Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how Havdorent (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website and when you submit information through our registration and contact forms. Havdorent provides educational materials about selling automotive repair tools and workshop equipment. It does not directly sell tools or equipment through this website.

Data Controller: Havdorent Ltd
Registered address: Komenského 264/5, 500 03 Hradec Králové, Czechia
Contact email: [email protected]

We do not appoint a Data Protection Officer (DPO) because we do not carry out large-scale processing of special-category data. If you have questions about this policy or your rights, please contact us using the email address above.

2. Personal Data We Collect

We collect only the data we need to operate the site, respond to requests, and improve the training experience. Depending on how you interact with the site, this may include:

• Identity & contact data: name, email address, and (if provided on certain pages) phone number.
• Form content: the information you submit in forms, such as registration details or messages.
• Technical data: IP address, browser type, device type, operating system, and language settings.
• Usage data: pages viewed, time spent on pages, referral source, and click paths.
• Cookies & identifiers: information stored in cookies and similar technologies (see Section 4).
• Conversion events: signals that a form was submitted or that you reached certain pages after clicking an ad.

We do not intentionally collect special-category data (for example, health data, religious beliefs, political opinions), financial account details, or government identification numbers through this website.

3. Why We Process Data & Legal Basis (GDPR Article 6)

We process personal data for the purposes below. Where the GDPR applies, we rely on these legal bases:

• Registration and contact requests: to respond to your request and provide next steps for accessing training materials (Article 6(1)(b) contract steps; and Article 6(1)(a) consent where you provide consent in the form).
• Analytics: to understand how the website is used and improve content and navigation (Article 6(1)(a) consent).
• Marketing and remarketing: to measure ads and show relevant messages to people who have interacted with the site (Article 6(1)(a) consent).
• Security and fraud prevention: to protect the website, prevent abuse, and maintain service reliability (Article 6(1)(f) legitimate interests).
• Legal obligations: to comply with applicable laws, regulations, or lawful requests (Article 6(1)(c)).

Automated Decision-Making (GDPR Article 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and, in some cases, server-side event forwarding. We categorize cookies and tracking into three groups:

Essential (always active)

Essential cookies are required for the site to function and cannot be switched off in our systems. Examples include a basic site session cookie (_site_session) and a cookie that stores your consent choice (cookie_consent). Retention is typically session-based up to 12 months, depending on the cookie.

Analytics (consent-based)

If you enable analytics, we may use Google Analytics 4 to understand aggregated usage patterns (for example, which pages are visited most often). Where configured, IP anonymization is applied. Analytics identifiers may include _ga and _ga_XXXXXXXXXX (a GA4 property identifier). Analytics data retention is typically 14 months.

Marketing (consent-based)

If you enable marketing cookies, we may use technologies such as Google Ads conversion tracking and Meta Pixel to measure advertising performance and build audiences for remarketing and lookalike modeling. Marketing cookies may include _gcl_au, _fbp, and _fbc, usually with 90-day lifetimes.

Beyond cookies, marketing measurement can also rely on event data derived from device and browser signals (for example, IP address and User-Agent). Some partners may support server-to-server event collection. Where used, identifiers may be hashed before being transmitted to partners.

You can change your cookie choices at any time using “Manage cookie preferences” in the footer.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Consent is recorded in the cookie_consent cookie (typically stored for 12 months).

You can withdraw consent at any time via “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing With Advertising & Service Partners

We use a small set of service providers and advertising partners to operate the website and measure marketing. Depending on your consent settings, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. More information: https://policies.google.com/privacy
• Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API where enabled): page views, conversion events, and audience membership signals. More information: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance delivery. More information: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. These providers act as processors or service providers. We do not permit them to use site data for their own independent commercial purposes.

7. International Transfers

Some providers may process data outside the EEA/UK, including in the United States. Where applicable, transfers may rely on the EU-US Data Privacy Framework (since July 2023), the UK Extension to the DPF, and the Swiss-US DPF. Where the DPF is not applicable or as a supplementary measure, we may rely on Standard Contractual Clauses (EU 2021/914) and the UK International Data Transfer Addendum (or UK IDTA) as a fallback.

8. Data Retention

We keep personal data only as long as necessary for the purposes described in this policy:

• Contact and registration submissions: up to 2 years from the last interaction.
• Analytics data: typically 14 months (where enabled by consent).
• Marketing cookies: stored for their stated cookie lifetimes (where enabled by consent).
• Email correspondence: for the duration of the relationship plus 1 year.
• Server security logs: typically 90 days, unless needed to investigate incidents.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal and tax records: retained as required by applicable law (often 6–10 years for invoices or accounting records).

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies, you may have the right to:

• Access (Article 15)
• Rectification (Article 16)
• Erasure (Article 17)
• Restriction of processing (Article 18)
• Data portability (Article 20)
• Object (Article 21)
• Withdraw consent at any time (Article 7(3))
• Lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We typically respond within 30 days. If a request is complex, we may extend by up to 60 days and will explain why.

Supervisory authorities: EU guidance is available at https://edpb.europa.eu. UK residents can contact the ICO at https://ico.org.uk.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling of such signals, as described in their privacy policies.

12. Data Deletion Requests

To request deletion of personal data, email [email protected] with the subject line “Data Deletion Request”. We may ask you to verify your identity before completing the request. We aim to complete deletion within 30 days, unless we must retain certain information to comply with legal obligations or to establish, exercise, or defend legal claims.

13. Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide a notice on the website.

14. California Privacy Notice (CCPA/CPRA)

If you are a California resident, you may have rights regarding personal information collected in the last 12 months, including the right to know, delete, and correct. We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies via the cookie preferences panel.

Categories disclosed may include: identifiers (name, email, IP address, device identifiers), internet/network activity (pages viewed, interactions), and inferences (interests or preferences derived from site interactions). Recipients may include service providers and advertising partners described in Section 6.

To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before completing the request. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have the right to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. To appeal a decision, email with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in how we operate the website, changes in law, or changes in our providers. If we make material changes, we will provide a notice on the homepage at least 14 days before the change takes effect. The “Last Updated” date at the top of this page will also be updated.