GDPR

Information on Personal Data Processing – GDPR (Athlentic)

Applicable regulations

The processing of personal data within the Athlentic platform is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, “GDPR”) and the relevant Czech legislation, in particular Act No. 110/2019 Coll., on the Processing of Personal Data.

1. Legal basis for processing

Cabtech CZ s.r.o. processes personal data lawfully on the following legal grounds:gdpr-info a) Performance of a contract (Art. 6(1)(b) GDPR): Processing of data necessary for the conclusion and performance of the contract for the purchase of a digital card (name, email, billing details, payment data). b) Compliance with a legal obligation (Art. 6(1)(c) GDPR): Keeping accounts and tax records, fulfilling reporting obligations to tax and statistical authorities. c) Legitimate interests (Art. 6(1)(f) GDPR): Protection of the rights and claims of Cabtech CZ s.r.o., including platform security, fraud prevention, keeping internal records and debt recovery. None of these legal bases is used in a way that would be contrary to the law – the processing is always lawful and justified.

2. Categories and scope of processed data

Depending on how you interact with the platform, the following data may be processed:

  • Registration and browsing: Name, email address, IP address, cookies.
  • Purchase of a card: Name, email, address (if provided), card/account details (processed by Stripe), date and time of purchase, purchased card.
  • Delivery of the card: Email, data on the digital wallet or access to the token.
  • Accounting: Name, email, amount, transaction date, IP address (for security audit). Only data that is truly necessary for the specific purpose is collected; unnecessary personal data is not required.

3. Data subjects’ rights

Under the GDPR, you have the following rights and options to exercise them:

  • Right of access (Art. 15 GDPR): You may request information about what personal data is processed about you and under what conditions. Contact: athlentic@athlentic.app
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data. Contact: athlentic@athlentic.app
  • Right to erasure (Art. 17 GDPR, “right to be forgotten”): You may request deletion of your personal data if the reason for processing no longer applies; accounting data is kept for the statutory period (typically 10 years). Contact: athlentic@athlentic.app
  • Right to restriction of processing (Art. 18 GDPR): In case of a dispute about accuracy or lawfulness of processing, you may request temporary restriction. Contact: athlentic@athlentic.app
  • Right to data portability (Art. 20 GDPR): If you provided data on the basis of a contract or consent, you may receive it in a portable format and transfer it to another controller, where technically feasible and not contrary to legal obligations. Contact: athlentic@athlentic.app
  • Right to object (Art. 21 GDPR): You may object to processing based on our legitimate interests (e.g. internal security analyses). Contact: athlentic@athlentic.app
  • Right to judicial and supervisory protection (Arts. 77–79 GDPR): You may lodge a complaint with the Office for Personal Data Protection (ÚOOÚ) if you believe GDPR has been breached: Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7, www.uoou.czpodani@uoou.cz All rights can be exercised free of charge by email at athlentic@athlentic.app; responses are provided without undue delay, at the latest within 30 days (with a possible extension by a further 60 days in complex cases).

4. Retention periods

Personal data is stored only for as long as necessary to fulfil the purposes for which it was collected, with the following exceptions:

  • Order and payment data: 10 years from the end of the year in which the transaction took place (statutory obligation for accounting and tax authorities).
  • User account data: For the duration of the account; after deletion, only data necessary for accounting is retained.
  • Technical logs and security records: 1 year, unless part of an abuse investigation or legal dispute.
  • Data for the exercise of rights and claims: For as long as rights and claims are pursued, at least for the relevant limitation period (usually 3–6 years).

5. Security measures

Personal data is protected by the following technical and organisational measures:

  • Encryption of data in transit (TLS/HTTPS) and, where appropriate, at rest.
  • Restricted access to personal data – only personnel necessary for operation have access.
  • Security policies and procedures for staff, regular software updates and security testing.
  • Careful selection of external partners (e.g. Stripe, hosting providers) based on their certifications and GDPR compliance. Despite appropriate measures, no system can be 100% secure; in case of a suspected breach, you will be informed without undue delay.

6. Contact details for GDPR matters

If you have any questions regarding personal data processing or wish to exercise your rights, please contact: Cabtech CZ s.r.o. Email: athlentic@athlentic.app Address: Sudoměřská 185/10, 130 00 Praha 3, Czech Republic Company ID (IČO): 05585856.