Last updated: August 9, 2025
Controller / Business:
GOLDEN HFZ LLC (AHMED HAMIDOVIC, Sole Member)
30 N GOULD ST STE R, SHERIDAN, WY 82801-6317-301, USA
This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website and services (Qur’an lessons, registration, and payments).
If you have questions or want to exercise your privacy rights, contact us at the postal address above or via the contact options on our website.
What we collect
We collect information you provide directly and automatically through our site.
Registration (stored in Google Sheets):
- Name, email address, phone number, preferred lesson times, and any message you include.
- If you register without paying, we still receive and store your registration details.
Checkout & payments (stored in our WooCommerce site and by payment providers):
- Billing details (name, address, email, phone), order details, and payment status.
- Limited payment data is stored on our site (e.g., last4 of card, transaction ID) while full payment credentials are handled by your chosen payment provider (e.g., Stripe/PayPal/your bank).
Automatically collected (via our website):
- Device, browser, IP address, and basic usage data (for security, analytics, and site functionality).
- Cookies and similar technologies (see “Cookies & Analytics”).
Note on sensitive data (GDPR): Our services relate to religious education. We do not require you to disclose your religious beliefs; however, choosing to register for Qur’an lessons may indirectly reveal such beliefs. Where EU/UK law treats this as “special category” data, we rely on your explicit consent (provided when you submit the registration form) and/or your request for our services to process that information.
Why we use your information (lawful bases)
To provide services and manage your account / orders
- Process registrations, schedule lessons, process payments, send confirmations, and provide support.
- Legal bases (GDPR): Performance of a contract or steps prior to entering into a contract; legitimate interests.
To follow up on registrations that did not complete payment
- We may contact you to help you finish signup or answer questions.
- Legal bases: Legitimate interests (to provide requested services and improve customer experience). You can opt out at any time.
To comply with laws
- Prevent fraud, maintain records for accounting/tax, handle legal requests.
- Legal bases: Legal obligation; legitimate interests.
Marketing (optional)
- If you opt in, we may send updates or offers.
- Legal bases: Consent (you can withdraw at any time).
Where we store/process data & transfers
- Registration data: Google Sheets (Google LLC).
- Orders/checkout: Our WooCommerce site and hosting provider(s).
- Payments: Your selected payment processor (e.g., Stripe/PayPal/your bank).
Data may be processed in the U.S. and other countries. For transfers from the EEA/UK/Switzerland, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) offered by our providers where applicable.
Retention
- Registration data: Up to 12 months after last contact or until you ask us to delete it (unless we need it for legal claims).
- Order/payment records: Up to 7 years (accounting/tax/legal requirements).
- We may keep data longer if required by law or to establish/defend legal claims.
Sharing
We share data only as necessary:
- Service providers / processors: hosting, email, analytics, customer support, Google (Sheets), WooCommerce extensions, and payment processors.
- Legal / compliance: if required by law, to protect our rights or users.
- Business changes: if we reorganize or transfer assets, consistent with this Policy.
We do not sell personal information for money, nor do we knowingly engage in cross-context behavioral advertising that constitutes a “sale” or “share” under CA/US laws. If this changes, we will update this Policy and provide required opt-out links.
Cookies & analytics
We use necessary cookies for site functionality and checkout. We may use analytics to understand site usage and improve services. You can manage cookies through your browser settings. Blocking some cookies may affect site features (including checkout).
Your rights
EU/EEA/UK (GDPR)
You have the right to access, rectify, erase, restrict or object to processing, and data portability. Where processing is based on consent, you may withdraw consent at any time (this won’t affect earlier lawful processing). You also have the right to complain to your local supervisory authority.
If we are required to appoint an EU/UK representative or Data Protection Officer, we will provide those details on our website. For now, please use the contact details above.
United States (including California, Colorado, Connecticut, Utah, Virginia)
Subject to applicable law, you may have the right to:
- Know/access the categories and specific pieces of personal information we collected,
- Delete personal information,
- Correct inaccuracies,
- Opt out of certain processing (e.g., sale/share/targeted advertising—currently not practiced),
- Limit use/disclosure of sensitive personal information (we do not use it for purposes requiring this right).
We will not discriminate against you for exercising your rights.
How to exercise your rights
Submit a request via the contact details on our website or by mail to the address above. We may need to verify your identity. Authorized agents may submit requests where permitted by law with proof of authorization.
To opt out of follow-up messages after registration without payment, reply “STOP” to our email or use the unsubscribe/opt-out link (if provided), or contact us.
Parents or legal guardians may submit requests on behalf of their minor children (for example, to access, correct, delete, or withdraw consent). We may require verification of identity and legal authority (e.g., proof of guardianship or signed consent) before we fulfill the request.
Security
We take reasonable and appropriate measures to protect personal information, including encryption in transit (HTTPS), access controls, and vendor due diligence. No method is 100% secure; please use unique, strong passwords and keep your account details safe.
Children
Our services are not directed to children under 13 (or under 16 in the EEA/UK, as applicable). We do not knowingly collect personal data from children without appropriate consent. If a child has provided personal information, a parent or legal guardian may contact us to review, correct, or delete the information and to withdraw consent. Where lessons involve a minor, we collect the parent/guardian’s contact details and consent and will communicate with, and honor requests from, the parent/guardian regarding the minor’s data. We may ask for reasonable proof of parental/guardian status before acting on a request.
Changes to this Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and take additional steps if required by law.