Skip to main content

Privacy Policy

This Privacy Policy explains how hejlviona collects, uses, and protects personal data when you visit our website and submit the registration interest form.

Last Updated: March 14, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how hejlviona ("we", "us", or "our") collects, uses, and protects your personal data when you visit hejlviona.com (the "Site") and when you contact us or register interest in our educational programme. We provide educational training for clothing sales, retail fundamentals, merchandising, and fashion product presentation. We do not operate a shop, marketplace, or sales platform.

The data controller responsible for your personal data is:

  • Legal entity: Hejlviona Education Ltd
  • Company name: hejlviona
  • Registered address: UNIT PR2 GROUND FLOOR I K BUSINESS PARK, PHILIPS ROAD, BLACKBURN, BB1 5FD, United Kingdom
  • Contact email: [email protected]
  • Telephone: +44 1254 246918

We do not appoint a Data Protection Officer for this Site because we do not carry out large-scale processing of special category data. If you have privacy questions, contact us at [email protected].

Effective Date: March 14, 2026.

2. Personal Data We Collect

We collect the minimum information needed to run the Site, respond to enquiries, and maintain security. Depending on how you use the Site, we may collect the following categories of personal data:

  • Identity and contact data: your name and email address (for example, when you submit the registration interest form).
  • Form content: details you choose to include in a message or reply (for example, what role you are interested in: shop floor, visual merchandising, or e-commerce).
  • Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location inferred from IP.
  • Usage data: pages viewed, time spent on pages, navigation paths, referrer URL, and interaction events (such as clicks).
  • Cookies and identifiers: information stored in browser cookies and similar technologies (see Section 4).
  • Conversion events: signals that help measure whether a visit resulted in an enquiry or other meaningful action (for example, a form submission).

We do not intentionally collect special category data (such as health data, religious beliefs, or political opinions). We also do not request financial account details or government identification numbers through the Site. Please avoid including sensitive personal data in any message you send us.

3. Why We Process Personal Data & Legal Basis (GDPR Article 6)

If you are located in the United Kingdom or the European Economic Area, the UK GDPR or GDPR requires a lawful basis for processing personal data. We use the lawful bases below depending on the activity.

  • Responding to enquiries and registration interest forms: we process your name and email to respond and provide course information. This may be necessary to take steps at your request prior to entering into an arrangement for training materials (Article 6(1)(b)) and, where we rely on an explicit checkbox, it may also be processed based on your consent (Article 6(1)(a)).
  • Site analytics: we process usage data to understand how the Site is used and to improve content (Article 6(1)(a) consent, where required).
  • Marketing and remarketing: if enabled with consent, we may process cookie identifiers and conversion events to measure ad performance and show relevant messages (Article 6(1)(a) consent).
  • Security and fraud prevention: we use technical data and server logs to prevent abuse, maintain availability, and secure the Site (Article 6(1)(f) legitimate interests).
  • Legal compliance: we may process data where necessary to comply with legal obligations (Article 6(1)(c)).

Automated decision-making: we do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you under Article 22 GDPR.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event processing, where applicable. We group cookies into three categories. The categories below match our Cookie Policy at /cookie-policy/.

Essential cookies (always active)

Essential cookies are required for the Site to function and cannot be switched off in our systems. They help with session continuity and saving your cookie preferences. These cookies do not require consent.

  • _site_session (first-party): session continuity. Retention: session to 12 months depending on configuration.
  • cookie_consent (first-party): stores your cookie preference selection. Retention: 12 months.
  • CSRF and security cookies (first-party): help protect the Site from malicious requests. Retention: session.

Analytics cookies (consent required)

Analytics cookies help us understand how visitors use the Site so we can improve the structure and clarity of educational content. Where used, we configure analytics to reduce data where feasible, including IP anonymization where supported.

  • Google Analytics 4 (GA4) identifiers such as _ga (2 years) and _ga_XXXXXXXXXX (2 years). Data retention for GA4 reporting is typically set to 14 months.

Marketing cookies (consent required)

Marketing cookies are used to measure advertising performance and to show relevant messages. They may support remarketing, conversion attribution, and audience creation (such as custom audiences and lookalike audiences) on advertising platforms.

  • Google Ads cookies such as _gcl_au (90 days).
  • Meta cookies such as _fbp (90 days) and _fbc (90 days when a click ID is present).

Beyond cookies, some advertising and analytics measurement may also use pixel tags (for example, a JavaScript tag placed on the page) or server-side processing (for example, sending a conversion event with limited metadata). If server-side measurement is enabled, identifiers may be hashed before transmission where supported.

5. Consent (EEA/UK)

Users in the EEA and the United Kingdom receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie, typically for 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before consent was withdrawn.

6. Sharing With Advertising & Service Partners

We share limited data with service providers to operate and improve the Site. We do not sell personal data. Depending on your cookie preferences and our Site configuration, we may share data with:

  • Google LLC (Google Analytics 4, Google Ads, Tag Manager, and remarketing): cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
  • Meta Platforms, Inc. (Pixel, Custom/Lookalike Audiences, conversion measurement): page view and conversion events, cookie identifiers, and potentially hashed contact identifiers where configured. Privacy policy: https://www.facebook.com/privacy/policy
  • Cloudflare, Inc. (content delivery network and security): IP-based threat detection and traffic filtering. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use Site data for their own independent commercial purposes. They process personal data on our behalf according to their contractual terms and applicable data protection law.

7. International Data Transfers

Some of our service providers may process personal data outside the EEA or the United Kingdom, including in the United States. When personal data is transferred internationally, we rely on appropriate safeguards such as:

  • EU-US Data Privacy Framework (DPF) and the UK Extension to the DPF, where applicable
  • Swiss-US DPF, where applicable
  • Standard Contractual Clauses (EU 2021/914) as a fallback
  • UK International Data Transfer Agreement (IDTA) as a fallback

We also apply practical controls where appropriate, such as limiting the type of data shared and restricting access on a need-to-know basis.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer retention period is required by law. Typical retention periods are:

  • Contact and registration interest submissions: up to 2 years from the last interaction.
  • Email correspondence: for the duration of the relationship, then typically up to 1 year.
  • Server logs and security records: typically up to 90 days, unless required for investigating abuse or incidents.
  • Analytics data: reporting retention typically 14 months (provider settings may apply).
  • Marketing cookies: according to the cookie lifetime (commonly 90 days for advertising cookies).
  • Cookie consent record: up to 3 years for audit purposes.
  • Legal and compliance records: as required by applicable law (for example, 6 to 10 years for certain business records).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or the United Kingdom, you may have the right to:

  • Request access to your personal data (Article 15)
  • Request rectification of inaccurate or incomplete data (Article 16)
  • Request erasure in certain circumstances (Article 17)
  • Request restriction of processing in certain circumstances (Article 18)
  • Request data portability where applicable (Article 20)
  • Object to processing in certain circumstances (Article 21)
  • Withdraw consent at any time where processing is based on consent (Article 7(3))
  • Lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. If a request is complex, we may extend the response time by up to a further 60 days and will explain why.

If you would like to contact a supervisory authority, the following resources may help you find the appropriate regulator:

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us personal data without verifiable parental consent, please contact us and we will delete the data promptly.

11. Do Not Track

This Site does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may have their own DNT or similar settings.

12. Account Requests & Data Deletion

We do not require an account to use this Site. If you would like us to delete the personal data associated with your registration interest submission, email us at [email protected] with the subject line “Data Deletion Request”. We may request information needed to verify your identity and locate your data. We aim to complete verified deletion requests within 30 days, subject to limited retention where law requires.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred as part of that transaction. If a transfer materially changes how your data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (as amended by the CPRA) applies. In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, IP address, cookie identifiers and device identifiers.
  • Internet or network activity: browsing and interaction data on the Site.
  • Inferences: interests or preferences inferred from usage data for advertising measurement, where enabled.

We disclose this information to service providers and, where marketing cookies are enabled, to advertising partners for cross-context behavioral advertising. We do not sell personal information as defined by CCPA. We may “share” personal information for cross-context behavioral advertising. California residents may opt out of sharing by using our cookie preferences panel (via “Manage cookie preferences” in the footer).

California residents have rights to Know, Delete, Correct, and Opt-Out of sale/sharing, and the right to Non-Discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before fulfilling a request. Authorized agents may submit requests with written permission.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act applies, Virginia residents may request access, correction, deletion, and a copy of personal data, and may opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

If we decline to take action on your request, you may appeal by emailing [email protected] with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Site functionality. If we make material changes, we will provide a notice on the Site at least 14 days before the changes take effect. The “Last Updated” date at the top of this page will be updated whenever this Policy changes.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

  • Hejlviona Education Ltd
  • Address: UNIT PR2 GROUND FLOOR I K BUSINESS PARK, PHILIPS ROAD, BLACKBURN, BB1 5FD, United Kingdom
  • Email: [email protected]
  • Phone: +44 1254 246918

Need course registration details?

Register interest to receive course availability and a short outline of what the training covers. Educational content only—no selling platform.

Prefer email? Write to [email protected].

Go to registration