Privacy policy (GDPR).

1. Collection of personal data

The following types of personal data may be collected, stored and used:

• information about your computer including your IP address, geographic location, browser type and version, and operating system
• information about your visits to and use of this website including the referral source, length of visit, pages viewed and website navigation paths
• the email address you provide when registering on our website
• information entered in your profile — name, profile pictures, date of birth, contact details
• information you enter when subscribing to our email services or newsletters
• information you enter when using services on our website
• information generated when using our website (when, how often, under what conditions)
• information related to purchases, services used or transactions
• information contained in any communication you send to us by email or through the website
• any other personal data you send to us

Before you share another person's personal data with us, you must obtain that person's consent to both the disclosure and processing of that personal data in accordance with this policy.

2. Use of your personal data

The personal data provided to us through our website will be used for the purposes set out in this policy or on the relevant pages of the website:

• administering our website and business
• personalising our website for you
• enabling your use of services available on our website
• providing services ordered through our website
• sending statements, invoices, payment reminders and collecting payments
• sending non-commercial business communications
• sending email notifications you specifically request
• sending our email newsletter (you can unsubscribe at any time)
• handling enquiries and complaints
• maintaining website security and preventing fraud

Without your express consent, we will not share your personal data with any third party for direct-marketing purposes.

3. Disclosure of personal data

We may share your personal data with our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors — as is reasonably necessary for the purposes set out in this policy.

We may disclose your personal data:

• to the extent we are required to do so by law
• in connection with any ongoing or prospective legal proceedings
• to establish, exercise or defend our legal rights
• to the purchaser (or prospective purchaser) of any business or asset we are selling
• to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data

Except as set out in this policy, we will not provide your personal data to third parties.

4. International data transfers

• Data we collect may be stored, processed and transferred between any of the countries in which we operate.
• Data may be transferred to countries that do not have data-protection laws equivalent to those in the EEA (e.g. the United States, Japan).
• Personal data published on our website may be accessible via the internet around the world.
• You expressly consent to the personal-data transfers described in this section.

5. Data retention

• We have established data-retention policies and procedures designed to ensure we meet our legal obligations regarding the retention and deletion of personal data.
• Personal data processed for any purpose must not be kept longer than is necessary for that purpose.
• Notwithstanding the other provisions of this section, we will retain documents containing personal data to the extent we are required to do so by law, where we believe they may be relevant to ongoing or prospective legal proceedings, or to defend our legal rights.

6. Security of your personal data

• We will take reasonable technical and organisational measures to prevent the loss, misuse or alteration of your personal data.
• We will store all personal data you provide on our secure servers (protected by password and firewall).
• All electronic financial transactions submitted through our website will be encrypted.
• You acknowledge that the transmission of information over the internet is inherently insecure and we cannot guarantee the security of data sent over the internet.
• You are responsible for maintaining the confidentiality of any password you use to access our website.

7. Policy changes

We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to make sure you understand any changes. We may notify you of changes to this policy by email.

8. Your rights

You may instruct us to provide you with any personal data we hold about you. Providing such information will be subject to presenting suitable evidence of your identity (a notarised photocopy of a passport and an original copy of a utility bill showing your current address).

To the extent permitted by law, we may refuse to provide personal data. You may instruct us at any time not to process your personal data for marketing purposes.

9. Third-party websites

Our website contains hyperlinks to third-party websites and details about them. We have no control over, and accept no responsibility for, the privacy policies and practices of third parties.

10. Data updates

Please let us know if any personal data we hold about you needs to be corrected or updated. Write to gdpr@skolaflow.cz.

11. Cookies

Our website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers) sent by a web server to a web browser and stored by the browser. Cookies may be either "persistent" or "session":

• Persistent cookies are stored by the web browser and remain valid until their expiry date, unless deleted by the user before that date.
• Session cookies expire at the end of the user's session when the web browser is closed.

Cookies do not typically contain any information that uniquely identifies a user. You can delete cookies in your browser or disable their storage at any time.