GENERAL DATA PROTECTION REGULATIONS

Dear clients,
Let us inform you of the rules, regulations, and measures taken in processing personal data as performed by SHINE Consulting s.r.o. All data processing is in accordance with Act No. 101/2000 Coll. (on personal data protection), as amended, and in accordance with European Parliament and Council Regulation (EC) 2016/679, DATED April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (further as Regulation).

I. BASIC INFORMATION

Data controller: SHINE Consulting s.r.o., COMPANY REGISTRATION NUMBER 25318292, registered office at Oulehla 443, POSTCODE 66407, email: lucie.hajkrova@shine.cz, (further as „SHINE Consulting“)

Data subjects: Natural persons whose personal data are processed by SHINE

Data Protection Officer: SHINE Consulting did not appoint a Data Protection Officer

Transfer of personal data to a third country or to an international organisation: SHINE Consulting does not transfer personal data to a third country or to any international organisations.

Duration of storage of personal data: Personal data are processed and stored by SHINE Consulting for the duration of the legally binding contract and subsequently for a period of 5 years after the termination or expiry of that contract. Personal data processed in order to meet the requirement of compliance with special legislation are processed for the duration stipulated by such special legislation. In the event that the processed data may be used to protect the legitimate interest of the data controller, SHINE Consulting shall carry out processing of such data for a period necessary to protect such legitimate interest.

Automated individual decision-making: SHINE Consulting does not carry out automated individual decision-making or profiling.

Supervisory authority: The supervisory authority is Úřad pro ochranu osobních údajů (the Office for Personal Data Protection), registered office at Pplk. Sochora 27, 170 00 Praha 7, email: posta@uoou.cz, tel.: 234 665 125.

II. PERSONAL DATA SOURCES

SHINE Consulting obtains personal data directly from data subjects.

In the case of courses which natural persons attend on account of their employment (e.g. employees, statutory bodies etc.), SHINE Consulting obtains their personal data in part directly from the company/organization of which the natural person/persons are a part. In such cases the company/organization is obligated to a) meet all requisite rules and regulations in relation to the data subjects attending the event (course or training programme) in accordance with the Regulation, b) obtain their explicit consent to processing of personal data, and, where applicable, (c) act in accordance with the duties of Data Controllers as laid out in the Regulation.

The SHINE Consultings can make audio and video recordings of online courses and webinars. The recording is available to the participants and may also be used for the SHINE Consultings' internal purposes.

By providing your email address you agree that you may receive further information regarding our products and services in the form of our Newsletter.

III. LEGAL BASIS FOR PROCESSING, PURPOSE AND DURATION OF PROCESSING

Personal data of data subjects are processed on the following legal bases:

  • performance of contract;
  • necessary compliance with a legal obligation of SHINE Consulting;
  • legitimate interest of SHINE Consulting;
  • consent to personal data processing.

In order to perform the contract and/or to comply with a legal obligation of SHINE Consulting, the following data are processed: name, surname, or (alternatively) entity name, date of birth, identification number, address, place of business, telephone number, email address, job position and company name (of data subject’s employer), preference as regards relevant topics/areas.

In the event that SHINE Consulting intends to process personal data not defined in Art. III (i.e. not mentioned in the foregoing text), or for purposes other than those mentioned herein (e.g. email for the receipt of commercial communication such as newsletters), SHINE Consulting can only do so on the basis of a valid consent to personal data processing. Consent to personal data processing is a concrete and unambiguous expression of free will and the data subject may withdraw the previously declared consent at any time.

IV. RECIPIENTS OF PERSONAL DATA

SHINE Consulting does not transmit personal data to any other data controllers.

Personal data processors are:

  • SHINE Consulting consultants running courses or performing consultancy-related work, interventions, or assistance offered by SHINE Consulting;
  • IT solution providers commissioned to perform IT administration of software used by SHINE Consulting;
  • Accounting personnel commissioned to perform accounting operations on behalf of SHINE Consulting.

Personal data processing as required by SHINE Consulting can only be performed by processors who are bound by a personal data processing contract and who guarantee sufficient organizational and technical security of personal data, where the purpose of processing is clearly stated and the personal data are used only for the stated purpose.

V. DATA SUBJECT RIGHTS

The data subject has:

  1. Right of access: The data subject has the right to receive information whether any personal data of the data subject are being processed, and if so, the data subject has the right of access to their personal data and the following information: a) processing purposes; b) the categories of personal data processed; c) the recipients or categories of recipients that were or will be provided access; d) the planned duration of storage; e) information about the existence of rights of the data subject such as rectification, erasure or restriction of processing, the right to object; f) the right to lodge a complaint with the relevant authorities; g) any available information about the origin of the data, as long as these were not collected from the data subject themselves; h) any existence of an automated decision-taking process, including profiling. The data subject further has the right to obtain a copy of the processed personal data.
  2. Right to rectification: Data subjects have the right to require SHINE Consulting to have their personal data rectified, or completed if incomplete, and SHINE Consulting must do so without undue delay.
  3. Right to erasure: Data subjects have the right to ask SHINE Consulting to erase their personal data without undue delay if: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing to continue; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in the European Union or the Czech Republic; f) the personal data have been collected in relation to the offer of information society services. The right to erasure shall not apply to the extent that processing is necessary for compliance with a legal obligation which requires processing by Union or Member State law, and for the establishment, exercise, or defence of legal claims, and in other cases as stipulated in the Regulation.
  4. Right to restriction of processing: The data subject shall have the right to obtain from SHINE Consulting restriction of processing where one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling SHINE Consulting to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) SHINE Consulting no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of SHINE Consulting override those of the data subject.
  5. Right to object to processing: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, which SHINE Consulting processes for the purposes of protecting its legitimate interest. SHINE Consulting shall no longer process the personal data unless SHINE Consulting demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  6. Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to SHINE Consulting, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the SHINE Consulting where: a) the processing is based on consent  b) the processing is carried out by automated means. In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  7. Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her as carried out by SHINE Consulting infringes this Regulation. The supervisory authority is Úřad pro ochranu osobních údajů (the Office for Personal Data Protection), registered office at Pplk. Sochora 27, 170 00 Praha 7, email: posta@uoou.cz, tel.: 234 665 125.
  8. Right to be notified regarding rectification or erasure of personal data, or restriction of processing: SHINE Consulting is obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. SHINE Consulting shall inform the data subject about those recipients if the data subject requests it.
  9. Right to be informed in the event of a personal data breach to the data subject: When the personal data breach is likely to result in a high risk to the rights and freedoms of the data subject, SHINE Consulting shall communicate the personal data breach to the data subject without undue delay.
  10. Right to withdraw consent with processing of personal data: If any personal data relating to the data subject are being processed by SHINE Consulting on the basis of explicit consent expressed by the data subject, the data subject shall have the right to withdraw his or her consent at any time.

VI. PRIVACY POLICY for ShineStarlight.ai (Website, iOS and Android)

We at ShineStarlight.ai (together with our affiliates) respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Information we collect from or about you when you use our website, applications, and services (collectively, “Services”). This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.For information about how we collect and use training information to develop our language models that power ShineStarlight.ai please refer to our service providers ChatGPT and other Services, and your choices with respect to that information, please see this help center article on OpenAI site. We use OpenAI API to provide the content/results.


1. Personal information we collect

We collect personal information relating to you (“Personal Information”) as follows:
Personal Information You Provide: We collect Personal Information if you create an account to use our Services or communicate with us as follows:

  • Account Information: When you create an account with us, we will collect information associated with your account, including your name, contact information, account credentials, payment card information, and transaction history, (collectively, “Account Information”).
  • User Content: When you use our Services, we collect Personal Information that is included in the input, file uploads, or feedback that you provide to our Services (“Content”).
  • Communication Information: If you communicate with us, we collect your name, contact information, and the contents of any messages you send (“Communication Information”).
  • Social Media Information: We have pages on social media sites like Instagram, Facebook, Medium, Twitter, YouTube and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details (collectively, “Social Information”). In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity.

Personal Information We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):

  • Log Data: Information that your browser automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our website.
  • Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
  • Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
  • Cookies: We use cookies to operate and administer our Services, and improve your experience. A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies, please visit All About Cookies.
  • Analytics: We may use a variety of online analytics products that use cookies to help us analyze how users use our Services and enhance your experience when you use the Services.

Personal Info: Name, Email address, Phone number

Financial Info: Status, Purchase history, User payment info

Location: Approximate location

Messages: Emails, SMS or MMS, Other in-app messages

Audio: Voice or sound recordings

Calendar: Calendar events

App Info and Performance: Crash logs, Other app performance data

Files and Docs: Files and documents

App Activity: App interactions, In-app search history

Device or other IDs: Device or other identification details


2. How we use personal information

We may use Personal Information for the following purposes:

  • To provide, administer, maintain and/or analyze the Services;
  • To improve our Services and conduct research;
  • To communicate with you;
  • To develop new programs and services;
  • To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
  • To carry out business transfers; and
  • To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.

Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to reidentify the information, unless required by law.
As noted above, we may use Content you provide us to improve our Services, for example to train the models that power ShineStarlight.ai and its service providers. To opt out, please avoid using the service of ShineStarlight.ai and request for data deletion at support@shine.cz for instructions on how you can opt out of our use of your Content to train our models.


3. Disclosure of personal information

In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:
• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, cloud services, and other information technology services providers, email communication software, and web analytics services, among others. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us.
• Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
• Legal Requirements: We may share your Personal Information, including information about your interaction with our Services, with government authorities, industry peers, or other third parties (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (vi) to protect against legal liability.
• Affiliates: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with ShineStarlight.ai. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.


4. Additional U.S. State Disclosures

The following table provides additional information about the categories of Personal Information we collect and how we disclose that information. You can read more about the Personal Information we collect in “Personal information we collect” above, how we use Personal Information in “How we use personal information” above, and how we retain Personal Information in “Security and Retention” below.

Category of Personal Information. Disclosure of Personal Information.

Identifiers, such as your name, contact details, IP address, and other device identifiers. We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions.

Commercial Information, such as your transaction history. We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions.

Network Activity Information, such as Content and how you interact with our Services. We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions.

Geolocation Data. We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions.

Your account login credentials and payment card information (Sensitive Personal Information). We disclose this information to our affiliates, vendors and service providers, law enforcement, and parties involved in Transactions.
To the extent provided for by local law and subject to applicable exceptions, individuals may have the following privacy rights in relation to their Personal Information:

  • The right to know information about our processing of your Personal Information, including the specific pieces of Personal Information that we have collected from you;
  • The right to request deletion of your Personal Information;
  • The right to correct your Personal Information; and
  • The right to be free from discrimination relating to the exercise of any of your privacy rights.

We don’t “sell” Personal Information or “share” Personal Information for cross-contextual behavioral advertising (as those terms are defined under applicable local law). We also don’t process sensitive Personal Information for the purposes of inferring characteristics about a consumer.

Exercising Your Rights. To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request to support@shine.cz.
Verification. In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.

Authorized Agents. You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted to support@shine.cz.

Appeals. Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request to support@shine.cz.


5. Children

Our Service is not directed to children under the age of 13. ShineStarlight.ai does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to ShineStarlight.ai through the Service, please email us at support@shine.cz. We will investigate any notification and if appropriate, delete the Personal Information from our systems. If you are 13 or older, but under 18, you must have consent from your parent or guardian to use our Services.


6. Links to other websites

The Service may contain links to other websites not operated or controlled by ShineStarlight.ai including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.


7. Security and Retention

We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or third-party websites.
We’ll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.


8. Communications

When you sign up for an account with ShineStarlight.ai, you provide us with your contact information, including but not limited to your email address and phone number. We may use this information to communicate with you about your account and for legitimate reasons to provide product features to our users. This includes sending you promotional offers, news, updates, and notifications related to essential product features and enhancements. These communications are considered an integral part of our service, and by creating an account, you consent to receive them. If at any time you wish to stop receiving promotional communications or delete your data, you can opt-out using the unsubscribe link in our communications, contacting our support team at support@shine.cz. We respect your privacy and will not share, sell, or lease your contact information to third parties for their promotional purposes. Essential communications related to your account, subscriptions and product features will continue, even after opting out of promotional and marketing messages. To stop all messages, please request to delete your data through above mentioned email.


9. International users

By using our Service, you understand and acknowledge that your Personal Information will be processed and stored in our facilities and servers in the United States and may be disclosed to our service providers and affiliates in other jurisdictions.

For EEA, UK or Swiss users:

Legal Basis for Processing. Our legal bases for processing your Personal Information include:

  • Performance of a contract with you when we provide and maintain our Services. When we process Account Information, Content, and Technical Information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you.
  • Our legitimate interests in protecting our Services from abuse, fraud, or security risks, or in developing, improving, or promoting our Services, including when we train our models. This may include the processing of Account Information, Content, Social Information, and Technical Information.
  • Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
  • Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our affiliates’, users’, or third parties’ rights, safety, and property.

EEA and UK Representative. We’ve appointed the following representatives in the EEA and UK for data protection matters. You can contact our representatives at support@shine.cz.

Data Transfers. Where required, we will use appropriate safeguards for transferring Personal Information outside of the EEA, Switzerland, and the UK. We will only transfer Personal Information pursuant to a legally valid transfer mechanism. For more information on the appropriate safeguards in place and to obtain a copy of these safeguards, please contact us at the details below.

Data controller: SHINE Consulting s.r.o., Company registration number: 25318292, registered office at Oulehla 443, 664 07 Pozorice, Czech Republic, email: support@shine.cz.


10. Changes to the privacy policy

We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.


11. How to contact us

Please send email to support@shine.cz if you have any questions or concerns not already addressed in this Privacy Policy.