Skip to main content

Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy explains how fawltreno (“we”, “us”) collects, uses, and protects your personal data when you visit this website and when you submit the registration form for our educational programme. fawltreno is an educational provider focused on shirt manufacturing and tailoring skills.

1. Introduction & Controller Identity

This Privacy Policy explains how fawltreno (“we”) collects, uses, and protects your personal data when you visit this website and when you communicate with us. For the purpose of applicable data protection laws, including the UK GDPR and the EU GDPR where relevant, the data controller is:

  • Legal entity: Fawltreno Learning Ltd
  • Registered address: 10 Finsbury Square, London EC2A 1AF, United Kingdom
  • Contact email: [email protected]
  • Telephone: +44 20 7946 0958

We do not currently appoint a Data Protection Officer (DPO). If your enquiry relates to privacy and data protection, you can contact us using the email above and we will route your request to the appropriate person.

Effective Date: March 12, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you interact with the site. We aim to collect only what we need to operate the website, respond to requests, and run our educational communications. In practice, we may collect the following categories:

  • Identity and contact data: name and email address submitted in the registration form.
  • Form content: the information you type into forms and any follow-up correspondence you send by email.
  • Technical data: IP address, browser type and version, device identifiers, operating system, and language settings.
  • Usage data: pages viewed, time spent on pages, referring pages, and interaction events such as link clicks.
  • Cookies and identifiers: cookie values and similar identifiers described in Section 4 and our Cookie Policy.
  • Conversion events: events that indicate you submitted a form or reached a confirmation page after submitting.

We do not intentionally collect special-category data (such as health information, religious beliefs, or political opinions). We also do not request financial account details or government-issued identification as part of the registration process. Please avoid including sensitive personal information in free-text messages to us.

3. Why We Process Your Data & Legal Basis

We process personal data for clear, limited purposes. When UK GDPR or EU GDPR applies, we rely on the legal bases below (GDPR Article 6). The specific basis depends on the context and the data involved.

  • Responding to registration and contact requests: We use your name and email to respond to your request, send the module plan, and provide course registration information. Legal basis: Article 6(1)(b) (contract steps) and Article 6(1)(a) (consent) where required.
  • Analytics and site improvement: When enabled by consent, analytics helps us understand which pages are helpful, where learners drop off, and what content needs clarification (for example, the module order around collar stands and sleeve plackets). Legal basis: Article 6(1)(a) (consent).
  • Marketing and advertising measurement: When enabled by consent, marketing tags help measure campaign performance and support remarketing or audience creation. Legal basis: Article 6(1)(a) (consent).
  • Security and fraud prevention: We process limited technical data to protect the site, detect automated abuse, and keep services reliable. Legal basis: Article 6(1)(f) (legitimate interests).
  • Legal compliance: If required, we may process and retain data to comply with legal obligations. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects under GDPR Article 22.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and server-side event signals to understand site usage and measure conversions. Cookie categories are managed through our consent banner and preference panel. For details and examples, see our Cookie Policy.

Essential cookies (always active)

Essential cookies are required for the website to function and for basic security. These do not require consent. Examples include:

  • _site_session for session continuity.
  • cookie_consent to store your cookie preference selection.
  • Security controls such as CSRF protections where applicable.

Retention for essential cookies ranges from the browser session to up to 12 months depending on the specific cookie.

Analytics cookies (consent required)

When you opt in, we may use Google Analytics 4 (GA4) to understand aggregated usage, such as which modules are most visited or whether learners prefer the pattern drafting explanations over the stitching setup notes. IP anonymization is enabled where supported. Analytics cookies are typically retained for up to 2 years at the cookie level, and analytics data retention is set to 14 months.

  • _ga (2 years) and _ga_XXXXXXXXXX (2 years) are common GA4 cookies.

Marketing cookies (consent required)

When you opt in, marketing cookies support advertising measurement and remarketing. They can help us understand whether a campaign led to registrations, and they can be used to build audiences for relevant educational offers. Common examples include:

  • _gcl_au (Google Ads conversion linker, ~90 days)
  • _fbp and _fbc (Meta Pixel identifiers, ~90 days)

Beyond cookies, some marketing and analytics setups rely on pixel tags (for example, gtag.js or Meta Pixel) and may also use server-side events. Where server-side advertising measurement is used, identifiers may be hashed before transmission. Consent choices still apply: marketing and analytics are activated only when you opt in.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your selection is recorded in the cookie_consent browser cookie, which is stored for up to 12 months.

You can withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

6. Sharing With Advertising & Service Partners

We share limited data with service providers and advertising partners when necessary to run the website, measure performance, and deliver content. We do not sell personal data. Partners typically receive cookie identifiers, device information, and event data rather than the content of educational materials you read.

  • Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. policies.google.com/privacy
  • Meta Platforms, Inc. (Meta Pixel, Custom Audiences, Lookalike Audiences, Conversion API): page view events, conversions, and audience membership signals where enabled by consent. facebook.com/privacy/policy
  • Cloudflare (CDN and security): IP-based threat detection and performance optimization. cloudflare.com/privacypolicy

We do not permit these providers to use site data for their own independent commercial purposes. They process data as our processors or as separate controllers depending on the service and configuration.

7. International Transfers

Some providers may process data outside the UK/EEA, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as:

  • EU–US Data Privacy Framework (primary, since July 2023), including the UK Extension and Swiss–US DPF where applicable.
  • Standard Contractual Clauses (EU 2021/914) as a fallback.
  • UK International Data Transfer Agreement (IDTA) as a fallback for UK transfers.

We monitor provider documentation and adjust safeguards when legal or regulatory guidance changes.

8. Retention

We keep personal data only as long as necessary for the purpose it was collected. Retention periods depend on the data type and the reason it is stored. Typical retention periods are:

  • Registration and contact submissions: up to 2 years from the last interaction.
  • Analytics data: 14 months (GA4 data retention setting), while cookie lifetimes may be up to 2 years.
  • Marketing cookies: per cookie lifetime (commonly around 90 days).
  • Email correspondence: for the relationship duration plus 1 year, unless a longer period is required to handle disputes.
  • Server security logs: typically 90 days.
  • Cookie consent record: up to 3 years for audit and compliance purposes.
  • Legal and tax: where applicable, typically 6–10 years for certain records.

If you request deletion, we will delete or anonymize data unless retention is required by law or needed to establish, exercise, or defend legal claims.

9. Your Rights (GDPR & UK GDPR)

Depending on your location, you may have rights under GDPR/UK GDPR. These include:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Right to withdraw consent at any time (Article 7(3))
  • Right to lodge a complaint with a supervisory authority (Article 77)

To exercise a right, email [email protected]. We respond within 30 days, and may extend by up to 60 days for complex requests. We may ask for information to verify identity before processing a request.

Supervisory authority resources: edpb.europa.eu (EU) and ico.org.uk (UK).

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own DNT-related handling in their services or browser add-ons.

12. Data Deletion Requests

If you want us to delete personal data we hold about you, email [email protected] with the subject line Data Deletion Request. We may need to verify identity before we proceed. We aim to complete verified deletion requests within 30 days.

In limited cases, we may retain certain information where required by law or where necessary to manage disputes, enforce agreements, or maintain security.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the website.

14. California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (as amended by the CPRA) applies. In the past 12 months, we may have disclosed the following categories of personal information to service providers and advertising partners:

  • Identifiers: name, email address, IP address, device identifiers.
  • Internet or network activity: browsing events and interactions.
  • Inferences: interests or preferences derived from browsing behavior, where marketing cookies are enabled.

We do not sell personal information as defined by the CCPA. We do share information for cross-context behavioral advertising when marketing cookies are enabled. California residents can opt out via our cookie preferences panel (use “Manage cookie preferences” in the footer).

California rights may include: the right to know, delete, correct, and opt out of sale or sharing, and the right to non-discrimination. To submit a request, email [email protected] with subject California Privacy Request. We will verify your identity before processing.

Authorized agents may submit requests on your behalf with written permission and proof of authority.

15. Virginia (VCDPA)

If you are a Virginia resident and the Virginia Consumer Data Protection Act (VCDPA) applies, you may have rights to access, correct, delete, obtain a portable copy of your data, and opt out of targeted advertising. To submit a request, email [email protected] with subject Virginia Privacy Request.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If you wish to appeal a decision about a request, email us with subject Appeal of Refusal — Privacy Request. We will respond within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with subject Nevada Do Not Sell Request. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be announced via a prominent notice on the website at least 14 days before taking effect. The “Last Updated” date at the top of this page shows when the current version was published.

18. Contact

If you have questions about privacy or want to exercise your rights, contact: