ADMINISTRATOR'S CODE OF CONDUCT:

We respect the need for privacy, including, but not limited to, any personal data.

We always process personal data in accordance with this Privacy Policy and applicable legislation, such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation").

When using the App and/or providing any personal data to the Controller, you are responsible for ensuring that your actions comply with this Privacy Policy, and you warrant that all personal data you provide to us about yourself, your children or third parties is accurate and that you are authorised to provide such personal data to us.

We may use cookies and similar tracking technologies to track activity related to the website www.app2us.cz or the App. Further information is provided below.

We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, and that no personal data is transferred to any organisation or country that does not guarantee adequate procedures and controls to ensure the security of your personal data.

1. Introductory information

1. 1. Joint controllers: Mgr. Michaela Radoušová, solicitor and registered mediator, with registered office at Voršilská 130/10, 110 00 Prague, Company ID No.: 66252989, and Mgr. Andrea Vyskočilová, solicitor, registered mediator and registered family mediator, with registered office at Klidná 298/33, 160 00 Prague 6, Company ID No. 62564421 (hereinafter referred to collectively or individually as the “Controller”) hereby provide this document containing information on the fundamental principles and rules of personal data protection in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter also referred to as the “General Data Protection Regulation”), on the basis of which, as data controllers in connection with the conclusion of a licence agreement for the use of the app2us (hereinafter also referred to as the “Application”), in connection with the granting of a licence authorising the User to use the Application, and in connection with the operation of the website at www.app2us.cz, we process the personal data of the user (hereinafter also referred to as the “User” or “Data Subject”).

1. 2. This information on the processing of personal data, including special categories of personal data (hereinafter also referred to as the “Information”), serves to properly inform the User about the scope, purpose and duration of the processing of personal data, and to explain the User’s rights in relation to the protection of such data.

2. Who is the data controller

2. 1. The data controller is the Controller specified in Article 1 of this Notice.

2. 2. Mgr. Michaela Radoušová and Mgr. Andrea Vyskočilová have entered into an agreement between themselves governing the rights and obligations of joint controllers (hereinafter also referred to as the “Agreement”), in which they have defined their rights and obligations, including responsibility for matters relating to the processing of personal data and sensitive personal data. In accordance with the Agreement, the contact person for the Data Subject is Mgr. Michaela Radoušová, who is also responsible for the fundamental rights of Data Subjects as defined further in this document. Mgr. Andrea Vyskočilová is responsible for updating records of personal data processing and for reporting security breaches. The controllers are jointly responsible for other obligations.

3. Controller’s contact details

3. 1. The Controller provides the Data Subject with the following contact details:

1. The controller can be contacted in writing at the following address: Voršilská 130/10, 110 00 Prague 1

2. The controller can also be contacted via the email address: podpora@app2us.cz

3. The controller can be contacted via the data box: zwrgib5

4. The Controller can be contacted by telephone on: 00420 793 967 957

5. The Controller has not appointed a Data Protection Officer

4. Personal data

4. 1. What constitutes personal data. Personal data is any information relating to an identified or identifiable natural person (an individual) on the basis of which a specific natural person can be identified, either directly or indirectly. Such a person is then referred to as a data subject.

Personal data includes, for example, first name and surname, gender, age, date of birth, marital status, photograph, national insurance number, place of residence, telephone number, email address, location data, network identifier, account username, health insurance details, nationality, height, weight, biometric data, etc.

4. 2. Scope of personal data processing. Personal data is processed to the extent of:

• first name, surname, email address, User password

• information, data, documents and contacts to the extent that the User enters them into the Application themselves (typically gender, age, marital status, photographs, place of residence, address, email address, telephone number, date of birth, or national ID number, marital status and family situation, contacts, documents, etc.)

• IP address and login metadata

The scope of personal data processing varies in individual cases depending on the data the User enters into the Application. Please note that the User is responsible for the lawfulness of the entry and the accuracy of any third-party personal data entered into the Application.

4. 3. Purpose and legal basis for the processing of personal data. In connection with the use of the Application, the Controller processes and stores personal data for the following purposes, subject to the conditions and within the limits set out in the applicable legislation:

1. to contact and identify the User,

2. securing the User Account and data,

3. to register and manage user accounts within the Application,

4. providing the Application to the User for use in accordance with its purpose,

5. monitoring the safe use of the Application and the website www.app2us.cz,

6. maintaining internal records of Users,

7. keeping the Administrator’s accounts,

8. receiving payments (licence fees) and maintaining records required by law,

9. informing the User about new features in the Application,

10. analytics,

11. marketing purposes, including sending marketing and educational materials and providing other information that may be of interest to the User,

12. fulfilling the Administrator’s obligations under the licence agreement with the User (Application usage agreement) and as required by law, and

13. providing other activities and services related to the provision of the licence to use the Application,

14. protection of the Controller’s legitimate interests,

15. protection against misuse of the Application.

The Controller may process personal data where necessary to comply with legal obligations applicable to it pursuant to Article 6(1)(c) of the General Data Protection Regulation.

In certain cases, the Controller may process personal data to protect the Controller’s legitimate interests pursuant to Article 6(1)(f) of the General Data Protection Regulation.

5. Special categories of personal data

5. 1. What falls within the special categories of personal data. Special categories of personal data include data relating to the data subject’s racial origin, data relating to their ethnic origin, data relating to their political opinions, religious or philosophical beliefs, or trade union membership, data relating to their health (both physical and mental), data concerning sex life or sexual orientation, genetic data, biometric data, such as fingerprints, handwritten signatures, facial images, retinal scans, etc.

5. 2. The scope of processing of Clients’ personal data falling within a special category of personal data. Personal data falling within a special category of personal data is processed to the extent that the User themselves voluntarily enters it into the Application or in connection with the use of the Application (e.g. to log in to a user account in the Application).

5. 3. Purpose and legal basis for the processing of Users’ personal data falling within a special category of personal data. The Controller processes this personal data for the purpose of providing the service (the User’s use of the Application) on the basis of the User’s consent (i.e. by voluntarily entering the data).

6. DURATION OF PERSONAL DATA PROCESSING

6. 1. Personal data will be processed for the following periods:

1. login details and data entered for the duration of use of the Application (until the User cancels their account). In the event of cancellation of the User account, the personal data entered by the User into the Application will be deleted within 30 days of the closure of the User account;

2. data which the Controller is legally obliged to process will be processed for the period specified by the relevant legislation;

3. the email address will be used by the Controller for marketing communications for the duration of the use of the Application and for 2 years following the deletion of the User account, unless the User prohibits the Controller from sending such communications;

4. the processing period for individual cookies is specified in the relevant cookie banner;

5. The User’s personal data used for the purposes of analytics and improving the Application will be processed for as long as is strictly necessary (a matter of months), after which the data will be aggregated or deleted;

6. Personal data necessary to protect the Controller’s legitimate interests will be processed for the period strictly necessary (the duration of the Controller’s legitimate interest).

6. 2. The Controller may retain data on the use of the Application and the website www.app2us.cz for the purposes of internal analysis. Usage data is generally retained for a shorter period, except where such data is used to enhance security or improve the functionality of the Application, or where the Controller has a legal obligation to retain such data for a longer period.

6. 3. Personal data contained in records for accounting purposes will be retained for the period specified by the legislation governing accounting. Personal data contained in tax documents will be retained for the period specified by the legislation governing value added tax.

6. 4. Once the periods specified above have expired, the electronic record will be deleted.

7. METHOD OF PROCESSING PERSONAL DATA

7. 1. The data subject’s personal data is processed automatically by the Controller or its employees or cooperating entities.

7. 2. Users’ personal data will also be processed, to the extent necessary, by personal data processors under the conditions of Article 28 of the General Data Protection Regulation, in particular on the basis of the Controller’s written authorisation and on the basis of a contract concluded between the Controller and the processor. Data processors include IT service providers, the Controller’s accountants/tax advisers, lawyers acting on behalf of the Controller in the provision of legal services, and marketing specialists.

7. 3. The Controller may send personal data, securely encrypted via the HTTPS (Hypertext Transfer Protocol Secure) protocol, to the APIs (Application Programming Interfaces) of the following third parties: Microsoft, Google and Apple. These companies have joined the Data Privacy Framework programme.

7. 4. The User’s personal data may be transferred (and stored) to a computer located outside the Czech Republic and under a jurisdiction other than the Czech one, where data protection laws may differ from those of the Czech Republic. However, these are always countries within the EU, and in the case of US-based tools, they are those that have joined the Data Privacy Framework programme. The Controller stores all personal data for the purpose of fulfilling its legal obligations, for the purposes of legitimate interests, and for the fulfilment of the Controller’s obligations towards the User, regardless of their location.

7. 5. All data entered by the User into the Application will be stored in a database operated by Amazon Web Services on servers within the European Union. Data transfer between the Application and the servers takes place using Encryption in Transit, and data storage uses Encryption at Rest .

8. SOURCES OF PERSONAL DATA

8. 1. The Controller may obtain data about the Data Subject only from the Data Subject.

9. INFORMATION ON POTENTIAL RECIPIENTS AND THE INTENTION TO DISCLOSE PERSONAL DATA

9. 1. Personal data will be transferred or made available only where necessary, in particular for the purpose of fulfilling obligations arising from accounting and tax regulations, the provision of IT services, the provision of services by marketing specialists, and the provision of support services for the Application.

9. 2. The Controller may provide the User’s personal data to a third party, in particular in connection with:

1. Commercial Transactions

The Controller may provide the User’s personal data to a third party that acquires the Controller’s entire business or assets, or a substantial part thereof. If the Controller does so, it will inform such third party of the requirement to process the User’s personal data in accordance with this Privacy Policy.

2. Law enforcement

In certain circumstances, the Controller may be required by law or in response to requests (subpoenas) from public authorities (e.g. a court) to disclose the User’s personal data.

3. Legal requirements

The Controller may disclose personal data if it believes in good faith that such disclosure is necessary for the purpose of: (i) complying with a legal obligation, (ii) protecting and/or defending the Controller’s rights or property, (iii) preventing or investigating possible unlawful conduct in connection with the Application, (iv) protecting the safety of Users or the public.

9. 3. The following entities – processors – may have access to personal data, in particular for the purposes of the operation, security, maintenance and marketing activities relating to the Application:

1. entities cooperating with the Controller in the operation, maintenance and administration of the Application, and the operation, maintenance and administration of the app2us.cz website;

2. hosting providers;

3. the Controller’s advertising partners; or

4. partners providing services for the purpose of fulfilling the Controller’s obligations arising from the provision and operation of the Application, such as delivery and payment providers,

5. entities cooperating with the Controller in the field of marketing and promotion of the Application,

6. the Controller’s tax and accounting advisers,

who will then act as data processors.  

10. TRACKING, COOKIES AND IP ADDRESSES

10. 1. Cookies are computer files containing a small amount of data, which may include an anonymous unique identifier. Cookies are sent to the User’s browser from the website and stored on the User’s device. Tracking technologies also use beacons, tags and scripts to collect and track information and to improve and analyse the www.app2us.cz website and the App. Cookies enable the Controller to recognise whether the User has re-entered the Controller’s website from the same device, to record some of the User’s saved settings, and to verify whether the User belongs to a specific category of users to whom certain communications should be targeted. The Controller may use, for example, the following categories of cookies:

1. technical cookies for the operation of the website and the App;

2. preference cookies to remember the User’s preferences and various settings;

3. security cookies for security purposes;

4. analytical cookies;

5. marketing cookies.

10. 2. The Controller may process technical and security cookies even without the User’s consent – without these cookies, the Application and website would not function fully and securely.

10. 3. The Controller may only process preference, analytics and marketing cookies with the User’s consent.

10. 4. The Controller shares cookies used for the personalisation of advertisements and commercial communications, the provision of social media features and traffic analysis with its partners, operating primarily in the fields of social media, advertising and analytics.

10. 5. The User may configure their browser to prevent the use of cookies, with the exception of technical cookies or similar files, or to indicate when a cookie is being sent.

10. 6. On the User’s first visit to the Controller’s website, the User will be asked whether they consent to the processing of cookies for preference, analytics and marketing purposes.

10. 7. Cookies are processed by the following entities:

• the provider of Google Fonts, Google Ads, Google Analytics 4 and the YouTube platform (Google Ireland Limited, registration number 368047, with its registered office at Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland, registered with the Irish Companies Registration Office), in accordance with its terms and conditions, which can be found here.

• the provider of the Meta Pixel tool (Meta Platforms Ireland Limited, registration number 462932, with its registered office at Merrion Road, Dublin 4, D04 X2K5, Ireland, registered with the Irish Companies Registration Office), in accordance with its terms and conditions, which can be found here.

• the provider of the Leadhub tool (Leadhub s.r.o., ID No. 044 66 683, with its registered office at Jilmová 1456/75, Žižkov, 130 00 Prague 3, registered with the Municipal Court in Prague, Section C, File 247688), in accordance with its terms and conditions, which can be found here.

• the provider of the Smartsupp tool (Smartsupp.com, s.r.o., Company ID No. 036 68 681, with its registered office at Palachovo náměstí 799/5, Starý Lískovec, 625 00 Brno, registered with the Regional Court in Brno, Section C, File 86206), in accordance with its terms and conditions, which can be found here.

• the provider of the Hotjar tool (Hotjar Ltd, registration number C65490 under Maltese law, with its registered office at Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's STJ 3141, Malta), in accordance with its terms and conditions, which can be found here.

10. 8. Services and communications generated through the use of the App and the website www.app2us.cz, such as promotional emails, may also contain electronic images known as "web beacons" or "tracking pixels". Tracking pixels generally work in conjunction with cookies, and the Controller is authorised to use them in the same way as cookies (see above).

10. 9. Consent to the processing of cookies may be withdrawn at any time. For example, via the website www.app2us.cz and by adjusting the cookie settings.

10. 10. Specific cookies, their purpose, providers and expiry dates can be found in the cookie bar overview at www.app2us.cz.

11. DIRECT MARKETING

11. 1. Section 7(3) of Act No. 480/2004 Coll., on Information Society Services, allows the Controller to use the User’s electronic contact details (in particular their email address) for the purpose of sending commercial communications, unless the User opts out.

11. 2. The Controller may use the email address to send promotional communications for the duration of the User’s use of the Application and for a further 2 years following the deletion of the User Account.

11. 3. The User may opt out of marketing communications by deactivating this function via the unsubscribe link provided in every email or other communication they receive, or by sending an email request to podpora@app2us.cz stating that they wish to opt out of marketing communications.

12. SECURITY

12. 1. The Controller stores all personal data securely. To this end, it has implemented adequate physical, technical and organisational measures and plans for the protection and security of personal data (which, however, do not relieve the User of the responsibility to take appropriate steps to secure their data, particularly during its transmission). The Controller’s aim is to eliminate any unauthorised or unlawful processing of personal data, as well as any accidental, unauthorised or unlawful access, use, transfer, processing, copying, alteration, loss or damage to personal data.

12. 2. If the User chooses a password that allows them to access the Application, they are responsible for maintaining the strength and confidentiality of that password.

12. 3. The User acknowledges that the transmission of information over the internet is never completely secure. Although the Controller has made every effort to protect the User’s personal data, it cannot guarantee the security of personal data transmitted by the User. Any such transmission is at the User’s own risk. Once the Controller receives personal data, it will apply strict procedures and security measures to protect personal data and prevent unauthorised access.

12. 4. To maintain the highest standard of personal data protection, all information provided by the User to the Controller is stored on secure servers behind firewalls. The Controller restricts access to personal data to employees, contractors and partners who need access to personal data for the purpose of operating, developing or improving the Application.

12. 5. Certain parts of the Application use Secure Sockets Layer (SSL) or other types of encryption. The Controller backs up all User data in a data centre located in the European Union, which enables rapid recovery in the event of a disaster or other similar incident, and wherever possible, the Controller will ensure the pseudonymisation or anonymisation of all personal or related data (with the exception of names and email addresses).

12. 6. In the event that, despite the Controller’s best efforts, a personal data breach occurs that could compromise the User’s rights, the Controller shall, without undue delay and, where possible, within 72 hours of becoming aware of such a breach, the Controller shall notify the supervisory authority of this fact and, if the User’s personal data was involved in the breach and none of the exceptions listed below apply, the User as well. The Controller shall thus provide the User with information regarding the nature of the breach, the measures implemented and the likely consequences of such a breach.

13. NOTICE OF DATA SUBJECT RIGHTS

13. 1. The data subject has the right to request from the Controller information regarding the processing of their personal data, the purpose and nature of the processing of personal data, and the recipients of the personal data, as well as the right to request an explanation as to why the data is being processed in a particular manner; such information is provided free of charge as a matter of principle, unless the request is excessive or unfounded; in such a case, the Controller may refuse to provide the information.

13. 2. The data subject has the right to have the Controller rectify, without undue delay, any inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

13. 3. The Data Subject has the right to have the Controller erase, without undue delay, personal data concerning the Data Subject to which no archiving obligation applies, and the Controller is obliged to erase personal data to which no archiving obligation applies without undue delay if any of the grounds set out in the General Data Protection Regulation apply. The erasure of the User’s personal data may result in the Controller being unable to fulfil its obligations under the licence agreement, i.e. the de facto impossibility of further use of the Application.

13. 4. The data subject has the right to have the Controller restrict the processing of personal data in the cases set out in the General Data Protection Regulation.

13. 5. The data subject has the right to object at any time to the processing of personal data on grounds relating to their particular situation.

13. 6. Given that the Controller processes personal data by automated means, the Data Subject has the right to receive such data in a structured, commonly used format.

13. 7. The User’s consent to the processing of personal data is not required for the purposes of granting a licence to use the Application.

13. 8. Where the processing of certain personal data is based on the Data Subject’s consent, the Data Subject has the right to withdraw that consent at any time, in particular in writing by sending a notice to the Controller’s contact address (Article 3, paragraph 3.1(a) above), by email to podpora@app2us.cz, or via a data box. Withdrawal of consent does not affect the processing of personal data prior to the withdrawal of consent.

13. 9. If the Data Subject believes that there has been a breach of the law in relation to the protection of their personal data, they have the right to lodge a complaint with the supervisory authority, which in the Czech Republic is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Prague, https://www.uoou.cz. A list of the relevant supervisory authorities in the European Union is available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index.

14. SURVEYS AND REFERENCES

14. 1. The Controller may request information via surveys. Participation in these surveys is voluntary and the User may decide whether to participate and provide the requested information. The requested information may include contact details (such as name, telephone number and email address). Contact details will be used to share the results if the participant chooses to receive them. Information from the survey will be used for the purposes of research, monitoring or improving the user experience and satisfaction with the Application.

14. 2. The Controller may publish various texts, such as testimonials, quotes, case studies, white papers, etc., on its website; such published texts may contain personal data. Prior to publication, the Controller shall obtain the User’s consent to the publication of their name alongside such text. If the User wishes to update or remove any text containing their personal data, they may contact the Controller at podpora@app2us.cz.

15. FINAL PROVISIONS

15. 1. The Controller’s website or the Application may contain links to partners’ websites, in particular experts in fields related to the purpose of the Application, as well as links from those sites to the Controller’s website www.app2us.cz or to the Application. If the User follows a link to any of these websites, they acknowledge that these websites have their own privacy policies and that the Controller accepts no responsibility for these third-party policies. Before submitting any personal data to these third-party websites, the User should check their policies.

15. 2. The App is intended for adults – parents. Given that the App was created to support parenting, the Controller also collects and processes the personal data of children entered into the App by their parents. By entering a child’s personal data into the App and continuing to use the App, the User consents to the processing of their child’s personal data in accordance with this Policy; in the case of a child over 12 years of age, the User further confirms that the child also consents to the processing of their personal data.

15. 3. The Controller is entitled to amend, modify or supplement this Privacy Policy at any time and for any reason. Any new version of this Privacy Policy supersedes the previous version on the date the new version comes into effect. If the User is a registered user and the Controller has their email address, the Controller will notify the User at that email address of any material changes to this Privacy Policy.

15. 4. Any queries regarding this Privacy Policy or the Controller’s data protection practices may be addressed to the Controller at podpora@app2us.cz.

15. 5. User data is not profiled; the Controller does not carry out automated decision-making.

By installing the Application on your device and creating a user account within the Application, you confirm that you have read and understood the above information and that you consent to the processing of personal data relating to your children (to the extent that you have entered your children’s personal data into the Application), or, in the case of children over the age of 12, that your children consent to the processing of their personal data, all of which includes the transfer of such data to recipients for processing to the extent set out above.

Prague, 5 May 2026