Petra Vymětalíková

Personal Data Protection and GDPR

If you are my customer, newsletter subscriber, or website visitor, you entrust me with your personal data, and I am responsible for its protection and security. Please familiarize yourself with personal data protection, principles, and rights that you have in connection with GDPR (General Data Protection Regulation).

Who is the controller?

Petra Vymětalíková, ID: 08006661, with registered office at Pod Pensionátem 739, 252 29 Dobřichovice, Czech Republic.

email: info@petravymetalikova.com and operates the website www.petravymetalikova.com. I process your personal data as a controller, which means I determine how personal data will be processed, for what purpose, for how long, and I select any other processors who will assist me in processing.

Contact details

If you want to contact me during the processing, you can reach me at this email address:

info@petravymetalikova.com

I declare that as a controller of your personal data, I fulfill all legal obligations required by applicable legislation, in particular, the Personal Data Protection Act and GDPR, and thus:

I will process your personal data only on the basis of a valid legal reason, primarily legitimate interest, contract performance, legal obligation or given consent.

I will fulfill the information obligation according to Article 13 of GDPR even before the processing of personal data begins.

I will enable you and support you in exercising and fulfilling your rights under the Personal Data Protection Act and GDPR.

Scope of personal data and processing purposes

I process personal data that you entrust to me for the following reasons (to fulfill these purposes):

➤ Provision of services, contract performance Your personal data, i.e., email, is necessary to fulfill the contract (for example, sending access to the application, sending an online course, delivering goods).

➤ Accounting If you are a customer, your personal data (billing data) is necessary to fulfill the legal obligation to issue and record tax documents.

➤ Marketing – sending newsletters I use your personal data (email and name) for direct marketing – sending business messages. Newsletters are sent only based on your consent, for a period of 5 years. In both cases, you can revoke this consent by using the unsubscribe link in each email sent.

➤ Advanced marketing based on consent Only with your consent, I can send you inspiring offers from third parties or use your email address, for example, for remarketing and targeting ads on Facebook, for a period of 5 years. Of course, you can revoke it at any time through our contact details.

➤ Photographic documentation, references, live events, workshops I can only use your photos, references, feedback, etc. with your consent until you withdraw your consent.

I keep your personal data for the duration of the limitation periods, unless the law requires a longer retention period or we have stated otherwise in specific cases.

Cookies

When browsing our website, your IP address, how long you stay on the page, and which page you come from are recorded. The use of cookies for measuring website traffic and customizing the display of web pages is considered my legitimate interest as the administrator, as it enables us to offer you even better services.

Cookies for targeted advertising will only be processed based on your consent.

My website can also be browsed in a mode that does not allow the collection of personal data. You can disable the use of cookies on your computer.

Security and protection of personal data

I protect personal data to the fullest extent possible using modern technologies that correspond to the level of technological development. I protect them as if they were our own. I have adopted and maintain all possible (currently known) technical and organizational measures that prevent the misuse, damage, or destruction of your personal data.

Disclosure of personal data to third parties

My employees and collaborators have access to your personal data. To ensure specific processing operations that I cannot provide on my own, I use the services and applications of processors who can protect data even better than us and specialize in that processing. These are the following providers:

  • Smartemailing – application for email marketing
  • SimpleShop – online sales automation
  • Facebook – FB pixel
  • Google – Google Analytics

It is possible that in the future, I will decide to use other applications or processors to facilitate and improve processing. However, I promise that in such a case, I will place the same demands on processors for security and quality of processing as on myself.

Transferring data outside the European Union

I process data exclusively in the European Union or in countries that provide an adequate level of protection based on the decision of the European Commission.

Your rights in connection with the protection of personal data

You have several rights in connection with the protection of personal data. If you want to exercise any of these rights, please contact me by email:

You have the right to information, which is already fulfilled by this information page with principles of personal data processing.

Thanks to the right of access, you can ask me at any time, and I will provide you within 14 days with information on what personal data I process about you and why.

If something changes with you, or you find your personal data is not up-to-date, you have the right to have it corrected. You also have the right to have your personal data deleted or restricted, to object to their processing, and the right to data portability.

You have the right to limit the processing of your personal data if you believe that I am processing your inaccurate data, you believe that I am processing your data unlawfully but you do not want all the data to be deleted, or if you have objected to the processing. You can limit the scope of personal data or processing purposes (e.g., by unsubscribing from a newsletter, you limit the purpose of processing for sending marketing communications).

Right to data portability If you want to take your personal data and transfer it to someone else, I will proceed as if you were using the right of access – except that we will provide you with the information in machine-readable form. We need at least 60 days for this.

Right to erasure (right to be forgotten) Your next right is the right to erasure (right to be forgotten). In such cases, I will delete all your personal data from my system as well as from the system of all processors and backups. To ensure the right to erasure, I need 60 days.

In some cases, I am bound by legal obligations, and, for example, I must keep records of issued tax documents for a period set by law. In this case, I will delete all personal data that is not bound by other laws. I will inform you by email when the erasure is completed.

Complaint to the Office for Personal Data Protection If you feel that I am not handling your data in accordance with the law, you have the right to submit a complaint to the Office for Personal Data Protection at any time. I would appreciate it if you would inform me first about this suspicion so that I can do something about it and rectify any errors if necessary.

Unsubscribe from newsletters and marketing communications I send you emails with inspiration, articles, or products and services if you are my customer based on my legitimate interest.

If you are not yet a customer, I will only send them to you based on your consent. In both cases, you can unsubscribe from my emails by clicking on the unsubscribe link in each email.

Confidentiality

I assure you that I am obliged to maintain confidentiality about personal data and security measures whose disclosure would endanger the security of your personal data. This confidentiality also applies after the end of the contractual relationship with us. Without your consent, your personal data will not be disclosed to any other third party.

These personal data processing principles apply from March 1, 2023.