Privacy Policy

1. Introduction & Controller Identity

For the purposes of the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, the Data Controller is:

• Celtic Journal Education Ltd (trading as "Celtic Journal")
• Registered address: One Windmill Lane, Grand Canal Dock, Dublin 2, D02 F206, Ireland
• Email: [email protected]
• Phone: +353 1 691 7824

If you have questions about how we handle data, the fastest way to reach us is by email. Where required, we will respond and help you exercise your rights under applicable privacy law.

2. Personal Data We Collect

The Website is designed to be educational and readable without creating an account. We collect the types of personal data listed below, depending on how you use the Website.

2.1 Identity & contact data

• Name (if you provide it via a form)
• Email address
• Phone number (if you choose to call us or include it in a message)

2.2 Form submission content

When you submit a contact form, we collect the content you type, such as:

• Your message and topic selection
• Any details you share about learning goals (for example, interest in aerial photography or mapping basics)
• Any information you provide about your drone model or typical flying environments

2.3 Technical and device data

• IP address (typically stored in server logs and may be used for security and abuse prevention)
• Browser type and version
• Device type, operating system, and language settings
• Date/time of access and basic error diagnostics

2.4 Usage data

If you consent to analytics cookies, we may collect usage information such as pages viewed, time on page, approximate location derived from IP (country/region level), referrer information, and click paths. This helps us understand which educational materials are useful and where navigation is confusing.

2.5 Cookies and identifiers

We use essential cookies to keep the Website working and to remember your cookie preferences. With consent, we may also use analytics and marketing cookies described in Section 4.

2.6 What we do not intentionally collect

We do not intentionally collect special-category data (such as health information, political opinions, or religious beliefs), government identification numbers, or financial account details through the Website. Please do not include sensitive personal data in your message.

3. Why We Process Data & Legal Basis (GDPR Art. 6)

We only process personal data where there is a valid legal basis under GDPR and Irish data protection law. The main purposes and legal bases are:

3.1 Contact requests and workshop enquiries

• Purpose: Respond to your message, provide learning resources, and, where relevant, share workshop information.
• Legal basis: Article 6(1)(b) (steps prior to entering a contract) and Article 6(1)(a) (consent, where you explicitly consent to be contacted).

3.2 Analytics (when enabled)

• Purpose: Understand how visitors use pages like drone fundamentals, safe flight guides, and learning resources so we can improve clarity and structure.
• Legal basis: Article 6(1)(a) (consent).

3.3 Marketing measurement (when enabled)

• Purpose: Measure whether educational adverts lead to useful visits and contact requests, and to limit repeated messages.
• Legal basis: Article 6(1)(a) (consent).

3.4 Security and abuse prevention

• Purpose: Protect the Website from misuse (such as automated spam submissions, malicious traffic, and attempts to probe forms).
• Legal basis: Article 6(1)(f) (legitimate interests), balanced against your rights and expectations.

3.5 Legal obligations

• Purpose: Comply with applicable law, respond to lawful requests, and maintain records required for regulatory or tax purposes where relevant.
• Legal basis: Article 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects under Article 22 GDPR.

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags. Our cookie categories match our Cookie Policy at /cookie-policy/.

4.1 Essential cookies (always active)

Essential cookies are required for the Website to function, including remembering your cookie settings. These do not require consent.

• _site_session: session continuity and basic site operation; retention typically 7 days in our implementation.
• cookie_consent: stores your cookie preferences; retention 12 months.

4.2 Analytics cookies (consent required)

If you allow analytics, we may use Google Analytics 4 (GA4) configured to help us understand overall usage patterns. Where applicable, we use features such as IP anonymization and retention controls. Typical cookies include:

• _ga (2 years)
• _ga_XXXXXXXXXX (2 years)

Analytics data retention is generally set to 14 months. You can withdraw consent at any time via the cookie preference tools described in Section 5.

4.3 Marketing cookies (consent required)

If you allow marketing cookies, we may use technologies from providers such as Google Ads and Meta to measure advertising performance and understand which educational pages are useful. Typical cookies include:

• _gcl_au (90 days)
• _fbp (90 days)
• _fbc (90 days, when a click identifier is present)

Marketing cookies may be used for remarketing and conversion attribution. We do not use them to identify you by name. You can opt out by refusing marketing cookies or changing preferences later.

4.4 Beyond cookies: pixels and server-side events

Some providers use pixel tags and server-side event collection. Depending on your consent settings and how our Website is configured over time, this can include conversion events (for example, a successful contact form submission) and basic device identifiers derived from IP address and User-Agent strings. Where hashing is used (for example, for conversion measurement), it is used as a security measure and not to sell your data.

5. Consent Management (EEA/UK)

Visitors in Ireland, the EEA, and the UK are presented with a consent notice. Analytics and marketing cookies activate only after explicit consent. Your choices are recorded in the cookie_consent cookie and stored for up to 12 months.

You can withdraw or change consent at any time by selecting “Manage cookie preferences” in the footer. You can also clear cookies in your browser settings. Withdrawal does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising & Service Partners

We share limited data with service providers that help us operate and improve the Website. We do not sell personal data. Where third-party providers process data on our behalf, they are required to protect it and use it only for the services they provide to us.

• Google LLC (Google Analytics 4, Google Ads, Tag Manager / remarketing where enabled): cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, custom audiences / conversion measurement where enabled): page views and conversion events, and cookie identifiers such as _fbp/_fbc. Privacy policy: https://www.facebook.com/privacy/policy/
• Cloudflare (content delivery network and security): IP-based threat detection and performance optimisation. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes. Some providers may process data as independent controllers for their own compliance and security operations; please consult their policies for details.

7. International Transfers

Some of our providers process data outside the EEA/UK, including in the United States. Where applicable, transfers may rely on the EU–US Data Privacy Framework (and the UK Extension, and Swiss–US DPF where relevant). If needed, we also use safeguards such as Standard Contractual Clauses (EU 2021/914) and the UK International Data Transfer Addendum/IDTA as a fallback.

We take steps to ensure transfers provide an adequate level of protection, including assessing provider documentation, transfer mechanisms, and available technical and organisational measures.

8. Data Retention

We keep personal data only for as long as necessary for the purposes described in this policy:

• Contact submissions: typically retained for up to 2 years from the last interaction, unless a longer period is required for a specific legal reason.
• Email correspondence: retained for the duration of the relationship plus 1 year, unless deletion is requested and no overriding reason to keep exists.
• Server security logs: typically retained up to 90 days.
• Analytics data: generally 14 months retention within analytics tooling.
• Marketing cookies: retained according to cookie lifetimes (commonly 90 days), unless you withdraw consent earlier.
• Cookie consent record: retained for up to 3 years for audit and compliance evidence.
• Legal/tax: where applicable, retained for statutory periods (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or the UK, you have rights under GDPR/UK GDPR, including:

• Right of access (Article 15)
• Right to rectification (Article 16)
• Right to erasure (Article 17)
• Right to restriction of processing (Article 18)
• Right to data portability (Article 20)
• Right to object (Article 21)
• Right to withdraw consent at any time (Article 7(3))
• Right to lodge a complaint with a supervisory authority (Article 77)

To exercise your rights, email [email protected]. We respond within 30 days, and may extend by up to 60 days for complex requests. We may ask for reasonable verification to protect your data from unauthorised access.

Supervisory authority resources:

• EU: https://edpb.europa.eu
• Ireland (DPC): https://www.dataprotection.ie
• UK (ICO): https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete it promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling of DNT and similar signals as described in their policies.

12. Data Deletion Requests

To request deletion of data submitted through our contact forms, email us at [email protected] with the subject line “Data Deletion Request”. We aim to complete requests within 30 days after identity verification. We may retain limited records where required by law or to establish, exercise, or defend legal claims.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor organisation. If the transfer materially changes how personal data is used, we will provide notice on the Website.

14. California Privacy Notice (CCPA / CPRA)

This section is provided for visitors from California and describes categories of personal information collected and disclosed in the last 12 months. It supplements the rest of this policy.

14.1 Categories collected

• Identifiers: name (if provided), email, IP address, cookie identifiers.
• Internet or other network activity: browsing and interaction data (where analytics/marketing is enabled via consent).
• Inferences: interests or preferences inferred from on-site behaviour for advertising measurement (only when marketing cookies are enabled).

14.2 Disclosures

We disclose the categories above to service providers and, where enabled by your cookie preferences, advertising partners (for example, Google and Meta) for analytics, advertising measurement, and security. We do not sell personal information as defined by CCPA. We may share data for cross-context behavioural advertising when marketing cookies are enabled; California residents can opt out using our cookie preferences tools in the footer.

14.3 Your California rights

Depending on your circumstances, you may have the right to know, delete, correct, and opt out of sale/sharing, and you have the right to non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify your request as required by law. Authorised agents may submit requests with proof of authority.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If you wish to appeal a refusal, email with the subject line “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. Unresolved concerns may be directed to the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in the Website, legal requirements, or our data practices. If changes are material, we will provide a notice on the homepage at least 14 days before the new policy takes effect. The “Last Updated” date at the top will be revised with each update.

18. Contact

For privacy questions, requests, or concerns, contact:

• Celtic Journal Education Ltd
• One Windmill Lane, Grand Canal Dock, Dublin 2, D02 F206, Ireland
• Email: [email protected]
• Phone: +353 1 691 7824