Privacy Policy

1. Information about the Company

1.1. Privacy Policy of ASPENA jazyková škola, s.r.o., ID: 255 948 77, with its registered office at Brno, Veveří, Gorkého 64/15, Postcode 602 00, registered in the Business Register under File No. C 36646 kept by the Regional Court in Brno (hereinafter only the “Company”), governs the rules for handling personal information of the following natural persons (also referred to as “Subjects”):
• visitors to the vyuka.aspena.cz website;
• clients of the Company;
• suppliers of the Company;
• job applicants and employees of the Company;
• possible third parties.

1.2. The Company processes the personal data of natural persons in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR, also referred to as the “GDPR Regulation”), or in accordance with other legislation addressing personal data protection.

1.3. In the processing of personal data, the Company acts essentially as a controller who determines the purposes and means of processing of the personal data of natural persons or to whom certain operations of personal data processing are imposed by law.

1.4. The Company also acts as a processor of the personal data of natural persons when processing the personal data of natural persons for another controller according to their instructions.

1.5. The Company is not obligated to appoint a Personal Data Protection Officer.

1.6. Company contact information: ASPENA jazyková škola, s.r.o., Gorkého 64/15, 602 00 Brno, e‑mail: gdpr@aspena.cz.

2. What principles do we apply when processing your personal data?

2.1. We process personal data in a lawful manner in accordance with the GDPR Regulation, based on at least one of the legal titles.

2.2. We process personal data only for specific and legitimate purposes. We make sure that personal data collected for different purposes is stored separately and is not used for other purposes.

2.3. We process personal data in an appropriate manner, always only to the extent necessary for the given purpose.

2.4. We retain personal data only for the period of time that is absolutely necessary to achieve a given purpose. Personal data for which the statutory retention period has expired and which we no longer need are safely disposed of or anonymised without undue delay.

2.5. We keep personal data accurate and where necessary up to date. Appropriate measures are taken to correct or erase inaccurate personal data.

2.6. We process personal data in a correct and completely transparent manner. Personal Data Subjects, i.e. natural persons whose personal data we obtain, are always properly informed in accordance with the GDPR Regulation, in particular of who we are, for what purpose and under what legal title we process their personal data, how long we retain it, and what rights they may exercise in relation to their personal data.

2.7. We adequately safeguard personal data from unauthorised or unlawful processing and from accidental loss, damage or destruction. We disclose personal data only to authorised persons and institutions.

3. What legal titles do we use when processing personal data?

When processing personal data we use in particular the following legal grounds (legal titles):
• we fulfil a legal obligation that applies to the Company, or
• we perform a contract to which the Data Subject is a contracting party, or implement measures adopted prior to the conclusion of a contract at the request of this Data Subject, or
• we pursue a legitimate interest of the Company, or
• if any of the previous legal titles cannot be used, we ask for your consent to process your personal data. This consent can be withdrawn at any time, however, the withdrawal of consent does not have a retroactive effect.

4. What personal data do we process and for what purposes?

In relation to the provision of our services and under the conditions and within the limits set forth by the applicable laws, in particular the GDPR Regulation and related legislation, we process in particular the personal data of the following Subjects:

4.1. Personal data provided by prospective or existing clients of the Company, usually in the scope of identification and contact information (e.g. name, surname, address, e‑mail address, telephone number, company ID, VAT number), other operational data (e.g. payment details, data collected based on the performance of a contract):
• for the purpose of concluding and subsequently performing a contract with the client;
• for the purpose of fulfilling legal obligations according to the relevant legislation (in particular accounting, financial and tax matters),
• for the purpose of pursuing the legitimate interests of the Company (in particular direct marketing, judicial and extrajudicial recovery of receivables, etc.).

4.2. Personal data provided by prospective or existing suppliers of the Company, usually in the scope of identification and contact information (e.g. name, surname, address, e‑mail address, telephone number, company ID, VAT number), other operational data (e.g. payment details, data collected based on the performance of a contract):
• for the purpose of concluding and subsequently performing a contract with the supplier;
• for the purpose of fulfilling legal obligations according to the relevant legislation (in particular accounting, financial and tax matters),
• for the purpose of pursuing the legitimate interests of the Company (in particular direct marketing, judicial and extrajudicial recovery of receivables, etc.).

4.3. Personal data provided by job applicants of the Company, usually in the scope of identification and contact information (e.g. name, surname, date of birth, personal identification number, address, telephone number, e‑mail address), and also other operational data necessary with regard to the given job position (e.g. education and experience achieved, certificate of competence to work):
• for the purpose of conducting a selection procedure for the respective job position;
• for the purpose of keeping records of candidates for other positions in the Company for a limited period of time.

4.4. The scope and purposes of processing the personal data of employees of the Company are regulated separately.

4.5. Data provided by visitors to the website in the form of cookies storing information about the visit to the website and other visitor activity on the website. The Company uses Google Analytics with data anonymisation for this purpose and is unable to identify individual visitors to the website. The information obtained is therefore anonymous and does not involve the processing of personal data that is subject to the GDPR Regulation.

4.6. The Company does not process special categories of personal data of clients or suppliers (sensitive data).

5. For how long will we process personal data?

5.1. We will process personal data only for the time strictly necessary to achieve the purpose for which it was obtained ‑ for example, from the moment the personal data is provided by the client within the framework of pre‑contractual arrangements with the Company, for the duration of the contractual relationship until the moment of termination of contractual obligations or, as the case may be, until the expiry of the last of the legal grounds (legal titles) that authorised the Company to process the personal data.

5.2. Once the purpose of the processing has ceased, or the Company has no legal grounds for the further processing of personal data, the personal data will be safely deleted and destroyed.

6. To whom can we disclose personal data?

The Company reserves the right to provide personal data to the following:
• suppliers who provide accounting, IT, personnel and marketing services to the Company under a processing contract,
• suppliers who provide language teaching or testing services to the Company under a processing contract,
• state authorities and other public administration bodies on the basis of a legal obligation to provide such personal data.

7. What are your rights to your personal data?

7.1. In accordance with the principle of transparency, you have the right to information on the processing of your personal data. The Company provides information on the processing of personal data without a request in the form of information notices for individual groups of Subjects, and this obligation to disclose information includes in particular data on who we are, for what purpose, under what legal title, and for how long we will process personal data, to whom we intend to disclose personal data, and what rights you can exercise in relation to your personal data. General information on personal data processing activities is also contained in this policy. A complete list of information provided can be found in the provisions of Articles 13 and 14 of the GDPR Regulation.

7.2. Other rights according to the provisions of Articles 15–22 of the GDPR Regulation can be exercised upon request, namely:

•    Right of confirmation whether or not your personal data is processed by the Company, and if it is, you have the right of access your personal data, including the provision of further information on its processing.
•    Right to rectification of inaccurate personal data or, taking into account the purposes of the processing, the right of completion of incomplete personal data, namely by providing a supplementary statement.
•    Right to erasure of personal data, if your personal data is no longer necessary in relation to the purposes for which it was processed, if you have withdrawn your consent to its processing or objected to the processing of personal data, and there are no overriding legitimate grounds for the processing.
•    Right to restriction of processing of personal data if you have objected to processing or contest the accuracy of the personal data, for a period necessary to verify the accuracy of the personal data, and also if the Company no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims.
•    Right to portability of automatically processed personal data obtained by the Company directly from you on the basis of consent or performance of a contract, where the Company transmits personal data to you or to another controller of your choice in a commonly used and machine‑readable format.
•   Right to object to the processing of your personal data if the processing is necessary for the performance of a task carried out for reasons of public interest or in the exercise of official authority entrusted to the Company, the processing is necessary for the legitimate interests of the Company or a third party, for direct marketing purposes or for scientific or historical research or for statistical purposes.
•   Right not to be the subject of any decision based solely on automated processing, including profiling with legal effects for the Subject; otherwise you have the right to human intervention by the Company (decision reviewed by a human), the right to express your opinion or the right to challenge the decision.

7.3. If the processing of personal data is based on consent, you have the right to withdraw this consent at any time in writing at the Company address or by e‑mail at gdpr@aspena.cz. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

7.4. In addition to the above rights, you have the right to file a complaint with the relevant supervisory authority if you believe that the processing of personal data by the Company is contrary to the law. The competent supervisory authority in the Czech Republic is the Office for Personal Data Protection.

8. How do we protect personal data?

8.1. The handling of personal data is done in full compliance with the applicable laws, including the GDPR Regulation. The personal data of the Subjects is safeguarded by the Company through adopted organisational and technical measures.

8.2. All personal data in paper form is stored in locked places that can be accessed only by authorised persons who need to handle personal data directly for the purposes set out in this policy, and only to the extent necessary. Access to this personal data is protected by physical and electronic means of security.

8.3. All personal data in electronic form is stored in databases and systems that can be accessed only by authorised persons who need to handle personal data directly for the purposes set out in this policy, and only to the extent necessary. Access to this personal data is protected by physical and electronic means of computer security.

8.4. Employees and suppliers of the Company who process personal data are obliged to maintain the confidentiality of the personal data of the Subjects and of the security measures, the disclosure of which would jeopardize the security of the personal data. This confidentiality persists even after the termination of the contractual relationships with the Company.

9. Do you have any additional questions?

If you have any questions regarding the protection of your personal data and its processing in the Company, as well as for the purpose of exercising your rights, you can contact us by e‑mail at gdpr@aspena.cz.

10. Validity

These principles for the processing and protection of personal data in the Company take effect as of 25 May 2018.

WE HAVE THOUSANDS OF SATISFIED CUSTOMERS.

WANT TO JOIN THEM?