GDPR

Privacy Policy

According to Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”)

Identity and Contact Details of the Data Controller
Business name: Tomáš Oplatek
Company ID: 05520797
VAT ID: CZ8905080316
Registered office: Hartigova 2456/241, 13000 Prague – Žižkov
Contact person: Tomáš Oplatek
Email: oplatek.t@africkebubnovani.cz
(hereinafter referred to as the “Controller”)

Personal Data Processed
The Controller processes personal data of its customers, i.e., individuals who enter into a contractual relationship with the Controller, based on which the Controller provides products or services within its business activities. The customer is a data subject within the meaning of Article 4(1) of the GDPR.
The following personal data may be processed:

  • Full name

  • Phone number

  • Email address

  • Written references

Purpose and Legal Basis for Processing
The customer’s contact and identification details (full name, company ID, address, phone, email) are processed for the purpose of fulfilling contractual obligations of the Controller, invoicing, and communicating about contractual matters. The legal basis is Article 6(1)(b) of the GDPR.
Contact details (full name, email) may also be processed for direct marketing (e.g., sending newsletters), based solely on the customer’s consent under Article 6(1)(a) of the GDPR.
Customer photos and names in connection with written testimonials regarding the Controller’s services may be used for promotional purposes (e.g., social media, website), also only with the customer’s consent under Article 6(1)(a) of the GDPR.

Recipients of Personal Data
Personal data may be shared with third parties cooperating with the Controller, particularly in administrative and technical support related to the operation of websites and supporting systems. This includes:

  • Google

  • WordPress

  • Elementor

In cases of unpaid obligations, data may also be shared with legal service providers for debt recovery.
Data is not shared with any other third parties or transferred outside the EU.

Retention Period
Data processed to fulfill contractual obligations is stored for the duration of the contractual relationship and 10 years after its termination.
Marketing/promotional data is stored for 5 years after the relationship ends.
Data processed to meet legal obligations (e.g., accounting) is retained as required by applicable law.

Data Security
The Controller secures personal data using modern technology appropriate to the current level of technical development. Measures include:

  • Password-protected access to the Controller’s computer

  • Password and fingerprint-protected access to the Controller’s phone

  • Password-protected access to email and bulk mailing systems

  • Password-protected access to invoicing systems

  • Encrypted website communication (valid HTTPS certificate)

  • Regular software updates

Data is processed either electronically (automated) or in printed form (non-automated).

Data Subject Rights
Under the GDPR, customers have the right to:

  • Access their personal data

  • Request correction of inaccurate data

  • Request deletion of their data

  • Request restriction of processing

  • Object to processing

  • Request data portability

  • File a complaint with a supervisory authority if they believe their data protection rights have been violated

  • Withdraw consent at any time (this does not affect the lawfulness of prior processing)

Consent may be withdrawn by sending a statement to: oplatek.t@africkebubnovani.cz