Legal

Privacy Policy

Effective date: 1 January 2026 · Kristýna Čočková, MSc. · IČO: 09031197

Read in:

These Principles explain what I do with the data I obtain about you through the website https://www.formnfunction.eu/ or through one of the platforms enabling remote access, which primarily include applications and websites used as part of the cooperation between the administrator and the data subject according to their agreement (hereinafter collectively with the administrator's website also referred to as "platforms").

If you as a data subject start using any of the platforms, you are obliged to familiarise yourself in advance with all the terms and conditions of the relevant platform. Once you have duly and fully familiarised yourself with them and agree to them, I will proceed to set up your client account on the relevant platform (by entering only your name, surname, and linking your profile as a client to my profile as a "trainer"). From the moment you enter your own login details, you manage your account independently and enter into a relationship with the relevant platform. In such a case, the processing of your personal data on the platform will be governed by the specific principles of that platform, i.e., outside my remit as the service provider.

I recommend reading these Principles carefully. When processing your personal data, I always take care to protect it and ensure compliance with the relevant legal regulations, particularly compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter also "GDPR") and Act No. 101/2000 Coll., on the protection of personal data.

I. Administrator, Data Subject and Data

  1. The administrator of personal data is Kristýna Čočková, MSc., self-employed person, IČO: 09031197, Vašíčkova 3436, 272 04, Kladno, Czech Republic, phone: +420 606 074 569, +353 85 130 1311, email: info@formnfunction.eu (hereinafter also referred to as the "administrator").
  2. The data subject is a natural person — user of services provided by the administrator, particularly in the field of nutritional coaching, personal training and massage therapy (hereinafter collectively referred to as "services"), or a person using the website or other platforms, particularly in connection with an enquiry for services (hereinafter collectively referred to as the "data subject").
  3. Personal data means, according to Article 4(1) GDPR, all information relating to an identified or identifiable natural person (i.e., the data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data therefore includes, for example: name, address, email, telephone number, date of birth, health data, dietary data, exercise data and other information that enables identification of the data subject or is closely related to them and which the data subject provides to the administrator.

II. Categories of Personal Data Processed

I process in particular:

  1. Basic identification and contact details (name, surname, email, telephone and address)
  2. Data provided during the initial consultation and during the service, including so-called special categories of data (particularly health data, data on health status or other sensitive information necessary for the safe and effective provision of services) or audiovisual records containing personal features
  3. Data recorded in client accounts (on platforms), including training plans, meal plans, feedback and other documents
  4. Payment and invoicing data

III. Purposes and Legal Bases for Processing

  1. I process personal data in particular for:
    1. Performance of contractual obligations arising from the provided services (Article 6(1)(b) GDPR)
    2. Compliance with legal obligations (e.g. accounting) (Article 6(1)(c) GDPR)
  2. I may also process the personal data of the data subject on the basis of your consent (Article 6(1)(a) GDPR) for one or more purposes. I may also process special categories of personal data if you as the data subject (or as the legal representative of the data subject) give explicit consent (Article 9(2)(a) GDPR).

IV. Retention Period of Personal Data

  1. I retain your personal data only for as long as necessary to fulfil the purpose for which they were collected.
  2. This means that I retain the data for the duration of the contractual relationship and subsequently for the period required by law, for example for accounting and tax records purposes, which is usually 10 years from the end of the cooperation.
  3. Data processed on the basis of your consent are retained only until you withdraw this consent or for the period for which the consent was given, unless they are processed on another legal basis at the same time.
  4. After these periods expire, the data are securely deleted.

V. Transfer of Personal Data to Third Countries

  1. In providing services, I use platforms and applications whose operators may be based outside the European Economic Area, for example in the USA or the United Kingdom. In such cases, an appropriate level of personal data protection is ensured through legal mechanisms approved by the European Commission, particularly standard contractual clauses (Standard Contractual Clauses – SCC) or on the basis of the Data Privacy Framework. These platforms have been selected on the basis of a data protection impact assessment.

VI. Security of Personal Data Processing and Automated Processing

  1. Your data are protected by strict technical and organisational measures. These include data encryption, secure communication channels, two-factor authentication, regular software updates and access restricted only to persons bound by confidentiality.
  2. All processors I cooperate with are contractually or otherwise obliged to comply with the GDPR. I regularly conduct internal audits to ensure that data protection meets current requirements.
  3. In the event of an incident, I have procedures in place for its resolution and notification to the Office for Personal Data Protection and affected data subjects.
  4. Personal data are processed in electronic form in an automated manner, or where applicable in printed form in a non-automated manner, by the provider. Personal data of the data subject may be made available to public administration authorities if required by relevant legal regulations.

VII. Rights of Data Subjects

The data subject has the right to:

  1. Request the Provider to provide access to personal data concerning them and to obtain confirmation as to whether those data are being processed, including access to their content
  2. Request a copy of the processed personal data; the Provider may charge a reasonable fee corresponding to administrative costs for additional copies
  3. Rectification of inaccurate personal data and, taking into account the purpose of processing, completion of incomplete data
  4. Erasure of personal data ("right to be forgotten") or restriction of processing if the conditions laid down by law are met, in particular if the data are no longer necessary for the purposes for which they were collected and there is no other legal basis for their processing
  5. Data portability, i.e. to obtain data provided to the Provider in a structured, commonly used and machine-readable format and to transmit them to another administrator; they may also request that the data be transmitted directly to another administrator where technically feasible
  6. Object to the processing of personal data for marketing purposes; if the data subject objects, the Provider will cease processing for this purpose
  7. Lodge a complaint with the supervisory authority, i.e. the Office for Personal Data Protection (www.uoou.cz), particularly if they have doubts about compliance with legal regulations by the Provider
  8. Exercise other rights arising from legal regulations in the field of personal data protection

The data subject acknowledges that they have the right to withdraw their consent to the processing of personal data at any time free of charge, by sending it in writing to the Provider's registered office address or to the email address: info@formnfunction.eu. Withdrawal of consent is effective upon delivery to the Provider. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

VIII. Special Categories of Data (Health Data)

  1. I process data on your health status only to the extent necessary for providing services such as nutritional coaching, personal training or massages. These data are protected by special measures as they fall under special categories of personal data pursuant to Article 9 GDPR. Access to them is granted only to persons bound by confidentiality and trained in personal data protection. If processing of these data is not necessary for the performance of the contract, I require your explicit consent. You may withdraw this consent at any time.

IX. Cookies and Marketing

  1. The website uses only cookies necessary for its functionality and basic analytics.
  2. I send you marketing communications only if you give consent, and you can always easily unsubscribe.

XIV. Final Provisions

  1. These Principles take effect on 01.01.2026. The administrator reserves the right to amend or supplement these Principles at any time, particularly due to changes in legal regulations, decisions of supervisory authorities or changes in the method of personal data processing.
  2. The data subject will be informed of any material change to the Principles in an appropriate manner, for example by publishing the updated version on the administrator's website or by email if provided by the data subject. The current version of the Principles is always available on the administrator's website.
  3. If the change requires the data subject's consent (e.g. for a new processing purpose or extension of the scope of sensitive data), this consent will be requested before processing begins under the new conditions.
  4. For any queries regarding these Principles or exercising data subject rights, you may contact the administrator at the email address: info@formnfunction.eu or in writing at the administrator's registered office address.

In Kladno, 01.01.2026 · Kristýna Čočková, MSc.