Skip to main content

Privacy Policy

Last Updated: March 18, 2026

This Privacy Policy explains how Lifestyle Retail Academy (“we”, “us”, “our”) collects, uses, and protects personal data when you visit our website. It also explains your rights and choices, including how to manage cookies used for analytics and advertising.

1. Introduction & Controller Identity

Lifestyle Retail Academy provides educational content and training focused on retail selling techniques for bags, bathrobes, and homewear products, including customer service standards, product presentation, merchandising routines, and retail communication.

For the purposes of applicable data protection laws (including the GDPR and UK GDPR), the data controller is:

  • Legal entity: Lifestyle Retail Academy LLC
  • Registered address: Piletická 486, VÄ›koše, 503 41 Hradec KrálovĂ©, Czech Republic
  • Email: [email protected]
  • Telephone: +420 495 510 284

We do not appoint a Data Protection Officer (DPO) at this time. If you have any privacy questions, you can contact us using the details above.

2. Personal Data We Collect

The personal data we collect depends on how you interact with our site. We aim to collect only what is needed to provide and improve the website and to respond to requests.

2.1 Identity and contact details

  • Name (for example, first name and last name).
  • Email address.
  • Any contact details you choose to include in messages (if applicable).

2.2 Form content

If you submit a registration request or inquiry, we collect the information you provide in the form fields, such as learning goals, training context, and any details you include in free-text fields.

2.3 Technical data

  • IP address (which can be personal data under data protection law).
  • Browser type and version.
  • Device type, operating system, and language settings.
  • Approximate location derived from IP (country/region level).

2.4 Usage data

  • Pages visited, time spent on pages, and navigation paths.
  • Referrer URL (the page that brought you to our site).
  • Interactions such as clicks, scroll depth, and conversion events (for example, a completed form submission).

2.5 Cookies and identifiers

We use cookies and similar technologies (including pixel tags) to operate the site, remember cookie preferences, measure performance, and support advertising attribution and remarketing when you consent. See Section 4 for details.

2.6 What we do not intentionally collect

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, payment card data, or government identification numbers through our website. Please do not send such information to us via the registration form or by email.

3. Why We Process Your Data & Legal Basis (GDPR Article 6)

We process personal data for specific, legitimate purposes. Where GDPR/UK GDPR applies, we rely on one or more legal bases under Article 6.

3.1 Responding to registration requests and inquiries

Purpose: to respond to your request, provide programme details, and communicate about potential participation.
Legal basis: Article 6(1)(b) (steps at your request prior to entering a contract) and, where required, Article 6(1)(a) (consent) when you expressly agree to be contacted.

3.2 Analytics (where enabled by consent)

Purpose: to understand how visitors use the site and improve structure, content, and performance.
Legal basis: Article 6(1)(a) (consent).

3.3 Marketing and remarketing (where enabled by consent)

Purpose: advertising measurement, conversion attribution, and remarketing (including custom and lookalike audiences) on platforms such as Google and Meta.
Legal basis: Article 6(1)(a) (consent).

3.4 Security and fraud prevention

Purpose: to protect the website, investigate suspicious activity, and prevent abuse.
Legal basis: Article 6(1)(f) (legitimate interests), balanced against your rights and freedoms.

3.5 Legal obligations

Purpose: to comply with applicable laws and respond to lawful requests.
Legal basis: Article 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you (GDPR Article 22).

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and, in some cases, server-side conversion events. Our cookie categories match the choices shown in the cookie banner and preferences panel.

4.1 Essential cookies (always active)

Essential cookies are required for core site functionality and security. They do not require consent in most jurisdictions because they are necessary to provide the service you request.

  • _site_session (first-party): supports basic session continuity. Retention: session to limited persistence where needed.
  • cookie_consent (first-party): stores your cookie choice. Retention: up to 12 months.
  • Security-related cookies such as CSRF protection where applicable. Retention: session or short-lived.

4.2 Analytics cookies (consent required)

If you opt in to analytics cookies, we may use Google Analytics 4 (GA4) with IP anonymization where available. Analytics helps us understand which pages are most useful, how visitors move through content, and where improvements are needed.

  • Examples include _ga (2 years) and _ga_XXXXXXXXXX (2 years; GA4 property-specific cookie).
  • Typical analytics data includes page views, session duration, device/browser information, and approximate location.
  • Analytics retention is typically configured for 14 months for reporting and optimisation.

4.3 Marketing cookies (consent required)

If you opt in to marketing cookies, we may use advertising technologies to measure campaign performance, attribute conversions, and support remarketing audiences. This can include Google Ads and Meta (Facebook/Instagram) advertising tools.

  • Google Ads may use cookies such as _gcl_au (90 days) for conversion linking and measurement.
  • Meta may use cookies such as _fbp (90 days) and _fbc (90 days when a click ID is present) for ad attribution and remarketing.
  • Marketing data may include page views, events (such as form submissions), and audience membership based on browsing behavior.

4.4 Beyond cookies

In addition to cookies, we may use pixel tags (for example, via gtag.js or Meta Pixel) and, where implemented, server-side event reporting such as Meta Conversion API or server-side tagging. These approaches may use device signals derived from IP address and User-Agent. Where we transmit identifiers for matching (for example, email), they may be hashed before transmission depending on the integration.

For more detail on cookies specifically, see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Marketing and analytics cookies activate only after explicit, informed, freely given consent (GDPR Article 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (up to 12 months).

You may withdraw or change consent at any time by selecting “Manage cookie preferences” in the website footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing performed before withdrawal.

6. Sharing With Advertising & Service Partners

We use certain service providers to operate and improve the website. When enabled by your settings, we may share limited personal data (including cookie identifiers and event data) with advertising partners for analytics and marketing purposes. We do not sell personal data.

  • Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): may receive cookie IDs, usage data, conversion events, and audience information. Privacy policy: https://policies.google.com/privacy
  • Meta Platforms, Inc. (Meta Pixel, custom/lookalike audiences, conversion attribution): may receive page views, conversions, audience membership, and hashed identifiers where configured. Privacy policy: https://www.facebook.com/privacy/policy
  • Cloudflare (CDN and security): may process IP addresses and device signals for threat detection and performance. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes. They process data under their terms and, where applicable, as our processors or as independent controllers depending on the specific product.

7. International Transfers

Our service providers may process personal data in countries outside the EEA/UK, including the United States. Where data is transferred internationally, we use appropriate safeguards, which may include:

  • EU–US Data Privacy Framework (DPF) (primary mechanism since July 2023), where applicable.
  • UK Extension to the EU–US DPF, where applicable.
  • Swiss–US DPF, where applicable.
  • Standard Contractual Clauses (SCCs) (EU 2021/914) as a fallback.
  • UK International Data Transfer Agreement (IDTA) as a fallback.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law.

  • Contact and registration submissions: up to 2 years from the last interaction.
  • Email correspondence: for the duration of our relationship, plus up to 1 year.
  • Analytics data: typically retained for 14 months in reporting tools.
  • Marketing cookies: retained according to the cookie lifetime (for example, 90 days for some marketing cookies).
  • Server security logs: typically up to 90 days.
  • Cookie consent record: up to 3 years for audit and compliance purposes.
  • Legal/tax records: retained as required by law (often 6–10 years depending on the record type and jurisdiction).

9. Your Rights (GDPR & UK GDPR)

If GDPR/UK GDPR applies, you may have the following rights, subject to conditions and exceptions:

  • Right of access (Article 15).
  • Right to rectification (Article 16).
  • Right to erasure (Article 17).
  • Right to restrict processing (Article 18).
  • Right to data portability (Article 20).
  • Right to object (Article 21).
  • Right to withdraw consent at any time (Article 7(3)) for processing based on consent.
  • Right to lodge a complaint with a supervisory authority (Article 77).

To exercise your rights, email us at [email protected]. We typically respond within 30 days, and we may extend by up to 60 days for complex requests as permitted by law.

Supervisory authority resources:

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling or opt-out tools.

12. Data Deletion Requests

You may request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete valid deletion requests within 30 days, unless we must retain certain data to comply with legal obligations.

13. Business Transfers

In the event of a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If the transfer materially changes how personal data is used, we will provide notice on the website.

14. California Privacy Notice (CCPA / CPRA)

This section applies to California residents to the extent the California Consumer Privacy Act (as amended by the CPRA) applies to our processing.

Categories of personal information disclosed in the last 12 months may include:

  • Identifiers: name, email address, IP address, cookie identifiers.
  • Internet or network activity: browsing interactions and site usage data.
  • Inferences: interests or preferences inferred from site usage for advertising measurement (only if marketing consent is enabled).

Sale / sharing: We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies. California residents may opt out via our cookie preferences panel (“Manage cookie preferences” in the footer).

Your rights: You may have the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email us with the subject “California Privacy Request” at [email protected]. We may request information to verify your identity. Authorized agents may submit requests with proof of authorization.

15. Virginia Privacy Notice (VCDPA)

Where the Virginia Consumer Data Protection Act applies, Virginia residents may have rights to access, correct, delete, obtain a copy of personal data, and opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If you want to appeal a decision regarding your request, email with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada Privacy Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced via a prominent notice on the website at least 14 days before the changes take effect. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact: