Privacy Policy

1. Introduction & Controller Identity

CloverPress is an Irish parenting education platform focused on newborn care basics, baby sleep routines, feeding comfort guidance, home safety awareness, and early play ideas. This policy describes how we handle personal data across those activities, including the information you provide in a message and the limited technical data that is generated when a browser loads a page.

For the purposes of the General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, the data controller is:

• Legal entity: CloverPress Learning Limited
• Address: 5 Harcourt Road, Dublin 2, Dublin 2, D02 K580, Ireland
• Email: [email protected]
• Phone: +353 1 687 4219

We do not currently designate a Data Protection Officer (DPO). If that changes, we will update this policy with a dedicated DPO contact line.

2. Personal Data We Collect

“Personal data” means information that can identify you directly or indirectly. Depending on how you use the Site, we may collect:

• Identity and contact data: name (if you provide it), email address, and phone number (if you provide it).
• Form content: your message, topic selection, and any practical context you choose to share (for example, workshop timing, group size, household routine constraints).
• Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location derived from IP (city/region level).
• Usage data: pages visited, time on page, referrer URL, click paths, and interactions with consent prompts.
• Cookies and identifiers: identifiers stored in cookies or local storage, including consent status and (if enabled by consent) analytics and marketing identifiers.
• Conversion events: signals that a form was submitted or a key page was viewed, used to measure whether information requests are working as expected.

We do not intend to collect special-category data (such as health data, religious beliefs, or political opinions). Please do not include medical information, diagnosis details, or other sensitive content in messages. If you accidentally send sensitive information, we will handle it with additional care and may delete it where appropriate.

We do not request financial account details or government identification numbers through the Site.

3. Why We Process Data & Legal Basis

We process personal data only when we have a lawful basis. The main purposes and GDPR legal bases include:

• Responding to contact requests and workshop enquiries: to communicate with you, suggest relevant guides, and provide workshop information. Legal basis: performance of a contract or steps at your request (GDPR Art. 6(1)(b)) and, where required, consent (Art. 6(1)(a)).
• Site analytics (optional): to understand how the Site is used and improve structure and clarity. Legal basis: consent (Art. 6(1)(a)).
• Marketing/remarketing (optional): to measure advertising performance and show relevant reminders to people who have visited the Site. Legal basis: consent (Art. 6(1)(a)).
• Security and fraud prevention: to keep the Site reliable, detect abuse, and protect against malicious traffic. Legal basis: legitimate interests (Art. 6(1)(f)).
• Legal compliance: to meet legal obligations and respond to lawful requests. Legal basis: legal obligation (Art. 6(1)(c)).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals (GDPR Art. 22).

4. Cookies & Tracking

Cookies are small files stored on your device. The Site also may use pixel tags or similar technologies. We group cookies and tracking into three categories, aligned with our Cookie Policy:

Essential (always active)

Essential cookies are required for core Site functionality, including remembering your cookie preference choice and maintaining basic session continuity. These do not require consent.

• _site_session (first-party): supports session continuity. Retention: session.
• cookie_consent (first-party): stores your cookie preferences. Retention: 12 months.
• Security-related measures such as CSRF protection may be used where appropriate.

Analytics (optional, consent-based)

If you enable analytics cookies, we may use Google Analytics 4 (GA4) to understand aggregated usage patterns, such as which pages are read most often and which devices are common. We aim to configure analytics in a privacy-aware way, including IP anonymisation where supported by the provider.

• Example cookies: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Typical analytics data retention: 14 months.

Marketing (optional, consent-based)

If you enable marketing cookies, we may use advertising measurement and remarketing tools such as Google Ads and the Meta Pixel. These tools can help us understand whether a campaign led to a page view or enquiry and can be used to build audiences for showing relevant reminders on those platforms.

• Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when click IDs are present).

In addition to cookies, marketing measurement can involve pixel tags or server-side events. If enabled, identifiers may be derived from signals like IP address and user-agent. Where identifiers are shared for matching, they may be hashed by the platform provider.

5. Consent (EEA/UK)

Users in Ireland and across the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your choice is recorded in the cookie_consent cookie, generally for 12 months.

You can withdraw or change consent at any time by selecting “Manage cookie preferences” in the footer of the Site. You can also clear cookies in your browser settings. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We share personal data only when necessary for the purposes described above and subject to appropriate safeguards. Depending on your cookie preferences and how you use the Site, recipients may include:

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage data, and conversion signals. Privacy information: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API where configured): page views, conversions, audience membership signals, and (where used) hashed identifiers. Privacy information: https://www.facebook.com/privacy/policy
• Cloudflare (content delivery network and security): IP-based threat detection and performance optimisation. Privacy information: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. Where advertising partners are used, the purpose is measurement and audience selection based on consent. We do not permit these providers to use Site data for their own independent commercial purposes beyond providing services to us under their terms, though they may process data as controllers for their platform operations according to their policies.

7. International Transfers

Some service providers may process data outside the EEA/UK, including in the United States. When personal data is transferred internationally, we rely on appropriate safeguards such as:

• The EU–US Data Privacy Framework (DPF) where applicable (and the UK Extension and Swiss–US DPF where relevant).
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Addendum (IDTA) or other UK-approved safeguards where applicable.

You can request further information about safeguards for a specific transfer by emailing [email protected].

8. Data Retention

We keep personal data only for as long as needed for the purpose it was collected, and then delete or anonymise it unless a longer period is required by law. Typical retention periods:

• Contact submissions and related correspondence: up to 2 years from the last interaction.
• Analytics data: typically 14 months (where enabled by consent).
• Marketing cookies: for the lifetime of the cookie (for example, 90 days) unless you withdraw consent earlier.
• Server and security logs: typically up to 90 days, unless needed longer to investigate abuse.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal and tax records: retained as required by law (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

Subject to conditions and exceptions, you may have the following rights:

• Right of access (GDPR Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise a right, email [email protected]. We normally respond within 30 days. If a request is complex, we may extend by up to 60 days and will explain why.

If you are in Ireland, you can contact the Irish Data Protection Commission. For general EU information, see the European Data Protection Board: https://edpb.europa.eu. UK residents can contact the ICO: https://ico.org.uk.

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child has provided personal data without verifiable parental consent, contact us and we will take steps to delete the information promptly.

11. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. The Site does not respond to DNT signals. Third-party providers may have their own approaches to DNT and similar controls.

12. Data Deletion Requests

If you would like us to delete personal data associated with your communications, email [email protected] with the subject line “Data Deletion Request”. To protect your privacy, we may ask for information to verify your identity before completing a deletion request. We aim to complete deletion within 30 days, subject to lawful retention requirements.

13. Business Transfers

If CloverPress Learning Limited is involved in a merger, acquisition, asset sale, financing, restructuring, or insolvency event, personal data may be transferred to a successor or affiliated entity as part of that transaction. If the transfer materially changes how personal data is used, we will provide notice on the Site.

14. California (CCPA/CPRA)

While CloverPress is based in Ireland, visitors may access the Site from the United States. If you are a California resident and the CCPA/CPRA applies, the following information describes our practices for the previous 12 months:

• Identifiers (name, email, IP address, cookie identifiers): shared with service providers and, if marketing consent is enabled, advertising partners for measurement and audience selection.
• Internet or network activity (pages viewed, interactions): shared with analytics and advertising providers if enabled.
• Inferences (interests or preferences inferred from page views): may be used by advertising partners if marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioural advertising where marketing cookies are enabled; California residents can opt out by disabling marketing cookies via the cookie preferences panel on the Site.

California rights may include the right to know, delete, correct, and opt out of sale/sharing, as well as the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before completing the request. Authorised agents may submit requests with written proof of authorisation.

15. Virginia (VCDPA)

If you are a Virginia resident and the VCDPA applies, you may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject “Virginia Privacy Request”.

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we decline to act on your request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or how the Site operates. If we make a material change, we will provide a notice on the homepage at least 14 days before the change takes effect where feasible. The “Last Updated” date at the top of this page indicates the most recent revision.

18. Contact

For privacy questions, requests, or concerns, contact:

• CloverPress Learning Limited
• 5 Harcourt Road, Dublin 2, Dublin 2, D02 K580, Ireland
• Email: [email protected]
• Phone: +353 1 687 4219