Start writing
Log In

Privacy Policy

legal statement that explains how a website collects, uses, shares, and protects its users' personal data

Last Updated: May 2026

Data Controller Identity and Contact Details

Data Controller Identity

  • The data controller responsible for the processing of your personal data on this Platform is S&T Investors s.r.o., Velkopřevorské nám. 608/5a, PSČ 118 00 Praha 1, Czech Republic., IČO: 2725 1802.
  • For any privacy-related inquiries, data requests, or to exercise your rights, you can reach our team directly at our dedicated e-mail address: [Insert Email, e.g., privacy@schoolpressclub.com].

Controller vs. Processor

Scope of Our Role

  • B2C (Individual Accounts): For parents, independent students, or individuals registering directly, the Provider acts as the Data Controller under Article 13 GDPR.
  • B2B (Institutional Accounts, schools, organizations, businesses, etc.): When an institution registers and uploads individual data or media, the institution acts as the Data Controller. The Provider acts strictly as a Data Processor under Article 28 GDPR. In these cases, data processing is governed by our  Data Processing Agreement (DPA) (here).

Types of Data We Process

Categories of Personal Data Collected

We only process data necessary to provide our digital journalism services. This includes:

  • Account Data: Name, email address, password, institution and individual name, and role.
  • Billing Data: Billing address, institution ID (IČO), and payment transaction histories.
  • Content & Media Data: Text, articles, layout designs, and photographs/images uploaded by users for publications. This includes visual data capturing individuals.
  • Technical Data: IP addresses, cookie identifiers, browser types, and platform usage logs.

Purposes and Legal Bases for Processing

Legal Grounds for Processing Data

Pursuant to Article 6 of the GDPR, we process your personal data under the following legal bases:

  • Performance of Contract: To activate your account, provide access to newspaper creation tools, and process billing.
  • Compliance with Law: To fulfill tax, accounting, and statutory digital reporting requirements in the Czech Republic.
  • Legitimate Interest: To ensure platform security, prevent fraudulent registrations, and handle technical optimization.
  • Consent: For analytical cookies and newsletters, which can be withdrawn at any time.

Children's Data Safeguards

Processing Data of Minors
The Platform is specifically designed for school journalism activities involving minors.

  • For institutional accounts, the institution warrants that it has secured the required parental consent or possesses an educational statutory mandate to process data of students under 15 years of age.
  • For individual accounts, explicit parental or guardian verification is required before an account can be fully activated for users under 15.

Data Retention and Archiving

Data Retention Period

  • Active Account Data: Maintained for the duration of your active subscription or account registration.
  • Billing Records: Retained for a mandatory period of 10 years to comply with Czech tax legislation.
  • Historical Public Archive: In accordance with our Terms and Conditions, public newspaper issues are maintained in our historical public archive as part of our permanent journalism portfolio, unless a specific deletion request is submitted by the author or the Client.

Data Transfers and Third Parties

Data Receivers and Sub-processors

We do not sell, rent, or trade your personal data. To operate the Platform efficiently, we share necessary data with trusted third-party sub-processors operating strictly under GDPR-compliant standard contractual clauses (SCCs):

  • Cloud Hosting Infrastructure Providers (EU-based servers).
  • Secure Online Payment Gateways.
  • Professional Accounting and Invoicing Systems.
  • Administrative Technical Support and Maintenance Tools.
  • Marketing Automation and Web Push Notification Platforms (Brevo): Used to deliver email newsletters and automated browser updates. When you opt-in to web push notifications, an anonymous device token is generated by your browser to route updates; no personal identifying data is used unless you explicitly link your subscription to a newsletter account. You can completely opt-out at any time by adjusting your local browser notification permissions.

Your Mandatory GDPR Rights

Your Legal Rights under GDPR

As a data subject, you hold the following absolute rights under the GDPR, which you can exercise at any time via our contact email:

  • Right of Access: Request a copy of all personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete personal data.
  • Right to Erasure (“Right to be Forgotten”): Request total deletion of your data or archived articles.
  • Right to Restriction: Limit how we process your data under specific conditions.
  • Right to Data Portability: Export your content or account data in a structured, readable format.
  • Right to Object: Object to processing based on legitimate interest or marketing.

Regulatory Complaints and Authority

Right to File a Supervisory Complaint
We are fully committed to resolving any privacy concerns amicably. However, if you believe that your personal data is being processed in violation of the GDPR or Czech privacy regulations, you have an absolute statutory right to file an official complaint with the supervisory authority:

The Office for Personal Data Protection (Úřad pro ochranu osobních údajů – ÚOOÚ)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
Website: www.uoou.cz

Scroll to Top