Čtuto InstagramČtuto FacebookČtuto LinkedInČtuto Twitter
Kliknutím na tlačítko "Přijmout" souhlasíte s ukládáním souborů cookie do vašeho zařízení za účelem zlepšení navigace na webu, analýzy používání webu a pomoci při našich marketingových aktivitách. Další informace naleznete v našich Zásadách ochrany osobních údajů.

Čtuto Privacy Policy

Last updated: August 15, 2022

General and Responsible Entity
This Privacy Policy explains what information we collect about you for what purpose and what we use it for. It also explains your rights concerning the data processing operations affecting you.Jdunato s.r.o., IČO 09689877, Baranova 642/30, Praha 3, 130 00 (hereafter referred to as "Čtuto" or "we") operates on the internet site https://www.ctu.to as well as via the mobile application a platform for mobile learning (hereinafter "platform").
The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Revocation of consent
Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by email to privacy@ctu.to is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to complain to the competent supervisory authority
In the event of data protection violations, you, the person concerned, have the right to appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state where our company is based or in which you reside. A list of data protection officers and their contact details can be found here.

SSL or TLS Encryption
We use SSL or Internet security for security reasons and to protect the transmission of sensitive content, such as orders or requests you send to us. TLS encryption. An encrypted connection is indicated by the browser's address bar switching from "HTTP: //" to "HTTPS: //" and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.

Information, Correction, Deletion, Blocking, Data Transferability
You have the right at any time to request information about your personal data processed by us free of charge. In particular, you may request us to provide information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, passing a right of appeal, the origin of their data, if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about your details.
You have the right to request the immediate correction of incorrect or incomplete personal data stored by us.
You have the right to request the deletion of your personal data stored by us, except in cases where the processing of the data is required for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.You have the right to demand the restriction of the processing of your personal data; as far as you dispute the accuracy of the data, the processing is unlawful, but you reject its deletion, and we no longer need the data, and you the data for the assertion, exercise or defense of legal claims or if you have objected to the processing in accordance with Art. 21 GDPR.
You have the right to receive the personal information you have provided to us in a structured, common, and machine-readable format or request that it be sent to another person in charge.

Right to Object
If your personal data is processed based on legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against processing your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which we implement without specifying any particular situation.If you want to exercise your right to object, please email privacy@ctu.to.

Data Collection and Use

Server Log Files
Our platform provider automatically collects and stores information in so-called server log files, which your browser transmits to us. These are browser type and version, operating system used, referrer URL, host name of the accessing computer, time of the server request and the IP address.
The data is for data security and error analysis only. A merge of this data with other data sources will not be done.The basis for data processing is Art. 6 (1) lit. b GDPR, which allows data processing to fulfill a contract or pre-contractual measures. The server log files are automatically deleted after two weeks.

Cookies
We use so-called cookies. Cookies do not harm your access device and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your access device and stored by your browser.
Most of the cookies we use are so-called "session cookies". They will be deleted automatically at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general, and enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.
Cookies that are required to carry out the electronic communication process or to provide certain functions which you wish to use (e.g., shopping basket function) are processed on the basis of Art. 6 (1) lit. f GDPR saved. We, as website operators, have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. If other cookies (e.g., cookies for the analysis of your surfing behavior) are stored, they will be treated separately in this privacy policy. We collect Cookies in the following categories:
Necessary technical or functional cookies: Functional cookies help make our website usable by enabling essential functions like page navigation and access to secure website areas. The website cannot function without these cookies.
Analytical cookies: These cookies collect information about how visitors use the website. We might also use analytics cookies to test new ads, pages, or features.
Marketing cookies: These cookies are placed by third-party advertising platforms to deliver ads and track ad performance, enabling advertising networks to deliver ads that may be relevant to you.
Cookie settings: You can change your cookie settings anytime using the link on the website or in the Settings section of the mobile application.
Cookies: We inform the user about the use of cookies on the website and enable the user to decide on their use. If the user gives the website consent to the use of cookies, the following data is automatically logged:
The anonymized IP number of the user
Date and time of consent
The URL of the website provider
An anonymous, random and encrypted key
The user's approved cookies (as proof of consent).
The encrypted key and the cookie status are stored on the user's end device using a cookie to establish the corresponding cookie status when the page is called up in the future. This cookie is automatically deleted after 12 months. The legal basis here is Art. 1 Para. 1 lit. 1 f GDPR. The website operator's legitimate interest is the website's user-friendliness and the fulfillment of the legal requirements of the GDPR.

Registration
You can register on our platform to use our services. We only use the data entered to use the respective offer for which you have registered. The mandatory information requested during registration, such as name and email address, must be provided, otherwise the registration can not be completed.
For significant changes such as the scope of the offer or in case of technical changes, we use the email address given at registration to inform you in this way.
The processing of the data entered during registration takes place at your request and is required in accordance with Art. 6 para. 1 p. 1 lit. b GDPR in order to be able to comply with the user contract, including pre-contractual measures.
The data collected during registration will be stored by us as long as you are registered for our services and will subsequently be deleted. Legal retention periods remain unaffected.

Registration and Login with Auth0
Instead of registering directly on our website, you can sign up using Single-Sign-On (SSO) with Auth0. The provider of this service is Auth0, Inc, 10800 NE 8th St, Suite 700 Bellevue, WA 98004, USA ("Auth0").
If you decide to register with Auth0 and click on the Sign Up button, your data required for registration will be transferred to the Auth0 servers, which can also be operated in the USA.
The transferred data is mainly: Email addresses, hashed passwords, phone numbers and IP addresses.
This information is used to set up, provision and personalize your account as part of the contractual service provision. The legal basis for this is your consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) and legitimate interest (Art. 6 Par . 1 S. 1 lit. f. GDPR). On the other hand, your access data for the SSO service will never be saved by us. The data protection and terms of use of Auth0 apply to the registration and use of Auth0.
We have entered into a so-called "Data Processing Agreement" with Auth0, in which we commit Auth0 to protect our customers' data, not to disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Registration and Login with Facebook Connect
Instead of registering directly on our website, you can sign up with Facebook Connect. This service provider is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").
If you decide to register with Facebook Connect and click on the "Sign Up with Facebook" button, you will automatically be redirected to the Facebook platform. There you can log in with your usage data. This links your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are above all:
Inventory data (e.g., names, addresses), contact details (e.g., email, telephone numbers), and event data ("event data" are data that can be transmitted by us to Facebook, e.g., via Facebook pixels via apps or in other ways and relate to people or their actions; The data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; the event Data is processed to create target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as written comments), no login information and no contact information (i.e., no names, email addresses). Facebook will delete event data after a maximum of two years).
This information is used to set up, provision and personalize your account as part of the contractual service provision. The legal basis for this is your consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), contract fulfillment and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) and legitimate interest (Art. 6 Par . 1 S. 1 lit. f. GDPR).
Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of "event data" that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes:
- Display of content advertising information that corresponds to the presumed interests of the users
- Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger)
- Improving the delivery of advertisements and personalizing functions and content (e.g., improving the recognition of which content or advertising information presumably corresponds to the interests of the users).
We have concluded a special agreement with Facebook ("Controller Addendum"), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e., users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e., they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of a data processing addendum ("data processing terms"), the "data security terms and with regards to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum"). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
For more information, see the Facebook Terms of Use and the Facebook Privacy Policy. Facebook offers an objection option via this Opt-Out-Link.

Register and Login with Google Connect
Instead of a direct registration/login on our website, you can also register via Google. This service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google").
If you decide to register/log in with Google and click the "Sign in with Google" button, you will automatically be redirected to Google's platform. There you can log in with your usage data. This will link your Google profile to our website or services. This link gives us access to your data stored on Google. These are above all:
First name | Surname | Email address | Username | Google Profile URL | Featured Image
This information is used to set up, provision and personalize your accounts.
See the Google Terms of Service and the Google Privacy Policy for more information.

Social MediaFacebook-Plugins
On our pages, we use plugins of the social network Facebook, provider Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"), are integrated. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here.
When you visit our platform, a direct connection between your browser and the Facebook server is established via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook "Like-Button" while you are logged in to your Facebook account, you can link the contents of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We point out that we, as the provider of the pages, are not aware of the content of the data transmitted and their use by Facebook. If you do not want Facebook to associate visiting our pages with your Facebook user account, please log out of your Facebook user account. More information can be found in the Facebook Privacy Policy.

LinkedIn Plugin
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 1000 West Maude Ave, Sunnyvale, CA 94085, USA, and its subsidiaries LinkedIn Singapore Pte Ltd, 10 Marina Boulevard, Marina Bay Financial Centre Tower 2, Level 30, Singapore 018983 and LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (all together "LinkedIn"). We have entered into a so-called "Data Processing Agreement" with LinkedIn, in which we commit LinkedIn to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA and Singapore.
LinkedIn is informed that you have visited our web pages from your IP address. Each time one of our pages containing LinkedIn features is accessed, your browser establishes a direct connection to the LinkedIn servers. If you use the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn can associate your visit to our website with your user account. More information can be found in the LinkedIn Privacy Policy.

Twitter Plugin
On our pages are functions of the service Twitter included. These features are available through Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA), as well as its subsidiary Twitter International Company, One Cumberland Place, Fenian Street, Dublin, Ireland (together "Twitter"). By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and shared with other users. This data is also transmitted to Twitter. For more information, see the Twitter Privacy Policy. You can change your privacy settings on Twitter in the Twitter account settings.
We have entered into a so-called "Data Processing Agreement" with Twitter, in which we commit Twitter to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Analysis Tools and Advertising

Google
For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section "Social Plugins" (such as IP address, browser and access device information) to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google"). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. If you do not want us to collect the Mobile Advertising ID and send it to Google, you can find a manual for deactivation under the topic "Mobile Advertising ID". We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. Further details of different Google services are mentioned below.

Google AdSense
Our website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google"). Google AdSense uses so-called "cookies", text files stored on your computer that allow an analysis of the use of the website. Google AdSense also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on these pages. The information generated by cookies and web beacons on the use of this website (including your IP address) and the delivery of advertising formats is transmitted to and stored by Google on servers in the USA. Google may share the generated information with Google affiliates. However, Google will not merge your IP address with other data you have stored.
The storage of AdSense cookies is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising. You can prevent the installation of cookies by setting your browser accordingly; however, we point out that you may not be able to use this website's features fully in this case.
We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.

Google AdWords and Google Conversion-Tracking
This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google"). As part of Google AdWords, we use the so-called conversion tracking. A conversion tracking cookie is set when you click on an ad served by Google. Cookies are small text files that the Internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used for the users' personal identification. If the user visits certain pages of this website and the cookie has not expired yet, Google and we can recognize that the user clicked on the ad and was redirected to this page.
Each Google AdWords customer receives a different cookie. The cookies can not be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not wish to participate in tracking, you can opt out of this use by disabling the Google Conversion Tracking cookie from your Internet browser under User Preferences. You will not be included in the conversion tracking statistics.
You can set your browser so that you are informed about the setting of cookies and cookies only on a case-by-case basis, the acceptance of cookies for certain cases or generally exclude and can activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.
We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. More information about Google AdWords and Google Conversion Tracking can be found in the Google Privacy Policy.

Google Analytics
Our sites use the web analytics service Google Analytics functions for needs-based design and continuous optimization. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google"). Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there.Google Analytics cookies are stored on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.
We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.Here are the details regarding how we are using Google Analytics:
IP Anonymisation: We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
Browser Plugin: you can prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case, you may not be able to use all the features of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under this link.Opposition to Data Collection: With the help of this browser add-on for disabling Google Analytics JavaScript, you can prevent Google Analytics from using your data during future visits to this website. For more information about how to handle user data on Google Analytics, see the Google Privacy Policy.
Commissioned Data Processing: We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic Data: his website uses the "demographics" feature of Google Analytics. As a result, reports can be produced that contain statements on the site visitors' age, gender and interests. This data comes from interest-based advertising from Google and third-party visitor data. This data can not be assigned to a specific person. You can disable this feature at any time through the Ads settings in your Google account or generally prohibit Google Analytics from collecting your data as outlined in the "Opposition to Data Collection" section.

Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google"). This feature allows you to link the advertising audiences created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you based on your previous usage and surfing behavior on one device (i.e., mobile phone) can also be displayed on another of your devices (i.e., tablet or PC).
Once you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. That way, personalized advertising messages can appear on any device you sign in to with your Google account. To support this feature, Google Analytics collects Google-authenticated IDs of users temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion. You can permanently opt out of cross-device remarketing/targeting by disabling personalized ads in your Google account; to do so, follow this link.
The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke on Google (Art.6 Abs.1 a. GDPR). For data collection operations that are not merged into your Google account (e.g., because you do not have a Google account or have objected to the merge), the data collection is based on Art. 6 (1) lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of the website visitors for advertising purposes.
We have entered into a so-called "Data Processing Agreement" with Google, in which we commit Google to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. For more information and privacy policy, see the Google Privacy Policy.

Facebook
For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section "Social Plugins" (such as IP address, browser and access device information) to Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of analyzing user behavior and optimization of our website and our advertising. If you do not want us to collect the Mobile Advertising ID and send it to Facebook, you can find a manual for deactivation under the topic "Mobile Advertising ID".
We have concluded a special agreement with Facebook ("Controller Addendum"), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e., users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e., they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of a data processing addendum ("data processing terms"), the "data security terms and with regards to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum"). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
You will find more information on the protection of your privacy in the Facebook Privacy Policy.

Facebook Pixel
Our site uses the visitor action pixel from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook") for conversion measurement. This way, the behavior of the site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook advertisements can be evaluated for statistical and market research purposes and future advertising measures optimized. The collected data are anonymous to us as the operator of this website, and we can not conclude the identity of the users. However, the data are stored and processed by Facebook so that a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage directive. As a result, Facebook can enable ads to be displayed on and outside of Facebook. We can not influence this use of data as the site operator.
Together with Facebook Ireland Ltd., we are jointly responsible for the collection or receipt as part of a transmission (but not further processing) of "event data" that Facebook collects using the Facebook single sign-on registration process that is carried out on our online offer or as part of a transmission for the following purposes:
- Display of content advertising information that corresponds to the presumed interests of the users
- Delivery of commercial and transaction-related messages (e.g., addressing users via Facebook Messenger)
- Improving the delivery of advertisements and personalizing functions and content (e.g., improving the recognition of which content or advertising information presumably corresponds to the interests of the users).
We have concluded a special agreement with Facebook ("Controller Addendum"), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of the data subject (i.e., users can, for example, provide information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analytics and reports (which are aggregated, i.e., they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but based on a data processing addendum ("data processing terms"), the "data security terms and with regards to processing in the USA based on standard contractual clauses ("Facebook-EU data transfer addendum"). Users' rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.
You will find more information on the protection of your privacy in the Facebook Privacy Policy.
You can also disable the remarketing "Custom Audiences" feature in the Ads Settings section at the following link. You have to be logged in to Facebook. If you do not have a Facebook account, you can opt out of use-based advertising from Facebook on the European Interactive Digital Advertising Alliance website.
The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.

Pinterest
We use services of the short message service Pinterest. Pinterest is operated by Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Parent company: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103 (USA) ("Pinterest"). Pinterest allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are based on general criteria, such as demographic characteristics, regions or interests. Pinterest also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages is evaluated. If you generally do not want to be tracked by Pinterest, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality.
For more information about Pinterest, please refer to the Pinterest Privacy Policy.
The storage of "conversion cookies" is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.

Twitter Ads
We use services of the short message service Twitter. Twitter Ads is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 (USA), as well as its subsidiary Twitter International Company, One Cumberland Place, Fenian Street, Dublin, Ireland (together "Twitter"). Twitter allows us to use target group-based advertising, re-targeting and conversion measurements for online advertising via the so-called visitor interaction pixel. Here, offers for specific target groups are based on general criteria, such as demographic characteristics, regions or interests. Twitter also allows us to target ads based on your recent page views. For example, you may see ads and notices about our offers and content if you are interested in specific services, information, or offers at the online trade show. Here only general and technical information on accessed pages is evaluated. If you generally do not want to be tracked by Twitter, you can prevent the storage of cookies at any time by your browser settings, which could limit functionality. For marketing optimization purposes, we send, if not disabled by the user in the system settings of its device, the Mobile Advertising ID, the hashed email address given during registration and the parameters specified in the section "Social Plugins" (such as IP address, browser and access device information) to Twitter. If you do not want us to collect the Mobile Advertising ID and send it to Twitter, you can find a manual for deactivation under the topic "Mobile Advertising ID".
Twitter also adheres to the do-not-track setting of its browser. As a Twitter user, you can also prevent the data processing described by disabling the "Customise Ads Based on Affiliate Information" checkbox next to the "Sponsored Content" heading in the Security and Privacy settings. More information can be found on the pages of Twitter.We have entered into a so-called "Data Processing Agreement" with Twitter, in which we commit Twitter to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
The storage of "conversion cookies" and the data processing is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our website and advertising.

Newsletter

Newsletter Data
If you would like to receive the newsletter offered on the website, we need an email address from you and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data are not collected or only on a voluntary basis.
We use this data exclusively for the delivery of the requested information and do not pass it on to third parties. The processing of the data entered into the newsletter application form is based exclusively on your consent (Art.6 (1) (a) GDPR). Of course, you can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The revocation's legality of the already completed data processing operations remains unaffected.
The data deposited with us for the purpose of obtaining the newsletter will be saved by us from the newsletter until your cancellation and deleted after the cancellation of the newsletter. Data stored for other purposes with us (e.g., email addresses for logging on to our services) remain unaffected.

MailChimp
This website uses the services of MailChimp for sending newsletters (or mandrill for sending information relevant to the user). The provider is the Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308 (USA) ("MailChimp").
MailChimp is a service with which, among other things, the dispatch of newsletters can be organized and analyzed. If you have entered data for the purpose of newsletter subscription (e.g., email address), these will be stored on the servers of MailChimp in the USA.
With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file included in the email (called a web beacon) connects to MailChimp's servers in the United States. This way, you can determine if a newsletter message has been opened and which links have been clicked on. In addition, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). This information can be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of the recipient.
If you do not want to be analyzed by MailChimp, you have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter message. Furthermore, you can unsubscribe from the newsletter directly on the website.
The data processing takes place on the basis of your active newsletter registration and our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our newsletter content according to the interests of our recipients. You can contradict this at any time by unsubscribing from the newsletter.
We will save the data deposited with us for the purpose of obtaining the newsletter from the newsletter until you receive it and will be deleted from our servers as well as from the servers of MailChimp after the cancellation of the newsletter.
We have entered into a so-called "Data Processing Agreement" with MailChimp, in which we commit MailChimp to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. For details, see the Mailchimp Privacy Policy.

Payment Information
No credit or debit card information is stored on our servers when you make payments for our services. Our third-party PCI-compliant payment processing companies store this information. We work with the following provider Stripe Inc., 185 Berry Street, Suite 550, San Francisco, CA 94107 (USA).
All credit and debit card transactions occur between the computer from which the transaction originates and our payment processor. When you use one of our trial phases or subscriptions or purchase something through the service, credit card information and other financial information we need to process the payment is collected and stored with a payment service provider. We also collect limited information, such as your zip code, mobile phone number and transaction history details. In addition, these payment service providers usually provide us with minimal information about you, such as the unique "token", which enables you to make further purchases using the data stored by the service providers, as well as your card type, expiration date and last four digits of the number.
We have entered into separate so-called "Data Processing Agreements" with Stripe, in which we commit Stripe to protect our customers' data, not to disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA.
Request Refunds
If you purchased a subscription and considered that payment for one of our products had been wrongly debited to your account, you may request a refund, which will be processed directly by us. 

Hosting & Analysis

Digital Ocean
We use the service DigitalOcean, LLC, 101 6th Ave New York, NY 10013 ("DigitalOceain") to help host our backend applications. DigitalOceain stores user data such as email, first name, last name, and interaction data. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. For more information about data processing by DigitalOcean, see the DigitalOcean Privacy Policy.

Cloudflare
We use the service of Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA ("Cloudflare") to increase our websites' and services' performance and security. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) of optimization of our websites and services. Here interaction data (especially IP addresses) are transferred via interfaces. We have entered into a so-called "Data Processing Agreement" with Cloudflare, in which we commit Cloudflare to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. For more information about data processing by Cloudflare, see the Cloudflare Privacy Policy.

Google Cloud Platform
We use services of the Google Cloud Platform, a developer platform operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043 USA ("Google") to find bugs in the Čtuto app by using the service Firebase Crashlytics. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. Google Cloud Platform / Firebase Crashlytics receives user data for error analysis, such as Mobile ad IDs, installation UUID (universally unique ID), Android IDs and IP addresses.
We have entered into a so-called "Data Processing Agreement" with Google, operator of the Google Cloud Platform and the Firebase Crashlytics service, in which we commit Google to protect the data of our customers, to not disclose them to third parties and to comply with the provisions of the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data to the USA. For more information about Firebase Crashlytics' data processing via the Google Cloud Platform, see the Google Privacy Policy.

MongoDB
We use Atlas of MongoDB, Inc., 3 Shelbourne Building, Crampton Avenue Ballsbridge, Dublin 4, Ireland ("MongoDB") as a central database. The data processing takes place on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for the technically error-free and optimized provision of our services. In addition to the pseudonymized Čtuto ID, no further personal data of the users is stored in the Atlas database.
We have entered into a so-called "Data Processing Agreement" with MongoDB, in which we commit MongoDB to protect our customers' data, not to disclose them to third parties and to comply with the standard contractual clauses according to Art. 46 GDPR in the case of a transfer of personal data via sub-processors or affiliates to the USA. For more information about MongoDB's data processing, see the MongoDB Privacy Policy.

California Privacy Rights
We take the data protection regulations of the California Consumer Privacy Act ("CCPA") and the California Civil Code seriously and respect the resulting rights of California residents, as stated in the following paragraphs. We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you with lower-quality goods and services if you exercise your rights under the CCPA.
Shine the Light / Opt-out
California residents have the right to request information about their personal data that we have shared with third parties once a calendar year and to have this data deleted by us. In addition, California residents have the right to opt out of the disclosure of their personal data to third parties ("opt-out"). To exercise the right to information and/or deletion and/or opt-out, an informal email to us (privacy@ctu.to) is sufficient, along with proof of identity and place of residence. We will respond to verified requests within 30 days. California residents also have the right to opt out of the sale of their personal data. We do not offer this option because we generally do not sell personal data.
Purposes of data processing of California residents
We collect and process the personal data of California residents only for the purposes stated in this data privacy policy, in particular, to provide our service and our websites in a technically flawless manner, to analyze user behavior to optimize our offer and to optimize our marketing. We do not sell personal data of California residents; we only pass them on to fulfill our business purposes, as stated above and in the data privacy policy.
Categories of personal data of California residents
We collect and process personal data from California residents, which are made available to us directly or through interactions with our services and websites, from the following categories: (i) personal data (e.g., name), (ii) identifiers (e.g., name, email address), (iii) Information about activities on the Internet or networks (e.g., parameters specified in the section "Social Plugins"). The categories of third parties with whom we may share California residents' personal information are (i) marketing networks, (ii) analytics and hosting providers, (iii) payment service providers, and (iv) social networks. We have no knowledge of disclosing the personal data of minors under 16 years of age to third parties.