Skip to main content

Privacy Policy

Last Updated: March 12, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Erin Herald (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit ErinHerald.cyou (the “Site”) or contact us through our forms. Erin Herald is a practical home organization and cleaning education platform for Irish households. We focus on routines, planning tools, and technique-first learning.

For the purposes of the General Data Protection Regulation (GDPR) and Irish data protection law, the data controller is:

Erin Herald Learning Studio Ltd
The Academy, 42 Pearse Street
Dublin 2, D02 YX88, Ireland
Email: [email protected]
Phone: +353 1 906 7138

We do not currently appoint a Data Protection Officer (DPO) because we do not carry out large-scale processing of special-category data. If that changes, we will update this policy and provide dedicated privacy contact details.

Effective Date: March 12, 2026.

2. Personal Data We Collect

We collect only the data needed to operate an educational site and respond to requests. Depending on how you use the Site, we may collect:

  • Identity and contact data such as your name, email address, and phone number (if you choose to provide it).
  • Form content including the message you submit, workshop topic requests, and any details you include about your home-care learning goals.
  • Technical data such as IP address, browser type and version, device type, operating system, language, and approximate location derived from IP (country or region level).
  • Usage data such as pages viewed, time spent, referrer URL, and click paths (when analytics consent is provided).
  • Cookies and identifiers that store consent choices and, if you opt in, analytics and marketing identifiers (see Section 4).
  • Conversion events such as an event indicating a form was sent successfully, used to measure whether the Site is working and, if you consent to marketing cookies, to attribute conversions to advertising campaigns.

We do not intentionally collect special-category data (such as health information, religion, political opinions), financial account details, or government identification numbers through this Site. Please do not include sensitive personal information in the message field.

3. Why We Process Your Data & Legal Basis

GDPR requires a lawful basis for processing. We use the following bases depending on the context:

  • Contact and workshop requests: we process your submission to respond and provide information you asked for. This is typically processed under GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent) where you explicitly ask us to contact you.
  • Analytics: when enabled via cookie preferences, we process limited usage data under Art. 6(1)(a) (consent) to understand what pages are useful and improve the Site.
  • Marketing and remarketing: when enabled via cookie preferences, we process marketing identifiers under Art. 6(1)(a) (consent) to measure advertising performance and show relevant messages.
  • Security and fraud prevention: we process technical logs and signals under Art. 6(1)(f) (legitimate interests) to protect the Site, prevent abuse, and maintain service reliability.
  • Legal compliance: we may process certain records under Art. 6(1)(c) (legal obligation) where required by law.

Automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. Any analytics or marketing segmentation is used only for measuring performance and improving relevance, and only when you consent.

4. Cookies & Tracking

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags. The Site uses three categories that align with our Cookie Policy. You can control categories at any time through “Manage cookie preferences” in the footer.

Essential cookies (always active)

These cookies are required for the Site to function and to remember your cookie choices. Without them, the Site may not behave predictably. Examples include: _site_session (session continuity) and cookie_consent (stores your preferences). Retention ranges from session to 12 months.

Analytics cookies (optional, consent)

If you opt in, we may use Google Analytics 4 (GA4) with IP anonymization to understand how the Site is used and to improve content structure. Typical cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically 14 months.

Marketing cookies (optional, consent)

If you opt in, marketing cookies may be used to measure advertising performance and show relevant messages. Examples include _gcl_au (Google Ads) and _fbp / _fbc (Meta). These can be used for remarketing, conversion attribution, and building custom or lookalike audiences.

Beyond cookies, some tracking can occur through pixel tags and server-side event forwarding. Where such technology is used, we apply it only when the relevant consent category is enabled.

5. Consent (EEA/UK)

Users in Ireland and across the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). We record your choice in the cookie_consent cookie (typically 12 months).

You may withdraw or change consent at any time by selecting “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

6. Sharing With Advertising & Service Partners

We use service providers to operate the Site and, when you consent, to measure performance of content and advertising. Depending on your cookie preferences, we may share limited data with:

We do not sell personal data. Where advertising partners are used, they act as independent controllers for certain processing and may apply their own policies. We configure services to reduce data where possible and to respect cookie consent choices. We do not permit these providers to use Site data for their own independent commercial purposes beyond delivering and measuring the services requested.

7. International Transfers

Some of our service providers may process data outside the EEA/UK, including in the United States. Where transfers occur, we rely on appropriate safeguards such as: the EU–US Data Privacy Framework (and the UK Extension and Swiss–US DPF where applicable) and, where needed, Standard Contractual Clauses (EU 2021/914) or UK International Data Transfer Agreement (IDTA) as fallback mechanisms.

8. Data Retention

We keep personal data only as long as needed for the purposes described:

  • Contact and workshop submissions: typically up to 2 years from the last interaction, unless a longer period is needed to handle follow-up requests.
  • Email correspondence: for the duration of the relationship, plus up to 1 additional year for continuity and record-keeping.
  • Analytics data: typically retained for 14 months (where enabled by consent).
  • Marketing cookies: retained according to cookie lifetime (commonly 90 days) and only if enabled by consent.
  • Server and security logs: typically retained up to 90 days for troubleshooting and abuse prevention.
  • Cookie consent records: up to 3 years for audit and compliance purposes.
  • Legal/tax records: retained as required by applicable law (often 6–10 years for certain business records).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA/UK, you may have the right to request: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21). You also have the right to withdraw consent at any time (Art. 7(3)) where we rely on consent.

To exercise your rights, email [email protected]. We aim to respond within 30 days. If a request is complex, GDPR allows an extension of up to 60 additional days, and we will inform you if that applies.

You also have the right to lodge a complaint with a supervisory authority. Useful references include:

10. Children

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, contact us and we will delete the information promptly.

11. Do Not Track

This website does not respond to “Do Not Track” (DNT) browser signals. Some third-party providers may offer their own controls or opt-outs, which can be accessed through their settings and privacy pages.

12. Data Deletion Requests

You can request deletion of personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for minimal information to verify identity and locate records. We aim to complete verified requests within 30 days, subject to any legal retention requirements.

13. Business Transfers

If we are involved in a merger, acquisition, asset sale, financing, or insolvency, personal data may be transferred to a successor entity. If such a transfer materially changes how personal data is used, we will provide notice on the Site.

14. California (CCPA/CPRA)

Although we are based in Ireland, the Site may be accessed from the United States. For California residents, the following applies for the past 12 months:

  • Identifiers (name, email, IP address, cookie IDs): shared with service providers and, if you consent, advertising partners.
  • Internet or network activity (pages viewed, interactions): shared with analytics and advertising providers when enabled.
  • Inferences (interests or preferences derived from usage): used only for site improvement and advertising measurement where consented.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when you enable marketing cookies. California residents may opt out of such sharing via our cookie preferences panel (“Manage cookie preferences” in the footer).

California rights may include: the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. To submit a request, email [email protected] with the subject line “California Privacy Request”. We will verify identity before completing requests. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

Virginia residents may have rights to access, correct, delete, obtain a portable copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. If we decline a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond to appeals within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing us with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in how the Site operates, legal requirements, or service providers. Material changes will be announced via a notice on the homepage at least 14 days before taking effect when feasible. The “Last Updated” date at the top of this page will always reflect the most recent revision.

18. Contact

If you have questions about privacy, cookies, or your rights, contact:

Erin Herald Learning Studio Ltd
The Academy, 42 Pearse Street
Dublin 2, D02 YX88, Ireland
Email: [email protected]
Phone: +353 1 906 7138