I am Jakub Vachuška (hereinafter referred to as the "service provider" or simply "provider"), address at Nádražní 43, Katovice 38711, registration number 174 376 79.
Contact details are: email: [email protected] , phone: +420 607 531 460.
As part of my business and service provision, I process certain personal data. You can read more about this here.
The processing of personal data is governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), known as the GDPR.
1. Processing of the client's personal data in the event of a request
If a client requests the provider's services, the provider will work with the data that the client enters in the request. This is most often an email address, first name, last name, possibly a phone number, and the client's specific requirements.
The provider will process this data for the purpose of fulfilling the client's request for the time necessary. If the client and provider do not conclude a contract, the provider will process the client's personal data for a maximum of 6 months from the last communication with the client.
This processing is permitted to the provider by the GDPR (Article 6(1)(b) – contract negotiations).
2. Processing of personal data in the case of provision of services
When providing services, the provider will work with the client's billing and contact details and will also record the services provided and related documents – this may include communication with the client, materials supplied, information and data about the client's relatives, family history, etc.
The provider uses this data to provide the agreed services, contact the client, invoice for services, and fulfill obligations arising from legal regulations (mainly in the area of taxes and accounting).
The provider will process this data for the duration of the provision of services and further for the period specified by the relevant legal regulations (most often this is a period of 10 years from the last provision of the service, which is based on tax regulations).
This processing is permitted to the provider by the GDPR (Article 6(1)(b) – performance of a contract and Article 6(1)(c) – compliance with a legal obligation).
If the client provides the provider with data concerning third parties, the client should bear in mind that they are responsible for ensuring that such provision complies with legal regulations.
3. Photography at offline events organized by the service provider
Photographs or video recordings may be taken at the service provider's events. The service provider may also use photographs taken by the client and provided to the service provider for promotional purposes without further consent.
The service provider is interested in capturing the event for internal purposes (archiving) and also for promotion on its website and Instagram social network.
The photograph or video recording will be actively used for a period of 10 years from the date of capture.
This processing is based on Article 6(1)(f) of the EU General Data Protection Regulation, "Lawfulness of processing."
Participants in the event may object to such processing. If they do not wish to be captured in photographs or videos, they should contact the service provider or organizer/photographer at the event venue.
4. Verification of reviews
If a person has written a review for a service provider, the provider can verify in their system (if possible) that the person is indeed a client of the provider and that the review relates to the services provided.
This is because consumer protection regulations require that if a provider communicates a review as authentic (from their customer), they must verify such a review in an appropriate manner.
This processing is based on Article 6(1)(c) of the GDPR – compliance with obligations.
The review may then be posted on the provider's website and Instagram social network with the client's consent. This consent is entirely up to the client and can be withdrawn at any time.
5. Who can access the data?
· The client's personal data remains with the provider, who takes the utmost care of it. Nevertheless, the client should be aware that personal data may also be accessible to other persons, as the provider uses their tools and services for its business. These are:
· billing tool provider: STORMWARE s.r.o. (mpohoda.cz)
· email service provider: Zoho Corporation Pvt. Ltd.
· website provider: Mozello SIA (mozello.cz)
· artificial intelligence provider: Envato Pty Ltd.
· postal and parcel service operator: Zásilkovna s.r.o., Česká pošta, s.p.
· family tree visualization provider: MyHeritage Ltd.
The client's personal data remains within the European Union, or within the United States if American tools are used.
6. What rights does the client have in relation to processing?
Among other things, the GDPR gives clients the right to contact service providers and request information about what personal data the provider processes, request access to this data and have it updated or corrected, or request restrictions on processing. The client may request a copy of the personal data being processed, request the provider to delete personal data in certain situations, and in certain cases, the client has the right to data portability. Consent given is revocable at any time, and an objection may be raised against processing based on legitimate interest.
If the client believes that the provider is not handling the data correctly, they have the right to file a complaint with the Office for Personal Data Protection or, if necessary, take their claims to court. The provider would appreciate it if the client would first inform them of this suspicion so that they can correct any possible mistakes.
The provider does not have a designated data protection officer.
These personal data processing principles are effective as of February 19, 2026.