Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how dohvajix ("we", "us") collects, uses, and protects personal data when you visit dohvajix.com and when you contact us about our aquarium product sales and customer consulting course. The policy is written in plain language so you can understand what we do with data and what choices you have.

For purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, the data controller is:

• Dohvajix Education LLC
• Registered address: Severní 376, 533 51 Rosice, Pardubice, Czechia
• Email: [email protected]
• Phone: +420 466 264 418

Effective Date: March 12, 2026. We do not appoint a Data Protection Officer (DPO) because we do not carry out large-scale processing of special-category data. If you have any privacy questions, contact us using the email address above.

2. Personal Data We Collect

We collect only the information needed to operate the website, respond to inquiries, and (if you choose) measure and improve how people use our content. Depending on how you interact with the site, the categories of data may include:

• Identity and contact data: your name (if provided), email address, and phone number (if provided).
• Form content: the information you include in messages, such as store context, training needs, scheduling preferences, or questions about aquarium types, equipment selection, or sales technique.
• Technical data: IP address, browser type and version, device identifiers, operating system, and language settings.
• Usage data: pages viewed, time spent on pages, referrer URLs, and click paths.
• Cookies and identifiers: information stored in cookies and similar technologies, as explained in Section 4.
• Conversion events: signals that an inquiry was sent or that a page was viewed, used for measuring the effectiveness of content and advertising (when marketing consent is enabled).

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers. Please avoid including sensitive personal data in the message field of any form.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only for clear, limited purposes. The legal basis depends on the context:

• Responding to contact and registration inquiries: We use your contact details and message content to answer questions about curriculum, registration, and delivery options. Legal basis: performance of a contract or steps taken at your request (Art. 6(1)(b)) and, where applicable, consent (Art. 6(1)(a)).
• Site security and fraud prevention: We use technical logs to protect the website, prevent abuse, and maintain availability. Legal basis: legitimate interests (Art. 6(1)(f)).
• Analytics (optional): If you allow analytics cookies, we measure usage patterns to improve content structure and clarity. Legal basis: consent (Art. 6(1)(a)).
• Marketing and remarketing (optional): If you allow marketing cookies, we may measure ad performance and show more relevant messages to people who previously visited the site. Legal basis: consent (Art. 6(1)(a)).
• Legal obligations: If required by law, we may retain certain records. Legal basis: legal obligation (Art. 6(1)(c)).

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Any segmentation used for advertising measurement is limited to marketing analytics and does not make decisions about you.

4. Cookies & Tracking

Cookies are small files stored on your device. We also use similar technologies such as pixel tags and may use server-side event forwarding in the future (for example, to reduce duplicate counting and improve measurement). We group cookies into three categories that match our Cookie Policy:

Essential cookies (always active)

These are required for the site to function and for your cookie choices to be remembered. They include:

• _site_session (first-party): supports basic session continuity. Retention: session to 7 days depending on configuration.
• cookie_consent (first-party): stores your cookie preference selection. Retention: 12 months.

Analytics cookies (optional, consent required)

When enabled, analytics cookies help us understand which pages are most useful and where visitors get stuck. We plan for analytics using Google Analytics 4 (GA4) with IP anonymization settings. Examples include:

• _ga (third-party): GA4 user identifier. Retention: 2 years.
• _ga_XXXXXXXXXX (third-party): GA4 session state, where the ID is a GA4 property identifier. Retention: 2 years.

Analytics data retention in GA4 is configured for 14 months where available. You can disable analytics cookies at any time via cookie preferences.

Marketing cookies (optional, consent required)

Marketing cookies support advertising measurement (for example, measuring whether an ad resulted in a visit or inquiry) and may be used to show more relevant ads to people who previously visited the site. Examples include:

• _gcl_au (third-party): Google Ads conversion linker. Retention: 90 days.
• _fbp (third-party): Meta Pixel browser identifier. Retention: 90 days.
• _fbc (third-party): Meta Pixel click identifier (set when click ID exists). Retention: 90 days.

Beyond cookies, marketing measurement can involve pixel tags (such as gtag.js and Meta Pixel) and may include server-side signals (for example via Meta Conversions API or server-side tagging). Where server-side events are used, identifiers may be hashed before transmission, and we limit data to what is needed for measurement.

5. Consent (EEA/UK)

Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent browser cookie for up to 12 months.

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

6. Sharing With Advertising & Service Partners

We may share limited data with service providers that help operate the website and measure performance. These providers act as processors or independent controllers depending on the service and configuration.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion signals when you consent. Privacy information: https://policies.google.com/privacy.
• Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversions API): may receive page view and conversion events, audience signals, and hashed identifiers when you consent. Privacy information: https://www.facebook.com/privacy/policy.
• Cloudflare (content delivery network and security): may process IP addresses and request metadata for threat detection and performance. Privacy information: https://www.cloudflare.com/privacypolicy/.

We do not sell personal data. Where advertising partners receive data, it is used for measurement, attribution, and audience management consistent with your cookie settings. We do not permit these providers to use site data for their own independent commercial purposes.

7. International Transfers

Some providers we use (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards, which may include:

• EU-U.S. Data Privacy Framework (DPF), including the UK Extension and Swiss-U.S. DPF where applicable.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Agreement (IDTA) as a fallback mechanism.

8. Retention

We keep personal data only as long as necessary for the purpose it was collected:

• Contact submissions: up to 2 years from the last interaction, unless you request deletion earlier.
• Email correspondence: for the duration of the relationship and typically 1 year after the final message, unless longer retention is needed for legal reasons.
• Server security logs: typically up to 90 days, unless needed to investigate abuse or security incidents.
• Analytics data: 14 months (configured in GA4 where available) when analytics consent is enabled.
• Marketing cookies: retained for the cookie lifetime listed in Section 4, when marketing consent is enabled.
• Cookie consent record: up to 3 years for audit and compliance needs.
• Legal and tax records: retained as required by applicable law (often 6–10 years for invoices and financial documentation, where relevant).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or the UK, you have the following rights, subject to legal limitations:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We respond within 30 days, and we may extend by an additional 60 days for complex requests. We may ask for reasonable identity verification before acting on a request.

Supervisory authority resources:

• EU: https://edpb.europa.eu
• UK (ICO): https://ico.org.uk
• France (CNIL): https://www.cnil.fr
• Germany (BfDI): https://www.bfdi.bund.de
• Spain (AEPD): https://www.aepd.es
• Poland (UODO): https://uodo.gov.pl

10. Children

This website is not directed at individuals under 16. We do not knowingly collect data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the information promptly.

11. Do Not Track

This website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own methods for handling DNT or similar signals.

12. Data Deletion Requests

You can request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We aim to complete deletion within 30 days after verifying your identity. We may retain limited information where required by law or where necessary to establish, exercise, or defend legal claims.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. In the past 12 months, we may have collected the following categories of personal information:

• Identifiers (name, email, IP address, device IDs): shared with service providers and, if you consent to marketing cookies, advertising partners.
• Internet or network activity (page views, interactions): shared with analytics and advertising providers if you consent.
• Inferences (interests or preferences derived from site usage): used for advertising measurement when marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We do share information for cross-context behavioral advertising when marketing cookies are enabled; California residents may opt out via the cookie preferences panel.

California rights may include the right to know, delete, correct, and opt out of sale/sharing, as well as the right to non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your identity before responding. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced on the website at least 14 days before they take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

For any privacy questions, requests, or complaints, contact:

• Dohvajix Education LLC
• Severní 376, 533 51 Rosice, Pardubice, Czechia
• Email: [email protected]
• Phone: +420 466 264 418