Privacy Policy

The controller of your personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”) is Tivio Studio a.s., identification number (IČO): 193 03 742, with its registered office at Pernerova 691/42, Karlín, 186 00 Prague 8, Czech Republic (the “Controller”).

The Controller’s contact details are: email support@tivio.studio; address Tivio Studio a.s., Pernerova 691/42, Karlín, 186 00 Prague 8, Czech Republic.

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

The Controller processes personal data provided by users of the Stargaze Studio platform (“Users”), including when registering for the waiting list and, once available, when creating an Account in accordance with the Terms of Use of the Stargaze Studio platform (the “Terms of Use”).

Waiting-list registration. When you register for the waiting list via our sign-up form, the Controller processes your first name and email address and, optionally, your audience size, your primary publishing platform, and the part of your workflow you would most like to improve. The Controller also processes your IP address.

Account and platform use. Once the platform is available, the Controller may, in connection with the provision of the services, also process: the User’s IP address, first name, last name, email address, Account login password, and billing information required by law (first name, last name, IČO, registered office/place of residence, DIČ (VAT), bank account number, and payment card details).

The Controller processes the above personal data to the extent necessary for the provision of electronic services on the basis of the Terms of Use. The data is obtained directly from Users. Providing the data is voluntary, but necessary for the proper provision of the services.

The legal basis for processing personal data is:

• consent given by the User — sending commercial information, newsletters, and information about the launch of the platform to Users who register for the waiting list and tick the consent box; the legal basis is Article 6(1)(a) of the GDPR, and consent may be withdrawn at any time;
• performance of a contract — managing your waiting-list registration and, once available, performing the Terms of Use (including maintaining an Account, enabling a Subscription, enabling the submission of opinions and complaints, and handling any complaints); the legal basis is Article 6(1)(b) of the GDPR;
• compliance with the Controller’s statutory obligations, resulting in particular from tax and accounting regulations (including the need to issue and archive an invoice or other accounting document); the legal basis is Article 6(1)(c) of the GDPR;
• the Controller’s legitimate interest in optimizing the platform to ensure the greatest possible convenience of use, and in the investigation of and defense against potential claims related to the use of the platform; the legal basis is Article 6(1)(f) of the GDPR.

The purpose of personal data processing is:

• managing the waiting list and notifying registrants about the launch of the platform;
• sending commercial information and conducting other marketing activities on the basis of consent;
• exercising the rights and obligations arising from the Terms of Use — the agreement concluded between the User and the Controller;
• fulfilling the statutory obligations incumbent on the Controller;
• the pursuit and defense of claims;
• optimizing the platform in order to ensure the greatest possible convenience for Users.

As a rule, the Controller does not make automated decisions in individual cases, including profiling within the meaning of Article 22 of the GDPR. Such processing may only take place if the User has given their explicit consent.

The Controller shall retain personal data:

• for the period necessary to exercise the rights and fulfil the obligations arising from the Terms of Use, or until the claims become time-barred or the relevant proceedings are concluded;
• for data processed on the basis of consent (including marketing emails sent to waiting-list registrants) — until the consent is withdrawn;
• until the Controller has fulfilled its legal obligations;
• for data processed on the basis of a legitimate interest — as a rule, until an objection is raised.

After the storage period has expired, the Controller deletes the personal data.

The recipients of personal data, on the basis of relevant agreements, may be entities:

• involved in the provision of the services by the Controller on the basis of the Terms of Use;
• involved in ensuring the operation of the services on the terms specified in the Terms of Use;
• providing marketing services on behalf of the Controller.

The User’s personal data may be made available to external third parties processing payments, to the extent necessary to process those payments. The recipients of personal data are, in particular, mailing and cloud service providers.

The Controller does not transfer personal data to third countries located outside the European Economic Area or to international organizations.

In accordance with the GDPR, the User has the right to:

• access their personal data pursuant to Article 15 of the GDPR;
• rectify their personal data pursuant to Article 16 of the GDPR, or restrict its processing pursuant to Article 18 of the GDPR;
• erase their personal data pursuant to Article 17 of the GDPR;
• object to the processing of data pursuant to Article 21 of the GDPR;
• data portability pursuant to Article 20 of the GDPR;
• withdraw consent at any time pursuant to Article 7(3) of the GDPR, without affecting the lawfulness of processing carried out before its withdrawal.

In addition, the User has the right to lodge a complaint with the supervisory authority — Úřad pro ochranu osobních údajů (Office for Personal Data Protection), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic — if they believe that their rights have been violated.

The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data, including:

• entrusting the processing of personal data only to persons who have been instructed on the obligation of confidentiality with regard to personal data and other obligations to be observed in accordance with the GDPR, other applicable laws, or this Policy;
• using appropriate technical equipment and software to prevent unauthorized or accidental access to personal data;
• storing personal data in appropriately secured facilities and rooms, and in electronic form on secure servers or data carriers accessible only to authorized persons using access codes or passwords, with regular backups;
• securing the remote transmission of personal data via protected communication channels in public networks;
• processing personal data in pseudonymized and encrypted form, where possible, appropriate, or necessary to limit the risks associated with processing;
• ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services, and the ability to restore timely access to personal data in the event of a physical or technical incident;
• conducting regular tests, assessments, and evaluations of the effectiveness of the technical and organizational security measures implemented.

The Controller declares that only authorized persons have access to personal data.

By registering for the waiting list and ticking the consent box — and, where applicable, by creating an Account — on the Stargaze Studio platform, the User confirms that they have read this Policy and accept it in full, and, where consent has been given, consents to receiving commercial communications and other emails from the Controller. The User may withdraw such consent at any time.

The Controller reserves the right to change this Policy. The updated version of the Policy will be published on the Stargaze Studio platform.