Privacy Policy

1) Introduction & Controller Identity

This Privacy Policy explains how cmoguntvn (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website at cmoguntvn and when you contact us about our wooden furniture sales training.

The data controller for processing described in this policy is cmoguntvn Academy s.r.o., with its registered address at Jesenická 470/14, 787 01 Šumperk, Czechia. You can contact us at [email protected] or by phone at +420 583 212 478.

We do not appoint a Data Protection Officer (DPO) because our processing activities do not require one under applicable law. If you have any questions about this policy, your rights, or our use of cookies, please email us and we will respond promptly.

2) Personal Data We Collect

We collect personal data in a few straightforward ways: when you submit a form, when you communicate with us, and when your browser interacts with our site. The specific categories of data we may collect include:

• Identity and contact data: name, email address, and (if you choose to contact us by phone) your phone number.
• Form content: information you provide in a form submission or email (for example, showroom context, product categories, team size, or training needs). Some forms may only request name and email.
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location inferred from IP (city/region level).
• Usage data: pages viewed, time on page, referral source, and basic click paths used to navigate the site.
• Cookies and identifiers: first-party cookies used for essential functionality (such as remembering cookie preferences) and, if you consent, analytics and marketing identifiers used by advertising and analytics partners.
• Conversion events: events related to a form submission (for example, “lead submitted”), used to understand whether our website is working as intended.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this website. Please do not include sensitive information in messages sent through our forms or email.

3) Why We Process Personal Data & Legal Bases (GDPR Article 6)

We process personal data only when we have a lawful basis. Depending on what you do on the site, the relevant basis under the GDPR (and UK GDPR where applicable) may include:

• Responding to contact and registration requests: We use your name and email to reply with course details, intake timing, and access options. Legal basis: Article 6(1)(b) (steps prior to entering into a contract) and Article 6(1)(a) (consent where required by how the form is presented).
• Analytics and site improvement: If you consent to analytics cookies, we use aggregated usage data to understand which pages are useful and where visitors drop off. Legal basis: Article 6(1)(a) (consent).
• Marketing and remarketing: If you consent to marketing cookies, we may use marketing identifiers to measure advertising performance and build audiences for remarketing or lookalike targeting. Legal basis: Article 6(1)(a) (consent).
• Security and fraud prevention: We process technical signals (such as IP address and request patterns) to protect the site against abuse, bot traffic, and malicious access attempts. Legal basis: Article 6(1)(f) (legitimate interests in securing the site and preventing fraud).
• Legal compliance: If we must retain certain correspondence or records to comply with legal obligations, we do so. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (Article 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4) Cookies & Tracking

Cookies are small text files stored on your device. Some are essential for a website to function correctly, while others help measure performance or support advertising. We also use similar technologies (sometimes called pixel tags) that send signals when a page is loaded or an action occurs.

Essential cookies (always active)

Essential cookies support core site functions such as session continuity and remembering your cookie preferences. These cookies do not require consent in many jurisdictions because they are necessary for the site to function. Examples include:

• _site_session (first-party): maintains session continuity and basic security controls. Retention: session to 12 months depending on configuration.
• cookie_consent (first-party): stores your consent choices for analytics and marketing cookies. Retention: 12 months.

Analytics cookies (consent required)

If you opt in, analytics cookies help us understand usage patterns and improve content. Our analytics setup may include Google Analytics 4 (GA4) with IP anonymization enabled where available. Analytics cookie examples include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically set to 14 months.

Marketing cookies (consent required)

If you opt in, marketing cookies are used to measure advertising performance and support remarketing, custom audiences, and lookalike audiences. Examples may include Google Ads cookies (such as _gcl_au) and Meta cookies (such as _fbp and _fbc) with typical lifetimes around 90 days.

Beyond cookies, some partners use device identifiers derived from signals such as IP address and User-Agent. When server-side measurement is enabled in the future (for example, via a server container), we may send limited event data to advertising partners in a privacy-preserving form (for example, hashed identifiers), but only in accordance with your cookie consent choices and applicable law.

For a detailed list of cookies and how to manage them, please also read our Cookie Policy.

5) Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Consent is recorded in the cookie_consent browser cookie for up to 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before consent was withdrawn.

6) Sharing With Advertising & Service Partners

We use a small set of service providers to operate and improve the website, and (when you consent) to measure advertising and analytics. Depending on your preferences, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, conversion events, and audience signals in accordance with your consent choices. Reference: https://policies.google.com/privacy.
• Meta Platforms (Meta Pixel, custom/lookalike audiences, Conversion API when enabled): page views, conversions, audience membership, and (where applicable) hashed identifiers in accordance with your consent choices. Reference: https://www.facebook.com/privacy/policy.
• Cloudflare (CDN and security): IP-based threat detection and delivery optimization for website performance and protection. Reference: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. These providers act as processors or independent controllers depending on the service. We configure partners to the extent possible so that site data is used for measurement and delivery purposes rather than their own independent commercial purposes.

7) International Transfers

Some service providers process data outside the EEA/UK, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards, which may include:

• The EU–US Data Privacy Framework (and the UK Extension and Swiss–US framework where applicable) as a primary mechanism when the provider is certified.
• Standard Contractual Clauses (EU 2021/914) as a fallback safeguard.
• The UK International Data Transfer Agreement (IDTA) as a fallback safeguard for UK transfers.

We also implement practical measures such as data minimisation and retention limits to reduce risk.

8) Retention

We keep personal data only as long as necessary for the purposes described in this policy. Typical retention periods are:

• Contact and registration submissions: up to 2 years from the last interaction, unless you request deletion earlier.
• Analytics data: typically 14 months (where enabled and consented).
• Marketing cookies: per cookie lifetime (often around 90 days), depending on your consent choice and partner configuration.
• Email correspondence: duration of the relationship plus up to 1 year to maintain context and resolve disputes.
• Server security logs: typically up to 90 days for investigation and fraud prevention.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal and tax records: where applicable, retained as required by law (commonly 6–10 years for invoices and accounting records).

9) Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies to you, you may have the right to:

• Access your personal data (Article 15)
• Rectify inaccurate or incomplete data (Article 16)
• Request erasure (Article 17)
• Restrict processing (Article 18)
• Data portability (Article 20)
• Object to processing (Article 21)
• Withdraw consent at any time where consent is the basis (Article 7(3))
• Lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days, and we may extend by up to 60 additional days for complex requests. We may need to verify your identity before acting on a request.

Supervisory authority resources:

• EU guidance: https://edpb.europa.eu
• UK ICO: https://ico.org.uk
• France CNIL: https://www.cnil.fr
• Germany BfDI: https://www.bfdi.bund.de
• Poland UODO: https://uodo.gov.pl
• Spain AEPD: https://www.aepd.es

10) Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete the information promptly.

11) Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own settings for ad personalization and tracking preferences.

12) Account & Data Deletion Requests

We do not provide user accounts on this site. If you want us to delete personal data you previously submitted (for example, a registration request), email us with the subject line “Data Deletion Request”. We will complete the request within 30 days after verifying identity, unless retention is required by law or for legitimate interests such as security and dispute resolution.

13) Business Transfers

If cmoguntvn Academy s.r.o. is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14) California (CCPA/CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act (as amended by the CPRA) applies to our processing.

In the past 12 months, we may have collected the following categories of personal information:

• Identifiers: name, email, IP address, cookie identifiers.
• Internet or network activity: pages viewed, interactions, referrer information.
• Inferences: interests or preferences inferred from site interactions for advertising measurement (only when marketing cookies are enabled by consent).

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies; California residents may opt out by using the cookie preferences panel accessible via the footer link “Manage cookie preferences.”

California rights may include the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We may require identity verification. Authorized agents must provide written proof of authority.

15) Virginia (VCDPA)

Where applicable, Virginia residents may have rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days.

16) Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17) Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or services. If we make material changes, we will post a notice on the homepage at least 14 days before the changes take effect where required. The “Last Updated” date at the top indicates when this policy was last revised.

18) Contact

For privacy questions or requests, contact:

• Legal entity: cmoguntvn Academy s.r.o.
• Address: Jesenická 470/14, 787 01 Šumperk, Czechia
• Email: [email protected]
• Phone: +420 583 212 478