1. Who this covers
People who send us non-binding enquiries about football experiences, coaching visits and the Arrival to Prague service, or who contact us via the site/e-mail/phone. We process data under the EU/EEA GDPR and applicable Czech law.
2. Data we process
- Identity & contact: name, e-mail, phone.
- Enquiry content: trip goals, club/match interest, group size, preferred dates, arrival details (e.g., flight number, arrival date/time, airport), Prague accommodation, special requests for assistance.
- Technical data: IP address, timestamps, basic server logs for security and operation.
We do not require special-category data. If you voluntarily share such info (e.g., a health note relevant to safe assistance), we will use it only if necessary for that purpose and delete it promptly afterwards.
3. Purposes & legal bases
a) Handling your enquiry & pre-contract communication (incl. coordinating the arrival service).
Legal basis: GDPR Art. 6(1)(b) – steps at your request prior to a contract.
b) Website operation, security, and record-keeping to protect our rights.
Legal basis: GDPR Art. 6(1)(f) – legitimate interests. You may object (see Section 7).
c) Legal obligations (if any arise – e.g., cooperating with authorities).
Legal basis: GDPR Art. 6(1)(c).
We do not use automated decision-making or profiling with legal effects.
4. Retention
- Enquiries & routine correspondence: up to 6 months from last contact if we don’t move towards a contract.
- Minimal records to protect our rights: up to 3 years (only where reasonably necessary).
- Technical logs: usually up to 1 year.
- Voluntary health/special requests for assistance: deleted after the assistance ends (no later than 30 days), unless another legal reason applies.
5. Recipients & processors
We do not sell your data. We share it only with trusted processors essential to provide the site/services:
- website hosting & e-mail provider,
- form/CRM tools and IT maintenance.
Each processor is bound by a GDPR-compliant data processing agreement. Public authorities may receive data only where required by law.
6. Transfers outside the EU/EEA
We prefer EU/EEA providers. If a transfer to a “third country” occurs (e.g., certain cloud services), we will implement Standard Contractual Clauses and appropriate safeguards.
7. Your rights
You may request access, rectification, erasure, restriction, portability (where applicable), and object to processing based on legitimate interests. We respond without undue delay, within 1 month (extendable by 2 months for complexity). You can lodge a complaint with the Czech Data Protection Authority (ÚOOÚ).
How to exercise: e-mail info@footballtrips.net. We may reasonably verify identity.
8. Cookies
We currently use only strictly necessary cookies for the site to function. If we later enable analytics/marketing cookies, we will ask for your opt-in consent via a cookie banner (with an equally easy reject option).
9. Security
We apply appropriate technical and organisational measures (encrypted transport, access control, updates). If a personal-data breach with risk to individuals occurs, we will act in line with GDPR.
10. Changes to this notice
We may update this notice; the current version with effective date will always be posted here.