Skip to main content

Home / Privacy Policy

Privacy Policy

Last Updated: March 12, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how CloverNews ("we") collects, uses, and protects your personal data when you visit CloverNews.cyou (the "Website") and when you contact us about lessons, guides, or workshops. We aim to be clear and practical, just like our sewing education: you should understand what happens to your information and what choices you have.

For the purposes of the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018, the data controller is:

  • Legal entity: CloverNews Learning Ltd
  • Registered address: 2 Dublin Landings, North Wall Quay, Dublin 1, D01 V4A3, Ireland
  • Email: [email protected]
  • Telephone: +353 1 685 2148

We do not appoint a Data Protection Officer (DPO) because our current activities do not involve large-scale monitoring or large-scale processing of special-category data. If this changes, we will update this policy and provide an appropriate contact.

Effective Date: March 12, 2026.

2. Personal Data We Collect

We collect personal data in a few straightforward ways: when you share it with us (for example through the contact form), and when your device provides it automatically as part of loading a website. We collect only what is reasonably necessary for a learning platform to operate, respond to requests, and keep the Website secure.

2.1 Identity and contact details

If you contact us, we may collect your name, email address, and (if you choose to provide it) your phone number. These details help us respond, clarify workshop requirements, and send practical follow-up information such as a recommended starting lesson or a materials list.

2.2 Form content and communications

When you use a form on the Website, we collect the information you enter into the form fields, such as your message, learning goals, your sewing machine model (if provided), and any details about fabrics or project constraints you share. If you email us directly, we will receive the contents of that email and any attachments you choose to send.

2.3 Technical data

When you visit the Website, we may automatically receive technical information such as your IP address, browser type and version, device type, operating system, language setting, and time zone. This information is commonly logged by web servers and security tools to detect abuse and keep services reliable.

2.4 Usage data

We may collect information about how the Website is used, such as pages visited, the time spent on pages, referring pages, and click paths. This helps us understand which topics are clear and which need better explanations, for example when a fabric glossary term like "grainline" is frequently revisited.

2.5 Cookies and identifiers

We use cookies and similar technologies. Some are essential for the Website to work, while analytics and marketing cookies require your consent in the EEA and UK. Details are provided in Section 4 and in our Cookie Policy.

2.6 What we do not collect

We do not intentionally collect special-category data (for example health data, religious beliefs, political opinions), financial account details, or government-issued identification numbers through normal Website use. Please avoid sending such information in messages. If you do send it, we will handle it carefully and delete it where appropriate.

3. Why We Process Personal Data & Legal Basis

Under GDPR, we must have a lawful basis to process personal data. The basis depends on the purpose, and a single message can involve more than one basis (for example, responding to a workshop request and maintaining security logs).

3.1 Contact and workshop enquiries

  • Purpose: Respond to your enquiry, recommend a starting point, and provide workshop information.
  • Legal basis: Article 6(1)(b) (steps at your request prior to entering into a contract) and Article 6(1)(a) (consent where you have explicitly asked us to contact you).

3.2 Analytics

  • Purpose: Understand how the Website is used so we can improve navigation, lesson structure, and clarity.
  • Legal basis: Article 6(1)(a) (consent), where required.

3.3 Marketing and remarketing

  • Purpose: Measure advertising effectiveness, attribute conversions, and show relevant messages to people who have previously visited the Website.
  • Legal basis: Article 6(1)(a) (consent), where required.

3.4 Security and fraud prevention

  • Purpose: Protect the Website and our users from abuse, malicious traffic, and spam submissions.
  • Legal basis: Article 6(1)(f) (legitimate interests). Our legitimate interest is keeping the Website reliable and safe.

3.5 Legal obligations

  • Purpose: Comply with applicable laws and respond to lawful requests.
  • Legal basis: Article 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you under Article 22 GDPR.

4. Cookies & Tracking

Cookies are small text files stored on your device. Some are needed for essential site functions (such as remembering your consent choice), and others help with analytics or advertising measurement. We also refer to pixel tags and similar technologies as "tracking" in this section.

We use three categories that match our Cookie Policy:

4.1 Essential cookies (always active)

These cookies are required for core Website operation and cannot be switched off via the cookie panel. Examples include:

  • _site_session (session continuity) and cookie_consent (stores your consent choice).
  • Security-related cookies (for example, CSRF protection where applicable).

Typical retention: session up to 12 months depending on the cookie’s purpose.

4.2 Analytics cookies (consent-based)

When enabled, analytics cookies help us understand what content is working and what needs better explanation. We may use Google Analytics 4 (GA4) with IP anonymization where configured. Example cookie names include _ga and _ga_XXXXXXXXXX. Analytics retention is typically 14 months for GA4 reporting settings.

4.3 Marketing cookies (consent-based)

When enabled, marketing cookies help us measure ads, understand conversion attribution, and build remarketing audiences. Examples include Google Ads cookies such as _gcl_au and Meta cookies such as _fbp and _fbc. These cookies are commonly persistent for around 90 days, though actual lifetimes may vary by browser and provider.

4.4 Beyond cookies

Some technologies work similarly to cookies but are implemented differently, such as pixel tags in a page or server-side event forwarding. Where these tools are used for analytics or marketing, they are activated only after consent where required, and they typically use identifiers derived from cookie IDs and device signals (for example IP address and user agent). Some systems may also use hashed identifiers when you voluntarily provide them (such as an email address for conversion measurement).

5. Consent (EEA and UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Your choice is stored in the cookie_consent cookie, typically for 12 months, so the Website can remember your preference.

You can withdraw or change consent at any time by selecting "Manage cookie preferences" in the footer. You can also clear cookies in your browser settings. Withdrawal of consent does not affect processing that occurred before the withdrawal.

6. Sharing With Advertising & Service Partners

We use a small number of providers to deliver the Website, protect it, and (where you consent) understand usage and measure advertising. We do not sell personal data. When we share data with providers, it is for the purposes described in this policy, and under appropriate safeguards.

6.1 Google LLC

If enabled, we may use Google services such as Google Analytics 4 and Google Ads conversion measurement. Data shared may include cookie identifiers, usage data, and conversion events. Google’s privacy information is available at https://policies.google.com/privacy.

6.2 Meta Platforms

If enabled, we may use Meta tools such as the Meta Pixel and related conversion measurement for advertising attribution and audience building. Data may include page views, conversions, and cookie identifiers. Meta’s privacy information is available at https://www.facebook.com/privacy/policy.

6.3 Cloudflare

We may use Cloudflare for content delivery and security. Cloudflare can process IP addresses and other connection data to detect threats and protect the Website. Cloudflare’s privacy information is available at https://www.cloudflare.com/privacypolicy/.

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their own applicable terms and policies.

7. International Transfers

Some providers we use may process data outside the EEA/UK, including in the United States. Where international transfers occur, we rely on appropriate safeguards, which may include:

  • The EU-U.S. Data Privacy Framework (DPF) (primary mechanism since July 2023), including the UK Extension and Swiss-U.S. DPF where applicable.
  • Standard Contractual Clauses (SCCs) (EU 2021/914) as a fallback where needed.
  • The UK International Data Transfer Agreement (IDTA) as a fallback where needed.

You may contact us for more information about safeguards relevant to your data.

8. Data Retention

We keep personal data only for as long as necessary for the purpose it was collected for, plus any period required for legal, security, or audit reasons. Typical retention periods are:

  • Contact submissions: up to 2 years from the last interaction, so we can provide continuity for follow-up questions.
  • Email correspondence: for the duration of our relationship, then typically 1 year.
  • Server/security logs: typically up to 90 days, unless needed for investigating abuse.
  • Analytics data: typically 14 months in GA4 settings (where enabled).
  • Marketing cookies: per cookie lifetime (often around 90 days) (where enabled).
  • Cookie consent record: up to 3 years for audit purposes (separate from the cookie stored in your browser).
  • Legal/tax: where applicable, records may be retained for 6 to 10 years depending on requirements.

9. Your Rights (GDPR and UK GDPR)

If you are in the EEA or UK, you have rights under GDPR/UK GDPR, including:

  • The right to access your personal data (Article 15).
  • The right to rectify inaccurate or incomplete data (Article 16).
  • The right to erase your personal data in certain circumstances (Article 17).
  • The right to restrict processing in certain circumstances (Article 18).
  • The right to data portability in certain circumstances (Article 20).
  • The right to object to certain processing (Article 21).
  • The right to withdraw consent at any time where processing is based on consent (Article 7(3)).
  • The right to lodge a complaint with a supervisory authority (Article 77).

To exercise your rights, email us at [email protected]. We aim to respond within 30 days. For complex requests, this may be extended by up to 60 additional days as permitted by law.

Supervisory authorities include:

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) setting. This Website does not respond to DNT signals. Third-party providers may have their own approaches to DNT and similar signals.

12. Data Deletion Requests

To request deletion of personal data, email [email protected] with the subject line "Data Deletion Request". We may need to verify your identity before completing the request. Where deletion is not possible due to legal obligations, we will restrict use and retain only what is required.

We aim to complete valid deletion requests within 30 days of identity verification.

13. Business Transfers

If CloverNews Learning Ltd is involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity as part of that transaction. If the transfer materially changes how personal data is used, we will provide notice on the Website.

14. California Privacy Notice (CCPA/CPRA)

This section applies to California residents where the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is applicable.

In the past 12 months, we may have collected the following categories of personal information:

  • Identifiers: name, email, IP address, cookie identifiers.
  • Internet/network activity: page views and interactions, where analytics is enabled.
  • Inferences: preferences inferred from website usage for advertising where marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising when you enable marketing cookies. You may opt out of such sharing via our cookie preferences panel (use "Manage cookie preferences" in the footer).

California residents may have rights to Know, Delete, Correct, Opt Out of sale/sharing, and Non-Discrimination. To submit a request, email us with the subject line "California Privacy Request" at [email protected]. We will verify your request as required. Authorized agents may submit requests with proof of authorization.

15. Virginia (VCDPA)

If the Virginia Consumer Data Protection Act (VCDPA) applies, Virginia residents may have rights to Access, Correct, Delete, Data Portability, and Opt Out of targeted advertising. To submit a request, email us with the subject line "Virginia Privacy Request" at [email protected].

We do not sell personal data or engage in profiling that produces legal or similarly significant effects. If we refuse a request, you may appeal by emailing with the subject line "Appeal of Refusal — Privacy Request". We will respond within 60 days.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject line "Nevada Do Not Sell Request" at [email protected]. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will announce them on the Website at least 14 days before the changes take effect. The "Last Updated" date at the top of this page will reflect the latest revision.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact: