Privacy Policy

I. Basic Provisions

The data controller, according to Article 4, Paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), is EduJoy s.r.o.
ID: 17287979, with its registered office at Šimkova 11, 19015 Prague 9 (hereinafter referred to as “the controller”).

The contact details of the controller are: Mgr. Veronika Mirovská
address: Purkyňova 2, 11000 Prague 1

email: kurzy@edujoy.cz

phone: 724 077 676

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The controller has not appointed a Data Protection Officer.

II. Sources and Categories of Processed Personal Data

The controller processes the personal data you have provided or personal data that the controller has obtained based on the fulfillment of your order.

The controller processes your identification and contact details and data necessary for the performance of the contract.

III. Legal Reason and Purpose of Processing Personal Data

The legal reason for processing personal data is the performance of the contract between you and the controller according to Article 6, Paragraph 1, Letter b) of the GDPR, the legitimate interest of the controller in providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6, Paragraph 1, Letter f) of the GDPR, your consent to the processing for the purpose of providing direct marketing (especially for sending commercial communications and newsletters) according to Article 6, Paragraph 1, Letter a) of the GDPR in conjunction with § 7, Paragraph 2 of Act No. 480/2004 Coll., on certain services of the information society, in case there was no order of goods or services.

The purpose of processing personal data is to process your order and to exercise rights and obligations arising from the contractual relationship between you and the controller; personal data required for successful order processing (name and address, contact) is necessary for the conclusion and performance of the contract, and without providing personal data, it is not possible to conclude or fulfill the contract by the controller; sending commercial communications and conducting other marketing activities.

The controller does not engage in automated individual decision-making within the meaning of Article 22 of the GDPR.

IV. Data Retention Period

The controller retains personal data for the period necessary to exercise rights and obligations arising from the contractual relationship between you and the controller and to assert claims from these contractual relationships (for 15 years from the end of the contractual relationship), or until consent to the processing of personal data for marketing purposes is withdrawn, but no longer than 15 years, if the personal data are processed based on consent.

After the expiration of the data retention period, the controller will delete the personal data.

V. Recipients of Personal Data (Controller’s Subcontractors)

Personal data processors are persons involved in the delivery of goods, services, payment transactions, accounting, a company providing services related to the operation of the e-shop, and a company providing marketing services based on a contract.

The controller does not intend to transfer personal data to a third country (a country outside the EU) or an international organization.

VI. Your Rights

Under the conditions set out in the GDPR, you have the right to:

  • access your personal data according to Article 15 of the GDPR,

  • correct personal data according to Article 16 of the GDPR, or restrict processing according to Article 18 of the GDPR.

  • delete personal data according to Article 17 of the GDPR.

  • object to processing according to Article 21 of the GDPR, and

  • data portability according to Article 20 of the GDPR.

  • withdraw consent to processing in writing or electronically to the address or email of the controller specified in Article II of these terms.

You also have the right to lodge a complaint with the Office for Personal Data Protection if you believe that your right to the protection of personal data has been violated.

VII. Personal Data Security Conditions

The controller declares that it has taken all appropriate technical and organizational measures to secure personal data. The controller has taken technical measures to secure data storage and storage of personal data in paper form, in particular securing all computers, the economic system, and data storage with a password, and locking all documents in paper form containing sensitive personal data.

The controller declares that access to personal data is only granted to persons authorized by the controller.

VIII. Final Provisions

By submitting an order from the internet order form, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

You agree to these terms by checking the consent box via the internet form. By checking the consent box, you confirm that you are familiar with the privacy policy and that you accept it in its entirety.

The controller is entitled to change these terms. A new version of the privacy policy will be published on its website and at the same time, the new version of these terms will be sent to your email address, which you provided to the controller.

These terms are effective as of June 12, 2024.