Age Verification Required

You must be at least 18 years old to access this website. Please confirm your age to continue.

Please return when you are 18 or older.
tralvona

General Data Protection Regulation (GDPR) Compliance

Last Updated: 27 February 2026

This GDPR Compliance Statement explains how tralvona ("we", "us", or "our") collects, uses, stores, and protects your personal data in accordance with the General Data Protection Regulation (EU) 2016/679.

Data Controller

tralvona is the data controller responsible for your personal data. You can contact us at:

Email: support@tralvona.online
Address: 11 St Peter's Gate, Nottingham NG1 2JF, United Kingdom
Phone: +447855939129

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: You have given clear consent for us to process your personal data for specific purposes.

Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation: Processing is necessary to comply with legal obligations to which we are subject.

Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your rights and freedoms.

Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data: Name, username, title, date of birth, and similar identifiers.

Contact Data: Email address, telephone number, postal address, and billing information.

Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, and other technology on the devices you use to access our services.

Usage Data: Information about how you use our website, products, and services, including access times, pages viewed, and navigation paths.

Profile Data: Username and password, preferences, feedback, and survey responses.

Marketing Data: Your preferences in receiving marketing communications and your communication preferences.

How We Use Your Personal Data

We use your personal data for the following purposes:

Service Delivery: To provide, maintain, and improve our educational platform and services, including account registration, course access, and learning progress tracking.

Communication: To communicate with you regarding your account, courses, updates, and respond to your enquiries or support requests.

Personalisation: To personalise your experience and deliver content, features, and recommendations relevant to your interests and learning goals.

Analytics: To analyse usage patterns, monitor platform performance, and improve our services through aggregated data analysis.

Marketing: To send you marketing communications about products or services we believe may interest you, where you have consented or where we have a legitimate interest to do so.

Compliance: To comply with legal obligations, enforce our terms and conditions, and protect our rights and the rights of others.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request copies of your personal data. We may charge a reasonable fee for multiple copies or manifestly unfounded requests.

Right to Rectification

You have the right to request correction of inaccurate personal data and to complete incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including where the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request transfer of your personal data to another organisation or directly to you in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes, including profiling.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Exercising Your Rights

To exercise any of your rights, please contact us using the contact details provided above. We will respond to your request within one month, though this may be extended by two further months where necessary, taking into account the complexity and number of requests.

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

When determining retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for processing, and applicable legal requirements.

When we no longer need your personal data, we will securely delete or anonymise it. If this is not possible, we will securely store your personal data and isolate it from further processing until deletion is possible.

Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

Encryption: Personal data is encrypted during transmission and storage using industry-standard protocols.

Access Controls: Access to personal data is restricted to authorised personnel who require it to perform their duties.

Security Testing: Regular security assessments and penetration testing to identify and address vulnerabilities.

Incident Response: Procedures to detect, report, and investigate security incidents and data breaches.

Staff Training: Regular training for staff on data protection principles and secure data handling practices.

International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

Adequacy Decisions: Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission.

Standard Contractual Clauses: Using European Commission approved standard contractual clauses with data recipients.

Binding Corporate Rules: Relying on approved binding corporate rules where applicable.

Appropriate Safeguards: Implementing other appropriate safeguards as approved under GDPR.

Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

Service Providers: Third-party service providers who perform services on our behalf, such as hosting, analytics, payment processing, and customer support.

Business Partners: Partners who provide complementary services or content, where you have consented or where we have a legitimate interest.

Legal Authorities: Law enforcement, regulatory authorities, or other parties when required by law or to protect our rights.

Business Transfers: In connection with any merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

We require all third parties to implement appropriate security measures and to process personal data only as instructed and in compliance with GDPR.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you use our services. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can set your browser to refuse cookies or alert you when cookies are being sent. Some features of our services may not function properly without cookies.

Children's Privacy

Our services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If you become aware that a child has provided us with personal data without parental consent, please contact us.

Changes to This Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated statement on our website and updating the "Last Updated" date.

Your continued use of our services after changes become effective constitutes acceptance of the updated statement.

Contact Information

If you have questions, concerns, or requests regarding this GDPR Compliance Statement or our data protection practices, please contact us:

Email: support@tralvona.online
Address: 11 St Peter's Gate, Nottingham NG1 2JF, United Kingdom
Phone: +447855939129

Data Protection Principles

We are committed to processing personal data in accordance with the following principles:

Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.

Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data Minimisation: We collect only personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date, and we erase or rectify inaccurate data without delay.

Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and accidental loss, destruction, or damage.

Accountability: We are responsible for and can demonstrate compliance with the data protection principles.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.

If the breach is likely to result in a high risk to your rights and freedoms, we will also communicate the breach to you without undue delay, providing information about the nature of the breach, the likely consequences, and the measures taken or proposed to address the breach.

Privacy by Design and Default

We implement appropriate technical and organisational measures designed to integrate data protection principles into our processing activities and to ensure that, by default, only personal data necessary for each specific purpose is processed.

This includes measures relating to the amount of personal data collected, the extent of processing, the period of storage, and accessibility of the data.