Skip to main content
Privacy Policy

Privacy Policy

Last Updated: March 12, 2026

This Privacy Policy explains how zanotrivo ("we") collects, uses, and protects personal data when you visit this website and register for our confectionery retail and candy presentation course. This policy is written for clarity and is intended to help you understand what we do with information such as registration details, cookie preferences, and basic usage data.

1. Introduction and Controller Identity

zanotrivo is the data controller responsible for personal data processed in connection with this site and our course registration and support. This means we decide why and how your personal data is processed.

  • Controller name: zanotrivo
  • Registered address: 25 Small Business Park, Redburn Road, Westerhope, Newcastle upon Tyne NE5 1NF, United Kingdom
  • Contact email: [email protected]
  • Effective date: March 12, 2026

We do not appoint a dedicated Data Protection Officer for this website. If you have privacy questions, contact us using the email above and we will route your request to the right person.

2. Personal Data We Collect

We collect a limited set of personal data needed to provide an educational website, create course registration records, and respond to support questions. The exact information depends on how you interact with the site.

  • Identity and contact details: name and email address when you use our registration forms.
  • Account and access details: a password you create during registration. Passwords should be treated as confidential; we recommend using a unique password not used on other sites.
  • Form content: the information you type into a form field (for example, a name). On this site we keep form fields intentionally minimal.
  • Technical data: IP address, browser type, device and operating system information, language settings, and approximate location derived from IP (country/city level).
  • Usage data: pages visited, time on page, referrer information, and interactions used to understand how visitors navigate the course pages.
  • Cookies and identifiers: cookie preference choices and the identifiers described in Section 4.
  • Conversion events: basic events associated with form submission and page views, used to measure whether visitors reached registration pages or completed a registration attempt.

We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions, or biometric data). We also do not request government identification numbers or financial account details through our website forms.

3. Why We Process Personal Data and Legal Basis

Where the UK GDPR or EU GDPR applies, we process personal data only when we have a lawful basis. The lawful basis depends on the purpose:

  • Course registration and providing access: processing is necessary to take steps at your request (GDPR Art. 6(1)(b)) and, where applicable, based on your consent (GDPR Art. 6(1)(a)) for contact and related communications.
  • Responding to questions and support requests: legitimate interest (GDPR Art. 6(1)(f)) to provide customer support and keep the course functioning, and/or contract-related steps (GDPR Art. 6(1)(b)).
  • Site analytics: consent (GDPR Art. 6(1)(a)) where analytics cookies are used.
  • Marketing and remarketing: consent (GDPR Art. 6(1)(a)) where marketing cookies or pixels are used for campaign measurement or audience building.
  • Security and fraud prevention: legitimate interest (GDPR Art. 6(1)(f)) to prevent abuse of the website, detect automated traffic, and protect visitors and our systems.
  • Legal compliance: legal obligation (GDPR Art. 6(1)(c)) where we must keep certain records or respond to lawful requests.

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for visitors (GDPR Art. 22).

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the site, remember your preferences, and (if you consent) measure and improve performance and advertising. Cookies are small text files stored by your browser. Some are set by us (first-party) and some may be set by third parties (third-party), depending on what features are active.

Essential (always active)

Essential cookies are required for the site to function and for basic preference storage. They do not require consent in many jurisdictions because they are strictly necessary.

  • _site_session: used for basic session continuity and site operation. Retention: session to 1 day.
  • cookie_consent: stores your cookie preference selection. Retention: 12 months.
  • Security-related cookies: may be used to protect against abuse, such as repeated automated submissions.

Analytics (consent)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand how visitors use the website. We configure analytics to help us improve content clarity, navigation, and registration flow. Analytics retention is typically set to 14 months for reporting.

  • _ga: GA4 user identifier. Typical retention: 2 years.
  • _ga_XXXXXXXXXX: GA4 session state. Typical retention: 2 years.

Marketing (consent)

If you enable marketing cookies, we may use cookies or pixel tags associated with advertising platforms to measure campaigns and show relevant ads. These tools may create audiences (for example, people who visited a registration page) and measure conversion attribution.

  • _gcl_au: Google Ads conversion linker. Typical retention: 90 days.
  • _fbp: Meta Pixel browser identifier. Typical retention: 90 days.
  • _fbc: Meta Pixel click identifier (when present). Typical retention: 90 days.

In addition to cookies, tracking can involve pixel tags and server-side measurement. Where used, such tracking is activated only based on the consent choices you set in the cookie preference panel.

5. Consent and Your Choices (EEA and UK)

Users in the EEA and UK receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your consent choice is recorded in the cookie_consent cookie (stored for 12 months).

You can withdraw or change consent at any time by using the “Manage cookie preferences” link in the footer. You can also clear cookies in your browser settings. Withdrawing consent does not affect the lawfulness of processing based on consent before it was withdrawn.

6. Sharing With Advertising and Service Partners

We use reputable service providers to operate and improve the site. Depending on your cookie settings and how the website is configured, we may share limited data with:

  • Google LLC (Google Analytics 4, Google Ads, Tag Manager and remarketing): may receive cookie identifiers, usage data, and conversion events. Reference: https://policies.google.com/privacy
  • Meta Platforms (Meta Pixel, Custom Audiences, Lookalike Audiences, Conversion API): may receive page view signals, conversions, audience membership, and (where configured) hashed identifiers. Reference: https://www.facebook.com/privacy/policy
  • Cloudflare (CDN and security services): may process IP-based threat detection and performance-related traffic routing. Reference: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. We also do not permit providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their contractual and platform obligations.

7. International Transfers

Some of our service partners may process data outside the UK or EEA, including in the United States. Where required, international transfers are supported by appropriate safeguards such as:

  • EU–US Data Privacy Framework (and the UK Extension, where applicable)
  • Standard Contractual Clauses (EU 2021/914) as a fallback mechanism
  • UK International Data Transfer Agreement (IDTA) as a fallback mechanism

We assess transfers based on the nature of data shared, the purpose, and the provider’s safeguards and security controls.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer period is required by law. Typical retention periods are:

  • Registration submissions and related correspondence: up to 2 years from the last interaction.
  • Analytics data: 14 months for reporting (where analytics consent is given and analytics is configured).
  • Marketing cookies: for the lifetime of the cookie (for example, 90 days), subject to your consent choices.
  • Email correspondence: for the duration of the support conversation plus up to 1 year for continuity.
  • Security logs: typically up to 90 days, unless needed longer for incident investigation.
  • Cookie consent record: up to 3 years for audit and compliance purposes.
  • Legal obligations: where required, we retain records for the period set by applicable law.

9. Your Rights (GDPR and UK GDPR)

Where GDPR or UK GDPR applies, you may have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We typically respond within 30 days. If a request is complex, we may extend the response time by up to 60 additional days, and we will tell you if an extension is needed.

Supervisory authority references (informational):

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the information promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. Where deletion is requested, we will complete it within 30 days unless we must retain certain data for legal reasons.

13. Business Transfers

If zanotrivo is involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If a transfer materially changes how personal data is used, we will provide notice on the site.

14. California Privacy Notice (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply.

In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email address, IP address, cookie identifiers.
  • Internet or network activity: page views, navigation paths, interactions with pages.
  • Inferences: potential interests inferred from browsing patterns, used for advertising measurement if marketing cookies are enabled.

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioral advertising if you enable marketing cookies. You can opt out by adjusting your cookie preferences using the footer link.

California residents may have rights to Know, Delete, Correct, and Opt-Out of sale/sharing, and to Non-Discrimination for exercising rights. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents must provide proof of authority.

15. Virginia Privacy Notice (VCDPA)

Virginia residents may have rights to Access, Correct, Delete, obtain a copy (Portability), and Opt-Out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we deny a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If your appeal is denied, you may contact the Virginia Attorney General.

16. Nevada Privacy Notice

Nevada residents may submit a verified request to opt out of the sale of personal information by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the website, course operations, or legal requirements. Material changes will be announced on the homepage at least 14 days before taking effect. The “Last Updated” date at the top of this page indicates when the current version became effective.

18. Contact

For privacy questions or to exercise your rights, contact:

  • zanotrivo
  • 25 Small Business Park, Redburn Road, Westerhope, Newcastle upon Tyne NE5 1NF, United Kingdom
  • [email protected]

Cookie choices can be changed any time using “Manage cookie preferences” in the footer. For more detail on cookies, see our Cookie Policy.