Skip to main content

Privacy Policy

Last Updated: March 14, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how irevantox (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit this website and when you submit a registration request for our educational materials about beachwear sales, seasonal fashion marketing, merchandising, product presentation, and customer engagement.

The data controller for the processing described in this Privacy Policy is Irevantox Education Ltd, registered office: C/O ACORN HOUSE, 33 CHURCHFIELD ROAD, Acton, London W3 6AY, United Kingdom. Our primary contact email is [email protected].

Effective Date: March 14, 2026. If you have questions about this policy or your privacy rights, please contact us using the email address above. We do not appoint a dedicated Data Protection Officer for this website at this time; privacy requests are handled by our support team.

2. Personal Data We Collect

We collect personal data in a limited, practical way that matches how this site works. Some information is provided directly by you, and some is collected automatically when your browser loads pages.

  • Identity and contact details: name and email address when you complete a registration form.
  • Form submission content: any details you choose to include in a message field on other pages (if present). On our registration form, we request name and email only.
  • Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location derived from IP (city/region level).
  • Usage data: pages viewed, time spent, referrer URL, click paths, and interactions such as opening the cookie preferences panel.
  • Cookies and identifiers: first-party cookies that support session continuity and store cookie preferences, and (only with consent) third-party cookies used for analytics and marketing attribution.
  • Conversion events: events tied to a registration request (for example, “form submitted”), used to measure site performance and advertising effectiveness when marketing consent is enabled.

We do not intentionally collect special-category data (such as health information, religious or political beliefs), government identification numbers, or financial account details through this website. Please avoid including sensitive personal information in free-text fields.

3. Why We Process Personal Data & Legal Bases (GDPR Article 6)

We process personal data only when we have a lawful basis under the UK GDPR and the EU GDPR. The basis depends on the activity:

  • Registration and contact requests (for example, submitting your name and email): GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where required for specific communications.
  • Analytics (understanding how the site is used): GDPR Art. 6(1)(a) (consent). Analytics cookies and similar technologies are not activated until you opt in.
  • Marketing and advertising measurement (remarketing, attribution, and audience measurement): GDPR Art. 6(1)(a) (consent). Marketing cookies and pixels are not activated until you opt in.
  • Security and abuse prevention (rate limiting, fraud detection, protecting site availability): GDPR Art. 6(1)(f) (legitimate interests). This helps us keep the site stable and protect against automated abuse.
  • Legal obligations (compliance, responding to lawful requests): GDPR Art. 6(1)(c).

Automated Decision-Making (GDPR Art. 22): we do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you. If we use advertising audiences (with consent), they are used to measure and improve campaigns, not to make decisions that materially affect your rights.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event forwarding. This section explains the categories we use and how long related identifiers typically persist.

Essential (Always Active)

Essential cookies are required for the site to function and for your choices to be remembered. These do not require consent in most jurisdictions. Examples include: _site_session (session continuity) and cookie_consent (stores your preferences). Retention ranges from session-only to up to 12 months, depending on the cookie.

Analytics (Consent Required)

Analytics technologies help us understand which pages are useful, where visitors come from, and how the site performs across devices. When enabled, we may use Google Analytics 4 (GA4) with settings such as IP anonymization where available. Common cookie examples include _ga and _ga_XXXXXXXXXX, often with a retention up to 2 years at the cookie level, while analytics reporting retention is typically set to 14 months.

Marketing (Consent Required)

Marketing technologies are used for advertising measurement, remarketing, and conversion attribution. When enabled, cookie examples may include _gcl_au (Google Ads conversion linker, typically 90 days), _fbp and _fbc (Meta Pixel identifiers, typically 90 days when present). We may also use pixel tags and server-to-server event delivery (for example via Meta Conversion API or server-side tag management) to reduce data loss from browser restrictions. Where identifiers are transmitted, they may be hashed (for example, email hash) as part of matching and attribution workflows.

You can change your choices at any time using the “Manage cookie preferences” link in the footer. Disabling cookies may affect some features, but the educational content remains available.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your selection is recorded in the cookie_consent browser cookie, typically for 12 months.

You may withdraw consent at any time via “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

6. Sharing With Advertising & Service Partners

We share limited data with service providers that help us operate the website and (where you consent) measure advertising performance. We do not sell personal data.

  • Google LLC (Google Analytics 4, Google Ads, tag management, remarketing): may receive cookie IDs, usage data, and conversion events. Learn more: https://policies.google.com/privacy.
  • Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API): may receive page view and conversion events, audience membership signals, and hashed identifiers when enabled. Learn more: https://www.facebook.com/privacy/policy.
  • Cloudflare (content delivery network and security): may process IP address and device/network signals for threat detection and performance. Learn more: https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes. They act as processors or independent controllers depending on the service and configuration; details are described in their policies.

7. International Transfers

Some of our service providers are located outside the UK/EEA, including in the United States. Where personal data is transferred internationally, we rely on recognized transfer mechanisms such as the EU-US Data Privacy Framework (and the UK Extension where applicable) and, as a fallback, Standard Contractual Clauses (EU 2021/914) and the UK International Data Transfer Addendum/IDTA, alongside supplementary measures where appropriate.

The transfer mechanism used can vary by provider, region, and service configuration. You can contact us at [email protected] to request additional information about applicable safeguards.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, then delete or anonymize it. Typical retention periods are:

  • Registration and contact submissions: up to 2 years from the last interaction, unless you request deletion earlier.
  • Analytics data: reporting retention typically 14 months; cookie lifetimes may be up to 2 years depending on configuration.
  • Marketing cookies: per cookie lifetime (for example, 90 days for certain attribution cookies), and event logs as needed for campaign measurement.
  • Email correspondence: for the duration of our relationship, plus up to 1 year for continuity and auditability.
  • Server and security logs: typically up to 90 days, unless needed longer to investigate abuse.
  • Cookie consent records: up to 3 years for audit purposes.
  • Legal and compliance records: retained as required by law (commonly 6–10 years where applicable).

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights under GDPR/UK GDPR, including:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We typically respond within 30 days, and may extend by up to 60 additional days for complex requests. We may need to verify your identity before completing certain requests.

Supervisory authority resources: edpb.europa.eu (EU), ico.org.uk (UK), bfdi.bund.de (Germany), cnil.fr (France), uodo.gov.pl (Poland), aepd.es (Spain).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us at [email protected] and we will delete the information promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own approaches to DNT or similar signals, as described in their privacy policies.

12. Data Deletion Requests

You may request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We will complete deletion within 30 days after verifying your identity, unless limited retention is required by law or needed to establish, exercise, or defend legal claims.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar transaction, personal data may be transferred to a successor or affiliate as part of that process. If the transfer materially changes how data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the CPRA, is applicable. In the past 12 months, we may have collected the following categories: identifiers (such as name, email, IP address, cookie IDs), internet or other electronic network activity information (such as browsing interactions), and inferences (such as interests derived from page views) when marketing consent is enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies. California residents may opt out by using the cookie preferences panel available via the footer link.

California rights may include the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your request. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act (VCDPA) applies, Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, as well as to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. To appeal a refusal, email with the subject “Appeal of Refusal — Privacy Request”. We aim to respond to appeals within 60 days. If unresolved, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Material changes will be announced through a prominent notice on the website at least 14 days before taking effect where required. The “Last Updated” date at the top of this page will be revised whenever we publish changes.

18. Contact

If you have questions or want to exercise your privacy rights, contact:

Irevantox Education Ltd
C/O ACORN HOUSE, 33 CHURCHFIELD ROAD
Acton, London W3 6AY, United Kingdom
Email: [email protected]