Skip to main content

Privacy Policy

This Privacy Policy explains how briveropx collects, uses, and protects personal data when you visit this website and when you register interest in the drawing and illustration course.

Last Updated: March 19, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how briveropx (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit this website and interact with our registration forms. This site provides information about a drawing and illustration course offered by Briveropx Studio s.r.o..

Data Controller: Briveropx Studio s.r.o.
Registered address: Vlkova 532/8, Žižkov, 130 00 Praha 3, Czechia
Contact email: [email protected]
Phone: +420 246 034 819

Effective Date: March 19, 2026. If you have questions about this policy or how we handle your data, contact us using the details above.

2. Personal Data We Collect

We collect information that helps us operate the website, respond to requests, and (when you consent) measure marketing performance. The types of personal data we may collect include:

  • Identity and contact details: your name and email address when you submit a registration form.
  • Form content: details you provide in your message fields (if a page includes one) and context about your request.
  • Technical data: IP address, device type, operating system, browser type, language settings, and approximate location derived from IP (city/region level).
  • Usage data: pages viewed, time spent on pages, navigation paths, referring pages, and interactions (e.g., clicks).
  • Cookies and identifiers: first-party cookies used for essential site operations and, if you consent, third-party cookies used for analytics and marketing attribution.
  • Conversion events: signals that indicate an action occurred (such as a form submission or page view) for measurement and troubleshooting.

We do not intentionally collect special-category personal data (such as health information, political opinions, religious beliefs), financial account details, or government-issued identification numbers through this website.

3. Why We Process Your Data & Legal Basis

We process personal data for specific purposes and rely on the legal bases under the GDPR (and UK GDPR where applicable). The legal basis depends on what you do on the site and which cookies you enable:

  • Responding to registration requests and course inquiries: we use your name and email to communicate with you and provide course details. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent, when you agree to be contacted).
  • Website security, prevention of abuse, and technical reliability: we may process technical data and logs to keep the site stable and protect against misuse. Legal basis: Art. 6(1)(f) (legitimate interest).
  • Analytics measurement (optional): if you opt in to analytics cookies, we measure site usage to improve content structure and usability. Legal basis: Art. 6(1)(a) (consent).
  • Marketing and advertising measurement (optional): if you opt in to marketing cookies, we may measure ad performance and create aggregated audiences for remarketing and conversion attribution. Legal basis: Art. 6(1)(a) (consent).
  • Legal obligations: if we need to keep certain records to comply with applicable law, we do so. Legal basis: Art. 6(1)(c) (legal obligation).

Automated decision-making: we do not engage in automated decision-making or profiling that produces legal or similarly significant effects within the meaning of GDPR Art. 22.

4. Cookies & Tracking

Cookies are small text files stored on your device. This site uses cookies and similar technologies for essential functionality and, where you consent, to support analytics and marketing measurement. We group cookies into three categories that match our Cookie Policy.

Essential (always active)

Essential cookies are required for the site to function and cannot be turned off using our cookie preferences tools. They include cookies that maintain site continuity and store your consent choices:

  • _site_session (first-party): helps with session continuity. Retention: session.
  • cookie_consent (first-party): stores your cookie choices. Retention: 12 months.

We may also use basic security measures such as CSRF protection in forms where applicable. Retention for security tokens is typically session-based.

Analytics (requires consent)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand how the site is used. Where configured, IP anonymization and data minimization measures are applied. Example cookies include:

  • _ga (third-party): GA4 user identifier. Retention: 2 years.
  • _ga_XXXXXXXXXX (third-party): GA4 session state. Retention: 2 years.

Analytics data retention in GA4 is typically set to 14 months.

Marketing (requires consent)

If you enable marketing cookies, we may use Google Ads and Meta Pixel-related cookies for conversion attribution, remarketing, and audience measurement. Example cookies include:

  • _gcl_au (third-party): Google Ads conversion linker. Retention: 90 days.
  • _fbp (third-party): Meta Pixel browser identifier. Retention: 90 days.
  • _fbc (third-party): Meta Pixel click identifier when a click ID is present. Retention: 90 days.

Beyond cookies, some partners may use pixel tags (e.g., gtag.js and Meta Pixel) and may support server-side measurement (for example via Meta Conversion API or Google Tag Manager server-side). Where used, identifiers may include hashed versions of contact details and device information derived from IP address and User-Agent.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie for up to 12 months.

You can change or withdraw your consent at any time via “Manage cookie preferences” in the footer, or by clearing cookies in your browser settings. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

6. Sharing With Advertising & Service Partners

We use certain service providers to operate the site and measure performance. Depending on your cookie choices, data may be shared with:

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie identifiers, usage data, and conversion signals. Privacy policy: https://policies.google.com/privacy
  • Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API where used): may receive page view and conversion signals, audience membership indicators, and hashed identifiers. Privacy policy: https://www.facebook.com/privacy/policy
  • Cloudflare, Inc. (CDN and security services): may process IP addresses and device information for security and performance, including threat detection. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. We do not permit these providers to use site data for their own independent commercial purposes; they process data under their roles as service providers or joint/independent controllers depending on the product configuration.

7. International Transfers

Some of our service providers may process data outside the EEA/UK, including in the United States. Where required, transfers are safeguarded using one or more of the following mechanisms:

  • EU–US Data Privacy Framework (DPF) (primary, where applicable since July 2023)
  • UK Extension to the EU–US DPF
  • Swiss–US DPF (where relevant)
  • Standard Contractual Clauses (EU 2021/914) as a fallback
  • UK International Data Transfer Agreement (IDTA) as a fallback

We also apply practical measures such as data minimization, limiting retention, and restricting access where possible.

8. Retention

We keep personal data only for as long as necessary for the purposes described in this policy:

  • Contact and registration submissions: up to 2 years from the last interaction, unless a longer period is required to resolve a dispute or meet legal obligations.
  • Email correspondence: for the duration of the relationship and typically 1 additional year for reference and continuity.
  • Server logs and security records: typically up to 90 days, unless required longer to investigate incidents.
  • Analytics data: typically 14 months in GA4, subject to configuration.
  • Marketing cookies: retained according to their cookie lifetimes (often 90 days for common marketing cookies), unless deleted earlier.
  • Cookie consent record: up to 3 years for audit and compliance evidence where needed.
  • Legal/tax records: as required by applicable law (often 6–10 years for certain business records).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA/UK (and in some cases elsewhere), you may have rights over your personal data, including:

  • Right of access (GDPR Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. If a request is complex, this period may be extended by up to 60 additional days, and we will explain why.

Supervisory authorities: EEA guidance is available at https://edpb.europa.eu. UK: Information Commissioner’s Office at https://ico.org.uk. Czech Republic: Office for Personal Data Protection at https://www.uoou.cz.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may have their own approach to DNT; you can review their settings and policies directly.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before acting on the request. Deletion may be limited where we must retain certain information to comply with legal obligations.

13. Business Transfers

If Briveropx Studio s.r.o. is involved in a merger, acquisition, asset sale, financing, reorganization, insolvency, or similar event, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

If you are a California resident, you may have certain rights regarding personal information. Over the past 12 months, we may have collected the following categories:

  • Identifiers: name, email address (when provided), IP address, and cookie/device identifiers.
  • Internet/network activity: browsing interactions such as page views and click paths.
  • Inferences: preferences or interests derived from interaction data for advertising measurement (when marketing cookies are enabled).

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising, depending on your cookie preferences. California residents may opt out of sharing for targeted advertising by using our cookie preferences panel.

Rights may include the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your identity before completing a request. Authorized agents must provide proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject line “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we deny a request, you may appeal by emailing [email protected] with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide a notice on the homepage at least 14 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent version.

18. Contact

If you have questions about privacy or this policy, contact:

Briveropx Studio s.r.o.
Vlkova 532/8, Žižkov, 130 00 Praha 3, Czechia
Email: [email protected]
Phone: +420 246 034 819

Ready to register for course details?

Use the registration page to share your name and email. The studio replies with next steps, and you can control analytics and marketing cookies at any time from the footer.

Go to Registration Course Overview