Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how Gaelic Report (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit GaelicReport.cyou (the “Website”) and when you contact us about beginner-friendly DIY craft learning, materials notes, and workshops.

For the purposes of the EU General Data Protection Regulation (“GDPR”) and the Irish Data Protection Act, the data controller is:

• Legal entity: Gaelic Report Learning Ltd
• Registered address: Fitzwilliam Business Centre, 26 Upper Pembroke Street, Dublin 2, D02 X361, Ireland
• Email: [email protected]
• Telephone: +353 1 513 4728

We do not currently appoint a Data Protection Officer (DPO). If that changes due to the nature or scale of processing, we will update this policy and provide DPO contact details.

2. Personal Data We Collect

We collect personal data to operate the Website, respond to enquiries, and improve our educational content. The types of personal data we may collect include:

• Identity and contact data: name (if provided), email address, and phone number (if provided).
• Form content: the message you send, workshop preferences, materials questions, surfaces you mention (paper, wood, plastic, glass), and any project details you choose to share.
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location inferred from IP (city/region level).
• Usage data: pages you visit, time spent on pages, referral source, and basic click paths on the Website.
• Cookies and identifiers: cookie identifiers and consent signals stored in your browser (see Section 4).
• Conversion events: a record that an enquiry form was submitted, and which page it came from, to help us measure whether educational pages are useful.

We do not intend to collect special-category personal data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers through the Website. Please do not include that type of information in your messages.

3. Why We Process Your Data & Legal Basis (GDPR Article 6)

We process personal data only where we have a lawful basis under GDPR. Our main purposes and legal bases are:

• Responding to contact and workshop enquiries: processing the information you submit so we can reply, clarify the topic, and propose a practical learning format. Legal basis: Article 6(1)(b) (steps prior to entering into a contract) and Article 6(1)(a) (consent, where applicable).
• Analytics and improvement: understanding which pages are helpful and where learners get stuck, so we can refine guides and tutorials. Legal basis: Article 6(1)(a) (consent).
• Marketing and advertising measurement: measuring ad performance and showing relevant educational content to people who have interacted with the Website. Legal basis: Article 6(1)(a) (consent).
• Security and fraud prevention: protecting the Website, preventing abuse, and keeping our systems reliable. Legal basis: Article 6(1)(f) (legitimate interests).
• Legal compliance: complying with applicable law and responding to lawful requests. Legal basis: Article 6(1)(c) (legal obligation).

Automated decision-making (GDPR Article 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We use cookies and similar technologies (including pixel tags and server-side event signals) for essential site functionality and, with consent, for analytics and marketing measurement. You can manage your preferences using “Manage cookie preferences” in the footer.

Essential cookies (always active)

These cookies are required for the Website to function. They include:

• _site_session for basic session continuity.
• cookie_consent to store your cookie preference choices.
• Security-related cookies (for example, CSRF protection) where applicable.

Retention varies by cookie. Some are session-only and expire when you close your browser; others persist for up to 12 months.

Analytics cookies (consent required)

If you enable analytics cookies, we may use Google Analytics 4 (“GA4”) to understand how the Website is used. Where configured, IP anonymisation is used. Analytics cookies help us answer practical questions such as which guides are read most often, whether visitors find Materials & Tools notes after a tutorial, and which pages need clearer explanations.

• Example analytics cookies: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Analytics data retention setting: typically 14 months.

Marketing cookies (consent required)

If you enable marketing cookies, we may use cookies and pixel tags from advertising partners such as Google Ads and Meta to:

• Measure whether ads lead to meaningful interactions (like reading a guide or submitting a workshop enquiry).
• Build audiences for remarketing (for example, showing an educational workshop page to people who visited tutorials).
• Improve attribution so we can understand which educational pages are most helpful.

Example marketing cookies include _gcl_au (Google Ads, 90 days), _fbp (Meta, 90 days), and _fbc (Meta click identifier, 90 days when a click ID is present).

In addition to cookies, we may use pixel tags (such as gtag.js or the Meta Pixel) and, where implemented, server-side event sending (for example via Meta Conversion API or server-side tag management). These mechanisms can use identifiers derived from your device (such as IP address and User-Agent). Where applicable, identifiers may be hashed before transmission.

5. Consent (EEA/UK Users)

Users in Ireland, the EEA, and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie, typically for 12 months.

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing your browser cookies. Withdrawal does not affect the lawfulness of processing that occurred before you withdrew consent.

6. Sharing With Advertising & Service Partners

We may share limited data with service providers to operate and improve the Website. Where consent is required, we share data only after you opt in. The main partners are:

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie IDs, device/usage data, and conversion events. https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API where implemented): page views, conversions, audience membership, and identifiers (which may be hashed where applicable). https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance delivery. https://www.cloudflare.com/privacypolicy/

We do not sell personal data. We use partners as processors and service providers to deliver our Website and to measure performance. We do not permit these providers to use Website data for their own independent commercial purposes beyond providing services to us, subject to their platform terms and configuration options.

7. International Transfers

Some partners (including Google and Meta) may process data outside Ireland and the EEA, including in the United States. Where applicable, transfers may rely on:

• The EU–US Data Privacy Framework (in force since July 2023) and the UK Extension to the DPF, where a provider is certified.
• Swiss–US Data Privacy Framework where relevant.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Addendum (IDTA) as a fallback mechanism for UK transfers.

8. Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

• Contact submissions: up to 2 years from the last interaction.
• Analytics data: typically 14 months (subject to analytics configuration).
• Marketing cookies: per cookie lifetime (commonly 90 days), unless removed earlier.
• Email correspondence: for the duration of the relationship, then typically 1 additional year.
• Server logs: typically up to 90 days.
• Cookie consent records: up to 3 years for audit and compliance purposes.
• Legal and tax records: as required by applicable law (often 6–10 years for invoices and related records).

9. Your Rights (GDPR & UK GDPR)

Subject to conditions and exceptions, you may have the following rights:

• Right of access (GDPR Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, contact us at [email protected]. We typically respond within 30 days. For complex requests, we may extend by up to 60 additional days as permitted by law.

If you are located in Ireland, you can also contact the Data Protection Commission. If you are elsewhere in Europe or the UK, you can consult:

• European Data Protection Board: https://edpb.europa.eu
• UK Information Commissioner’s Office: https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete the information promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Account & Data Deletion Requests

The Website does not provide user accounts. If you want us to delete personal data from a contact submission, email [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable verification to confirm identity and locate the relevant message. We aim to complete requests within 30 days, except where retention is required by law.

13. Business Transfers

If Gaelic Report Learning Ltd is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency event, personal data may be transferred to a successor entity. If the transfer materially changes how personal data is used, we will provide a notice on the Website.

14. California Privacy Notice (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (as amended by the CPRA) is applicable. Over the past 12 months, we may have collected the following categories of personal information:

• Identifiers: name (if provided), email, IP address, cookie identifiers.
• Internet or other network activity: browsing interactions on the Website.
• Inferences: interests or preferences inferred from page interactions for advertising measurement, where marketing consent is provided.

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies. California residents may opt out of sharing by using our cookie preferences panel (available via “Manage cookie preferences” in the footer).

Depending on your rights under CCPA/CPRA, you may request to know, delete, or correct personal information, and you may opt out of sale or sharing. To submit a request, email [email protected] with the subject “California Privacy Request”. We may request verification. You may use an authorised agent where legally permitted, with appropriate documentation.

We will not discriminate against you for exercising your CCPA/CPRA rights.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act (VCDPA) applies to you, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we decline a request, you can appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If your appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post a notice on the Website at least 14 days before the changes take effect. The “Last Updated” date at the top of this page will also be revised.

18. Contact

If you have questions about this Privacy Policy or how we handle your personal data, contact:

• Gaelic Report Learning Ltd
• Fitzwilliam Business Centre, 26 Upper Pembroke Street, Dublin 2, D02 X361, Ireland
• Email: [email protected]
• Phone: +353 1 513 4728