PRIVACY POLICY

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”) and Act No. 18/2018 Coll. on Personal Data Protection (hereinafter referred to as the “Personal Data Protection Act”). As we also provide digital services in the United States, we additionally take into account applicable U.S. privacy standards, including relevant federal and state privacy laws, such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), where applicable.

The security of personal data and its lawful processing are our top priority. Here you can learn how we process your personal data, how we ensure its security, and what rights you have in connection with the processing of your personal data.

 

1. Identification of the Controller

The controller of personal data within the meaning of Article 4(7) of the GDPR is:

Business name: PRETTY AGENCY s.r.o.

Registered in: C 416503/MSPH Municipal Court in Prague

Registered office (address): Kurzova 2222/16, Stodůlky (Prague 13), 155 00 Prague

Company ID No. (IČO): 22432019

E-mail: info@tomasizvolt.com

Website: www.tomasizvolt.com

 

2. Purpose and Legal Basis for the Processing of Personal Data

We process your personal data solely for specific, explicitly stated, and legitimate purposes. Personal data are processed for the following purposes:

  • For the purpose of fulfilling an order, personal data are processed when purchasing a digital product, issuing an invoice, and delivering the product by e-mail. The legal basis for the processing is the performance of a contract pursuant to Article 6(1)(b) GDPR.
  • For the purpose of fulfilling accounting and tax obligations, personal data are processed when archiving accounting documents and maintaining VAT records. The legal basis for the processing is compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.
  • For the purpose of communication with the customer, personal data are processed when responding to inquiries, handling complaints, and resolving claims. The legal basis for the processing is legitimate interest pursuant to Article 6(1)(f) GDPR.
  • For the purpose of direct marketing, personal data are processed when sending newsletters, information about news, products, and promotions. The legal basis for the processing is consent pursuant to Article 6(1)(a) GDPR.
  • For the purpose of website operation and analytics, personal data are processed through cookies and tools for tracking visitor behavior on the website. The legal basis for the processing is consent or legitimate interest, depending on the type of cookies and the specific purpose of the processing.

Where we provide digital services in the United States, we also process personal data in accordance with applicable U.S. privacy laws and standards, to the extent relevant to the services provided and the jurisdiction of the user.

 

3. Categories of Personal Data

We process in particular the following categories of data:

  • Identification data: first name, last name, Company ID No. (IČO), Tax ID No. (DIČ) (when purchasing as a company)
  • Contact data: e-mail address, telephone number
  • Billing data: address, country, payment details, transaction history
  • Technical data: IP address, cookies, browser and device information
  • Voluntarily provided data: message content in contact forms, feedback, reviews
  • Financial Security Notice: All financial transactions are processed through PCI-DSS compliant third-party payment processors (for example Braintree, PayPal, Stripe, or similar providers). We do not store, process, or have access to full credit card details or complete bank account credentials.
  • Accounting records: We process personal data of customers or other persons recorded in our accounting system to the extent of title, first name, last name, billing address, bank account number, payment details, telephone number, e-mail, and signature for the purpose of maintaining accounting records and fulfilling obligations arising from the Accounting Act and other relevant legal regulations. The legal basis for the processing of personal data is compliance with legal obligations. We keep accounting documents for 10 years.
  • Complaints: We process personal data of customers who filed a complaint regarding provided digital services to the extent of title, first name, last name, address, e-mail, telephone number, data relating to the order and the complained digital performance, and the subject matter of the complaint for the purpose of receiving and handling the complaint and maintaining records of complaints. The legal basis for the processing of these personal data is compliance with a legal obligation under consumer protection law. We keep personal data for 5 years from the date the complaint is resolved.
  • Contact form: We process personal data of interested persons to the extent of title, first name, last name, e-mail, telephone number, and subject of the message for the purpose of receiving and handling your inquiry. The legal basis for the processing of these personal data is the performance of a contract or pre-contractual relations. We keep personal data for 12 months.
  • Reviews: We process personal data of customers who provide a review, including title, first name, last name, photograph, e-mail address, telephone number, and the content of the review, on the basis of the data subject’s consent for the purpose of publishing the review on the controller’s website and on social media. Such personal data are processed for the duration of the consent. The data subject may withdraw consent at any time by contacting us at info@tomasizvolt.com. Upon receipt of such request, the controller will remove the review or anonymize the personal data contained in it within 14 days.
  • Newsletter: We process personal data of persons who subscribed to the newsletter to the extent of first name, last name, and e-mail on the legal basis of the data subject’s consent. We process personal data of customers or other persons with whom we have a contractual relationship for the purpose of sending newsletters on the legal basis of legitimate interest, which is to inform about the controller’s activities, offers, and promotions. The data subject may withdraw consent at any time or object to the processing of personal data by sending a written notice or unsubscribing from the newsletter. We process personal data for a period of 10 years.
  • Webinars: We process personal data of participants and persons registered for our live broadcasts – webinars (or recordings of live broadcasts) to the extent of first name, last name, username, e-mail, telephone number, or other provided data for the purpose of participation and providing technical access to the webinar. The legal basis is the consent of the data subject, which is given upon registration for the webinar. We process these personal data for a period of 5 years. We organize webinars with a partner (WebinarJam LLC), which ensures the technical operation of webinars and is responsible for sending e-mail reminders. Based on the established contractual relationship, the merchant reserves the right to send a reasonable amount of promotional e-mails for direct marketing purposes on the legal basis of legitimate interest. It is possible to unsubscribe from such e-mails simply by clicking the “unsubscribe” link in the footer of the e-mail. By registering for a webinar, you also agree to participate in the sales event that will take place at the end of the broadcast.

Protection of minors: Our services are intended for adults. We do not knowingly collect personal data from children under the age of 13 in the United States or under the age of 16 in the European Union. If we become aware that such personal data have been collected without appropriate authorization, we will delete them without undue delay.

 

4. Recipients of Personal Data

Your personal data may be disclosed to the following categories of recipients:

  • providers of IT services and hosting (MioWeb s.r.o., registered office at Kampelíkova 35/20, Stránice, 602 00 Brno, Company ID No.: 07458002),
  • payment gateway providers (e.g. Gopay, PayPal, Stripe, Braintree),
  • accounting firms and tax advisors (Company name / accountant),
  • e-mail marketing tools (e.g. Smartemailing, Mailchimp),
  • legal and marketing advisors (if necessary),
  • employees or collaborators bound by confidentiality,
  • public authorities (e.g. tax office), if required by law.

All recipients are contractually obliged to comply with obligations in the field of personal data protection.

 

5. Recipients and Transfers of Data to Third Countries

As a rule, we do not transfer personal data to third countries outside the EU and EEA unless there is a legal basis for doing so and adequate protection within the meaning of Article 44 et seq. GDPR. If we use tools such as Google, Facebook, or newsletter services based outside the EU, we ensure data protection through Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

To maintain global service availability, some personal data may be transferred to and processed by partners in the United States or other countries outside the EEA. Such transfers are governed by appropriate safeguards to ensure a level of data protection equivalent to EU standards.

RECIPIENTS

To whom do we provide your personal data? We provide personal data to third parties only if this follows from a special law or is necessary for the performance of a contract. These are in particular public authorities and other authorized entities. We may also provide your personal data to a processor that supplies us with expert and specialized services. If we appoint a processor to process personal data, we have concluded a personal data processing agreement with them and bound them to confidentiality.

We have appointed the following processors:

  • accounting office: Company name / accountant
  • domain provider (Websupport s. r. o., Karadžičova 12, 821 08 Bratislava, Slovakia)
  • provider of the online system, hosting, and e-mail distribution (Simvoly Applications Ltd. - BG203856012, Ul. Goce Delčev 24, Varna, Bulgaria, contact@simvoly.com)
  • provider of the interface for organizing live broadcasts - webinars or playback of recordings of live broadcasts (WebinarJam LLC, 7660 Fay Ave Ste H184, La Jolla, CA 92037, USA)
  • provider of the SMS system for sending reminder SMS messages (Twilio Ireland Limited, 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland)
  • Amazon Web Services (AWS)
    https://aws.amazon.com/privacy/

The entire infrastructure of Simvoly / Emifunnel is hosted on AWS virtual servers. Our system e-mails are sent via Amazon SES.
- Google Analytics
https://policies.google.com/privacy
Analytics regarding how users use our website
- Google Calendar
https://policies.google.com/privacy
Creating or deleting events through the booking feature
- Facebook
https://www.facebook.com/privacy/explanation
Facebook is used for customer retargeting
- Braintree
https://www.braintreepayments.com/legal/braintree-privacy-policy
Used for payments for all programs or payment forms
- Intercom
https://www.intercom.com/terms-and-policies#privacy
For providing support via live chat and notifying about product updates
- FreshDesk
https://www.freshworks.com/privacy/
For ticket sales and support
- employees and other companies that work for us

If you have any questions regarding this Privacy Policy, you may contact us using the information below.

 

6. Retention Period of Personal Data

Personal data are retained only for the period necessary to fulfill the purpose of their processing or for the period specified by the relevant legal regulations.

Data from orders and invoices are retained for 10 years in accordance with accounting law and related legal regulations.

Data provided through the contact form are retained for 5 years from the last communication.

Data processed for marketing purposes are retained until consent is withdrawn, but no longer than 5 years.

Cookies are retained according to their type, but no longer than 2 years.

 

7. Rights of the Data Subject

You have the following rights:

  • Right of access to data – you may request a copy of the processed data.
  • Right to rectification – if the data are inaccurate or outdated, you have the right to have them corrected.
  • Right to erasure (right to be forgotten) – if they are no longer needed or if you withdraw consent.
  • Right to restriction of processing – if you contest the accuracy of the data or their processing.
  • Right to data portability – you may obtain your data in a structured format.
  • Right to object – to processing based on legitimate interest or direct marketing.
  • Right to withdraw consent – at any time, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint – with the Personal Data Protection Office if you believe your rights have been violated.

If you are a resident of California or another U.S. state with specific privacy rights, you may also have the right to request information about the categories of personal data collected, the right to request deletion of your personal data, and the right not to be discriminated against for exercising your privacy rights, to the extent provided by applicable law.

We do not sell personal information for monetary consideration. If applicable law classifies certain advertising or analytics activities as “sharing”, you may exercise your opt-out rights by contacting us at info@tomasizvolt.com or through the relevant cookie/privacy controls available on our website.

 

8. How to Exercise Your Rights

You may exercise your rights:

  • By e-mail: info@tomasizvolt.com

We will handle your request without undue delay, but no later than within 30 days. In justified cases, we may extend this period by a further 60 days.

 

9. Security of Processing

We ensure adequate protection of personal data through:

  • the use of encryption (HTTPS, encrypted databases),
  • regular backups,
  • restricted access (authorized persons only),
  • internal security policies,
  • training for employees and collaborators, 
  • periodic internal reviews of data handling and storage procedures.

 

10. Automated Decision-Making and Profiling

We do not carry out any automated decision-making or profiling based on your personal data that would have a legal or similarly significant effect on you as a data subject.

 

11. Final Provisions

These Privacy Policy terms become effective on [06 April 2026]. The controller reserves the right to update them at any time. The current version is always available on the website.

This website uses cookies

We use cookies to ensure the proper functioning of this website, analyze traffic, improve your browsing experience, and, with your consent, display relevant advertising. You can accept all cookies, reject optional cookies, or customize your preferences. More information

Cookie settingsReject allAccept all
Cookie Preferences

Cookies are small text files stored on your device to help us ensure the proper functioning of the website, improve your browsing experience, analyze traffic, and, where applicable, personalize content and advertising. Some cookies are strictly necessary and do not require your consent. Other cookies, including functional, analytical, and marketing cookies, are used only with your consent. You can accept all cookies, reject all optional cookies, or customize your preferences. You may change or withdraw your consent at any time through the cookie settings on our website. More information

Individual consents
Necessary - Required for the website to function properly.
Necessary cookies help make the website usable by enabling basic functions such as page navigation, secure access, and proper operation of essential features. The website cannot function properly without these cookies.
Statistics - Used to understand how visitors use the website and help us improve it.
Statistics cookies help us understand how visitors interact with the website by collecting and reporting information in an aggregated form. They help us improve website performance, content, and user experience.
Marketing - Used to deliver relevant advertising and measure ad performance.
Marketing cookies are used to track visitors across websites in order to display advertising that is more relevant to their interests and to measure the effectiveness of advertising campaigns.
Save settings
Reject allAccept all