Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how bodurvexn ("we", "us") collects, uses, and protects your personal data when you visit our website. The site is an educational platform focused on bicycle sales and bicycle retail management training. We use your data to provide registration handling, respond to messages, maintain site security, and—only where you choose—measure usage and advertising performance.

Data Controller: Bodurvexn Learning GmbH, Mostecká 273/21, Malá Strana (Praha 1), 118 00 Praha, Czechia. Contact email: [email protected]. Phone: +420 257 531 842.

Effective Date: March 12, 2026. If we materially change how we use personal data, we will publish a notice on the site before the change takes effect.

2. Personal Data We Collect

We collect personal data in a limited and practical way. The specific data depends on how you interact with the website (registration, contacting support, and your cookie choices). The categories below describe what we may collect.

• Identity and contact data: first name, last name, email address, and (if provided elsewhere) phone number.
• Registration data: the password you enter in the registration form. For security reasons, passwords should be unique and strong. We do not request or need sensitive personal information for training registration.
• Form content: the content of messages you submit through our contact form, including any details you choose to share about your learning needs or course access questions.
• Technical data: IP address, device type, browser type/version, operating system, language preferences, and approximate location derived from IP (city/region level).
• Usage data: pages visited, time spent on pages, referrer page, click paths, and interaction events (for example, whether a form was started or completed).
• Cookies and identifiers: cookie values and similar identifiers that store preferences or support measurement (see Section 4).
• Conversion events: basic events that indicate a user completed a step, such as a completed form submission.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers. Please avoid entering sensitive personal information in free-text fields.

3. Why We Process Data & Legal Basis (GDPR Art. 6)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process personal data under the lawful bases listed below. When other laws apply, we process data using equivalent lawful grounds (for example, consent, contract necessity, and legitimate interests).

• Course registration handling: to receive and process your registration details and send course access communications. Legal basis: Art. 6(1)(b) (contract steps) and, where we rely on your permission to contact you, Art. 6(1)(a) (consent).
• Support and communications: to respond to inquiries and resolve access issues. Legal basis: Art. 6(1)(b) and/or Art. 6(1)(f) (legitimate interest in providing support).
• Analytics (optional): to understand which pages are most useful and improve the training information we publish. Legal basis: Art. 6(1)(a) (consent).
• Marketing/remarketing (optional): to measure ad performance and show relevant messages to people who have interacted with the site. Legal basis: Art. 6(1)(a) (consent).
• Security and fraud prevention: to keep the website reliable, detect abuse, and protect the integrity of forms. Legal basis: Art. 6(1)(f) (legitimate interest).
• Legal obligations: to comply with applicable laws and respond to lawful requests. Legal basis: Art. 6(1)(c) (legal obligation).

Automated Decision-Making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We use cookies and similar technologies to run core site functions and, if you opt in, to measure usage and marketing effectiveness. Some measurement can also be performed via pixel tags and server-side events. Your cookie choices are managed through the cookie banner and preferences panel available on the site.

We use the following categories. These categories match our Cookie Policy.

Essential (always active)

Essential cookies are required for the site to function and cannot be switched off in our system. These cookies support core features like session continuity and storing your consent settings. Examples include _site_session and cookie_consent. Retention ranges from session duration to 12 months, depending on the cookie.

Analytics (consent required)

Analytics cookies help us understand how the website is used so we can improve content and navigation. Where enabled, we use Google Analytics 4 (GA4) with IP anonymization. Example cookies include _ga and _ga_XXXXXXXXXX. Analytics retention is configured for 14 months.

Marketing (consent required)

Marketing cookies are used to measure advertising performance and support relevant messaging. Where enabled, they may include cookies from Google Ads and Meta such as _gcl_au, _fbp, and _fbc. These identifiers help with remarketing, conversion attribution, and audience measurement.

Beyond cookies, we may use pixel tags (for example, via gtag.js or Meta Pixel) and may send server-side events (for example, via a server-side tag manager or conversion APIs). Where applicable, identifiers may be hashed before transmission. These features are activated only when you provide the relevant consent.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your preferences are recorded in the cookie_consent browser cookie (12 months). You can withdraw consent at any time using the “Manage cookie preferences” link in the footer or by clearing your browser cookies.

Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing With Advertising & Service Partners

We use service providers to operate the website and, if you opt in, to measure and improve advertising. We do not sell personal data. Where we share data with partners for analytics or marketing, it is based on your consent and is limited to what is needed for the stated purpose.

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms (Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, and audience membership signals, and where applicable hashed identifiers. Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security services): IP-based security and threat detection data used to protect the site. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes.

7. International Transfers

Some of our providers process data outside the EEA/UK, including in the United States. When we transfer personal data internationally, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (and the UK Extension and Swiss-US DPF where applicable) or Standard Contractual Clauses (EU 2021/914) as a fallback, and the UK International Data Transfer Agreement (IDTA) as a fallback where relevant.

We also take supplementary measures where needed, such as minimizing data fields and using encryption in transit.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Contact submissions: typically retained for up to 2 years from the last interaction to support follow-ups and continuity.
• Analytics data: retained for 14 months (where enabled).
• Marketing cookies: retained according to cookie lifetimes (for example, 90 days for certain marketing cookies).
• Email correspondence: retained for the duration of the relationship plus 1 year, unless we need to keep it longer to resolve disputes or comply with legal obligations.
• Server logs: typically retained for up to 90 days for security and troubleshooting.
• Consent records: we may retain consent records for up to 3 years for audit and compliance.
• Legal and tax retention: retained as required by applicable law (often 6–10 years for certain business records).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights over your personal data. For EU/UK users, these include: the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and the right to withdraw consent at any time (Art. 7(3)).

To exercise your rights, email [email protected]. We typically respond within 30 days. For complex requests, we may extend this by up to 60 additional days as permitted by law.

You also have the right to lodge a complaint with a supervisory authority. Resources by region include:

• EU: https://edpb.europa.eu
• UK: https://ico.org.uk
• Germany: https://www.bfdi.bund.de
• France: https://www.cnil.fr
• Poland: https://uodo.gov.pl
• Spain: https://www.aepd.es

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Data Deletion Requests

To request deletion of your personal data, email [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable verification to confirm the request is made by the data subject. We aim to complete valid requests within 30 days, subject to legal retention requirements.

In some cases, we must retain limited records to comply with law, maintain security, or establish, exercise, or defend legal claims.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor or affiliate as part of that transaction. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA/CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) applies.

Categories of personal information disclosed in the past 12 months may include: identifiers (such as name, email, IP address, cookie identifiers), internet/network activity (such as page views and interactions), and inferences (such as interests or preferences inferred from site usage). We disclose these categories to service providers and, if you opt in, to advertising partners for cross-context behavioral advertising.

We do not sell personal information as defined by CCPA. We do share personal information for cross-context behavioral advertising where marketing consent is enabled. You may opt out of such sharing via the cookie preferences panel.

California rights may include: the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before responding. Authorized agents must provide proof of authorization.

15. Virginia (VCDPA)

For Virginia residents, rights under the Virginia Consumer Data Protection Act (VCDPA) may include access, correction, deletion, portability, and the right to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we decline to act, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will publish a notice on the homepage at least 14 days before the update takes effect. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact:

Bodurvexn Learning GmbH
Mostecká 273/21, Malá Strana (Praha 1), 118 00 Praha, Czechia
Email: [email protected]
Phone: +420 257 531 842