Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how TIKI.G SRL (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website and when you contact us about our educational programs. Our services are delivered for educational and professional development purposes. We are based in Milan, Italy, and our educational programs are available to participants located throughout Canada.

The data controller responsible for your personal data is:

• Legal entity: TIKI.G SRL
• Registered address: Via Silvio Pellico, 12, 20121 Milan (Milano), Italy
• Email: [email protected]
• Phone: +39 02 7600 4839

We do not appoint a Data Protection Officer (DPO) as our processing activities do not require one under applicable law. If you have questions about this policy or your rights, you can contact us using the details above.

Effective Date: March 12, 2026.

2. Personal Data We Collect

We collect personal data that you provide directly and data that is collected automatically when you use the site. The categories below describe what we may collect, depending on how you interact with us.

• Identity and contact data: name, email address, phone number, and any organization name you choose to provide.
• Form content: messages, selected program, scheduling preferences, and any project or learning details you include in your inquiry.
• Technical data: IP address, browser type and version, device type, operating system, and language settings.
• Usage data: pages visited, time spent on pages, referring pages, click paths, and interaction events (for example, opening a cookie preferences panel).
• Cookies and identifiers: cookie identifiers and similar technologies as described in Section 4 and in our Cookie Policy.
• Conversion events: events used to measure whether the site is working (for example, a form submission event), depending on your cookie choices.

We do not intend to collect special-category data (such as health data, religious beliefs, or political opinions), financial account details, or government identification numbers through this website. Please do not include sensitive personal data in your messages. If you do send such information, we will handle it with care and limit its use to responding to your request where feasible.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

When the General Data Protection Regulation (“GDPR”) applies, we rely on the legal bases below to process personal data. The legal basis depends on the purpose and the context of the interaction.

• Responding to contact and enrollment requests: to answer your inquiry, provide program information, and support enrollment administration. Legal basis: GDPR Art. 6(1)(b) (steps at your request prior to entering into a contract) and Art. 6(1)(a) (consent) where you explicitly consent to be contacted.
• Website analytics: to understand how the site is used and improve content and navigation. Legal basis: GDPR Art. 6(1)(a) (consent) for analytics cookies and similar technologies.
• Marketing and remarketing: to measure advertising performance and show more relevant messages on advertising platforms. Legal basis: GDPR Art. 6(1)(a) (consent) for marketing cookies and pixels.
• Security and abuse prevention: to protect the site, prevent fraud, rate-limit abusive traffic, and investigate suspicious activity. Legal basis: GDPR Art. 6(1)(f) (legitimate interests) in maintaining the security and integrity of our systems.
• Legal obligations: to comply with applicable laws, regulations, or lawful requests from authorities. Legal basis: GDPR Art. 6(1)(c) (legal obligation).

Automated decision-making (GDPR Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you.

4. Cookies & Tracking Technologies

We use cookies and similar technologies to run the site, remember your preferences, understand usage, and support advertising measurement. The exact technologies active on your device depend on your cookie choices. For a more detailed overview, see our Cookie Policy.

Essential (always active)

Essential cookies are required for core site functions such as session continuity and saving your cookie preferences. These cookies do not require consent.

• Examples: _site_session, cookie_consent and, where applicable, security-related cookies such as CSRF tokens.
• Retention: session to 12 months depending on the cookie.

Analytics (consent required)

With your consent, we may use analytics tools such as Google Analytics 4 (“GA4”) to understand how visitors use the site (for example, which pages are visited, and how visitors move between pages). When used, GA4 is configured to reduce data collection where possible, including IP anonymization features.

• Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Analytics retention: 14 months for analytics data retention settings, where applicable.

Marketing (consent required)

With your consent, we may use marketing cookies and pixel tags to measure advertising performance and to show more relevant messages on advertising platforms. Marketing tools may create or access identifiers in your browser and collect conversion events (for example, a completed contact form submission).

• Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when a click ID is present).
• Use cases: remarketing, conversion attribution, and audience creation (including custom and lookalike audiences) as supported by the advertising platforms.

In addition to cookies, advertising measurement may involve pixel tags or, where implemented, server-side event forwarding. When used, identifiers may be derived from device data such as IP address and browser headers. Where an advertising partner supports it, certain identifiers can be hashed before transmission.

5. Consent (EEA and UK)

Users in the European Economic Area (“EEA”) and the United Kingdom receive a consent notice under GDPR and UK GDPR rules. Analytics and marketing cookies are activated only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).

Your consent choice is recorded in the cookie_consent cookie (12 months). You can withdraw or change consent at any time by using “Manage cookie preferences” in the footer, or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdraw consent.

6. Sharing With Advertising & Service Partners

We share personal data with service providers who help us operate the website, measure performance, and manage advertising. We do not sell personal data. Depending on your cookie choices and how you use the site, the following partners may receive data such as cookie identifiers, device information, and event data.

• Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): cookie identifiers, usage data, and conversion events. Privacy policy: https://policies.google.com/privacy
• Meta Platforms, Inc. (Meta Pixel, custom/lookalike audiences, Conversion API where implemented): page views, conversion events, and audience membership signals. Privacy policy: https://www.facebook.com/privacy/policy
• Cloudflare, Inc. (content delivery and security): IP-based threat detection and performance delivery. Privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use site data for their own independent commercial purposes beyond providing services to us, subject to their contractual terms and platform policies.

7. International Data Transfers

We are established in Italy, and personal data may be processed in countries outside the EEA/UK depending on the location of our service providers (including the United States for some technology partners such as Google and Meta). Where applicable, we rely on appropriate safeguards for international transfers, including:

• EU–U.S. Data Privacy Framework (and the UK Extension where applicable) as a primary transfer mechanism when a provider is certified.
• Standard Contractual Clauses (EU 2021/914) as a fallback mechanism.
• UK International Data Transfer Agreement (UK IDTA) where relevant.

We evaluate transfers and apply reasonable technical and organizational measures, taking into account the nature of the data and the services involved.

8. Data Retention

We retain personal data only for as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

• Contact submissions: up to 2 years from the last interaction.
• Analytics data: 14 months (where configured), and cookie lifetimes as described in Section 4.
• Marketing cookies: per the cookie lifetime (for example, 90 days for certain marketing identifiers).
• Email correspondence: for the duration of the relationship and up to 1 year afterward, unless a longer period is needed to resolve an issue.
• Server logs: typically up to 90 days for security and troubleshooting.
• Cookie consent record: up to 3 years for audit purposes, where applicable.
• Legal and tax obligations: as required by applicable law (in some cases 6–10 years for certain records).

If you request deletion, we will delete or anonymize data where we can, unless we must keep limited records to comply with legal obligations or to establish, exercise, or defend legal claims.

9. Your Rights (GDPR and UK GDPR)

If GDPR or UK GDPR applies, you may have the right to:

• Access your personal data (Art. 15).
• Rectify inaccurate or incomplete data (Art. 16).
• Request erasure (“right to be forgotten”) in certain circumstances (Art. 17).
• Restrict processing in certain circumstances (Art. 18).
• Data portability for data you provided to us (Art. 20).
• Object to processing based on legitimate interests (Art. 21).
• Withdraw consent at any time for processing based on consent (Art. 7(3)).
• Lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email us at [email protected]. We may request information to verify your identity and to understand the scope of your request. We aim to respond within 30 days; for complex requests, we may extend by up to 60 additional days as permitted by law.

You can also contact or lodge a complaint with a supervisory authority. In Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (Garante Privacy). For general EU guidance, see the European Data Protection Board: https://edpb.europa.eu. For UK users, the Information Commissioner’s Office (ICO): https://ico.org.uk.

10. Children

This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without appropriate consent, we will delete it promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own policies and controls for how they handle DNT signals or similar mechanisms.

12. Data Deletion Requests

If you would like us to delete personal data we hold about you, please email [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete deletion within 30 days after verification, subject to any legal obligations that require limited retention.

13. Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, asset sale, or insolvency event, personal data may be transferred as part of that transaction. If such a transfer materially changes how personal data is used, we will provide a notice on the website.

14. California (CCPA / CPRA)

This section applies if you are a California resident and the California Consumer Privacy Act, as amended by the CPRA (“CCPA/CPRA”), applies to our processing.

In the past 12 months, we may have collected and disclosed the following categories of personal information for business purposes:

• Identifiers: name, email, IP address, cookie identifiers.
• Internet or network activity: browsing interactions with the site.
• Inferences: interests or preferences derived from site interactions for advertising relevance (where marketing consent is provided).

We do not sell personal information as defined by CCPA. We may share personal information for cross-context behavioral advertising depending on your cookie choices. California residents may opt out of sharing for targeted advertising by using our cookie preferences panel (“Manage cookie preferences” in the footer) or by disabling marketing cookies.

California residents may have rights to Know, Delete, Correct, and Opt-Out of sale/sharing, as well as a right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We may need to verify your identity. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident and the Virginia Consumer Data Protection Act (“VCDPA”) applies, you may have the right to access, correct, delete, and obtain a copy of personal data you provided, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If we decline to take action on your request, you may appeal by emailing “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or services. Material changes will be announced via a site notice at least 14 days before taking effect when feasible. The “Last Updated” date at the top of this page reflects the latest version.

18. Contact

If you have questions about this Privacy Policy, want to exercise your rights, or need help with cookie choices, contact:

• TIKI.G SRL
• Via Silvio Pellico, 12, 20121 Milan (Milano), Italy
• Email: [email protected]
• Phone: +39 02 7600 4839