Effective from: December 21, 2025 Version: 1.0
IMPORTANT NOTICE
This document is an English translation of the original Czech Privacy Policy ("Zásady ochrany osobních údajů"). This translation is provided for informational purposes only.
The HopNaWorkshop platform is intended for use exclusively in the Czech Republic. The service is designed for Czech users, uses Czech banking standards, and operates under Czech and EU law.
In case of any discrepancy between this English translation and the Czech original, the Czech version shall prevail and be legally binding. The Czech version is available at http://hopnaworkshop.cz/privacy.
1. Introductory Provisions
1.1 Data Controller
The controller of personal data processed through the HopNaWorkshop platform (hereinafter "Platform") is:
| Name | David Novák |
| Business ID (IČO) | 04516117 |
| Registered Address | Dejvická 188/6, 160 00 Prague 6, Czech Republic |
| Contact Email | info@hopnaworkshop.cz |
| Website | http://hopnaworkshop.cz |
(hereinafter "Controller" or "we")
1.2 Purpose of This Document
This Privacy Policy (hereinafter "Policy") describes how we collect, use, store, and protect your personal data in accordance with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR);
- Act No. 110/2019 Coll., on Personal Data Processing;
- Other applicable legal regulations of the Czech Republic and the EU.
1.3 Scope of Application
This Policy applies to:
- visitors to the website http://hopnaworkshop.cz;
- registered workshop Hosts;
- Attendees who register for workshops.
2. What Personal Data We Process
2.1 Workshop Host Data
When registering and using the Platform as a Host, we process the following categories of data:
| Category | Specific Data | Processing Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Email, password (hash) | Account access, authentication | Contract performance |
| Profile Data | Display name, profile photo | Public display on the Platform | Legitimate interest / Consent |
| Business Data | Business ID (IČO), website URL | Trustworthiness, legal obligations | Contract performance |
| Payment Data | Bank account number | Payment QR code generation | Contract performance |
| Workshop Data | Titles, descriptions, images, schedules, prices | Service provision | Contract performance |
| Communication Data | Email correspondence | Customer support | Legitimate interest |
2.2 Workshop Attendee Data
When registering for a workshop, we process:
| Category | Specific Data | Processing Purpose | Legal Basis |
|---|---|---|---|
| Registration Data | Name, email, phone | Workshop registration, communication | Contract performance |
| Form Responses | Data entered in the registration form | Workshop Host requirements | Consent (by form submission) |
| Payment Reference | Variable symbol (generated) | Payment matching | Contract performance |
| Communication Data | Confirmation emails | Transaction records | Contract performance / Legal obligation |
2.3 Technical Data (All Users)
We automatically collect:
| Category | Processing Purpose | Legal Basis |
|---|---|---|
| IP address | Security, fraud prevention | Legitimate interest |
| Browser and device information | Service optimization | Legitimate interest |
| Access logs | Security, troubleshooting | Legitimate interest |
3. Sharing Data with Workshop Hosts
3.1 Transfer of Registration Data
When you register for a workshop, your personal data (name, email, phone, and registration form responses) are automatically shared with the Host of that workshop.
The Host needs this data for:
- organizing and conducting the workshop;
- communicating with you about the workshop;
- processing payment and any refunds.
3.2 Host Responsibility
The Host is an independent controller of your personal data that they receive from you through the Platform. The Host is obligated to:
- process your data in accordance with GDPR;
- use them only for workshop purposes;
- not share them with third parties without your consent;
- respond to your requests for access, correction, or deletion of data.
If you have questions about processing of your data by a specific Host, contact them directly.
4. Data Recipients and International Transfers
4.1 Service Providers (Processors)
For Platform operation, we use the following service providers:
| Provider | Service | Location | Safeguards |
|---|---|---|---|
| Firebase (Google Cloud) | Hosting, database, authentication, storage | EU / USA | Standard Contractual Clauses, EU-US Data Privacy Framework |
| Resend | Email delivery | USA | Standard Contractual Clauses, Data Processing Agreement |
4.2 International Data Transfers
Your data may be transferred to the United States of America (USA) as part of using Firebase and Resend services. This transfer is secured by:
- Standard Contractual Clauses approved by the European Commission;
- EU-US Data Privacy Framework;
- Additional technical and organizational measures.
Upon request, we will provide you with detailed information about specific safeguards.
4.3 Other Recipients
We may also provide your data to:
- public authorities – if required by law or based on an enforceable decision;
- legal advisors – in case of legal disputes.
5. Data Retention Period
We retain personal data only for the period necessary to fulfill the processing purpose:
| Data Type | Retention Period | Reason |
|---|---|---|
| Host account | Until account deletion + 90 days | Contract performance, legitimate interest |
| Workshop data | Until workshop deletion by host (or account deletion) + 90 days | Contract performance, legitimate interest |
| Email logs | 30 days | Technical troubleshooting |
| Deleted accounts | 90 days (soft delete) | Fraud prevention, legitimate interest |
After the retention period expires, data are permanently deleted or anonymized.
6. Your Rights
As a data subject, you have the following rights under GDPR:
6.1 Right of Access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether we process your personal data, and if so, to access them and information about processing.
6.2 Right to Rectification (Art. 16 GDPR)
You have the right to rectification of inaccurate personal data and to have incomplete data completed. You can update data directly in your profile or contact us.
6.3 Right to Erasure (Art. 17 GDPR)
You have the right to request erasure of your personal data if:
- they are no longer necessary for the purposes for which they were collected;
- you withdraw consent and there is no other legal basis;
- you object and there are no overriding legitimate grounds;
- the data were processed unlawfully.
This right does not apply if processing is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
6.4 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request restriction of processing, for example if you contest the accuracy of data or have raised an objection.
6.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit them to another controller.
6.6 Right to Object (Art. 21 GDPR)
You have the right to object at any time to processing based on legitimate interest. In such case, we will stop processing the data unless we demonstrate compelling legitimate grounds.
6.7 Right to Withdraw Consent
If processing is based on consent, you have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before its withdrawal.
6.8 How to Exercise Your Rights
You can exercise your rights:
- by email to info@hopnaworkshop.cz;
- in writing to the Controller's registered address.
We will respond to your request without undue delay, within 30 days at the latest. In complex cases, we may extend this period by another 60 days, of which we will inform you.
6.9 Right to Lodge a Complaint
If you believe we are processing your data in violation of GDPR, you have the right to lodge a complaint with a supervisory authority:
Office for Personal Data Protection (ÚOOÚ) Pplk. Sochora 27 170 00 Prague 7 Czech Republic www.uoou.cz email: posta@uoou.cz
7. Personal Data Security
We implement appropriate technical and organizational measures to protect your personal data:
7.1 Technical Measures
- Encryption in transit – all communication takes place over HTTPS (TLS);
- Encryption at rest – data are encrypted on Firebase servers;
- Secure authentication – we use Firebase Authentication with email verification;
- Password hashing – passwords are stored only in hashed form.
7.2 Organizational Measures
- Access control – only authorized persons have access to data;
- Firestore Security Rules – rules restricting database access;
- Regular backups – protection against data loss;
- Security monitoring – monitoring of suspicious activities.
8. Cookies and Tracking
8.1 Current Status
The Platform currently does not use analytical or marketing cookies. We only use technically necessary cookies for:
- maintaining user login;
- ensuring Platform security and functionality.
These cookies do not require your consent as they are necessary for service operation.
8.2 Future Changes
If we introduce analytical or marketing cookies in the future, we will inform you and request your consent through a cookie banner.
9. Processing of Children's Data
9.1 Age Restriction
The Platform is not intended for persons under 16 years of age. Host accounts can only be created by persons over 18 years of age.
9.2 Registration of Minors for Workshops
Persons under 18 years of age may register for workshops only with the consent of a legal guardian. The legal guardian is responsible for providing this consent.
9.3 Unintentional Collection of Children's Data
We do not knowingly collect personal data of children under 16 years of age. If we discover that we have collected such data, we will delete them immediately. If you suspect that we may have collected a child's data, contact us.
10. Changes to This Policy
10.1 Updates
We may update this Policy from time to time to reflect changes in our practices or legal requirements.
10.2 Notification of Changes
We will notify you of material changes:
- by email to the address associated with your account;
- by notice on the Platform.
10.3 Effective Date
The current version of the Policy is always available at http://hopnaworkshop.cz/privacy. The date of the last update is indicated in the document header.
11. Contact
For any questions regarding the processing of your personal data, contact us:
Email: info@hopnaworkshop.cz
Address: David Novák Dejvická 188/6 160 00 Prague 6 Czech Republic
This Privacy Policy takes effect on December 21, 2025.
REMINDER: This is a translation. The Czech version of this document is the legally binding version. Available at http://hopnaworkshop.cz/privacy.