PRIVACY POLICY
(Last updated: February 6, 2026)

1. Introduction and Data Controller
Avantura s.r.o., ID No.: 21056030, with its registered office at: Varšavská 715/36, Vinohrady, 120 00 Prague, Czech Republic (hereinafter referred to as the "Controller"), is committed to protecting your privacy. This policy is in accordance with the EU General Data Protection Regulation (GDPR) and relevant Czech data protection laws.

2. Legal Basis for Processing
We process your data based on:

Performance of a Contract: To provide access to our services and process payments.

Legal Obligations: To verify age (protection of minors), keep accounting records, and fulfill tax obligations.

Explicit Consent: For processing biometric data during the verification process.

Legitimate Interest: For security, fraud prevention, and defense of legal claims.

3. Data We Collect
Registration Data: Username, email, and encrypted password.

Age and Identity Verification: We collect copies of ID documents and use biometric facial recognition (selfie) to ensure the User is over 18 years old. This data is processed solely for verification and is stored securely.

Payment Data (Bank Transfers): Since payments are made via bank transfer, we process data provided by your bank or entered by you in the payment order. This specifically includes: bank account number (IBAN), account holder's name, transaction date and amount, and the text entered in the "Message to recipient" field (used for payment identification). We do not process or store credit card data.

Technical Data: IP address, browser type, and access logs (kept for security reasons).

4. Data Retention Period
Account Data: Retained for the duration of your registration.

Identification Records: In accordance with 18 U.S.C. § 2257 and Anti-Money Laundering (AML) laws, certain identification records are retained for at least 5 years (or as required by specific regulations).

Accounting/Tax Data: Retained for 10 years as required by Czech accounting law (including data on bank transactions).

5. Data Sharing with Third Parties
We do not sell your data. We share it only with:

Banking Institutions: The Controller's bank, which processes incoming payments and maintains the bank account to which funds are sent.

Accounting and Tax Advisors: External entities providing statutory accounting services.

Identity Verification Services: Third-party tools used for automated age checks.

Public Authorities: Only based on a legitimate legal request (e.g., Police of the Czech Republic, Tax Office).

6. International Data Transfers
We store data primarily within the EU. If data is transferred outside the EEA (e.g., when using technical subcontractors), we ensure that all such transfers are protected by Standard Contractual Clauses (SCCs) or other legal safeguards in compliance with GDPR.

7. Your Rights
Under GDPR, you have the right to:

Access, correct, or delete your personal data.

Restrict processing or object to processing.

Data portability (obtain your data in a structured format).

Withdraw Consent: You can withdraw your consent to process biometric data at any time (which may, however, lead to account suspension if verification cannot be maintained).

Right to Complain: You have the right to lodge a complaint with the Office for Personal Data Protection at www.uoou.cz.

7.1. Account Cancellation: The User has the right to cancel their account at any time. The function for permanent account deletion is available directly in the user profile settings. Deleting the account results in the irreversible removal of access to all purchased content without entitlement to compensation.

8. Cookies
We use cookies for session management (keeping you logged in) and security. You can manage your preferences in your browser settings.

Contact: admin@praseni.com