
  • Marketing and remarketing: we may measure ads and build audiences for relevant course information. These activate only after you consent to marketing cookies. Legal basis: GDPR Art. 6(1)(a) consent.
  • Security and abuse prevention: we use technical logs and security controls to protect the Site from fraud, spam, and malicious traffic. Legal basis: GDPR Art. 6(1)(f) legitimate interests.
  • Legal obligations: where applicable, we may retain certain records to comply with legal, tax, or regulatory requirements. Legal basis: GDPR Art. 6(1)(c) legal obligation.

Automated Decision-Making (Art. 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. Any ad audience building is used for measurement and relevance and does not make decisions that would meaningfully affect your rights.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies (such as pixel tags) and may rely on server-side event forwarding where consent is present. Our cookie choices are organized into three categories that match the controls you see in the cookie banner and preferences panel.

Essential (always active)

Essential cookies are required for the site to function and to remember your consent choice. They may include a session cookie such as _site_session and a consent cookie such as cookie_consent. These do not require consent.

Retention is typically session-based to up to 12 months depending on the cookie purpose. Consent records may be retained longer for audit purposes.

Analytics (consent required)

If you accept analytics cookies, we may use Google Analytics 4 (GA4) with IP anonymization where available. Analytics helps us understand which pages are helpful (for example, curriculum vs registration), how visitors navigate, and where content needs clarification. Analytics retention is generally set to 14 months.

Examples of analytics cookies include _ga and _ga_XXXXXXXXXX (a GA4 cookie with a property-specific identifier).

Marketing (consent required)

If you accept marketing cookies, we may measure advertising effectiveness and show relevant course information through platforms such as Google Ads and Meta. Marketing cookies can support remarketing, conversion attribution, and audience creation (for example, people who visited the curriculum page).

Typical marketing cookies include _gcl_au (Google Ads) and _fbp / _fbc (Meta). Cookie lifetimes are usually around 90 days, though exact retention can vary by platform settings.

Beyond cookies, advertising platforms can also use pixel tags and server-side events (where enabled) using identifiers derived from device and browser data. When server-side forwarding is used, it is configured to respect consent and to limit shared fields to what is necessary for measurement.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your choice is recorded in the cookie_consent browser cookie (typically 12 months).

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing your browser cookies. Withdrawal does not affect prior lawful processing carried out before you withdrew consent.

6. Sharing With Advertising & Service Partners

We share data only when needed to operate the site, respond to requests, or measure consented analytics/marketing activity. We do not sell personal data.

  • Google LLC (GA4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, conversion events, and audience membership when enabled by consent. Privacy: https://policies.google.com/privacy
  • Meta Platforms (Pixel, Custom/Lookalike Audiences, Conversion API): may receive page view and conversion events, audience membership, and identifiers when enabled by consent. Privacy: https://www.facebook.com/privacy/policy
  • Cloudflare (CDN and security): may process IP addresses and device signals to protect against abuse and to ensure site availability. Privacy: https://www.cloudflare.com/privacypolicy/

These providers act as processors or independent controllers depending on the product and configuration. Where possible, we configure tools to minimize collection and to respect consent choices. We do not permit these providers to use site data for their own independent commercial purposes beyond providing their services and maintaining security.

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards, which may include the EU-U.S. Data Privacy Framework (DPF) (since July 2023), the UK Extension to the DPF, the Swiss-U.S. DPF (where relevant), and Standard Contractual Clauses (EU 2021/914) as a fallback. For UK transfers, we may also rely on the UK International Data Transfer Addendum (IDTA) as a fallback.

8. Data Retention

We retain personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law. Typical retention periods are:

  • Contact and registration submissions: up to 2 years from last interaction, so we can follow up on course questions and maintain continuity.
  • Analytics data: 14 months (typical GA4 setting), subject to consent and tool configuration.
  • Marketing cookies: per cookie lifetime (commonly 90 days) and subject to consent.
  • Email correspondence: the duration of the relationship plus 1 year for operational context.
  • Server and security logs: around 90 days, unless needed longer for security investigations.
  • Cookie consent record: up to 3 years for audit and compliance purposes.
  • Legal and tax records: as required by applicable law (often 6 to 10 years for invoice-related records).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights under GDPR/UK GDPR, including:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise these rights, email [email protected]. We aim to respond within 30 days. For complex requests, this may be extended by up to 60 days as permitted by law.

Supervisory authorities: EU guidance is available at https://edpb.europa.eu. If you are in the UK, you can contact the ICO at https://ico.org.uk. Other examples include Germany’s BfDI (https://www.bfdi.bund.de), France’s CNIL (https://www.cnil.fr), Poland’s UODO (https://uodo.gov.pl), and Spain’s AEPD (https://www.aepd.es).

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect data from minors. If we learn that we have received personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may have their own handling of DNT and similar signals.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for information to verify that the request comes from you. We typically complete deletion within 30 days, unless we must retain limited data to comply with legal obligations or to resolve disputes.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, or insolvency event, personal data may be transferred to a successor entity. If such a transfer materially changes how data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

This section applies to California residents where the CCPA/CPRA is applicable. In the last 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, IP address, device identifiers (shared with service providers and, with consent, ad partners).
  • Internet or network activity: page interactions and browsing behavior (used for analytics and advertising, subject to consent where required).
  • Inferences: interests or preferences inferred from site activity (used for advertising measurement and audience creation, subject to consent where required).

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when marketing cookies are enabled. California residents can opt out of sharing by using our cookie preferences panel (Manage cookie preferences in the footer) or by rejecting marketing cookies.

Your rights may include the right to know, delete, correct, and opt out of sale/sharing, as well as the right to non-discrimination. Requests can be submitted by emailing [email protected] with the subject “California Privacy Request”. We will verify your request as required. Authorized agents must provide written proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we decline to act on a request, you may appeal by emailing us with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will post a notice on the homepage at least 14 days before the change takes effect. The “Last Updated” date at the top of this page shows when the policy was most recently revised.

18. Contact

If you have questions about privacy or want to exercise your rights, contact: