top of page

Privacy Policy

Privacy Policy

Effective from 1 February 2026

I. Introduction

This Privacy Policy describes how Petra Ledvinková, ID No. 24094951, registered at Černý Dub, Boršovská 31, 370 01 České Budějovice (“Controller”), processes personal data of:

  • clients

  • prospective clients

  • event participants

  • website visitors

  • members of a closed Facebook group

  • individuals who post comments on the blog

  • individuals who provide testimonials or photographs

The Controller operates as a sole trader without employees and processes personal data in accordance with the GDPR and related legislation.

The services are not intended for individuals under 16 years of age.

II. Controller and Contact Details

Controller:
Petra Ledvinková
ID No.: 24094951
Address: Černý Dub, Boršovská 31, 370 01 České Budějovice

Contact:
Email: ledvinkova.petra@seznam.cz
Phone: +420 774 215 323
Website: https://ledvinkova.com

The Controller is responsible for the secure, lawful, and transparent processing of personal data.

III. Definitions

  • Personal data – information relating to an identified or identifiable individual.

  • Processing – any operation performed on personal data.

  • Controller – the person determining the purposes and means of processing.

  • Processor – the person processing data on behalf of the Controller.

  • Data subject – the individual whose data is being processed.

  • Third country – a country outside the EU.

IV. Sources and Scope of Processed Data

1. Sources of personal data

I obtain personal data directly from you, for example when you visit the website, book a service, communicate with me, participate in a consultation, or post a comment.

I do not use tools that collect data without your knowledge.

2. Categories of processed data

a) Standard personal data

Name, email, phone number, billing details, communication content, order details, IP address, data from the Calendly booking form, blog comments.

b) Anonymous analytics (Wix Analytics)

Number of visits, pages viewed, device type, country of access.
This data does not allow identification of an individual.
I do not use Google Analytics or marketing cookies.

c) Voluntarily provided data

Testimonials, photographs, content of comments and posts.

d) Consultation notes (paper form)

  • only brief working notes

  • not digitized

  • not shared

  • kept only for the duration of cooperation

  • shredded after completion

e) Sensitive data

You may choose to share them voluntarily (e.g., health or personal circumstances).
I do not store them long-term and do not process them systematically.
If short-term storage is necessary, it is done only with your explicit consent.

f) Blog data

Name/nickname, email (not displayed), comment text.

g) Calendly data

Name, email, note.
Data may be transferred to the USA based on Standard Contractual Clauses.

V. Purposes of Processing, Legal Bases, and Retention Periods

  1. Contract conclusion and service provision
    Legal basis: performance of a contract
    Retention: 3–5 years

  2. Accounting and legal obligations
    Legal basis: legal obligation
    Retention: 10 years

  3. Communication with prospective clients and clients
    Legal basis: legitimate interest
    Retention:

    • prospective clients: 1 year

    • clients: 3–5 years

  4. Website operation and anonymous analytics
    Legal basis: legitimate interest
    Retention: 1–2 years

  5. Operation of the Facebook group
    Legal basis: legitimate interest
    Retention: for the duration of membership

  6. Blog comments
    Legal basis: legitimate interest
    Retention: until deleted

  7. Photographs and video recordings
    Legal basis: consent / legitimate interest
    Retention: until consent is withdrawn

  8. Client testimonials
    Legal basis: consent
    Retention: until withdrawn or no longer relevant

  9. Protection of rights and legal claims
    Legal basis: legitimate interest
    Retention: 3–5 years

  10. Sensitive data
    Legal basis: explicit consent
    Retention: only for the necessary period

  11. Bookings via Calendly
    Legal basis: performance of a contract
    Retention: according to Calendly’s policies

VI. Recipients and Processors of Personal Data

1. Processors

  • Wix.com Ltd. – web hosting, analytics

  • Google LLC – email, documents, cloud services

  • Microsoft Corporation – MS Teams, OneDrive

  • Calendly LLC – appointment scheduling

  • Accountant – accounting services

  • Email and device security providers

All processors are contractually bound to comply with the GDPR.

2. Independent controllers

  • Meta Platforms Ireland Ltd. (Facebook, Instagram)

3. Public authorities

Data may be disclosed only when required by law.

4. Transfers to third countries

Transfers occur only under GDPR-compliant conditions (Data Privacy Framework, Standard Contractual Clauses).

VII. Rights of Data Subjects

Data subjects have the right to:

  • access

  • rectification

  • erasure

  • restriction of processing

  • data portability

  • objection

  • withdrawal of consent

  • lodge a complaint with the Data Protection Authority

  • seek judicial protection

Requests can be submitted via email: ledvinkova.petra@seznam.cz

VIII. Final Provisions

This Policy is for informational purposes and may be updated.
The current version is always available on the website.
Effective from 1 February 2026.

bottom of page