1. Data Controller

The data controller is 4Cyber s.r.o., Company ID No.: 22094458, with its registered office at Zelený pruh 95/97, Braník, 140 00 Prague 4 (hereinafter the “controller” or “we”). If you have any questions regarding the processing of personal data, you may contact us by email at info@4cyber.cz .

2. What data we process

We process the following categories of personal data:

• Identification data (first name, last name, company name, Company ID No., VAT ID),
• Contact data (email, phone number, address),
• Access and user data (username, IP address, activity in the e-learning platform),
• Billing data (bank details, tax documents),
• Technical data (cookies, device type, browser).

3. Purposes and legal bases of processing

We process your personal data for the following purposes:

Purpose of processing	Legal basis
Provision of ordered services (e-learning, consultations, etc.)	Performance of a contract (Art. 6(1)(b) GDPR)
Issuing a certificate after completion of training	Legitimate interest / contract
Communication with customers	Legitimate interest
Processing of invoicing	Legal obligation
Improving the platform and technical analysis	Legitimate interest
Marketing communication (newsletter) – if consent has been given	Consent (Art. 6(1)(a) GDPR)

4. Data retention period

We retain your data:

• for the duration of the contractual relationship and subsequently for 5 years from its termination,
• or until consent is withdrawn, if the processing is based on consent,
• or for the period required by applicable law (e.g., accounting legislation).

5. Recipients of personal data

Your personal data may be disclosed to:

• external IT and accounting service providers,
• the operator of the e-learning platform (technical operator),
• public authorities, if required by law.

We have concluded a data processing agreement with each processor pursuant to Art. 28 GDPR.

6. Transfers outside the EU

We do not, as a rule, transfer your data outside the European Union. If such transfer occurs (e.g., as part of cloud services), an appropriate level of protection in accordance with the GDPR will always be ensured.

7. Data subject rights

You have the right to:

• access your personal data,
• rectify inaccurate data,
• erasure (if there are no legal grounds for retention),
• restrict processing,
• data portability,
• object to processing based on legitimate interest,
• lodge a complaint with the Office for Personal Data Protection (www.uoou.cz).

8. Security of personal data

We protect your data by technical and organizational measures (encryption, access control, regular system checks). Access to the data is granted only to authorized persons.

9. Automated decision-making and profiling

We do not carry out any decisions based solely on automated processing nor do we perform profiling.

10. Final provisions

These policies come into effect on 14 July 2025. We may update them; the current version will always be available on our website.