Privacy Policy

1. Introduction & Controller Identity

Erin Daily is operated by GREEN BLUE YOU LTD, which acts as the data controller for personal data processed through this Website. This means we decide how and why your personal data is processed.

• Controller (legal entity): GREEN BLUE YOU LTD
• Trading name / platform: Erin Daily
• Registered address: The Greenway Hub, Block B, 2nd Floor, Grangegorman Lower, Dublin 7, D07 W9DW, Ireland
• Email: [email protected]
• Phone: +353 1 687 4539

We do not appoint a Data Protection Officer (DPO) as a matter of course. If you have privacy questions, please contact us at the email address above and we will route your request to the appropriate person.

2. Personal Data We Collect

The personal data we collect depends on how you interact with the Website. We try to keep collection proportionate: we collect what is necessary to operate the site, respond to messages, and (where you consent) understand how the site is used and whether our educational content is easy to navigate.

2.1 Data you provide directly

• Identity and contact details: name (if provided), email address, and phone number (if provided).
• Form content: any information you type into a message field, such as workshop interest, household context, group size, or topics you want to learn about.
• Communication history: our email correspondence with you if you contact us.

2.2 Data collected automatically (technical and usage)

• Technical data: IP address, browser type, device type, operating system, language settings, and approximate location derived from IP (country/region level).
• Usage data: pages viewed, time spent on pages, referral source, clicks, and navigation paths. This helps us understand which guides are clear and which need editing.
• Cookies and identifiers: small text files stored in your browser used for site functionality and (where you consent) analytics and marketing measurement. See Section 4.
• Conversion events: actions such as submitting a workshop request form. These can be used to measure whether our content is helpful and whether our pages work correctly.

2.3 Data we do not intentionally collect

This Website is designed for general educational content. We do not intentionally collect special-category data (such as health information, religious beliefs, or political opinions), financial account details, or government-issued identification numbers.

Please do not include sensitive information in forms or emails. If you share it with us anyway, we will treat it with appropriate care and limit its use to handling your message, unless we are legally required to do otherwise.

3. Why We Process Personal Data & Legal Basis

If you are located in Ireland, the EEA, or the UK, the General Data Protection Regulation (GDPR) and/or the UK GDPR may apply. Under GDPR, we must have a lawful basis for processing personal data.

3.1 Contact and workshop requests

When you send a message or request workshop details, we process your data to respond, coordinate a session, and provide information you asked for.

• Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and GDPR Art. 6(1)(a) (consent) where you give consent to be contacted via the form checkbox.

3.2 Analytics to improve content and navigation

If you consent to analytics cookies, we may process usage data to understand how people find and use our guides, which helps us improve clarity, fix broken paths, and prioritise topics.

• Legal basis: GDPR Art. 6(1)(a) (consent).

3.3 Marketing measurement and remarketing

If you consent to marketing cookies, we may measure ads and understand whether educational pages helped people find workshop information. This may also support remarketing audiences (for example, showing an educational reminder to people who visited a guide).

• Legal basis: GDPR Art. 6(1)(a) (consent).

3.4 Security, abuse prevention, and site reliability

We process certain technical data to keep the Website stable, prevent abuse (such as automated form submissions), and maintain basic security.

• Legal basis: GDPR Art. 6(1)(f) (legitimate interests). Our legitimate interest is operating a secure and reliable educational platform.

3.5 Legal compliance

We may process data to comply with legal obligations (for example, responding to lawful requests from authorities or handling records required by law).

• Legal basis: GDPR Art. 6(1)(c) (legal obligation).

3.6 Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you under GDPR Art. 22.

4. Cookies & Tracking

Cookies are small text files that websites store on your device. Some cookies are essential to make a website work; others help with analytics or advertising measurement. We also refer to similar technologies such as pixel tags, SDKs, and server-side event tracking where applicable.

4.1 Categories we use

Essential (always active)

These are required for the Website to function and cannot be switched off through our cookie preferences panel. They include cookies for basic session continuity and to store your cookie consent choice. Essential cookies may also support basic security protections.

• Examples: _site_session, cookie_consent
• Retention: session to 12 months (depending on the cookie)

Analytics (requires consent)

If enabled, analytics cookies help us understand which pages are useful, how visitors move between guides, and where navigation can be improved. We describe Google Analytics 4 (GA4) as an example analytics provider. Where configured, IP anonymisation is used.

• Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years)
• Data retention (analytics data): 14 months

Marketing (requires consent)

If enabled, marketing cookies are used to measure ads and understand which pages were visited before a conversion event (such as a workshop request). They may support remarketing, custom audiences, lookalike audiences, and conversion attribution on advertising platforms.

• Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when a click ID is set)

4.2 Pixels and server-side events

In addition to cookies, advertising and analytics measurement can involve pixel tags and server-side events. For example, a conversion event may be sent from our server to an advertising platform to measure whether a campaign led to a workshop request. Where identifiers are used, they may be hashed (a one-way cryptographic transformation) before being shared.

Whether these tools run depends on your cookie preferences. If you do not consent to analytics or marketing cookies, those categories are not activated through our consent controls.

For more detail about cookies, including a summary table, please see our Cookie Policy.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Marketing and analytics cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)).

Consent is recorded in the cookie_consent browser cookie (typically 12 months). You may withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawing consent does not affect the lawfulness of processing that occurred before you withdrew.

6. Sharing With Advertising & Service Partners

We use certain service providers to help run the Website and measure how it is used. Where possible, we limit what is shared and configure tools in a privacy-conscious way. We do not sell personal data.

6.1 Google LLC

If enabled through consent, Google services may process cookie IDs, usage data, and conversion events for analytics and advertising measurement (for example GA4, Google Ads, Google Tag Manager, and remarketing features).

Google’s privacy policy: https://policies.google.com/privacy

6.2 Meta Platforms

If enabled through consent, Meta services may process page view events, conversion events, and identifiers for advertising measurement and audience features such as custom and lookalike audiences (for example, via Meta Pixel and Conversion API).

Meta’s privacy policy: https://www.facebook.com/privacy/policy

6.3 Cloudflare

We may use Cloudflare for content delivery and security. This can involve processing of IP addresses and request metadata to detect threats and improve performance.

Cloudflare privacy policy: https://www.cloudflare.com/privacypolicy/

We do not permit these providers to use Website data for their own independent commercial purposes. They process data as our processors/service providers or as separate controllers depending on the specific tool and configuration.

7. International Transfers

Some service providers (including Google and Meta) may process personal data outside Ireland, the EEA, or the UK, including in the United States. Where required, international transfers are protected by appropriate safeguards.

• EU-U.S. Data Privacy Framework (DPF) (primary, since July 2023), including the UK Extension where applicable
• Swiss-U.S. Data Privacy Framework where applicable
• Standard Contractual Clauses (EU 2021/914) as a fallback
• UK International Data Transfer Addendum / UK IDTA as a fallback

If you would like more detail about international transfer safeguards, please contact us.

8. Retention

We keep personal data only as long as needed for the purposes described in this Privacy Policy, unless a longer period is required by law. Typical retention periods are:

• Contact form submissions: up to 2 years from the last interaction
• Analytics data: 14 months (where enabled)
• Marketing cookies: per cookie lifetime (for example 90 days) where enabled
• Email correspondence: for the duration of the relationship and up to 1 year after the last exchange
• Basic server logs: typically up to 90 days
• Cookie consent records: up to 3 years for audit and compliance
• Legal and tax records: as required by applicable law (often 6–10 years for invoices and accounting records)

If you ask us to delete your data, we will comply unless we have a legal reason to keep it (for example, compliance obligations).

9. Your Rights (GDPR & UK GDPR)

If GDPR or UK GDPR applies to you, you may have the right to:

• Access (Art. 15): request a copy of the personal data we hold about you
• Rectification (Art. 16): correct inaccurate or incomplete data
• Erasure (Art. 17): request deletion in certain circumstances
• Restriction (Art. 18): request limitation of processing in certain circumstances
• Data portability (Art. 20): receive certain data in a structured, commonly used format
• Objection (Art. 21): object to processing based on legitimate interests
• Withdraw consent (Art. 7(3)): withdraw consent at any time where processing is based on consent
• Lodge a complaint (Art. 77): complain to a supervisory authority

To exercise your rights, email [email protected]. We respond within 30 days. For complex requests, we may extend by up to 60 days, but we will tell you if that happens.

If you want to contact a supervisory authority, you can start with:

• European Data Protection Board: https://edpb.europa.eu
• UK Information Commissioner’s Office: https://ico.org.uk
• Germany (BfDI): https://www.bfdi.bund.de
• France (CNIL): https://www.cnil.fr
• Poland (UODO): https://uodo.gov.pl
• Spain (AEPD): https://www.aepd.es

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own DNT handling.

12. Account & Data Deletion Requests

Erin Daily does not require user accounts to read educational content. If you have contacted us and want your data deleted, email [email protected] with the subject line “Data Deletion Request”.

We may need to verify your identity before fulfilling a deletion request, especially if the request relates to email correspondence. We aim to complete deletion within 30 days of verification, except where limited retention is required by law.

13. Business Transfers

In a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If the transfer materially changes how personal data is used, we will provide notice via the Website.

14. California (CCPA / CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA.

In the last 12 months, we may have disclosed the following categories of personal information for business purposes:

• Identifiers: name, email, IP address, cookie IDs (shared with service providers and, where you consent, advertising partners)
• Internet or network activity: page views and interactions (analytics and advertising measurement where you consent)
• Inferences: general interest categories derived from browsing patterns (where marketing measurement is enabled by consent)

We do not sell personal information as defined by CCPA. We do share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out via our cookie preferences panel (use “Manage cookie preferences” in the footer).

You may request to know, delete, or correct personal information, and to opt out of sale/sharing. Email us at [email protected] with the subject “California Privacy Request”. We will verify your identity before completing requests. Authorized agents may submit requests with written proof of authorization.

We will not discriminate against you for exercising your rights.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act (VCDPA), including access, correction, deletion, portability, and the right to opt out of targeted advertising.

Submit requests by emailing [email protected] with the subject “Virginia Privacy Request”. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

If you want to appeal a decision, email us with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will provide a notice on the Website at least 14 days before the changes take effect.

The “Last Updated” date at the top of this page will be revised whenever we publish an update.

18. Contact

For questions, requests, or complaints about privacy, contact:

• Legal entity: GREEN BLUE YOU LTD
• Address: The Greenway Hub, Block B, 2nd Floor, Grangegorman Lower, Dublin 7, D07 W9DW, Ireland
• Email: [email protected]
• Phone: +353 1 687 4539

If you write to us, please include enough detail for us to identify your request (for example, the email address you used to contact us and the page or form involved).