Privacy Policy

1. Introduction and controller identity

This Privacy Policy explains how berenolix ("we", "us", "our") collects, uses, and protects personal data when you visit our website and when you submit a registration request. berenolix is an online learning platform that teaches clothing retail sales and customer interaction skills through educational modules, scenarios, and practice prompts designed for store teams.

For the purposes of data protection law, berenolix is the data controller for personal data processed through this website. Our registered address is 177-181 Great Bridge Street, West Bromwich, B70 0DJ, United Kingdom. You can contact us about privacy matters at [email protected].

We do not appoint a Data Protection Officer because we do not carry out large-scale processing of special category data, and our services are educational rather than medical, legal, or financial advice. If this changes, we will update this Privacy Policy and clearly describe the new role and contact details.

2. Personal data we collect

We collect personal data in a few different ways: information you choose to provide (for example through a registration form), information collected automatically by the website and servers when you browse, and information set through cookies and similar technologies (which you can manage through our cookie preferences panel).

• Identity and contact data: name and email address when you submit a registration request or contact us by email.
• Account and access data: the password you enter into the registration form. Passwords are used to establish access credentials; you should choose a unique password that you do not reuse on other services.
• Form content: any information you include in form fields. Our registration form requests only name, email, and password.
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location derived from IP (for example, country or region).
• Usage data: pages visited, time spent on pages, referring pages, click paths, and interactions that help us understand how the site is used.
• Cookies and identifiers: identifiers stored in cookies (first-party and third-party) that remember settings, measure usage, and support advertising measurement where you consent.
• Conversion events: events associated with registration actions, such as a completed form submission, used for operational tracking and, if enabled, advertising attribution.

We do not intentionally collect special category personal data (such as health information, religious beliefs, political opinions, or biometric data). We also do not request government identification numbers or financial account details through our registration form. Please do not send special category data to us via email or through any website forms.

3. Why we process personal data and the legal basis (GDPR Article 6)

Where the GDPR and UK GDPR apply, we process personal data only when we have a valid legal basis. The legal basis depends on the purpose and the type of data involved. The following list describes the most common purposes for this website.

• Registration and contact requests: to receive and process your registration request, to communicate about onboarding, and to provide support. Legal basis: performance of a contract or taking steps at your request prior to entering into a contract (Article 6(1)(b)) and, where applicable, consent for being contacted via the form consent checkbox (Article 6(1)(a)).
• Site analytics: to understand how visitors navigate and use our pages so we can improve content clarity, learning flow, and technical performance. Legal basis: consent (Article 6(1)(a)) where analytics cookies are used.
• Marketing and remarketing: to measure campaign performance and, where configured, to show more relevant advertising. Legal basis: consent (Article 6(1)(a)) where marketing cookies are used.
• Security and fraud prevention: to protect the website, prevent abusive traffic, and maintain system integrity. Legal basis: legitimate interests (Article 6(1)(f)). We balance these interests against your rights and only use what is necessary for security purposes.
• Legal compliance: to comply with legal obligations, respond to lawful requests, and maintain required records where applicable. Legal basis: legal obligation (Article 6(1)(c)).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals (GDPR Article 22).

4. Cookies and tracking

We use cookies and similar technologies to keep the website working, to remember preferences, and (if you consent) to understand usage patterns and measure marketing performance. Cookies are small text files stored on your device. Some cookies are first-party (set by our site), and some are third-party (set by providers that help us run analytics or advertising measurement).

Our cookie categories are:

• Essential cookies (always active): required for the site to function and to remember your cookie consent settings. Examples include _site_session and cookie_consent. Retention ranges from session to 12 months.
• Analytics cookies (optional): used to measure site usage and improve content. When enabled, we may use Google Analytics 4 with IP anonymization. Example cookies include _ga and _ga_XXXXXXXXXX. Data retention is typically 14 months for analytics reporting.
• Marketing cookies (optional): used for advertising measurement and remarketing, including conversion attribution. Example cookies include _gcl_au, _fbp, and _fbc. Retention is typically around 90 days for these identifiers.

Cookies are not the only tracking mechanism that may be used in an advertising or analytics setup. Pixel tags and similar scripts can transmit event data (such as page views and conversions). Where implemented, we treat these as part of analytics or marketing processing and activate them only after consent for the relevant category.

For more details about cookie categories, examples, and how to manage choices, please read our Cookie Policy.

5. Consent for users in the EEA and the UK

Users in the European Economic Area and the United Kingdom receive a cookie consent notice in line with GDPR and UK GDPR requirements. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)).

Your consent choice is recorded in a browser cookie named cookie_consent (12 months). You can withdraw consent at any time using "Manage Preferences" in the cookie banner or by clearing cookies in your browser. Withdrawal does not affect processing that occurred before you withdrew consent.

6. Sharing with advertising and service partners

We use service providers to operate and improve the website. Depending on your cookie preferences and the tools configured on the site, these providers may receive limited data such as cookie identifiers, IP address, browser information, usage events, and conversion events.

• Google LLC: Google Analytics 4, Google Ads measurement, and tag management for analytics/remarketing (where enabled by consent). Policies: https://policies.google.com/privacy
• Meta Platforms: Pixel-based measurement, custom/lookalike audiences, and conversion attribution (where enabled by consent). Policies: https://www.facebook.com/privacy/policy
• Cloudflare: content delivery and security services, including IP-based threat detection and performance optimizations. Policies: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. When we share data with the partners above, it is for operating the site, measuring performance, and (if you consent) advertising measurement and remarketing. We do not permit these providers to use site data for their own independent commercial purposes.

7. International transfers

Some of our service providers may process data outside the EEA and the UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards such as the EU-US Data Privacy Framework (including the UK Extension and Swiss-US framework where applicable), and Standard Contractual Clauses (EU 2021/914) as a fallback. For the UK, we may also rely on the UK International Data Transfer Addendum or other valid transfer mechanisms.

You can request further details about transfer safeguards by contacting us at [email protected].

8. Data retention

We keep personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention depends on the type of data and how it is used.

• Registration submissions: up to 2 years from the last interaction, unless you request deletion earlier and no legal obligation requires retention.
• Analytics data: typically retained for 14 months where analytics cookies are enabled by consent.
• Marketing cookies: retained according to cookie lifetimes (commonly 90 days), subject to your consent and browser settings.
• Email correspondence: retained for the duration of the relationship plus up to 1 year for continuity and recordkeeping.
• Server security logs: typically retained for up to 90 days.
• Cookie consent record: retained for up to 3 years for audit and compliance purposes.
• Legal and compliance records: retained as required by applicable law (for example, certain business records may need to be kept for 6 to 10 years).

9. Your rights (GDPR and UK GDPR)

If GDPR or UK GDPR applies to you, you may have the following rights, subject to conditions and exceptions:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise a right, email [email protected] with enough information for us to understand your request. We aim to respond within 30 days. If a request is complex, we may extend by up to 60 additional days and will explain why.

If you want to contact a supervisory authority, general references include the European Data Protection Board at https://edpb.europa.eu and the UK Information Commissioner's Office at https://ico.org.uk.

10. Children

This website is not directed to individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the data promptly.

11. Do Not Track signals

Some browsers offer a "Do Not Track" (DNT) feature. This website does not respond to DNT signals. Third-party providers may have their own handling of DNT or similar settings.

12. Data deletion requests

You can request deletion of your personal data by emailing [email protected] with the subject line "Data Deletion Request". For security, we may ask for information to verify your identity before acting on the request. We aim to complete deletion within 30 days, unless legal obligations require us to retain certain records.

13. Business transfers

If berenolix is involved in a merger, acquisition, asset sale, financing, insolvency, or similar event, personal data may be transferred to a successor entity as part of that transaction. If the transfer materially changes how personal data is used, we will provide notice on the website.

14. California notice (CCPA / CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act and California Privacy Rights Act apply. In the last 12 months, we may have collected the following categories of personal information: identifiers (such as name, email address, IP address, and cookie IDs), internet or network activity (such as pages visited and interactions), and inferences (such as interests based on site interactions used for advertising measurement when consented).

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising if marketing cookies are enabled. California residents may opt out by using our cookie preferences panel and disabling marketing cookies.

Depending on the law, you may have rights to know, delete, and correct personal information, and to opt out of certain sharing. To submit a request, email [email protected] with the subject line "California Privacy Request". We will verify requests as required. Authorized agents may submit requests with written proof of authorization.

15. Virginia notice (VCDPA)

If the Virginia Consumer Data Protection Act applies, Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line "Virginia Privacy Request". If we decline a request, you may appeal by emailing with the subject line "Appeal of Refusal — Privacy Request". We respond to appeals within 60 days.

16. Nevada notice

Nevada residents may submit a verified request to opt out of the sale of certain personal information by emailing [email protected] with the subject line "Nevada Do Not Sell Request". We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, how the website operates, or how we provide educational services. If changes are material, we will post a notice on the homepage at least 14 days before the changes take effect. The "Last Updated" date at the top of this page will change whenever we revise the policy.

18. Contact

If you have questions or requests about privacy, contact:

berenolix
177-181 Great Bridge Street
West Bromwich, B70 0DJ, United Kingdom
Email: [email protected]