Kathy Lucan

Menu
E-shop

Privacy Policy

Personal Data Controller:

Mgr. Kateřina Lučan   

Business address: Hlavní 333/76, 664 31, Lelekovice 

Business ID (IČO): 05514169

Registered in the Trade Register

Non-VAT payer

Phone: +420 724 511 486

Email: katerina.lucan@gmail.com

(hereinafter referred to as the “Controller”)

I. Key Terms

The Controller operates the website kathylucan.com, related online services, social media pages, and other internet projects (collectively referred to as the “Services”). In the course of operating and providing these Services, the Controller processes personal data.

Personal data refers to identifiers provided by the user that can identify a specific individual, either on their own or when combined with other information. 

Processing of personal data The data subject is the user – a natural person whose data is processed by the Controller when using the Services. 

Processing of personal data refers to any operation or set of operations systematically performed on personal data, such as collection, organization, storage, retrieval, use, sorting, blocking, or deletion. The Controller processes data in accordance with applicable data protection laws, namely Regulation (EU) 2016/679 (GDPR) and Act No. 110/2019 Coll. on the Processing of Personal Data.

A processor is a person or company appointed by the Controller to process personal data for specific purposes.

Special categories of data include information about health , religious or philosophical beliefs, sexual life, or orientation that the data subject voluntarily provides to the Controller when using Services.

II. Purpose and Method of Processing Personal Data 

1. The purpose of processing personal data is to enable the use of the Controller’s Services. The legal basis for processing is a contract, order, consent given by the data subject, or legitimate interest.

2. Email newsletters are sent only with explicit consent or under the conditions of Act No. 480/2004 Coll. on Certain Information Society Services.

3. The Controller processes personal data only to the extent provided by users and solely for the purposes mentioned above (e.g., purchase of Services, contractual performance, or email communication).

4. Personal data may be stored in a user database, modified, searched, sorted, or deleted after the specified retention period or upon withdrawal of consent.

5. Special categories of data are processed only if voluntarily provided by the user and only when necessary for delivering the Services (e.g., information about health status for certain coaching sessions).

6. The user is informed and agrees that during online group sessions (e.g., via Zoom), the Controller may record the session and use the recording for business purposes, including publication online. This does not apply to individual consultations — these recordings are private and shared only with the client.

7. The user is informed and agrees that the Controller may take photos during in-person events and publish them online (e.g., on the website or social media). Written consent may be requested if photos could affect the subject’s personal rights.

III. Data Retention Period

The Controller stores personal data for the following durations:

  • For the duration of the contractual relationship and 5 years after its termination (for potential claims or disputes).
  • For 5 years after the last use of the Services.
  • Or until the user withdraws consent for processing.

IV. Rights of Data Subjects

In accordance with the GDPR, users have the right to:

  1. Data subjects have the right to access their personal data. They also have the right to have their data corrected and/or supplemented or deleted, or to request a restriction on the processing of their personal data, as well as the right not to be subject to automated individual decision-making (including profiling).
  2. Data subjects have the right to object to the processing of their personal data.
  3. Data subjects have the right to data portability in a structured, commonly used, and machine-readable format.
  4. Data subjects have the right to withdraw their consent to the processing of personal data at any time. To withdraw consent, the Controller recommends using the contact email provided at the beginning of this Policy. 
  5. Data subjects have the right to lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection (http://www.uoou.czlocated at Pplk. Sochora 27, 170 00 Prague 7, email posta@uoou.czdata box ID qkbaa2n.

V. Information About Cookies

1. When using the website, the Controller employs cookies or similar electronic identifiers. Cookies are small text files used to store and retrieve identifiers and other information about users’ devices through which they access the Controller’s website.

2. The Controller uses essential (necessary) technical, analytical, and marketing cookies. Technical cookies assist with viewing the website and, where applicable, with registering for the Controller’s Services. Analytical cookies are used by the Controller to analyze data in order to improve the functionality of the Services. Marketing cookies are used to track user preferences on the website for advertising purposes. Analytical and marketing cookies are used in cooperation with third-party tools and only with the prior consent of users.

3. The user has the right to refuse the use of cookies in their web browser settings or to allow only certain types of cookies. For this purpose, a special cookie management tool (so-called consent management) is available on the Controller’s website.

4. Information about cookies and the so-called cookie banner (consent management) containing the necessary details are part of the Controller’s website. 

VI. Final Provisions

1. In the event that the Controller engages a processor to perform certain activities, the Controller undertakes to ensure that such processors are bound by the same level of personal data protection as guaranteed to data subjects under this Policy.

2. The Controller does not transfer personal data outside the countries of the European Union.

3. The Controller reserves the right to amend this Policy in the event of changes on the part of the Controller or in the applicable legislation in this area.

4. The legal relationships between the Controller and the data subjects whose data are processed by the Controller are governed by the laws of the Czech Republic. Any disputes shall be handled by the competent courts of the Czech Republic and the supervisory authority — the Office for Personal Data Protection — as specified above, even in cases where the data subjects are customers from abroad.

5. These Privacy Policy Principles are effective as of October 27, 2025..10.2025.

Mgr. Kateřina Lučan

EN
CZ EN
Powered by TranslatePress