Personal Data Processing Principles

Below you will find our principles of processing the personal data that you provide to us as the controller if you visit our website available at https://montessoriparenting.org/, or if you are our customers or if you are interested in our products or services.

We process personal data in accordance with applicable and effective legislation, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council – the General Data Protection Regulation ("GDPR").

This document is designed to inform you about how your personal data will be treated and to instruct you on your rights.

 

CONTENTS OF THIS DOCUMENT:

  • Personal data controller – our identification and contact details
  • Source of personal data – where we get access to your personal data
  • Categories of personal data and request to provide it – which personal data we process about you, whether you are obliged to provide it to us and the consequences of not providing it
  • Purposes and duration of processing – for what purposes and for how long we process your personal data and what entitles us to do so
  • Cookies – which cookies we use
  • Recipients of personal data – to whom we provide access to your personal data
  • Transfer of personal data to a third country or international organisation – whether your personal data will be transferred to a third country or international organisation
  • Security of personal data – what technical and organisational measures we have taken to secure your personal data
  • Your rights – what rights you have in relation to the processing of your personal data
  • Final provisions – effective period of this document and the possibility of amending it

PERSONAL DATA CONTROLLER

The personal data controller is:

   Childhood Potential, s. r. o.

   Registered in the Register of Companies kept by the Municipal Court in Prague, section C 392192

   Company ID No.: 19823614

   Registered office: Vačkářova 278, 251 01 Dobřejovice, Czech Republic

   Telephone number: +420 605 246 227

   E-mail: info@montessoriparenting.org

 

PERSONAL DATA SOURCE

We process personal data that we obtain directly from you. We obtain your personal data by you filling in and submitting a form on our website. We may also obtain your personal data in other ways – for example, by you providing it to us by email, telephone, during a video call or via social media.

CATEGORIES OF PERSONAL DATA AND REQUEST TO PROVIDE IT

To the extent necessary, we process the following general personal data about you: name and surname, company registration number, tax identification number, residential address, registered office address, payment details, telephone number, e-mail address, identifier of other forms of remote communication, IP address, information about the products or services you have ordered, as well as information that you provide to us during our cooperation (data relating to your personal status, personal and property situation, etc.). If you allow us to publish your reference and, where applicable, also provide us with a photograph or video recording, we also process the personal data about you contained in the reference and the corresponding photograph or video recording. If you make use of the possibility of logging in, discussing, rating or sharing via social networks (Facebook, Instagram, YouTube, etc.), we may also process public information about you on your profile on the respective social network (in particular name and surname, photograph, age category and other public information according to your settings).

The provision of the category of general personal data referred to in the first sentence of the preceding paragraph is necessary for mutual communication or for the conclusion and performance of an agreement; in the absence of such provision, it will therefore not be possible to communicate with each other or to conclude and perform an agreement. In cases where the processing of personal data is based on your consent, it depends solely on your decision whether or not you provide your personal data to us. 

We only process special categories of personal data (sensitive data) about you if you voluntarily provide us with this data in the course of our cooperation and only with your consent. We do not request this personal data from you and have no interest in processing it. It is therefore up to you whether you choose to provide us with this data. This includes personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, state of health, sex life or sexual orientation.

 

PURPOSES AND DURATION OF PROCESSING

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF CONCLUDING AND PERFORMING THE AGREEMENT

We process your personal data for the purposes of concluding an agreement and performing the agreement concluded between us (mutual communication before and after the conclusion of the agreement, delivery of the ordered product or service, making the payment). For this purpose, we process your general personal data referred to in Article III(1) above as well as the special categories of personal data (sensitive data) referred to in Article III(3) above.  

The legal title (authorisation) to the processing of personal data is the performance of an agreement concluded between us and the implementation of measures taken prior to the conclusion of the agreement at your request.

For this purpose, we process your personal data for the duration of our contractual relationship and, after termination thereof, we further process some of your personal data for the purpose of fulfilling our legal obligations or for purposes of legitimate interest (see points B to D below).

 

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF COMPLYING WITH LEGAL OBLIGATIONS

Furthermore, we process personal data for the purposes of complying with legal obligations to which we are subject (e.g. statutory tax obligations). For this purpose, we process the following personal data: your name and surname, ID number, VAT number, residential address, registered office address, payment details and information about the products or services that you have ordered.

The legal title (authorisation) to the processing of personal data is therefore the fulfillment of a legal obligation to which we are subject.

For this purpose, we process your personal data for the period of time specified by generally binding legal regulations.

 

PROCESSING OF PERSONAL DATA FOR DIRECT MARKETING PURPOSES

We also process your personal data for direct marketing purposes (sending newsletters, etc.). For this purpose, we process the following personal data: name and surname, home address, registered office address, telephone number, e-mail address and information about the products or services you have ordered.

If you are our customer, our legitimate interest is the legal title (authorization) to such processing of personal data, as we reasonably assume that you are interested in our information and news.

You can stop receiving newsletters at any time by simply clicking on the relevant link, which you will find in every email from us.

 

PROCESSING OF PERSONAL DATA FOR THE PURPOSES OF PROTECTING RIGHTS AND ENFORCING CLAIMS

We also process personal data for the purposes of protecting our rights and enforcing legal claims (those resulting from agreements concluded or any harm suffered, etc.). For this purpose, we process your personal data from the agreements and from our mutual communication.

The legal title (authorisation) for the processing of personal data is our legitimate interest.

For this purpose, we process your personal data for the duration of the contractual relationship and for 5 years after its termination, or for 5 years after our last contact if no agreement has been concluded.

 

PROCESSING OF PERSONAL DATA UPON YOUR CONSENT

If you are not our customer, we will only send you newsletters, etc. upon your consent. We will also only send you information about third party products or services upon your consent. We also need your consent to process your personal data for the purpose of publishing your review on our website or social media. Upon your consent, we will also process public information on your profile on the relevant social network that you use to discuss, rate or share information with us (on our profile, channel, page or group).

Before giving consent, we will inform you which personal data we will process upon your consent and to which specific purpose of processing your consent will apply.

You can withdraw your consent at any time, e.g. by clicking on the relevant link in each email received. However, if we also process your personal data upon any other legal titles listed under A to D above, we will continue to process it upon this respective title after you have withdrawn your consent.

 

COOKIES

We use cookies and other related technologies when using the website. Cookies are small content files that are used to store and receive identifiers and other information about the devices from which you access our website.

Technical and functional cookies ensure correct functioning of our website and make it easier to visit (you do not have to enter the same information repeatedly when you visit our website). These cookies may be placed without your consent. Analytical and marketing cookies can only be placed with your prior consent. 

You can refuse the use of cookies in your browser settings or you can set the use of selected cookies only.

 

RECIPIENTS OF PERSONAL DATA

If we share your personal data with another person, we take care to ensure that it is protected.

In order to ensure certain processing operations, we use the services or applications of other persons, who have access to your personal data for this reason and who contractually guarantee the protection of your personal data.

These include in particular the following:

  • web hosting and domain: Cofis;
  • e-mailing: SmartEmailing;
  • billing system: FAPI;
  • payment gateway: Stripe;
  • social media: Facebook, Instagram, YouTube;
  • accounting company: Sluto;
  • graphics specialist, IT specialist, legal representatives;
  • joint controllers of your personal data.

 

We will also disclose your personal data to relevant administrative authorities or courts in order to comply with our statutory duties or to protect our rights and legitimate interests.

Should we use other applications or services of others in the future, we will select them carefully so as to maintain our standard of securing and processing of personal data. 

 

TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

Your personal data may be transferred to third countries, namely the United States of America. On 10 July 2023, the European Commission adopted a decision on the adequacy of the level of protection of personal data within the meaning of Article 45(3) of the GDPR. Pursuant to it, the United States provide an adequate level of protection of personal data transferred from the European Union to organizations in the United States that are on the appropriate list, the Data Privacy Framework List. Stripe, Inc., Meta Platforms, Inc. (Facebook and Instagram), and Google LLC (YouTube) are on this list, ensuring an adequate level of protection for your personal data.

 

SECURITY OF PERSONAL DATA

As the controller, we have taken all technical and organisational measures to secure your personal data so that it cannot be accidentally or unlawfully accessed, altered, destroyed or lost, or otherwise misused.

In particular, we have taken the following technical and organisational measures to secure your personal data:

  • Protection of access to the computing technology used to process personal data with individual strong passwords and protecting these passwords from disclosure;
  • Protection of the computing equipment by anti-virus programs;
  • Protection of portable computing equipment or portable data storage devices (surveillance, data encryption, etc.);
  • Locking of premises where documents containing personal data are stored;
  • Entrusting access to personal data only to authorised persons who are bound by the obligation to maintain the confidentiality of your personal data and the security measures taken. 

 

Our technical and organisational measures in place are regularly tested and their effectiveness in ensuring the security of the processing of personal data is assessed and evaluated.    

 

YOUR RIGHTS

You have the following rights in relation to the personal data processing:

  • Right of access to personal data (Article 15 GDPR)
    You have the right to be informed as to whether or not your personal data is being processed and, if it is, you have the right to access your personal data and to receive details regarding the processing of your personal data.
  • Right to rectification or completion of personal data (Article 16 GDPR)
    You have the right to request that we correct inaccurate personal data relating to you and, taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.
  • Right to erasure of personal data (Article 17 GDPR)
    You have the right to request that we delete personal data relating to you and, if any of the reasons set out in Article 17 GDPR applies, we are obliged to delete your personal data upon your request.
  • Right to restriction of personal data processing (Article 18 GDPR)
    If the conditions set out in Article 18 GDPR are met, you have the right to have us restrict the processing of your personal data.
  • Right to data portability (Article 20 GDPR)
    If the processing of your personal data is carried out by automated means and is also based on consent or an agreement, you have the right to obtain the personal data concerning you in a structured, commonly used and machine-readable format and to transmit it to another controller. Where technically feasible, you also have the right to request that we transfer your personal data to another controller ourselves.
  • Right to object to the personal data processing (Article 21 GDPR)
    For reasons relating to your particular situation, you have the right to object at any time to the processing of personal data concerning you if the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of our legitimate interests or those of a third party. In this case, we may only further process your personal data if we can demonstrate compelling legitimate grounds for the processing which override your interests or rights and freedoms or for the establishment, exercise or defence of our legal claims. If we process your personal data for direct marketing purposes, including profiling, you have the right to object at any time to the processing of personal data concerning you for this marketing, in which case we will no longer process your personal data for these purposes.
  • Right to withdraw consent to the processing of personal data
    If personal data is processed upon your consent, you have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of the processing based on the consent previously given.
  • Right to lodge a complaint with the Data Protection Authority
    If you believe that your right to data protection has been breached, you have the right to lodge a complaint with the Data Protection Authority.

You can exercise your rights with us by using the contacts listed above (postal or e-mail address). We may contact you before processing your request in order to verify your identity in a reasonable manner.

 

FINAL PROVISIONS

We are entitled to amend these Personal Data Processing Principles to the extent appropriate. The current version is available on our website mentioned above. 

These Personal Data Processing Principles become effective on 4 December 2023.