Privacy Policy

1. Introduction & Controller Identity

Emerald Headline is an educational platform focused on beginner-friendly guidance for preserved moss décor, indoor greenery concepts, and biophilic interior design principles. We take privacy seriously and aim to be clear about what we collect and why.

Data Controller: Emerald Headline Education Ltd, 1 Grand Canal Square, Dublin 2, D02 P820, Ireland. You can contact us about privacy matters at [email protected].

Effective Date: March 12, 2026.

2. Personal Data We Collect

The personal data we collect depends on how you use the Site. We only collect what is reasonably needed for a working website, for security, and to respond to messages you send us.

• Identity and contact data: name (if you provide it), email address, and phone number (if you provide it).
• Form content: the information you include in a message, such as room type, wall dimensions, preferred style direction, and practical constraints (for example: radiator proximity, strong daylight, or office lighting).
• Technical data: IP address, browser type and version, device type, operating system, and language settings.
• Usage data: pages visited, time spent on pages, referrer information, and interaction paths. This is typically collected through analytics tools when you consent.
• Cookies and identifiers: small files stored in your browser for essential site functionality and, if you consent, for analytics and marketing measurement.
• Conversion events: signals that a contact form was submitted or a page was viewed, used to measure content and advertising performance where you have consented.

We do not intentionally collect special-category data (such as health data, religious beliefs, political opinions), financial account details, or government identification numbers. Please do not include such information in your message.

3. Why We Process Personal Data & Legal Basis

Under the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, we must have a legal basis to process personal data. We process personal data for the purposes below:

• Responding to contact requests and workshop enquiries: to reply to your message, provide learning guidance, and send requested information. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering into a contract) and Art. 6(1)(a) (consent where applicable).
• Site operation and security: to keep the Site stable, prevent abuse, and protect against fraud or malicious activity. Legal basis: Art. 6(1)(f) (legitimate interests).
• Analytics (optional): to understand which topics are useful and improve navigation and content structure. Legal basis: Art. 6(1)(a) (consent).
• Marketing and advertising measurement (optional): to measure advertising performance and show relevant content to interested audiences. Legal basis: Art. 6(1)(a) (consent).
• Legal obligations: to comply with legal requirements, handle disputes, or respond to lawful requests. Legal basis: Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) (legitimate interests), depending on the context.

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals (GDPR Art. 22).

4. Cookies & Tracking Technologies

The Site uses cookies and similar technologies. Some cookies are essential for the Site to function. Others are optional and will only be used if you give consent through our cookie banner and preferences panel.

Essential (always active)

Essential cookies support basic functionality such as session continuity and remembering your cookie preference. These do not require consent. Examples include: _site_session and cookie_consent. Retention ranges from session duration to 12 months.

Analytics (consent required)

If you opt in, we may use Google Analytics 4 (GA4) to understand how visitors use the Site (for example, which guides are opened most, how long pages are read, and which navigation paths work well). Where used, IP anonymisation is enabled where available, and GA4 data retention is set to 14 months. Common cookies include _ga and _ga_XXXXXXXXXX.

Marketing (consent required)

If you opt in, we may use marketing measurement tools such as Google Ads and Meta technologies to understand the performance of advertisements and to show relevant content. These tools may use cookies such as _gcl_au, _fbp, and _fbc (where a click identifier exists).

In addition to cookies, tracking may involve pixel tags and, in some setups, server-side events. If implemented, these will still follow your consent choices for analytics and marketing categories.

For more detail, please read our Cookie Policy.

5. Consent and How to Withdraw It

Users in Ireland, the EEA, and the UK receive a consent notice consistent with GDPR and UK GDPR requirements. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).

Your consent choices are recorded in the cookie_consent cookie (stored for 12 months). You can withdraw or change your consent at any time by selecting “Manage cookie preferences” in the footer or by clearing cookies in your browser settings.

Withdrawal of consent does not affect the lawfulness of processing carried out before you withdrew it.

6. Sharing With Advertising & Service Partners

We share limited data with service providers that help us run and improve the Site, and (where you consent) with advertising partners to measure performance. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing). Data may include cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, custom audiences, conversion measurement). Data may include page views, conversion events, and audience membership signals. Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare (content delivery network and security). Data may include IP-based signals for threat detection and performance. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes. They process data on our behalf under contractual terms, and they may also act as independent controllers for some processing depending on the product and configuration.

7. International Transfers

Some of our service providers may process data outside Ireland and the EEA, including in the United States. Where transfers occur, we rely on appropriate safeguards such as:

• The EU–U.S. Data Privacy Framework (DPF) where applicable (since July 2023).
• The UK Extension to the DPF and the Swiss–U.S. DPF where relevant.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Addendum (IDTA) as a fallback mechanism.

We also apply proportionate technical and organisational measures to reduce risk, such as limiting the amount of personal data shared and using consent-based activation for non-essential tracking.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Contact form submissions: up to 2 years from the last interaction, unless a longer period is needed to handle a request or dispute.
• Analytics data: 14 months where enabled and consented.
• Marketing cookies: retained according to the cookie lifetime (often 90 days), where enabled and consented.
• Email correspondence: for the duration of our relationship, plus up to 1 year for continuity and record-keeping.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit and compliance purposes.
• Legal/tax obligations: where applicable, we may retain records for 6–10 years depending on the legal requirement.

9. Your Rights (GDPR and UK GDPR)

Depending on your location, you may have rights under GDPR and UK GDPR, including:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restrict processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent at any time (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, email [email protected]. We aim to respond within 30 days. This can be extended by up to 60 days for complex requests, as allowed by law.

Supervisory authority resources: https://edpb.europa.eu (EU), https://www.ico.org.uk (UK), https://www.dataprotection.ie (Ireland).

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will take steps to delete it promptly.

11. Do Not Track Signals

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own approaches to DNT and similar signals.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete deletion within 30 days, unless legal obligations require us to retain some records.

13. Business Transfers

If Emerald Headline Education Ltd is involved in a merger, acquisition, asset sale, financing, restructuring, or insolvency, personal data may be transferred to a successor or affiliate as part of that transaction. If the transfer materially changes how your personal data is used, we will provide notice on the Site.

14. California (CCPA / CPRA)

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Over the past 12 months, we may have collected the categories of information described in Section 2 (for example, identifiers such as email and IP address, and internet/network activity such as page views) for the purposes described in Section 3.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising if you consent to marketing cookies. California residents may opt out of such sharing using our cookie preferences panel (available via “Manage cookie preferences” in the footer).

California rights may include the right to know, delete, correct, and opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), such as access, correction, deletion, data portability, and the right to opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we decline to act on your request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide a notice on the Site at least 14 days before the changes take effect where required. The “Last Updated” date at the top of this page reflects the most recent revision.

18. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact:

Emerald Headline Education Ltd
1 Grand Canal Square
Dublin 2, D02 P820, Ireland
Email: [email protected]
Phone: +353 1 512 7826