Privacy Policy

1. Introduction & Controller Identity

Dublin Insight Studio is an educational platform focused on interior painting fundamentals, decorative wall techniques, and colour design for Irish homes. This Privacy Policy describes how we handle personal data in a practical, transparent way: what we collect, why we collect it, and the choices you have.

Data Controller: Dublin Insight Studio Ltd
Registered address: 1 Windmill Lane, Dublin 2, D02 F206, Ireland
Contact email: [email protected]
Phone: +353 1 513 4897

We do not intentionally collect special-category data (such as health data, biometric data, political opinions, religious beliefs, or similar). Please do not include that information in messages to us. If you do, we will treat it as incidental information and handle it with appropriate care.

Effective Date: March 14, 2026.

2. Personal Data We Collect

We collect personal data in a few straightforward ways: when you browse the Website, when your browser stores cookies, and when you submit a form. The categories below reflect typical data points for an educational website with a workshop interest form.

• Identity & contact details (for example, your name, email address, and phone number if you choose to share it).
• Form content (for example, the workshop topic you select and any message describing your room, surfaces, tools, timing, or learning goals).
• Technical data (for example, IP address, browser type, device type, operating system, and language settings).
• Usage data (for example, pages viewed, time on page, referral source, and navigation paths) when analytics cookies are enabled by consent.
• Cookies and identifiers (for example, a consent record stored in your browser, and analytics/marketing identifiers if you choose to enable them).
• Conversion events (for example, when a form is submitted successfully), when marketing cookies are enabled by consent.

We do not ask for financial account details, payment card details, government ID numbers, or sensitive categories of data. If you believe you have provided sensitive information by mistake, contact us at [email protected] so we can address it.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We only process personal data when we have a clear purpose and a lawful basis. If you are located in Ireland or elsewhere in the EEA/UK, the General Data Protection Regulation (GDPR) and UK GDPR may apply.

Contact and workshop enquiries

When you submit our workshop interest form, we use your details to respond, clarify what you want to learn, and propose suitable session options. Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent, where required for contact preferences).

Analytics and improving the Website

If you enable analytics cookies, we measure which lessons and pages are most useful and where navigation can be improved. Legal basis: GDPR Art. 6(1)(a) (consent).

Marketing and campaign measurement

If you enable marketing cookies, we may measure campaign performance and understand which content is relevant to visitors (for example, whether a visitor came from a paid ad and later submitted a workshop request). Legal basis: GDPR Art. 6(1)(a) (consent).

Security and fraud prevention

We process limited technical data (such as IP address and basic request information) to keep the Website secure, prevent abuse, and troubleshoot errors. Legal basis: GDPR Art. 6(1)(f) (legitimate interests in securing and maintaining the Website).

Legal obligations

In limited cases we may need to retain information to comply with legal obligations (for example, responding to lawful requests or keeping required records). Legal basis: GDPR Art. 6(1)(c) (legal obligation).

Automated decision-making (GDPR Art. 22)

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also refer to similar technologies (such as pixel tags or server-side events) as “tracking” for simplicity. Our cookie categories match the choices shown in our cookie banner and preferences panel, and the details in our Cookie Policy.

Essential (always active)

Essential cookies are required for the Website to function and to remember your cookie preferences. These do not require consent. Examples include _site_session and cookie_consent. Retention ranges from session duration to 12 months.

Analytics (consent)

If you consent, we may use Google Analytics 4 (GA4) with IP anonymisation to understand aggregated usage patterns. Typical cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically set to 14 months.

Marketing (consent)

If you consent, marketing cookies may be used for conversion attribution and remarketing. Typical cookies include _gcl_au (Google Ads), _fbp and _fbc (Meta). These are commonly retained for around 90 days, depending on provider settings.

Beyond cookies, advertising platforms may use event-based measurement (for example, “form submitted”) and may infer device identifiers from IP address and User-Agent strings. Where applicable, server-side event forwarding may be used. Any such activation is still governed by your consent choices.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).

Your consent choice is recorded in the cookie_consent cookie, typically for 12 months. You can withdraw or change your consent at any time using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

6. Sharing With Advertising & Service Partners

We use service providers to host and protect the Website, and (only if you consent) to measure usage and advertising performance. We do not sell personal data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie IDs, usage data, conversion events, and remarketing list membership. Privacy: https://policies.google.com/privacy
• Meta Platforms (Meta Pixel, custom/lookalike audiences, Conversion API): page views, conversion events, audience membership, and in some cases hashed identifiers (where implemented). Privacy: https://www.facebook.com/privacy/policy
• Cloudflare (CDN and security): IP-based threat detection and performance optimisation. Privacy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use Website data for their own independent commercial purposes. Providers act as processors or independent controllers depending on the specific service and configuration; the provider privacy policies linked above explain their role in detail.

7. International Transfers

Some partners (such as Google and Meta) may process data outside the EEA/UK, including in the United States. Where applicable, international transfers rely on: the EU–US Data Privacy Framework (since July 2023), the UK Extension to the DPF, the Swiss–US DPF, and Standard Contractual Clauses (EU 2021/914) as a fallback. For the UK, the International Data Transfer Agreement (IDTA) may be used as a fallback.

8. Data Retention

We retain personal data only for as long as needed for the purpose described, and then delete or anonymise it. Typical retention periods:

• Workshop/contact submissions: up to 2 years from the last interaction.
• Email correspondence: for the duration of the conversation and up to 1 year afterwards.
• Server logs: typically up to 90 days for security and troubleshooting.
• Analytics data: typically 14 months (where enabled by consent).
• Marketing cookies: per the cookie’s lifetime (for example, around 90 days), where enabled by consent.
• Cookie consent record: up to 3 years for audit purposes.
• Legal/tax records: as required by applicable law (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

If GDPR/UK GDPR applies to you, you may have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), and the right to withdraw consent (Art. 7(3)).

To exercise your rights, email [email protected]. We may request reasonable information to verify your identity. We aim to respond within 30 days, with an extension of up to 60 additional days for complex requests where permitted by law.

You also have the right to lodge a complaint with a supervisory authority. Helpful directories:

• EU (directory): https://edpb.europa.eu/
• Ireland (DPC): https://www.dataprotection.ie/
• UK (ICO): https://ico.org.uk/
• Germany (BfDI): https://www.bfdi.bund.de/
• France (CNIL): https://www.cnil.fr/
• Poland (UODO): https://uodo.gov.pl/
• Spain (AEPD): https://www.aepd.es/

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This Website does not respond to Do Not Track (DNT) browser signals. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Data Deletion Requests

You can request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We will complete the request within 30 days after verifying identity, unless we must retain limited information to meet legal obligations or resolve disputes.

13. Business Transfers

If Dublin Insight Studio Ltd is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency event, personal data may be transferred to a successor entity. If a transfer materially changes how personal data is used, we will provide a notice on the Website.

14. California (CCPA / CPRA)

This section applies to California residents when the California Consumer Privacy Act (as amended by the CPRA) applies. In the past 12 months, we may have collected the following categories: (1) identifiers (such as name, email, IP address, and cookie IDs), (2) internet/network activity (such as page views and interactions), and (3) inferences (such as interests/preferences inferred from browsing) where marketing cookies are enabled.

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioural advertising when marketing cookies are enabled. California residents may opt out by using the cookie preferences panel (see “Manage cookie preferences” in the footer).

Rights may include: Know, Delete, Correct, Opt-Out of sale/sharing, and Non-Discrimination. Submit requests by emailing [email protected] with the subject “California Privacy Request”. We may verify your identity before completing the request. Authorised agents may submit requests with written proof of authorisation.

15. Virginia (VCDPA)

This section applies to Virginia residents when the Virginia Consumer Data Protection Act applies. Rights may include access, correction, deletion, portability, and opting out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”. If you wish to appeal a refusal, email with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If unresolved, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy to reflect changes in legal requirements, our services, or our data practices. Material changes will be announced via a notice on the homepage at least 14 days before the new policy takes effect. The “Last Updated” date at the top of this page will also be revised.

18. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

Dublin Insight Studio Ltd
1 Windmill Lane, Dublin 2, D02 F206, Ireland
Email: [email protected]
Phone: +353 1 513 4897