Privacy Policy
Last updated: April 9, 2026
1. Data Controller
The data controller is steezr s.r.o., Reg. No.: 22354883, VAT No.: CZ22354883, with registered address at K Rybníčkům 282/19, Praha 10, 100 00, Czech Republic (hereinafter "controller" or "we"). Contact email: privacy@steezr.com.
2. What Personal Data We Collect
- Full name
- Email address
- Phone number (optional)
- Billing details (address, Reg. No., VAT No.)
- Language preference (Czech / English)
- Booking and payment data (lesson date, payment type, booking type — single, subscription, credit)
- Newsletter consent (yes/no)
- Subscription data (type, status, billing period)
- Credit data (validity, usage)
3. Purpose and Legal Basis
| Purpose | Legal Basis |
|---|---|
| Creating and managing bookings (including guests without an account) | Contract (Art. 6/1b) |
| Managing subscriptions and credits | Contract (Art. 6/1b) |
| Automatic lesson booking under a subscription | Contract (Art. 6/1b) |
| Processing payments via Stripe | Contract (Art. 6/1b) |
| Issuing invoices (Fakturoid) | Legal obligation (Art. 6/1c) |
| Sending booking confirmations and reminder emails | Legitimate interest (Art. 6/1f) |
| Magic link authentication (email verification) | Contract (Art. 6/1b) |
| Photos & videos from lessons for marketing | Consent (Art. 6/1a) |
| Sending newsletters | Consent (Art. 6/1a) |
4. Photos and Videos from Lessons
Photos and videos may be taken during lessons and used exclusively for marketing purposes and on the controller's social media channels (Instagram, Facebook, YouTube, TikTok, etc.). By attending the lesson and checking the consent box during booking, you consent to this use. You may withdraw consent at any time by emailing privacy@steezr.com — we will remove your footage from future publications where technically feasible.
5. Data Recipients
Your data may be shared with the following processors:
- Stripe, Inc. — payment processing and subscription management
- Fakturoid s.r.o. — invoice issuance and management
- Amazon Web Services (SES) — email delivery (confirmations, reminders, login links)
- Hetzner Online GmbH — hosting and file storage
- Sentry — application error tracking (no personal data)
- Google (GTM, Analytics) — traffic analytics (only with consent)
Data is not transferred to third countries outside the EU/EEA, except through processors (Stripe, AWS) who ensure adequate safeguards under Art. 46 GDPR (standard contractual clauses).
6. Data Retention
- Booking and payment data: for the period required by law for tax records (min. 10 years).
- Contact data (name, email, phone): for the duration of the contractual relationship and 3 years after its termination.
- Subscription data: for the duration of the subscription and 3 years after its termination.
- Credits: for the duration of their validity and 1 year after expiry.
- Login links (magic links): automatically deleted after 15 minutes or after use.
- Photos and videos: until consent is withdrawn.
7. Your Rights
Under the GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectification of inaccurate data (Art. 16)
- Erasure of data (Art. 17)
- Restriction of processing (Art. 18)
- Data portability (Art. 20)
- Object to processing (Art. 21)
- Withdraw consent — at any time, without affecting the lawfulness of prior processing
You can exercise your rights by emailing privacy@steezr.com. You also have the right to lodge a complaint with the Czech Data Protection Authority (ÚOOÚ, www.uoou.cz).
8. Cookies
We use essential cookies for authentication (session cookie). Additionally, through Google Tag Manager (GTM), we use optional analytics and marketing cookies — these are only activated with your explicit consent via the cookie preferences banner.
- Essential cookies: session cookie for authentication. Cannot be disabled.
- Analytics cookies: help us understand how you use the site (e.g., Google Analytics). Require your consent.
- Marketing cookies: allow us to show relevant ads. Require your consent.
You can change your cookie consent at any time using the button below.
9. Passwordless Authentication
We do not use passwords. Authentication is performed via one-time magic links sent to your email address. These links are valid for 15 minutes and are invalidated immediately after use. The session is stored in a secure httpOnly cookie with an 8-hour expiry.
10. Guest Bookings (No Account Required)
Single lessons can be booked without creating an account. In that case, we process the name, email, phone, and language preference provided during booking. If you later create an account with the same email, your guest bookings will be automatically linked to your account.
11. Data Security
We implement technical and organizational measures to protect your data, including encrypted data transfer (HTTPS/TLS), secure storage of credentials, passwordless authentication (magic links), and regular software updates. Payment details (card numbers) are never stored by us — they are processed exclusively by Stripe.
12. Data Export and Deletion (GDPR)
Upon your request to privacy@steezr.com, we will provide a complete export of your personal data in electronic form. You also have the right to request deletion of your data — in that case, your personal data will be anonymized (booking and payment records will be retained in anonymized form for accounting purposes as required by law).