Privacy and personal data processing

Last update: February 2025. These principles are in accordance with EU Regulation 2016/679 (GDPR) and Act No. 110/2019 Coll.

1. Data controller

The administrator of personal data is the operator of the Doučko application. The administrator contact is available in the application (e.g. in the Contact section or in the footer). The data subject (user) can contact the controller regarding their rights.

2. What data we process

We process the data that the user provides during registration and in the profile: e-mail, first name, last name, date of birth, phone, address, photo, description, information about subjects and prices (for lecturers), information about availability and reservations. For students, further information related to the ISIC card, if the user fills it in. Technically, we process the IP address and data from cookies (see below) to the extent necessary for the operation of the service.

3. Purpose and legal basis of processing

Contract fulfillment – registration, account management, mediation of reservations and communication between lecturers and students.
Olegitimate interest – service security, abuse prevention, technical support.
Consent – where required (e.g. marketing email, optional data). Consent can be revoked at any time.

4. Retention period

We keep personal data for the duration of the account and further to the extent required by law (e.g. accounting and tax documents). After the account is canceled, the data will be anonymized or deleted to the extent necessary, with the exception of data that we have to keep by law.

5. Data subject rights

The user has the right: ZXQ0QXKnow access to his data, ZXQ2QXKnow correction, ZXQ4QXKnow deletion ("the right to be forgotten"), ZXQ6QXKnow processing restrictions, ZXQ8QXKnow portability of data, Voice an objection to processing. Consent given at registration can be revoked; the appeal will not affect the lawfulness of the processing before the appeal. Rights can be exercised to the administrator's contact email. The user also has the right to file a complaint with the supervisory authority (Office for the Protection of Personal Data, úoou.cz).

6. Cookies and similar technologies

We use necessary cookies for the operation of the application: session cookie (login) and CSRF token (form security). These cookies do not require ePrivacy/GDPR consent as they are necessary to provide the service. We do not use marketing or analytical cookies without your consent. We display more information on the first visit in the cookie notice.

7. Data transfer and security

Personal data may be transferred to processors (hosting, email server, payment gateway Stripe) in accordance with the GDPR. Transfers outside the EU/EEA take place only under the guarantees set by the regulation. We protect data with appropriate technical and organizational measures.

8. Policy changes

We may update the privacy policy. We will inform you about significant changes through the application or by e-mail.

← Back to home · Terms of use