Legal
Privacy Notice
pedalczech.cz — GDPR / Privacy Notice
Effective from: April 20, 2026 | Version 1.0
1. Data Controller
Dominik Vaverka Business ID (IČO): 24884227 620 00 Brno, Czech Republic Phone: +420 792 927 901 | Email: info@pedalczech.cz
I am the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (GDPR). I have not appointed a Data Protection Officer (DPO) because the scope of processing does not trigger that obligation under Article 37 GDPR.
For any question or to exercise your rights, contact info@pedalczech.cz.
2. What data I process and why
2.1 Guided tour participants
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| First name, surname | Identification, contract | Contract performance (Art. 6.1.b) | 3 years |
| Date of birth | Age verification (18+), emergency | Contract performance | 3 years |
| E-mail, phone | Booking communication | Contract performance | 3 years |
| Nationality | Communication in case of accident | Legitimate interest (Art. 6.1.f) | 3 years |
| Emergency contact | Reach in case of accident | Legitimate interest (safety) | 3 years |
| ID document number (visual only) | Identity verification — no copy taken | Legitimate interest | not stored |
| Health information (voluntary) | Safety during the tour | Explicit consent (Art. 9.2.a) | 3 years or until withdrawn |
| Payment details | Payment processing | Contract + legal obligation | 10 years (tax archive) |
2.2 Rental customers
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name, address, date of birth, ID | Rental agreement, asset protection | Contract + legitimate interest | 3 years after return |
| Contact (e-mail, phone) | Communication, incident handling | Contract performance | 3 years |
| Payment details | Payment, security deposit | Contract performance | 10 years |
2.3 Website visitors
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| IP address (server log) | Security, protection against attacks | Legitimate interest | 30 days |
| Contact form data | Response to your inquiry | Legitimate interest (pre-contractual) | 1 year |
3. Recipients of data
Personal data is not sold nor passed on for third-party marketing. Data is shared only with:
| Recipient | What and why |
|---|---|
| myPOS Payments Ltd (IE) | Card payment and pre-authorization processing |
| Emergency medical services | Health information and emergency contact in case of emergency |
| Accountant / tax advisor | Invoicing and payment data for tax purposes |
| Public authorities | Only when required by law (Czech Police, tax office) |
All processors are bound by a Data Processing Agreement (DPA) under Article 28 GDPR.
4. International transfers
By default, personal data is not transferred outside the EU/EEA. If such a transfer occurs (e.g. via booking platform), it will be based on Standard Contractual Clauses (SCCs) approved by the European Commission.
5. Data security
- Access to data is limited to me and the entities listed above
- Electronic data is protected by passwords and encryption
- Paper documents (signed contracts, waivers) are kept locked
- No copy of the ID document is taken — data is only visually verified
- After the retention period, data is shredded (paper) or securely deleted (electronic)
6. Your rights
Under Articles 15–22 GDPR you have the following rights. Email info@pedalczech.cz — I will respond within 1 month.
| Right | What it means |
|---|---|
| Access | Obtain a copy of all your data I process |
| Rectification | Correct incorrect or incomplete data |
| Erasure | Have your data deleted when the processing reason no longer applies |
| Restriction | Restrict processing while a dispute is resolved |
| Portability | Obtain data in a structured format |
| Objection | Object to processing based on legitimate interest |
| Withdraw consent | Withdraw consent at any time — withdrawal does not affect prior processing |
7. Right to lodge a complaint
If you believe processing of your data violates GDPR, you have the right to lodge a complaint with:
Office for Personal Data Protection (ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7 | www.uoou.cz | +420 234 665 111
8. Cookies and tracking
On pedalczech.cz I use only strictly necessary cookies required for the booking form and language preference. I do not run Google Analytics, Meta Pixel, or any marketing or analytical cookies. For this reason the website has no cookie banner — strictly necessary cookies do not require consent under Czech law (§89 Act No. 127/2005 Coll.).
9. Updates
I may amend this Notice. The current version is always available at www.pedalczech.cz/privacy.
Last updated: April 20, 2026 | Version 1.0