Privacy Policy and Protection of Personal Data

Aperus, s.r.o., with its registered office at Osetá 632, 198 00 Prague 9, Czech Republic, company registration number 28863976, as the operator of the Webooker system, handles the protection of personal data responsibly and always acts in accordance with applicable legal regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

Who acts as controller and processor?

Within the Webooker system, our customers, for example schools, kindergartens, sports organizations, or educational institutions, enter personal data relating to their clients. In this case, they act as the controller.

Aperus, s.r.o. acts as the processor, processing this data on the basis of the contractual relationship and in accordance with the controller's instructions.

What personal data do we process?

Depending on the specific system configuration and the features used, the following categories of personal data may be processed:

  • Basic identification data such as first name, surname, date of birth, and similar details
  • Contact data such as address, email address, and phone number
  • Login details and system activity data
  • Data required for managing courses, reservations, or communication with clients

Who has access to personal data?

Users of the system have access only to their own data or to data for which the controller, meaning our customer, has granted them permission.

The system administrator, meaning our customer, has full control over personal data within that customer's system instance and decides who is granted access, for example members of staff.

Employees of Aperus, s.r.o. access a customer system only when that is necessary for technical support or further development. Access is provided exclusively through the support account (support@webooker.de) and may be withdrawn by the controller at any time. All our employees are bound by confidentiality obligations.

Additional processors

To operate the system, we work with carefully selected partners that meet GDPR requirements:

  • Google Cloud (Frankfurt) - hosting and operation of the Webooker system
  • SMS brána s.r.o. (Brno) - delivery of SMS messages to users
  • Twilio (SendGrid) (USA) - email gateway for sending transactional emails to users (data transfer based on the EU-US Data Privacy Framework, and, where required, EU Standard Contractual Clauses)

How long do we retain data?

Personal data is retained for the duration of the contractual relationship and afterward for as long as required by law, for example under tax and accounting regulations. Once those periods expire, the data is securely deleted or anonymized.

Technical and organizational measures

The processor undertakes to implement and maintain suitable technical and organizational measures to ensure a level of security appropriate to the risk.

Your rights

As a data subject, you have the following rights under the GDPR:

  • The right to access your personal data
  • The right to rectify inaccurate data
  • The right to erasure of data (the “right to be forgotten”) when it is no longer needed
  • The right to restrict processing
  • The right to object to processing
  • The right to lodge a complaint with the data protection supervisory authority