In this document you will find information about the processing of personal data by Kinesiology s.r.o., Company Identification Number (IČO): 22093893, with its registered office at Nad Pazdernou 398, 25241 Dolní Břežany, registered in the Commercial Register maintained by the Municipal Court in Prague under File No.: C 410828 (hereinafter referred to as the „Company„), in connection with the use of the Company’s website and/or in connection with the purchase of services through the e-shop at https://www.kinesiologycourses.cz (hereinafter referred to as the „Web Portal“).

1. Basic Concepts

In the introduction, you will find information on some of the basic concepts used in this policy, which are also defined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 94/46/EC (hereinafter referred to as „GDPR„).

„Personal Data“ means any information about an identified or identifiable natural person. It is a person who can be identified directly or indirectly, in particular by reference to a specific identifier (name and surname, ID number, location data, network identifier).

„Data Subject“ means the specific person whose Personal Data is at issue in a given case.

„Processing“ means any operation or set of operations with Personal Data (e.g., data recording, organizing, storing, etc.).

„Controller“ means the person who determines the purposes and means of Personal Data processing, in this case the Company.

„(Data) Processor“ means a person who processes Personal Data for the Controller.

„Recipient“ means the person to whom the Personal Data has been disclosed.

„Consent“ of the Data Subject is any free, specific, informed and unambiguous expression of will by which the Data Subject gives his/her consent to the processing of his/her Personal Data.

2. Purposes and Legal Basis for Personal Data Processing

Processing of your Personal Data takes place for the following purposes and on the following legal bases:

1. for the purpose of fulfilling its contractual obligations under the purchase contract concluded with you by the Company (purchase contract concluded on the basis of your order on the Web Portal);

2. for the purpose of maintaining the Company’s customer database based on the Company’s legitimate interest in maintaining such database;

3. for the purpose of fulfilling legal obligations arising from legal regulations (bookkeeping, etc.);

4. for the purpose of enforcing the Company’s legal claims based on the Company’s legitimate interest in protecting its rights;

5. for the purpose of sending commercial communications promoting the Company and/or the Company’s goods or services (e.g., promotional offers, information about events or similar communications) in an irregular newsletter.

6. for the purpose of transferring Personal Data to a third country (the USA) for the purpose of registering Course graduates and issuing One Brain® Kinesiology Method certificates to graduates of all 11 Course Modules by an authorized organization, Three In One Concepts, Inc., which is subject to the Implementing Decision of the Commission (EU) 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequacy of the level of protection of personal data provided by the EU-US data protection framework.

In the case of Personal Data Processing for the purpose of fulfilling contractual obligations and on the basis of a contract, the provision of your identification and contact data is necessary for the conclusion and performance of the contract. In the case of sending commercial communications promoting the Company itself and/or the Company’s services (e.g., promotional offers, information about events or similar communications) in an irregular newsletter, the Personal Data Processing is based on the so-called „legitimate interest“ in accordance with Article 6 paragraph (1) letter (f) together with point 47 of the GDPR Recital. In accordance with provisions of Section 7 paragraph (3) of Act No. 480/2004 Sb. (The Collection of Czech Laws), on Certain Services of An Information Society, you may refuse /the processing of Personal Data/ for the purpose of disseminating commercial communications at any time, both by checking the box „I do not wish to receive your newsletters“ or a box with a similar meaning before sending an order if you are an existing customer of the Company, and at any time thereafter when sending each individual message (by unsubscribing). If you do not tick the „I do not wish to receive your newsletters“ box when you make your first purchase on the Website, we will send you messages. If you have already ticked the „I do not wish to receive your newsletters“ box in the past or have unsubscribed, but you do not tick the „I do not wish to receive your newsletters“ box when you make your next purchase, we will assume that you have changed your mind and are now interested in receiving newsletters. The Company generally obtains Personal Data directly from the Data Subject, i.e., from you.

3. Contact Details of the Company

You may contact the Company on matters relating to the Personal Data Processing through the following contacts: 

Email address:  kinesiologyprague@gmail.com

Telephone contact: +420 776 175 087

Contact address: Nad Pazdernou 398, 25241 Dolní Břežany

4. Categories of Personal Data

1. identification data (title, name, surname, etc.);

2. contact details (address, e-mail address, telephone number, etc.);

3. other data necessary for the performance of the contract (e.g., information on the method of payment, number and type of goods or services ordered, etc.);

4. other data to which the Data Subject has given consent. 

5. Period of Data Processing

Your Personal Data will be Processed:

1. for the purpose of performance under the contract for the term (duration) of the contract;

2. for the purpose of maintaining the Company’s customer contact database for a period of three (3) years as from your last order;

3. for the purpose of fulfilling legal obligations for a period of time necessary under the relevant legal regulation imposing such obligation upon the Company;

4. for the purpose of defending the Company’s legal claims for a period of at least one year as from the end of the limitation period for such claims;

5. for the purpose of sending commercial communications in an irregular newsletter for a period of three (3) years as from the last purchase, and if you unsubscribe from the newsletter before the expiry of the aforementioned period, then until the moment when you unsubscribe again after your last purchase (the lawfulness of the processing of personal data before unsubscribing is not affected by the unsubscribing);

but at all times for no longer than the period of time for which the Personal Data can be Processed in accordance with the applicable and effective legal regulations.

6. Recipients and Processors of Personal Data

The Personal Data you provide may be further transferred/disclosed to other recipients. These include, for example, the Company’s contractual partners (carriers, IT service providers, or providers of tax, legal or other services), public authorities (authorities, courts, law enforcement agencies) and others.

7. Rights of the Data Subject

The Company processes Personal Data in relation to the Data Subject in a fair and lawful and transparent manner. Data is collected for specific, explicit and legitimate purposes. The Company ensures that Personal Data is accurate and, where necessary, updated. The Company shall take all reasonable measures to ensure that Personal Data which is inaccurate in relation to the purpose for which it is processed, is erased or rectified without undue delay. The Company is committed to the protection of the rights of Data Subjects and to the proper security of Personal Data, and therefore, when Processing Personal Data, it takes care to ensure, through appropriate technical or other measures, the highest possible level of security corresponding to potential risks of the Processing concerned. The Data Subject may request information and access to his/her Personal Data from the Controller in accordance with Articles 13 and 14 of the GDPR, in particular, they have the right to request:

1. the identity and specific details of the Controller,

2. disclosure of purposes of the Processing for which the Personal Data is intended,

3. access to Personal Data,

4. rectification, erasure or restriction of the Personal Data Processing,

5. termination of the Personal Data Processing.

The Data Subject may further object to the Data Processing. If the Processing is based on consent (Article 6 paragraph (1) letter (a) or Article 9 paragraph (2) letter (a) of GDPR), the Data Subject has the right to withdraw his/her consent to the Processing of Personal Data, without prejudice to the lawfulness of the Processing based on the consent given before his/her withdrawal. If you have given your consent to the Company to Process your Personal Data, you may withdraw this consent at any time, free of charge. If you do not wish to receive further commercial communications, please contact the Company and the mailing will be discontinued. You can also unsubscribe from our newsletters by sending an e-mail via the link provided in each individual e-mail containing the commercial communication. If you believe that your Data is Processed by the Company in violation of applicable legal regulations, you can file a complaint with the supervisory authority – the Office for the Protection of Personal Data. However, in order to arrange for a remedy as soon as possible, we recommend contacting the Company first. If you have any questions about the Processing of your Personal Data or if you wish to update or correct your Personal Data, or if you wish to request erasure of your Personal Data or restriction of your Personal Data Processing, or if you wish to object to the Processing, please contact the Company via the contacts listed in Article 3 above.

8. Protection of Personal Data

The Company is concerned about the protection of the rights of Data Subjects and the proper security of Personal Data, therefore, when Processing Personal Data, it takes care to ensure, through appropriate technical and organizational measures, the highest possible level of security corresponding to potential risks of the relevant Data Processing.