Skip to main content

Legal

Privacy Policy

Last Updated: March 14, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Celtic Monitor (“we”, “us”, or “our”) collects, uses, and protects personal data when you visit CelticMonitor.cyou (the “Website”) and when you contact us about our cycling and outdoor education content, guides, or workshops.

For data protection purposes, the data controller is:

  • Legal entity: Celtic Monitor Education Ltd
  • Registered address: 1WML, Windmill Lane, Dublin Docklands, Dublin 2, D02 F206, Ireland
  • Email: [email protected]
  • Phone: +353 1 907 6218

We do not appoint a Data Protection Officer (DPO) as a matter of course. If you have privacy questions, contact us using the details above and we will route your message to the appropriate person internally.

Effective Date: March 14, 2026.

2. Personal Data We Collect

The Website is designed as an education and lifestyle resource. You can read many pages without providing your name. However, some data is processed automatically when you use a website, and some data is provided by you when you contact us.

We may collect the following categories of personal data:

  • Identity and contact data: name, email address, phone number (if you choose to share it), and any other details you include in a message.
  • Form content: questions you ask, workshop interests, cycling or equipment context you choose to share (for example, bike type, commuting routine, or preferred workshop format).
  • Technical data: IP address, browser type and version, device type, operating system, and language settings.
  • Usage data: pages viewed, time spent on pages, referrer information, and click paths (for example, which guides are opened from a navigation list).
  • Cookies and identifiers: browser identifiers and consent preferences stored in cookies (described in Section 4 and our Cookie Policy).
  • Conversion events: whether an enquiry form was submitted, and basic metadata related to that event (e.g., timestamp and the page where the form was used).

We do not intentionally collect special-category personal data (such as health data, religious beliefs, political opinions), financial account details, or government identifiers through our standard website forms. Please do not include sensitive personal data in your message.

3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)

We process personal data only when we have a legal basis under the GDPR and UK GDPR. The purposes and legal bases typically include:

  • Responding to enquiries and workshop requests (contact forms or email). Legal basis: Art. 6(1)(b) (steps prior to entering a contract) and, where applicable, Art. 6(1)(a) consent.
  • Website analytics to improve content (e.g., which guide formats are most helpful). Legal basis: Art. 6(1)(a) consent where consent is required for analytics cookies.
  • Marketing and measurement (e.g., understanding whether an advertisement led to a workshop enquiry). Legal basis: Art. 6(1)(a) consent where consent is required for marketing cookies or pixels.
  • Security and fraud prevention (e.g., preventing abuse of forms and protecting the Website). Legal basis: Art. 6(1)(f) legitimate interests.
  • Legal compliance (e.g., responding to lawful requests or maintaining required records). Legal basis: Art. 6(1)(c) legal obligation.

Automated decision-making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects.

4. Cookies & Tracking

Cookies are small text files placed on your device. We also use similar technologies, including pixel tags, which can send information about page views and conversions. For a full explanation, see our Cookie Policy. This section summarises the categories used on this Website.

Essential cookies (always active)

Essential cookies are required for the Website to function and to remember your privacy choices. These cookies do not require opt-in consent in many jurisdictions. Examples include:

  • _site_session (session continuity) — retention: session to 12 months depending on configuration.
  • cookie_consent (stores your consent selection) — retention: 12 months.
  • Security-related cookies (e.g., CSRF or similar protections) — retention varies, typically session-based.

Analytics cookies (consent)

With your consent, we may use Google Analytics 4 (GA4) to understand how visitors use the Website, such as which guides are read most often or how visitors move between topics. Where configured, IP addresses are anonymised. Example cookies include:

  • _ga (user identifier) — retention: 2 years.
  • _ga_XXXXXXXXXX (GA4 session state) — retention: 2 years.

We configure analytics retention in a manner consistent with our content improvement needs, typically 14 months for event-level data.

Marketing cookies (consent)

With your consent, we may use marketing cookies and pixel tags to measure advertising performance and show messages that are relevant to our educational content. This may include remarketing (showing a message to people who visited a page) and conversion attribution (understanding whether an ad led to a form submission). Example cookies include:

  • _gcl_au (Google Ads conversion linker) — retention: 90 days.
  • _fbp (Meta Pixel browser identifier) — retention: 90 days.
  • _fbc (Meta click identifier, when available) — retention: 90 days.

Beyond cookies, some providers may use device identifiers derived from IP address and User-Agent, and measurement may be supported by server-side approaches (for example, hashed identifiers for conversion events). Where these activities are used, they are controlled via the consent choices you make.

5. Consent (EEA/UK)

Users in the EEA and UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies (and related pixels) activate only after explicit, informed, freely given consent (Art. 6(1)(a)).

Your consent choice is recorded in the cookie_consent browser cookie for up to 12 months. You may withdraw consent at any time by using the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing carried out before you withdraw consent.

6. Sharing With Advertising & Service Partners

We use service providers to host, protect, and improve the Website. Depending on your consent settings, we may also use advertising partners for measurement. These providers may process personal data on our behalf under contractual protections.

  • Google LLC (Google Analytics 4, Google Ads, and tag management/remarketing where enabled): cookie identifiers, usage data, and conversion events. Reference: https://policies.google.com/privacy
  • Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, and Conversion API where enabled): page views, conversions, audience membership signals, and hashed identifiers where supported. Reference: https://www.facebook.com/privacy/policy
  • Cloudflare (content delivery and security): IP-based threat detection and performance optimisation. Reference: https://www.cloudflare.com/privacypolicy/

We do not sell personal data. These providers may not use site data for their own independent commercial purposes beyond providing services to us in accordance with their terms.

7. International Transfers

Some of our service providers and advertising partners are based outside the EEA/UK, including in the United States. When personal data is transferred internationally, we rely on appropriate safeguards such as:

  • EU-U.S. Data Privacy Framework (DPF) (where applicable) and related UK/Swiss extensions.
  • Standard Contractual Clauses (EU 2021/914) as a fallback safeguard.
  • UK International Data Transfer Agreement (IDTA) as a fallback safeguard for UK transfers.

8. Data Retention

We keep personal data only as long as needed for the purposes described in this policy, unless a longer retention period is required or permitted by law. Typical retention periods include:

  • Contact submissions: up to 2 years from the last interaction, so we can follow up on workshop planning and maintain continuity in correspondence.
  • Email correspondence: for the duration of the relationship plus 1 year, unless we need to keep it longer for legal reasons.
  • Server logs: typically 90 days for security and troubleshooting.
  • Analytics data: typically 14 months for event-level retention where configured.
  • Marketing cookies: retained according to the cookie lifetimes listed in Section 4.
  • Cookie consent record: up to 3 years for audit and compliance purposes.
  • Legal/tax records: retained as required by applicable law (often 6–10 years for certain records).

9. Your Rights (GDPR & UK GDPR)

If you are in the EEA or UK, you may have the right to:

  • Request access to your personal data (Art. 15).
  • Request rectification of inaccurate or incomplete data (Art. 16).
  • Request erasure in certain cases (Art. 17).
  • Request restriction of processing in certain cases (Art. 18).
  • Request data portability in certain cases (Art. 20).
  • Object to processing in certain cases (Art. 21).
  • Withdraw consent at any time (Art. 7(3)) where processing is based on consent.
  • Lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email [email protected]. We aim to respond within 30 days. For complex requests, we may extend by up to 60 days as permitted by law, and we will inform you if an extension is needed.

Supervisory authorities (reference links):

10. Children

This Website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a child under 16 has provided personal data without verifiable parental consent, please contact us and we will delete the data promptly.

11. Do Not Track

This Website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own approaches to similar signals, which are described in their policies.

12. Data Deletion Requests

To request deletion of your personal data, email [email protected] with the subject line “Data Deletion Request”. We may need to verify your identity before completing the request. We aim to complete requests within 30 days, subject to any legal retention requirements.

13. Business Transfers

If we are involved in a merger, acquisition, financing, insolvency, reorganisation, or sale of assets, personal data may be transferred as part of that transaction. We will provide notice on the Website if a transfer materially changes how personal data is used.

14. California Privacy Notice (CCPA/CPRA)

This section is provided for California residents where applicable. In the past 12 months, we may have collected the following categories of personal information: identifiers (such as name, email, IP address, and cookie IDs), internet or network activity (such as pages viewed), and inferences (such as interests based on pages visited).

We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioural advertising when you consent to marketing cookies. California residents may opt out of sharing for targeted advertising via our cookie preferences panel (“Manage cookie preferences” in the footer).

California rights may include: the right to know, the right to delete, the right to correct, the right to opt out of sale/sharing, and the right to non-discrimination. To submit a request, email [email protected] with the subject “California Privacy Request”. We will verify your identity before processing the request. Authorised agents must provide evidence of authority.

15. Virginia (VCDPA)

Where applicable, Virginia residents may have rights to access, correct, delete, obtain a copy of personal data (portability), and opt out of targeted advertising. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

To submit a request, email [email protected] with the subject “Virginia Privacy Request”. If you believe we have declined your request in error, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We respond to appeals within 60 days. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified request to opt out of the sale of personal information by emailing [email protected] with the subject “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or services. If we make material changes, we will provide a notice on the Website at least 14 days before the changes take effect. The “Last Updated” date at the top of this page will be updated whenever we publish a new version.

18. Contact

For privacy questions, requests, or concerns, contact: