Principles of Processing
and Protection of Personal Data

If you are our customer, newsletter subscriber, or website visitor, you entrust us with your personal data. We are responsible for its protection and security. Please familiarize yourself with our data protection policy, principles, and your rights in connection with GDPR (General Data Protection Regulation).

Who is the controller?

I am Karina Černá, ID No. 87366606, address: Chobotská 1730, Brandýs nad Labem, 25001, and the owner of the website monteschool.cz. I process your personal data as the controller, meaning I determine how and for what purpose the personal data will be processed, for how long, and I select any additional processors who may assist me/us with the processing.

Contact details

If you wish to contact us/me during the processing, you can reach me at info@monteschool.cz.

We declare

I declare that, as the controller of your personal data, I comply with all legal obligations required by applicable legislation, in particular the Data Protection Act and GDPR, and therefore:

  • I will process your personal data only on the basis of a valid legal reason, primarily legitimate interest, contract performance, legal obligation, or granted consent.
  • In accordance with Article 13 of the GDPR, I fulfill the information obligation before starting the processing of personal data.
  • I enable and support you in exercising and fulfilling your rights under the Data Protection Act and GDPR.

Scope of Personal Data and Purposes of Processing

I process the personal data that you provide to me for the following reasons (to fulfill these purposes):

  • Providing services, fulfilling the contract
    Your personal data, including email, first and last name, and address, are necessary to fulfill the contract (e.g., sending access to the application, delivering the online course, or delivering goods).

  • Accounting
    If you are our customer, we need your personal data (billing details) to comply with the legal obligation for issuing and recording tax documents.

  • Marketing – Sending newsletters
    Your personal data (email and name), gender, what you click on in the email, and when you most often open it, are used for direct marketing purposes – sending commercial communications. If you are our customer, we do this based on our legitimate interest, as we reasonably assume that you are interested in our news, and this will continue for 5 years after your last order.
    If you are not our customer, we will send you newsletters only based on your consent, for 5 years from the granting of consent. In both cases, you can withdraw this consent using the unsubscribe link in every email sent.

  • Advanced marketing based on consent
    Only based on your consent, we may send you inspiring offers from third parties or use your email address, for example, for remarketing and targeted advertising on Facebook, for a period of X years from the granting of consent. This consent can of course be withdrawn at any time via our contact details.

  • Photographic documentation – live events, etc.
    We retain your personal data for the duration of the statute of limitations unless the law provides a longer retention period or we have specified otherwise in specific cases.

Cookies

When browsing our/my website, we record your IP address, how long you stay on the page, and which page you came from. The use of cookies for measuring website traffic and customizing the website display is considered our legitimate interest as the controller, as we believe it helps us offer you better services.
Cookies for advertising targeting will be processed only based on your consent.
You can also browse our/my website in a mode that does not allow the collection of personal data. You can disable the use of cookies on your computer.

Security and Protection of Personal Data

I protect personal data to the greatest possible extent using modern technologies that match the level of technical development. I protect them as if they were our own. I have adopted and maintain all possible (currently known) technical and organizational measures to prevent misuse, damage, or destruction of your personal data.

Disclosure of Personal Data to Third Parties

My employees and collaborators have access to your personal data. To ensure specific processing operations that I cannot handle on my own, I use the services and applications of processors who can protect the data even better than I can and specialize in the given processing. These are providers of the following platforms: Elementor, MailerLite, Facebook, Google, accounting firm.
It is possible that in the future I may decide to use additional applications or processors to facilitate and improve processing. However, I promise that in such cases, I will impose at least the same security and processing quality requirements on the processors as I do on myself.

Transfer of Data Outside the European Union

We process data exclusively within the European Union or in countries that provide an adequate level of protection based on a decision by the European Commission.

Transfer of Data Outside the European Union

In connection with the protection of personal data, you have a number of rights. If you wish to exercise any of these rights, please contact me via email: info@monteschool.cz.

You have the right to information, which is fully provided through this information page with the personal data processing principles.

Thanks to the right of access, you can request from me at any time, and I will provide you within 30 days with information on which of your personal data I process and why. If something changes with you or you find your personal data outdated or incomplete, you have the right to update and modify your personal data.

You can exercise the right to restrict processing if you believe that I am processing inaccurate data, if you believe that I am processing unlawfully but do not wish to delete all data, or if you have objected to the processing. You can limit the scope of personal data or processing purposes (e.g., unsubscribing from the newsletter limits the purpose of processing for sending commercial communications).

Right to Data Portability
If you would like to take your personal data and transfer it to someone else, we will proceed similarly as with the right of access, with the difference that I will provide the information in a machine-readable format. I will need at least 30 days for this.

Right to Erasure (Right to be Forgotten)
Another right you have is the right to erasure (right to be forgotten). I do not want to forget you, but if you wish it, you have the right to request it. In such a case, I will delete all your personal data from my system and from the system of all subprocessors and backups. To ensure the right to erasure, I will need 30 days.

In some cases, I am bound by legal obligations, for example, I must keep tax documents for the period required by law. In this case, I will delete all personal data not bound by another law. I will inform you via email when the deletion is complete.

Complaint to the Data Protection Authority
If you feel that I am not handling your data in compliance with the law, you have the right to file a complaint with the Data Protection Authority at any time. I would appreciate it if you inform me of this suspicion first, so I can address it and correct any potential mistakes.

Unsubscribing from Newsletters and Commercial Communications
I send you emails with inspiration, articles, or products and services if you are my customer based on my legitimate interest. If you are not yet my customer, I send them to you only based on your consent. In both cases, you can unsubscribe from my emails by clicking the unsubscribe link in each email sent.

Confidentiality

We would like to assure you that our employees and collaborators who will process your personal data are required to maintain confidentiality about the personal data and security measures, the disclosure of which could compromise the security of your personal data. This confidentiality continues even after the termination of contractual relationships with us. Without your consent, your personal data will not be disclosed to any other third party.

These personal data processing principles are effective from December 13, 2024.