Privacy Policy

1. Introduction & Controller Identity

Dublin Bulletin is the data controller for personal data processed in connection with this Website and our educational enquiries. This means we decide why and how your personal data is processed.

Controller: Dublin Bulletin Education Ltd
Registered address: The Academy, 42 Pearse Street, Dublin 2, D02 YX88, Ireland
Contact email: [email protected]
Phone: +353 1 525 3439

We do not appoint a Data Protection Officer (DPO) for this Website because we do not carry out large-scale processing of special-category data. If you have privacy questions, you can contact us using the details above.

Effective date: March 12, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you interact with the Website. We may collect the following categories:

• Identity and contact information: name (if you provide it), email address, phone number (if you provide it).
• Form content: the topic you select and any text you include in a message (for example, device types, workshop context, or learning goals).
• Technical data: IP address, browser type and version, device type, operating system, and language settings.
• Usage data: pages viewed, time spent on pages, approximate interaction patterns (such as which links are clicked), and referrer information.
• Cookies and identifiers: cookies and similar identifiers described in Section 4 and in our Cookie Policy.
• Conversion events: whether a form submission occurred (for example, a workshop request), and basic metadata associated with that event.

We do not intentionally collect special-category data (such as health data, religious beliefs, or political opinions) through the Website. Please do not include such information in messages. We also do not collect government identification numbers or financial account details through the Website contact forms.

3. Why We Process Personal Data & Legal Basis (GDPR Article 6)

We process personal data only where we have a lawful basis under the General Data Protection Regulation (GDPR) and, where applicable, UK GDPR. The main purposes and legal bases are:

3.1 Responding to workshop and guide enquiries

Purpose: to respond to your message, propose an outline for a workshop or learning plan, and communicate practical next steps.
Legal basis: GDPR Art. 6(1)(b) (steps at your request prior to entering a contract) and Art. 6(1)(a) (consent, where you provide it via the form consent checkbox).

3.2 Website analytics (where enabled)

Purpose: to understand what content is useful and improve the Website’s structure, readability, and performance.
Legal basis: GDPR Art. 6(1)(a) (consent). Analytics cookies are activated only after you opt in via the cookie banner or preferences panel.

3.3 Marketing and advertising measurement (where enabled)

Purpose: to measure advertising performance (for example, whether a workshop request was submitted after viewing an ad) and, where configured, to show relevant ads to people who have visited the Website.
Legal basis: GDPR Art. 6(1)(a) (consent). Marketing cookies activate only after opt-in.

3.4 Security, abuse prevention, and operational integrity

Purpose: to maintain Website security, prevent fraud, mitigate abusive traffic, and diagnose technical issues.
Legal basis: GDPR Art. 6(1)(f) (legitimate interests). Our legitimate interest is keeping the Website reliable and secure.

3.5 Legal obligations

Purpose: to comply with legal, regulatory, or lawful requests.
Legal basis: GDPR Art. 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you (GDPR Art. 22).

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies, such as pixel tags, to understand usage and measure marketing performance when you consent. You can read a detailed explanation in our Cookie Policy.

4.1 Essential cookies (always active)

Essential cookies are required for the Website to function and for basic security. These do not require consent. Examples include: _site_session and cookie_consent. Retention varies from session to up to 12 months depending on the cookie.

4.2 Analytics cookies (consent required)

If you opt in, we may enable analytics measurement (such as Google Analytics 4). Where configured, IP addresses are anonymised or truncated to reduce identifiability. Typical cookies include _ga and _ga_XXXXXXXXXX. Analytics retention is typically 14 months for reporting data, with cookies often lasting up to 2 years.

4.3 Marketing cookies (consent required)

If you opt in, we may enable marketing and advertising measurement tools (such as Google Ads and Meta Pixel). These can help us understand which ads lead to a workshop request, and they can support remarketing audiences. Typical cookies include _gcl_au, _fbp, and _fbc. Marketing cookie retention is commonly around 90 days, though this can vary by provider.

4.4 Beyond cookies

Depending on your consent settings, tracking may also involve pixel tags (for example, scripts loaded by Google or Meta) and server-side event transmission. In some configurations, identifiers may be hashed before transmission to reduce exposure (for example, a hashed email for conversion matching). We do not use this Website to collect device content (photos, files) or to access private data from your device.

5. Consent (EEA/UK)

Users in Ireland and across the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your choice is recorded in the cookie_consent cookie (typically for 12 months).

You can withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before you withdrew consent.

6. Sharing With Advertising & Service Partners

We share personal data only where necessary to operate the Website, respond to your requests, or where you have consented to optional measurement/marketing. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing where enabled): may receive cookie IDs, usage data, and conversion events. See policies.google.com/privacy.
• Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API where enabled): may receive page views, conversion events, audience membership, and hashed identifiers if configured. See facebook.com/privacy/policy.
• Cloudflare (CDN and security): may process IP addresses and request metadata for performance and threat detection. See cloudflare.com/privacypolicy.

We do not permit these providers to use Website data for their own independent commercial purposes beyond providing services to us, subject to their terms and configurations. Provider processing may involve their own cookies and similar technologies when enabled by consent.

7. International Transfers

Some service providers may process data outside the EEA/UK (including in the United States). When personal data is transferred internationally, we rely on appropriate safeguards, which may include:

• EU–US Data Privacy Framework (DPF) where applicable (and the UK Extension / Swiss–US DPF where relevant).
• Standard Contractual Clauses (SCCs) (EU 2021/914) as a fallback where needed.
• UK International Data Transfer Agreement (IDTA) as a fallback where needed.

You can request more detail about specific transfer mechanisms by emailing [email protected].

8. Data Retention

We keep personal data only for as long as necessary for the purpose it was collected, and as required by law. Typical retention periods are:

• Contact and workshop enquiries: up to 2 years from the last interaction, unless a longer period is needed for record-keeping or legal reasons.
• Email correspondence: for the duration of the relationship plus 1 year, depending on context.
• Server security logs: typically up to 90 days.
• Analytics: reporting retention typically 14 months (if enabled and consented).
• Marketing cookies: per cookie lifetime (often around 90 days) (if enabled and consented).
• Cookie consent record: up to 3 years for audit purposes (stored as a record of preferences).
• Legal and tax obligations: where applicable, 6–10 years for relevant records.

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies to you, you have the right to:

• Request access to your personal data (Art. 15).
• Request correction of inaccurate or incomplete data (Art. 16).
• Request erasure in certain circumstances (Art. 17).
• Request restriction of processing (Art. 18).
• Request data portability (Art. 20).
• Object to processing in certain circumstances (Art. 21).
• Withdraw consent at any time where processing is based on consent (Art. 7(3)).
• Lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email [email protected]. We aim to respond within 30 days. This can be extended by up to 60 days for complex requests, in which case we will explain why.

Supervisory authority information: EU: edpb.europa.eu | Ireland: dataprotection.ie | UK: ico.org.uk

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have received personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own controls for tracking preferences. You can also use our cookie preferences tools to manage analytics and marketing cookies.

12. Data Deletion Requests

If you would like us to delete personal data associated with you, email [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before acting. We aim to complete deletion within 30 days, unless retention is required by law or needed to establish, exercise, or defend legal claims.

13. Business Transfers

If Dublin Bulletin Education Ltd is involved in a merger, acquisition, financing, reorganisation, insolvency, or sale of assets, personal data may be transferred as part of that transaction. If the transfer materially changes how your data is used, we will provide notice on the Website.

14. California (CCPA / CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the CPRA, is applicable. Over the past 12 months, we may have disclosed the following categories of information to service providers and, where marketing consent is enabled, to advertising partners:

• Identifiers: email address (if submitted), IP address, cookie identifiers, device identifiers.
• Internet or other network activity: pages viewed and interactions (where analytics is enabled).
• Inferences: preferences or interests derived from browsing activity for advertising measurement (only where marketing consent is enabled).

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioural advertising where marketing cookies are enabled. California residents can opt out by disabling marketing cookies via our cookie preferences panel.

You may request to know, delete, or correct personal information, and you may opt out of sale/sharing. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before completing a request. Authorised agents must provide proof of authorisation. We will not discriminate against you for exercising your rights.

15. Virginia (VCDPA)

This section applies to Virginia residents where the Virginia Consumer Data Protection Act (VCDPA) is applicable. You may request access, correction, deletion, and a copy of personal data you have provided. You may also opt out of targeted advertising.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

If we decline to take action, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If you remain dissatisfied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will post a notice on the Website at least 14 days before the changes take effect, where feasible. The “Last Updated” date at the top shows when the latest version took effect.

18. Contact

For privacy questions or requests, contact:

Dublin Bulletin Education Ltd
The Academy, 42 Pearse Street, Dublin 2, D02 YX88, Ireland
Email: [email protected]
Phone: +353 1 525 3439