Privacy Policy

This document defines the privacy policy for the mobile application UTD (Unmatched Training Division), which is operated by Oleksii Makhniuk, with registered office at U libeňského pivovaru 2442/6, 180 00 Praha - Libeň (hereinafter referred to as “Operator”).

As part of our commitment to protecting your privacy and transparency in our practices, this document provides a detailed overview of how we collect, process, use, disclose or share your personal data. This applies when using our mobile application, products or services.

Our privacy policy is designed to be easily understandable and accessible. We take care to handle your personal data with maximum respect and caution. If you have any questions or concerns regarding the processing of your personal data, please do not hesitate to contact us at unmatchedtrainingdivision@gmail.com.

Collected Personal Data

The Operator may collect and process the following categories of personal data of users. This information is collected for the purpose of securing, improving and providing our services.

Identification data: These may include first name, last name, email address, username, password (in encrypted form), IP address or other similar identification data.

Payment data:May include account holder name, information about registration for training sessions, information about purchased services, payment details (IBAN, variable symbol, amount, due date), invoice information and other payment information related to registrations for training sessions. Full card numbers are never stored on our servers — all payment card data is processed and stored securely by Stripe in compliance with PCI DSS standards.

Training session registration data: This may include information about registrations for training sessions, history of participation in sessions, information about canceled registrations, information about waiting lists (waitlist), dates and times of registrations, information about attendance or non-attendance at sessions.

Online activity data: This may include application usage history, information regarding user interaction with the application, information about viewed pages and application features, information about notifications and other application usage data.

Technical data: May include information about the device on which the application is used, information about the operating system, application version, unique device identifiers and other technical parameters necessary for the proper functioning of the application.

Derived data: These may include information derived from the above data that reflects preferences, characteristics, behavior, attitudes and skills of the user in connection with training sessions.

Sources and Purpose of Personal Data Collection

Personal data may be collected or processed from the following sources: information you have provided to us directly during registration and use of the application, technologies for automatic data collection within the application and information obtained during communication with us.

The purpose of collecting or processing this data is:

Providing our products and services: We collect information necessary for providing our services, including registration for training sessions, management of registrations, payment processing, invoice generation and order fulfillment.

Communication with you: We collect contact information necessary to send important announcements, notifications about changes to training sessions, information about available places on the waiting list, responses to your questions and other communication purposes.

User account management: We collect information necessary to create, manage and secure your user account, including verification of your identity and ensuring the security of your data.

Training session registration management: We collect information necessary to operate the training session registration system, including capacity management, waiting lists, registration cancellations and communication regarding changes or cancellations of sessions.

Security and fraud prevention: We collect information necessary to detect and prevent fraudulent activities, unauthorized access to accounts and protection of application and user security.

Legal obligations: We collect information necessary to fulfill our legal obligations, including accounting records, tax obligations and other legal requirements.

Core business functions: We collect information necessary to operate our business, such as registration data, service sales, customer interactions and analysis of application usage.

Analytics and service improvement: We collect information for analysis of user behavior, improvement of application functionality, personalization of our services according to user needs and preferences and development of new features.

Processing of Personal Data and Legal Basis

The Operator processes your personal data on the basis of the following legal grounds:

Contract performance: Processing of data necessary for the performance of the service provision contract through the application, including registration for training sessions and payment processing.

Consent: Processing of data based on your consent, which you may withdraw at any time.

Legal obligation: Processing of data necessary for the fulfillment of the Operator's legal obligations, for example accounting and tax obligations.

Legitimate interest: Processing of data for the purposes of the Operator's legitimate interests, such as ensuring application security, fraud prevention, service improvement and communication with users.

Payment Processing via Stripe

We use Stripe Payments Europe, Ltd. (“Stripe”) as our payment processor. When you make a payment, your payment card data is collected and processed directly by Stripe — we do not have access to your full card numbers.

Stripe acts as a data processor on our behalf for completing your transactions. In addition, Stripe acts as an independent data controller for its own purposes, including fraud prevention and compliance with financial regulations.

Data collected by Stripe: When you interact with our payment forms, Stripe may collect your payment card details (card number, expiry date, CVC), your IP address, browser and device information, and behavioral data such as mouse movements, scroll behavior, and typing patterns on the payment page. This data is used for fraud detection and prevention through Stripe Radar.

Stripe Radar and fraud detection: We use Stripe's built-in fraud prevention tools (Stripe Radar), which analyze transaction patterns, device information, and behavioral data to detect and prevent fraudulent payments. Stripe may use transaction data as part of its fraud detection network shared across Stripe merchants. For this processing, Stripe acts as an independent data controller.

Stripe cookies: Stripe may set cookies (including __stripe_mid and __stripe_sid) on your device for fraud prevention and payment processing purposes.

For more information about how Stripe processes your data, please see Stripe's Privacy Policy.

Invoicing via Fakturoid

We use Fakturoid (operated by Fakturoid s.r.o., with registered office at Česká 79, 539 73 Skřivany, Czech Republic) to issue invoices and proforma invoices for payments related to training session registrations. Use of Fakturoid is necessary to meet our legal obligations under Czech accounting and tax law.

Data shared with Fakturoid: When an invoice is generated for a training session, we transmit to Fakturoid the customer's first and last name (or, if a name is not available, the email address), email address, and phone number when it has been provided. We also transmit the description of the service (training session name), amount payable, currency, due date and a reference to the Stripe payment intent used to settle the invoice.

Purpose: Fakturoid issues a proforma invoice when a registration enters payment state, and automatically issues a regular (tax) invoice once the payment is recorded. The resulting invoices are stored in Fakturoid and are also accessible to the customer via a public URL we record alongside the registration.

Role of Fakturoid: Fakturoid acts as a data processor on our behalf for the purpose of issuing and storing invoices. For its own internal purposes (such as platform security and compliance with its own legal obligations), Fakturoid acts as an independent data controller.

Legal basis: Processing is carried out on the basis of the performance of a contract (Article 6(1)(b) GDPR) and to comply with our legal obligations under Czech accounting and tax legislation, including Act No. 563/1991 Coll. on Accounting (Article 6(1)(c) GDPR).

Data location: Fakturoid processes and stores data within the European Union (Czech Republic). No transfer outside the EEA takes place for this processing.

For more information, see Fakturoid's Privacy Policy.

Analytics via PostHog

We use PostHog (operated by PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA) as our product analytics provider. PostHog helps us understand how users interact with the application so that we can improve features, fix issues and prioritise future development.

Data collected by PostHog: We send event-level analytics to PostHog when users perform actions in the app, such as opening a screen, signing in, completing onboarding, registering for a training session or subscribing to the newsletter. Together with these events, PostHog receives a pseudonymous device identifier (a randomly generated distinct ID), application version, operating system and device model. After sign-in, the authenticated user identifier may also be associated with these events so that product behaviour can be analysed across sessions.

Session replay is disabled: We do not record sessions, screen contents, taps or keystrokes through PostHog. The PostHog session replay feature is explicitly disabled in the application configuration.

Legal basis:Processing is carried out on the basis of the Operator's legitimate interest in measuring product performance, debugging and improving the service (Article 6(1)(f) GDPR).

International data transfer: PostHog may process data on infrastructure located in the United States and other countries outside the European Economic Area. Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information, see PostHog's Privacy Policy.

Disclosure of Information

Your personal data may be disclosed to third parties in the following cases:

Compliance with legal obligations: In case it is necessary to comply with legal obligations, respond to court orders, exercise our rights, defend against legal claims, investigate illegal activities or prevent fraud.

Service providers: We may share your data with trusted service providers who help us with application operation, payment processing (including Stripe Payments Europe, Ltd.), data hosting, data analysis or providing technical support. These third parties are required to maintain the confidentiality of your data and use it only for the purposes for which we provided it.

Protection of rights and security: In case of need to protect our property, rights or physical safety of any person, including application users.

Business transactions: In case of merger, acquisition, reorganization or sale of assets, we may transfer your personal data to the relevant third party.

We may disclose anonymized or aggregated data at our discretion and in accordance with applicable laws. We always take all reasonable measures to ensure the protection of your personal data.

Retention Period of Personal Data

The Operator retains your personal data only for the period necessary for the purposes for which they were collected, or for the period required by legal regulations.

User account data: Data about your user account is retained for the duration of your account. After account cancellation, the data will be deleted, except for data that we must retain for legal reasons (for example, accounting records). See our Account Deletion page for instructions and a full breakdown of what is deleted versus retained.

Registration data: Data about registrations for training sessions is retained for the period necessary for contract performance and may subsequently be retained in anonymized form for accounting and statistical purposes.

Payment data: Payment data and invoices are retained in accordance with accounting and tax regulations, usually for a period of 10 years from the end of the accounting period.

Technical data: Technical data may be retained for the period necessary to ensure security and proper functioning of the application.

After the retention period expires, your personal data will be securely deleted or anonymized.

Protection of Children's Information

If you use our services, you confirm that you have reached the age of majority under applicable legal regulations (18 years). If we find that we have collected personal data from a minor without the consent of their legal representatives, we will immediately take steps to remove this information and cancel the account of that minor.

Security of Personal Data

The Operator takes reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration. These measures include:

Encryption: We use encryption for sensitive data, including passwords and payment information.

Secure connection: We use secure connection (HTTPS) for data transmission between the application and our servers.

Access restriction: Only authorized persons who need this data for the performance of their work duties have access to personal data.

Regular checks: We regularly check and update our security measures.

Backup: We regularly back up data to ensure its availability and integrity.

Despite these measures, we cannot guarantee absolute security of data transmission over the internet. Use of the application is at your own risk.

Your Rights

As a user of our services, you may have the following rights under legal regulations, especially GDPR:

Right to be informed: You have the right to be informed about how your personal data is processed, which is ensured by this document.

Right of access: You have the right to obtain confirmation as to whether your personal data is being processed, and if so, you have the right to access this data and to information about its processing.

Right to rectification: You have the right to request rectification of inaccurate or incomplete personal data.

Right to erasure (“right to be forgotten”): You have the right to request erasure of your personal data if it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and there is no other legal basis for processing. For step-by-step instructions on how to delete your account and a detailed breakdown of which data is removed and which is retained, please see our Account Deletion page.

Right to restriction of processing: You have the right to request restriction of processing of your personal data under certain circumstances.

Right to data portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transfer this data to another controller.

Right to object:You have the right to object to processing of your personal data based on the Operator's legitimate interest.

Right to withdraw consent: You have the right to withdraw your consent to processing of personal data at any time, if processing is based on consent.

Right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority — the Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochorova 27, 170 00 Praha 7, Czech Republic (www.uoou.cz) — if you believe that processing of your personal data violates legal regulations.

We will not discriminate against you for exercising these rights.

You can exercise your rights by contacting us at unmatchedtrainingdivision@gmail.com. Upon receipt of a request to exercise privacy rights, we will verify your identity by comparing information we have collected about you with identification data you have provided to us.

If you have objections to processing of your personal data based on our legitimate interest, you have the right to object to such processing at any time. If you object to processing, we will immediately stop processing your personal data for these purposes, unless we demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if processing is necessary for the establishment, exercise or defense of legal claims.

In some cases, we may not be able to comply with your request regarding privacy rights, for example if processing is necessary for the fulfillment of a legal obligation or for the establishment, exercise or defense of legal claims. In such case, we will explain the reasons for our decision and will respect your right to appeal, if possible.

International Data Transfer

Your personal data may be processed and stored outside the European Economic Area (EEA). In particular, our payment processor Stripe Payments Europe, Ltd. (registered in Ireland) may transfer data to Stripe, Inc. in the United States and other countries outside the EEA. In such cases, we and our service providers ensure that such transfers take place in accordance with applicable legal regulations and using appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Final Provisions

UTD (Unmatched Training Division) reserves the right to modify these privacy policies at any time to be in compliance with current legal requirements or to reflect changes in our services, for example when introducing new services or modifications to our application. New privacy policies will apply to any use of our application after these changes are made.

We will inform you of significant changes through the application or by email. We recommend that you regularly check this document to be informed about how we protect your personal data.

By continuing to use the application after changes are published, you express consent to the updated privacy policies.

Contact Details

If you have any questions, requests or complaints regarding the processing of your personal data or these privacy policies, you can contact us:

Operator: Oleksii Makhniuk
Email: unmatchedtrainingdivision@gmail.com

We commit to respond to your questions and requests within a reasonable time and in accordance with applicable legal regulations.