Privacy policy

Last updated February 1, 2026

This document describes how Jan Nováček, a sole trader conducting business under the laws of the Czech Republic, with registered address at Novoveská 10, 664 12 Oslavany, Czech Republic, IN: 01839811, VATIN: CZ9107224357 (hereinafter referred to as the “Provider”), processes personal data of users of the Readivo service.

Protection of personal data is important to the Provider. This Privacy Policy explains what personal data are processed, for what purposes, on what legal basis, for how long, and what rights data subjects have.

This Privacy Policy applies to the website readivo.app and to all related services provided within the Readivo platform (hereinafter referred to as the “Services”).

The Provider may be contacted regarding personal data protection matters via the email address .

Depending on the specific use of the Services, the Provider may act either as a data controller or as a data processor acting on behalf of the customer. Where the Provider acts as a data processor, the processing of personal data is governed by the Data Processing Agreement (DPA).

1. DATA CONTROLLER

The controller of personal data is:

Jan Nováček
Novoveská 10
664 12 Oslavany
Czech Republic
Company ID: 9107224357

The Provider has not appointed a data protection officer, as such obligation does not arise under applicable law.

2. CATEGORIES OF PERSONAL DATA

In connection with the provision of the Services, the Provider may process the following categories of personal data:

  • identification data (e.g. first name, last name);
  • contact data (e.g. email address);
  • login credentials and user account information;
  • technical data (e.g. IP address, device type, browser);
  • data on use of the Services (e.g. audio playback statistics);
  • data related to email communication and notifications;
  • data provided through third-party authentication (e.g. Google login);
  • data related to newsletter subscription.

The Provider does not process special categories of personal data (such as health data or biometric data).

3. PURPOSES OF PROCESSING

Personal data are processed in particular for the following purposes:

  • provision and operation of the Services;
  • creation and administration of user accounts;
  • authentication and login, including login via Google;
  • delivery of operational email notifications;
  • sending newsletters (if the User subscribes);
  • analysis of usage of the Services and their improvement;
  • compliance with legal obligations;
  • protection of the Provider’s rights and legitimate interests.

4. LEGAL BASIS FOR PROCESSING

Personal data are processed on the basis of the following legal grounds:

  • performance of a contract (Article 6(1)(b) GDPR);
  • compliance with legal obligations (Article 6(1)(c) GDPR);
  • legitimate interests of the Provider (Article 6(1)(f) GDPR);
  • consent of the data subject (Article 6(1)(a) GDPR), in particular for newsletters and optional cookies.

Provision of personal data is necessary for the use of the Services. Without providing such data, the Services cannot be fully used.

5. COOKIES AND ANALYTICS

The Services use cookies and similar technologies to ensure functionality, measure traffic and improve the user experience.

The Provider uses in particular the Google Analytics tool, which may process technical data related to use of the Website. Use of analytical cookies is based on the User’s consent, where required by applicable law.

Detailed information about cookies is available in the cookie settings accessible on the Website.

6. NEWSLETTER AND EMAIL COMMUNICATION

The User may voluntarily consent to receive a newsletter containing information about the Services, new features or updates.

Consent to receive the newsletter may be withdrawn at any time, in particular via the unsubscribe link included in each email or by contacting the Provider.

Operational email messages related to provision of the Services (where necessary for performance of the contract) may be sent even without newsletter consent.

7. RECIPIENTS OF PERSONAL DATA AND PROCESSORS

Personal data may also be processed by third parties that provide technical or operational support to the Provider (hereinafter referred to as “Processors”).

In particular, the Provider uses the following Processors:

  • analytics service providers (e.g. Google Analytics);
  • email service providers and newsletter delivery tools;
  • authentication service providers (e.g. Google login);
  • payment service providers (Paddle).

Payment data (such as payment card numbers) are not processed by the Provider. Such data are processed exclusively by the payment service provider Paddle, which acts as an independent data controller.

Where required by law, the Provider enters into appropriate data processing agreements with its Processors.

8. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU

Personal data may be transferred outside the European Union or the European Economic Area when certain Processors are used, in particular to the United States of America.

In such cases, transfers are carried out in accordance with GDPR, in particular on the basis of:

  • an adequacy decision of the European Commission;
  • standard contractual clauses;
  • other appropriate safeguards pursuant to Article 46 GDPR.

The User may request further information about the safeguards applied by contacting the Provider.

9. DATA RETENTION PERIOD

Personal data are retained only for the period necessary to fulfil the purposes for which they are processed.

Retention periods vary depending on the type of data and the purpose of processing, in particular:

  • user account data for the duration of the contractual relationship and thereafter for the period necessary to protect the Provider’s rights;
  • data processed for compliance with legal obligations for the period required by applicable law;
  • data processed on the basis of consent for the period for which consent was granted or until such consent is withdrawn.

After the retention period expires, personal data are securely deleted or anonymized.

10. DATA SECURITY

The Provider implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse or damage.

Such measures include in particular:

  • secure access controls to systems;
  • encrypted communication (HTTPS);
  • restriction of access to personal data to authorized persons only;
  • regular updates and security practices.

Despite the Provider’s efforts to ensure maximum security, it cannot be entirely excluded that personal data may be accessed by unauthorized parties during transmission over the internet.

11. DATA SUBJECT RIGHTS

In accordance with GDPR, data subjects have in particular the following rights:

  • the right of access to personal data;
  • the right to rectification of inaccurate or incomplete data;
  • the right to erasure (“right to be forgotten”), where legally applicable;
  • the right to restriction of processing;
  • the right to data portability;
  • the right to object to processing;
  • the right to withdraw consent at any time;
  • the right to lodge a complaint with a supervisory authority.

In the Czech Republic, the supervisory authority is the Office for Personal Data Protection.

12. FINAL PROVISIONS

This Privacy Policy may be updated by the Provider from time to time, in particular in connection with changes in legislation or changes in the manner of processing personal data.

The current version is always available on the Website. By continuing to use the Services after the effective date of changes, the User acknowledges such changes.

Additional information

Detailed information about cookies is available in our Cookies Policy.

A list of personal data subprocessors is available here.

Relationships with customers acting as data controllers are governed by the Data Processing Agreement (DPA).