1. Introduction
1.1 These Personal Data Protection Principles (hereinafter referred to as the “Principles”) describe how Ing. Roman Kašpárek, IČ 684 47 795, Klicperova 446/6, Liberec (hereinafter referred to as the “Administrator”) processes the personal data of users of the skab.cz website (hereinafter referred to as the “Website”) in connection with booking outdoor courses, registering for a via ferrata visit and purchasing electronic gift vouchers.
1.2 The Administrator undertakes to protect personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the Protection of Personal Data (GDPR) and Act No. 110/2019 Coll., on the Processing of Personal Data.
​
2. Personal Data Administrator
2.1 The administrator of your personal data is:
Ing. Roman Kašpárek, IČ 684 47 795, with registered office at Klicperova 446/6, Liberec, e-mail: ahoj@skab.cz, phone: +420 723 327 597.
2.2 The Administrator is not obliged to appoint a Data Protection Officer. In case of any questions, please contact us at the above e-mail address.
​
3. What personal data do we process
3.1 When booking outdoor courses, registering for a via ferrata visit or purchasing electronic gift vouchers, we process the following personal data:
Name and surname

Email address

Billing details (for legal entities, possibly ID and VAT number)

Payment details (e.g. account number or payment card details mediated by a payment gateway)

Date and time of booking/registration/purchase

Unique ticket or voucher code

Information about cancelling the course reservation (if the Buyer cancels the course, e.g. date of cancellation for calculating the cancellation fee)

3.2 We may also process data about your activity on the Website (e.g. IP address, cookies), if you agree to this (see point 8).

4. Purposes of processing personal data
4.1 We process personal data for the following purposes:
Performance of the contract: Ensuring the reservation and organization of an outdoor course, registration for a visit to the Site or delivery of an electronic gift voucher, including communication regarding these services (legal basis: Article 6(1)(b) GDPR – performance of the contract).

Cancellation policy management: Recording cancellations of climbing course reservations and calculating cancellation fees according to the Terms and Conditions (legal basis: Article 6(1)(b) GDPR – performance of the contract).

Accounting and tax obligations: Keeping records of payments and issuing tax documents (legal basis: Article 6(1)(c) GDPR – performance of a legal obligation).

Communication with you: Sending confirmations, information about changes in dates, answers to questions or handling complaints (legal basis: Article 6(1)(b) GDPR – performance of the contract, or Article 6(1)(b) GDPR – performance of the contract, or Article 6(1)(b) GDPR – performance of the contract). 1 letter f) GDPR – legitimate interest).

Marketing purposes: Sending information about news and offers (e.g. new courses, visit dates), if you expressly agree to this (legal basis: Art. 6 paragraph 1 letter a) GDPR – consent).

5. Retention period of personal data
5.1 We retain personal data for the period necessary to fulfill the purpose of the processing:
We retain data for the performance of the contract (course reservation, visit registration, purchase of a voucher) for the duration of the service (e.g. 1 year for vouchers, until the date of the visit or course) and then for a further 6 months in case of complaints.

We retain data related to cancellation conditions (e.g. date of course cancellation) for a period of 6 months from cancellation in case of disputes.

We store data for accounting and tax purposes for 10 years from the end of the accounting period in which the payment was made (according to Act No. 563/1991 Coll., on Accounting).

We store data for marketing purposes until you withdraw your consent.

5.2 After these periods, the data will be deleted or anonymized, unless the law requires other processing.

6. Recipients of personal data

6.1 We may transfer your personal data to the following entities:

Payment service providers for payment processing.

IT service providers (e.g. website hosting, e-mail server).

Accounting or tax advisor for the fulfillment of legal obligations.

Public authorities (e.g. tax office), if required by law.

6.2 We have concluded personal data processing contracts with these recipients (if they are processors under the GDPR) and we ensure that they handle the data in accordance with the regulations.

​

7. Your rights

7.1 As a data subject, you have the following rights:
Right of access: You can request information about what data we process about you (Article 15 GDPR).

Right to rectification: You can request the correction of inaccurate data (Article 16 GDPR).

Right to erasure ("to be forgotten"): You can request the deletion of data if it is no longer needed or if you withdraw your consent (Article 17 GDPR).

Right to restriction of processing: You can request the restriction of processing in certain cases (Article 18 GDPR).

Right to portability: You can request the transfer of data to another controller in a structured format (Article 20 GDPR).

Right to object: You can object to processing based on legitimate interest (Article 21 GDPR).

Right to withdraw consent: You can withdraw your consent to marketing at any time (e.g. by unsubscribing from the newsletter).

7.2 To exercise your rights, please contact us at ahoj@skab.cz. We will process your request within 30 days, in complex cases within 90 days.
7.3 You also have the right to file a complaint with the Office for Personal Data Protection (www.uoou.cz) if you believe that the processing violates the regulations.

8. Cookies and analytical tools
8.1 We use cookies and similar technologies on the Website to improve the user experience and analyze traffic. We process this data only with your consent, which you can grant via the cookie bar on the Website.
8.2 You can withdraw your consent at any time in the Website settings.

9. Transfer of data outside the EU
9.1 We do not transfer your personal data outside the European Economic Area (EEA), unless otherwise stated (e.g. when using analytical tools such as Google Analytics, where data is transferred to the USA based on standard contractual clauses).

10. Security of personal data
10.1 We protect personal data using technical and organizational measures (e.g. encryption, limited access, regular system updates) to prevent misuse, loss or unauthorized access.

11. Final provisions
11.1 We may update this Policy. The current version is always available on the Website and is valid from the date of publication.
11.2 The Policy comes into effect on 12.4.2025.