Legal documentation

Privacy Policy

GDPR COMPLIANT // Effective from: January 1, 2025

1. Introduction

ALVILA SYSTEMS s.r.o. (“we”, “our”, or “us”) respects the privacy of its users (“you” or “your”). This Privacy Policy explains how we collect, use, share, and protect your personal data in connection with your use of our website and the implic.it critical thinking training platform (“Services”).

This policy is issued pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and applicable Czech law.

2. Data Controller

The controller of your personal data is:
ALVILA SYSTEMS s.r.o.
Registered office: Křemencova 178/10, 110 00 Praha 1, Czech Republic
Company ID (IČO): 28972384
VAT ID (DIČ): CZ28972384
Registered in the Commercial Register maintained by the Municipal Court in Prague

For any questions regarding the processing of your personal data, please contact us at: hello@implic.it

3. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Account data: your name, email address, and password (stored in hashed form) provided when creating an account.
  • Profile data: optional information you choose to add to your profile, such as a display name or preferences.
  • Usage data: information about how you interact with our Services, including exercises completed, scores, session duration, and feature usage.
  • Technical data: IP address, browser type and version, operating system, referring URLs, and other device or connection information collected automatically when you access our Services.
  • Communications: any messages you send us, including support requests or feedback.
  • Payment data: billing address and transaction references. We do not store full payment card details; payments are handled by our payment processor.
  • Cookies and similar technologies: see Section 9 below.

4. Purposes and Legal Bases for Processing

  • Performance of a contract (Art. 6(1)(b) GDPR): We process account and usage data to create and maintain your account, provide access to the Services, process payments, and respond to your requests.
  • Legitimate interests (Art. 6(1)(f) GDPR): We process technical and usage data to ensure the security and proper functioning of our Services, prevent fraud, diagnose technical issues, and improve our platform. We may also use your contact details for direct marketing of our similar services if you are an existing customer. You may object to this at any time.
  • Compliance with legal obligations (Art. 6(1)(c) GDPR): We process data as required by applicable accounting, tax, and other regulatory obligations.
  • Consent (Art. 6(1)(a) GDPR): Where we rely on your consent (for example for certain cookies or marketing communications beyond our legitimate interest), you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

5. Data Retention

  • Account and contract data is retained for the duration of your account and for 3 years after account closure or contract termination.
  • Data processed under our legitimate interests is retained for no longer than necessary, and in any case for no more than 1 year after your last use of the Services, unless a longer period is required by law.
  • Data processed to comply with legal obligations is retained for the periods prescribed by applicable law (e.g., 10 years for accounting records under Czech law).
  • Data processed on the basis of consent is retained until you withdraw your consent or until the purpose is fulfilled.

6. Recipients of Personal Data

We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

  • IT service providers and hosting partners who process data on our behalf under data processing agreements.
  • Payment processors for the handling of subscription payments.
  • Accounting and legal advisors bound by professional secrecy obligations.
  • Public authorities, if required by applicable law or a binding legal order.

We do not sell your personal data to third parties.

7. International Transfers

We primarily store and process your data within the European Economic Area (EEA). If any transfer to a country outside the EEA is necessary (for example in connection with cloud services), we ensure adequate safeguards are in place in accordance with Art. 46 GDPR, such as standard contractual clauses approved by the European Commission.

8. Your Rights Under GDPR

You have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR): you may request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): you may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): you may request deletion of your personal data (“right to be forgotten”) where the data is no longer necessary or processing is unlawful.
  • Right to restriction of processing (Art. 18 GDPR): you may request that we limit processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): you may request a copy of data you provided to us in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): you may object at any time to processing based on our legitimate interests, including direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at hello@implic.it. We will respond within one month. If you believe we have violated your rights under GDPR, you have the right to lodge a complaint with the Czech supervisory authority: Office for Personal Data Protection (UOOU), pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

9. Cookies

Our Services use cookies and similar tracking technologies. Cookies are small text files stored on your device. We use:

  • Strictly necessary cookies: required for the operation of our Services (e.g., session management, authentication). These cannot be disabled.
  • Functional cookies: remember your preferences (e.g., language, theme settings).
  • Analytics cookies: help us understand how users interact with our Services so we can improve them. These are only placed with your consent where required by law.

You can control and delete cookies through your browser settings at any time.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or destruction. These include encrypted connections (HTTPS), access controls, and regular security reviews. No transmission over the internet is completely secure; we cannot guarantee absolute security but we take our obligations seriously.

11. Automated Decision-Making

We do not carry out fully automated individual decision-making or profiling that produces legal or similarly significant effects on you.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via our website or by email. We encourage you to review this Policy periodically. The date of the most recent revision is shown at the bottom of this page.

Last updated: January 1, 2025
Contact: hello@implic.it
« Back to home
REF: LEGAL-GDPR-2025 // STATUS: SECURED