Skip to main content

Legal

Privacy Policy

Last Updated: March 12, 2026

1. Introduction and Data Controller

This Privacy Policy explains how Ulaverion (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website or contact us about our educational course in handmade jewelry craft, design process, material selection, artisan techniques, product presentation, and small craft business fundamentals.

For the purposes of the UK GDPR and the EU GDPR, the data controller is Ulaverion Creative Education Ltd, registered at 2nd Floor, Captains House, Watermans Court, Lotus Park, The Causeway, Staines-upon-Thames, TW18 3AG, United Kingdom. You can contact us about privacy matters at [email protected].

We do not appoint a dedicated Data Protection Officer for this website. If you have questions about how your data is handled, email us and we will route your request to the appropriate person.

2. Personal Data We Collect

We collect personal data in a few clear ways: when you submit a form, when you email us, and when your browser interacts with our website. The categories below describe what we may collect depending on what you choose to do on the site.

  • Identity and contact details: your name, email address, and any phone number you choose to include in an email (our forms may request name and email, depending on the page).
  • Form content: information you type into our contact fields, such as questions about modules, tool lists, materials, or scheduling.
  • Communications: the content of emails you send to us and our replies, along with timestamps and message headers needed to process the correspondence.
  • Technical data: IP address, browser type and version, device type, operating system, time zone setting, language, and basic diagnostic information.
  • Usage data: pages viewed, time on page, navigation paths, the page that referred you to us, and interactions such as button clicks (captured only when analytics consent is given).
  • Cookies and identifiers: small text files and similar identifiers as described in Section 4 and in our Cookie Policy.
  • Conversion events: signals that a form was submitted successfully or that a page was reached after an action, used to measure the effectiveness of our website and advertising (captured only when marketing consent is given).

We do not intentionally collect special-category data (for example, health data, religious beliefs, political opinions), government identification numbers, or financial account details through this website. Please avoid including sensitive information in free-text messages. If you send sensitive information in an email, we will handle it with care but may ask you to remove it for privacy reasons.

3. Why We Process Personal Data and the Legal Bases

We only process personal data where there is a lawful basis to do so. The lawful basis depends on the context and is described below using the GDPR framework (UK GDPR and EU GDPR).

  • Responding to enquiries and delivering requested information: when you ask for registration details or course information, we process your data to take steps at your request prior to entering a contract and to provide the information you requested (GDPR Article 6(1)(b)). Where a page includes an explicit consent checkbox, we also rely on your consent for being contacted (GDPR Article 6(1)(a)).
  • Website analytics: where you consent to analytics cookies, we process usage and device data to understand how pages perform and to improve the structure and clarity of lessons, descriptions, and navigation (GDPR Article 6(1)(a)).
  • Marketing measurement and advertising optimisation: where you consent to marketing cookies, we process identifiers and conversion events to measure advertising performance, build audience groups for remarketing, and improve relevance (GDPR Article 6(1)(a)).
  • Security and abuse prevention: we process limited technical data to protect the website, detect malicious activity, and prevent fraud or misuse (GDPR Article 6(1)(f), legitimate interests). Our legitimate interest is maintaining the security and reliability of our website.
  • Legal obligations: where required, we may process personal data to comply with applicable legal obligations (GDPR Article 6(1)(c)).

Automated decision-making and profiling (GDPR Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Advertising platforms may provide interest-based delivery of ads where you have consented to marketing cookies, but this does not determine eligibility for a service or produce legal effects.

4. Cookies and Tracking Technologies

Cookies are small files stored on your device that help a website function, remember preferences, and (when allowed) measure traffic and advertising performance. We also use similar technologies such as pixel tags. Our cookie categories match the choices shown in our cookie banner and preferences panel.

Essential cookies are required for the site to function and for storing your consent preferences. These cookies do not require consent. Analytics cookies and marketing cookies are optional and only activate after you choose them.

  • Essential (always active): examples include _site_session and cookie_consent. Retention ranges from session to 12 months.
  • Analytics (consent required): Google Analytics 4 (GA4) with IP anonymisation where available. Example cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically 14 months.
  • Marketing (consent required): cookies and pixel identifiers used for Google Ads and Meta advertising measurement and remarketing, such as _gcl_au, _fbp, and _fbc. Retention is typically around 90 days depending on the provider.

In addition to browser cookies, advertising and analytics can involve pixel tags and server-side event forwarding where enabled. These technologies may use the IP address and user-agent string to help detect duplicate events and reduce fraud. Where required by law, those events are only sent after consent.

For a detailed explanation of cookie types, examples, and how to manage preferences, read our Cookie Policy.

5. Consent and How to Withdraw It (EEA and UK)

Users in the EEA and the UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your choice is recorded in the cookie_consent cookie for up to 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the website footer, or by clearing cookies in your browser settings. Withdrawing consent does not affect the lawfulness of processing that occurred before consent was withdrawn.

6. Sharing Personal Data With Service and Advertising Partners

We use a small number of service providers to operate and improve the website. Depending on your consent choices, some data may be shared with analytics and advertising partners as described below. We do not sell personal data.

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion events when you consent. Provider policy: https://policies.google.com/privacy.
  • Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, conversion measurement): may receive page views, conversion events, and audience signals when you consent. Where used, identifiers may include cookies and hashed contact details to improve matching. Provider policy: https://www.facebook.com/privacy/policy.
  • Cloudflare (content delivery network and security): may process IP-based security signals to protect the site from abuse and improve performance. Provider policy: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use data from our site for their own independent commercial purposes. They act as service providers and processors, subject to their contractual obligations and privacy documentation.

7. International Data Transfers

Some of our providers may process data outside the UK or the EEA, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (and the UK Extension where applicable), the Swiss-US Data Privacy Framework where relevant, and Standard Contractual Clauses (EU 2021/914) as a fallback. For UK transfers, we may also rely on the UK International Data Transfer Agreement where appropriate.

We take steps to ensure that transfers are protected by contractual and technical measures and that data is handled in accordance with this Privacy Policy.

8. Retention of Personal Data

We keep personal data only as long as needed for the purpose it was collected for, and as required by law. Retention periods vary by data type:

  • Contact and registration enquiries: up to 2 years from the last interaction, so we can respond, provide course information, and keep a record of correspondence.
  • Email correspondence: for the duration of the relationship and typically up to 1 year afterwards, unless a longer period is needed to resolve a dispute or comply with a legal obligation.
  • Server logs and security events: typically up to 90 days, unless we need to investigate an incident.
  • Analytics data: typically 14 months (provider settings), where you consent to analytics.
  • Marketing cookies: per the cookie lifetime (often 90 days) where you consent to marketing.
  • Consent records: we may retain evidence of consent choices for up to 3 years for audit and compliance purposes.
  • Legal and tax obligations: where applicable, we retain records for the period required by law (commonly 6–10 years for invoices and related documentation).

9. Your Rights Under GDPR and UK GDPR

If you are in the UK or the EEA, you have rights regarding your personal data, including:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time (Article 7(3))
  • Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, the response time may be extended by up to 60 additional days, as permitted by law.

Supervisory authorities: EU guidance is available via the European Data Protection Board at https://edpb.europa.eu. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO): https://ico.org.uk.

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly.

11. Do Not Track Signals

This website does not respond to Do Not Track (DNT) browser signals. Some third-party providers may offer their own DNT-related settings or opt-out mechanisms.

12. Data Deletion Requests

If you would like us to delete personal data we hold about you, email us with the subject line “Data Deletion Request” and include the email address you used to contact us. We may ask for additional information to verify your identity. Where deletion is requested, we will complete it within 30 days after verification, except where we must retain specific information to comply with legal obligations.

13. Business Transfers

If Ulaverion Creative Education Ltd is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity or professional advisers involved in the transaction. If a transfer materially changes how personal data is used, we will provide a notice on the website.

14. California Privacy Notice (CCPA and CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), applies. In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, IP address, cookie identifiers (shared with service providers and, if you consent, advertising partners).
  • Internet or network activity: browsing interactions with our site (used for analytics and advertising measurement when consent is given).
  • Inferences: inferred interests or preferences based on site activity, used for ad measurement and audience grouping when consent is given.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioural advertising where you enable marketing cookies. California residents may opt out by using our cookie preferences panel available via the “Manage cookie preferences” link in the footer.

California rights may include the right to know, delete, correct, and opt out of sale or sharing, as well as the right to non-discrimination. To submit a request, email us with the subject line “California Privacy Request”. We will verify your identity before processing the request. Authorised agents may submit requests with proof of authorisation.

15. Virginia Privacy Notice (VCDPA)

This section applies to Virginia residents to the extent the Virginia Consumer Data Protection Act (VCDPA) applies. Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email us with the subject line “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada Notice

Nevada residents may submit a verified opt-out request by emailing us with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in how the website works, changes in service providers, or legal requirements. If we make material changes, we will post a notice on the homepage at least 14 days before the changes take effect. The “Last Updated” date at the top of this page shows when the policy was last revised.

18. Contact Us

If you have questions or requests related to privacy, contact:

Ulaverion Creative Education Ltd
2nd Floor, Captains House, Watermans Court, Lotus Park, The Causeway
Staines-upon-Thames, TW18 3AG, United Kingdom
Email: [email protected]