Labs1503 Academy

INFORMATION OF PROCESSING OF PERSONAL DATA

Our company Labs1503 distribution a.s (“Provider” or “Controller”) provides the content of the Academy in the form of video lectures, articles, workshops etc. via the platform Thinkific.com and is in connection with processing personal data of the Academy users, pursuant to Article 4 par. 7 of the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter the “GDPR directive”), the personal data controller.

Identification and contact details of the controller:  Labs1503 distribution a.s., 25729411, Nad Vršovskou horou 1423/10, Michle (Praha 10), 101 00 Praha, [email protected], +420 702 266 048.

The Provider shall process any personal data received in connection with provision of its services within the Academy in accordance with the respective provisions of law, specifically the GDPR directive, correctly in a legitimate and transparent manner, in the scope that is necessary for the stated purpose of data processing, and it shall protect all received personal data in a way appropriate to the nature and importance of any personal data. 

Personal data shall mean any information relating to an identified or identifiable natural person – user of the Platform and Academy (or natural persons acting on behalf of a user – legal entity); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The Provider uses processors as its subcontractors for processing of certain personal data, i.e., the webhosting provider etc. All such processors are checked and tested for safe processing of personal data. The Provider enters into data processing agreement with each processor, based on which the processor is obligated to keep any processed personal data strictly confidential and is responsible to ensure proper and safe processing of personal data in terms of all physical, hardware and software aspects of the processing. Up-to-date list of all processors can be found at the end of this information. Thinkific Labs Inc., as the operator of the Platform, may transfer and store submitted personal information in a third country (outside of the EU); in such case, appropriate or suitable safeguards pursuant to Article 46 of the GDPR directive are adopted. For more information on processing if third countries see Part B below.

Terms used in this information, which are not explained herein, shall have the meaning assigned to them in the Terms and Conditions of the Academy.

1. Personal data processed in connection with using of content of the Academy

2. Upon purchase of the content (in the form of subscription or one-off purchase, unless otherwise specified in the Terms and Conditions), each user is required to submit the following personal data necessary for concluding the agreement on provision of services between the Provider and the user and for processing and realization of the purchase: first name, last name, e-mail address, region, position title. Content of the Academy and services of the Provider cannot be provided without submission of this data by the user. 

3. If a user makes purchase on the Platform, the Provider will use a third-party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Purchase transaction data is stored only as long as is necessary to complete the purchase transaction.

4. As users progress through the courses of the Academy, information about how they interact with the course, including but not limited to, their progress through the course, quiz scores, survey results, discussion or forum contributions and other user activities may also collected via the Platform.

5. The purpose of processing of the herein listed personal data is conclusion and performance of a contract between the user and the Provider, compliance with legal obligations to which the Provider is subject (accounting and tax law etc.) and pursuing of legitimate interests of the Provider, subject to the following data processing conditions:

Conclusion and performance of a contract between the user and the Provider

• Legal basis for the processing of personal data is the performance of a contract pursuant to Article 6 par. 1 subpar. b) of the GDPR directive and taking steps at the request of the data subject prior to entering into a contract, as applicable.

• Personal data of the users necessary for accounting are processed via the Platform or internally by the Provider in its accounting software, which is backed-up on servers of the processor – provider of the accounting software. The processor is obligated to process the data in accordance with instructions of the Provider and provisions of law.

Compliance with legal obligations to which the Provider is subject

• Legal basis for the processing of personal data is compliance with legal obligations to which the Provider is subject pursuant to Article 6 par. 1 subpar. c) of the GDPR directive, specifically accounting and tax obligations.

Pursuing of legitimate interests of the Provider

• Legal basis for the processing of personal data is pursuing of legitimate interests of the Provider pursuant to Article 6 par. 1 subpar. f) of the GDPR directive.

• Personal data are processed for the purpose of pursuing of legitimate interests of the Provider on protection of its legal rights arising in connection with provision of its services to users, internal controlling of due and proper provision of services to users and performance of agreement and effective marketing of the Academy.

• Information on user’s progress through the course, quiz scores, survey results, discussion or forum contributions etc. are processed to ensure quality of the provided services and to collect data that help to improve the user’s experience with the Academy, and also to protect legal rights of the Provider.

• Based on the user’s purchase of the selected content of the Academy, the Provider may offer its same or similar services and products to the user via means of electronic communication. The Provider does also pursue its legitimate interest on finding out the users’ contentment with the purchased products and reviews via e-mail questionaries or requests for evaluation. E-mail questionaries or requests for evaluation can be declined by the user prior to provision of the purchased products in the process of ordering the product.

• User can refuse delivery of e-mail questionaries or requests for evaluation at any time or object to processing of personal data pursuant to Article 21 of the GDPR directive, based on which action the Provider shall no longer send any such questionaries or request to the user.

5. The Provider stores the users’ personal data for the period necessary to perform rights and obligation arising out of a contract between the Provider and user and pursuing legal rights arising out of such contract (3-year limitation period plus 1 year considering that rights could be claimed at the end of the limitation period) and for the period necessary for pursuing the Provider’s legitimate interests. Upon expiration of such periods the relevant personal data shall be deleted. Any personal data processed for the purpose of e-mail marketing, as specified herein, shall be deleted after 2 years from expiry of the user’s subscription or one-off purchase. 

6. During purchase of the Academy content via the Platform, the following processing of personal data takes place.

2. Personal data processed in connection with using the Platform

7. The Provider uses cookies on the Platform and other information such as when the users visited the Platform, the website from where he/she came prior to visiting the Platform, the website where he/she goes when leaving the Platform, computer’s operating system, location data, and the type of web browser used. to evaluate performance of the website, personalize offers to the users and improve the experience on the website and the quality of its services. Specific cookies may become personal data. Continued usage of the Platform is always deemed as a form of consent of the user with use of the cookies by the Provider. Use of cookies may be declined by the user via settings of his/her internet browser.

8. The Provider also collects personal data submitted by users via any messaging or email feature available on the Platform, name and phone number from telephone support users, name, e-mail address, location, Thinkific site address, and email conversation with a Thinkific agent from e-mail support users, name from Thinkific forum and discussion users.

9. Personal data provided to the Provider via the Platform are processed by the Provider’s processor – webhosting provider and administrator of the website. Such personal data are processed for the purpose of conclusion and performance of a contract between the Provider and the user and compliance of legal obligation of the Provider. The legal basis for such processing is Article 6 par. 1 subpar. b) and c) of the GDPR directive, or in case of the use of cookies Article 6 par. 1 subpar. a) of the GDPR directive (consent).

10. More information on processing personal data on the Platform, including information on cookies, may also be found in the Thinkific’s Privacy Policy at https://www.thinkific.com/privacy-policy/. 

11. Users may also register for and access the Academy with their Facebook, G-mail, or LinkedIn profile (provided that the necessary data are entered: first name, last name, e-mail address, region, position title), in which case the Platform may access certain data of such user’s profile (profile name, e-mail address, profile picture) and use cookies to allow the user to log in to the Platform with their profile access data and fill the users profile on the Platform with such additional data, based on the user’s consent.

12. Thinkific’s processing of personal data in third countries: Thinkific Labs Inc. is a Canadian company and may transfer users’ personal data to regions outside of the EU, including to Canada and the United States. Transferring of personal data to Canada is based on an adequacy decision of the Commission stating that Canada ensures an adequate level of protection of personal data, pursuant to Article 45 of the GDPR directive (Commission decision number C(2001) 4539 available here). Transferring of personal data to the USA is based on appropriate safeguards provided by standard data protection clauses adopted by the Commission and concluded by Thinkific and its sub-processors based in the USA, pursuant to Article 46 (2) c) of the GDPR directive. A copy of standard data protection clauses adopted by the Commission is available here.

3. User’s rights in connection with processing of personal data

Please note that in connection with processing of your persona data by the Provider, you have, among other, the right to request from the Provider access to and rectification or erasure of personal data or restriction of processing your personal data or to object to processing as well as the right to data portability. You shall also have the right to lodge a complaint with a supervisory authority, which is the Office for personal data protection (www.uoou.cz).

Right of access by the data subject (Article 15 of the GDPR directive)

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the reception information of processing of such personal data.

Right to rectification and erasure (Article 16 and 17 of the GDPR directive)

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her or to have incomplete personal data completed.

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2), (iii) the personal data have been unlawfully processed, (iv) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject, or (v) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Right to restriction of processing (Article 18 of the GDPR directive)

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead

3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

4. the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability (Article 20 of the GDPR directive)

 The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, subject to the conditions of article 20 of the GDPR directive. 

Right to object (Article 21 of the GDPR directive)

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on pursuing of legitimate interests of the provider (see purposes and legal basis of processing of personal data above). The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR directive)

The data subject shall have the right to lodge a complaint with the Office for personal data protection if the subject presumes that the processing of his / her personal data breaches the provisions of the GDPR directive.

List of processors

Labs1503 distribution a.s.

Thinkific Labs Inc.

Up-to-date list of sub-processors of Thinkific Labs Inc. available at:

https://www.thinkific.com/thinkificsubprocessors/