Privacy Policy – mktflow.online

1. Who We Are

This Privacy Policy applies to the website mktflow.online and all services provided under the MktFlow brand, including the "Marketing with AI" course and related educational content.

Data Controller: MktFlow — operated by Artem Movsesyan, business consultant and co-founder of MktFlow.

Contact for privacy matters: artem@mktflow.online

If you are located in the European Economic Area (EEA), this policy explains how we collect and use your personal data in accordance with the General Data Protection Regulation (GDPR).

2. Data We Collect and Why

We collect only what is necessary. The table below describes each category, its purpose, and the legal basis under GDPR Article 6.

Data	Purpose	Legal basis (GDPR Art. 6)
Name, email address	Processing your course enrolment application; sending course-related communications	Art. 6(1)(b) — performance of a contract
Phone number	Follow-up contact regarding your application (optional)	Art. 6(1)(a) — consent
Professional role / position	Tailoring course communication to your background	Art. 6(1)(a) — consent
IP address, browser type, OS	Security, fraud prevention, site stability	Art. 6(1)(f) — legitimate interest
Usage data (pages visited, session duration)	Improving site content and user experience (analytics cookies, with consent)	Art. 6(1)(a) — consent

We do not process special categories of personal data (Article 9 GDPR) — no health data, racial or ethnic origin, political opinions, or similar sensitive data.

3. Cookies

We use cookies — small text files stored on your device — to operate and improve the site.

Type	Purpose	Consent required
Strictly necessary	Core site functionality, navigation, form state	No (legitimate interest)
Analytics	Aggregate usage statistics to improve course content	Yes
Marketing	Not currently used	—

You can withdraw consent for non-essential cookies at any time via your browser settings. Disabling analytics cookies will not affect site functionality.

4. How Long We Keep Your Data

Enrolment form data (name, email, phone, role) — retained for 3 years from the date of your last interaction, then permanently deleted.
Course participant data — retained for the duration of the course plus 2 years for certificate verification purposes.
Server logs (IP, technical metadata) — retained for 6 months, then deleted.
Analytics cookies — up to 13 months from the date of consent, unless withdrawn earlier.

After the applicable retention period, data is securely and irreversibly deleted or anonymised.

5. Who We Share Data With

We do not sell, rent, or trade your personal data. We may share data only with trusted service providers acting as data processors under written contracts:

Recipient	Purpose	Safeguards
Email delivery provider	Sending transactional and course-related emails	Data Processing Agreement (DPA)
Hosting provider	Website infrastructure and data storage	DPA; EU or adequacy-decision jurisdiction
Analytics provider	Aggregated usage statistics (with your consent)	Consent-gated; anonymised data

No personal data is transferred to recipients in countries outside the EEA unless adequate protection is ensured through Standard Contractual Clauses (SCCs) or an adequacy decision under GDPR Article 45.

6. Your Rights Under GDPR

As a data subject in the EEA, you have the following rights. All requests are responded to within 30 days.

Right of access (Art. 15) Request a copy of all personal data we hold about you.

Right to rectification (Art. 16) Ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17) Request deletion of your data ("right to be forgotten").

Right to restriction (Art. 18) Ask us to pause processing while a dispute is resolved.

Right to portability (Art. 20) Receive your data in a structured, machine-readable format.

Right to object (Art. 21) Object to processing based on legitimate interest.

Withdraw consent (Art. 7) Withdraw consent at any time without affecting prior lawful processing.

Lodge a complaint (Art. 77) File a complaint with your local supervisory authority.

To exercise any right, contact us at artem@mktflow.online. We may ask you to verify your identity before fulfilling a request.

7. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the data protection supervisory authority in your country of residence. A list of EU supervisory authorities is available at: edpb.europa.eu.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission (HTTPS), access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33–34.

9. Contact Us

Data Controller — MktFlow

For any questions about this Privacy Policy, to exercise your data rights, or to report a concern:

Email: artem@mktflow.online
Website: mktflow.online/en

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by a prominent notice on the site and, where appropriate, by email. The date of the latest revision is always shown at the top of this page.

Version history:

1 May 2026 — Initial version. GDPR-compliant policy for the English-language course.