Effective date: 1 June 2026 Version: 2026-06-01
This Privacy Policy describes how PMG Capital s.r.o. processes the personal data of users of the PMGclub platform (pmgclub.com) and the related portal miroslavpekarek.com.
This Policy is prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, "GDPR") and Czech Act No. 110/2019 Coll., on Personal Data Processing.
The controller of your personal data is:
PMG Capital s.r.o. Bohuslava Niederleho 1018, 272 04 Kladno, Czech Republic Company ID (IČO): 06998771 VAT ID (DIČ): CZ06998771 Email: info@pmgclub.com Web: pmgclub.com
The controller is not required to appoint a Data Protection Officer (DPO) under Article 37 GDPR. For all enquiries and to exercise your rights, please contact the email address above.
| Purpose | Legal basis (GDPR) | Retention period |
|---|---|---|
| Operating the account, providing services, authentication | Art. 6(1)(b) — performance of a contract | for the duration of the account |
| Issuing and archiving invoices | Art. 6(1)(c) — legal obligation (§ 35 Czech VAT Act) | 10 years from the end of the tax period |
| Accounting and taxes | Art. 6(1)(c) — legal obligation (Czech Accounting Act) | 5–10 years |
| Billing audit log (incl. IP address) | Art. 6(1)(c) + (f) — legal obligation + legitimate interest | 5 years |
| Platform security and abuse prevention | Art. 6(1)(f) — legitimate interest (security) | 30 days (server logs), 90 days (CSP reports) |
| Recommendation algorithm and feed personalisation | Art. 6(1)(f) — legitimate interest | for the duration of the account |
| Service communication (operational emails) | Art. 6(1)(b) — performance of a contract | for the duration of the account |
| Marketing communication (newsletter, offers) | Art. 6(1)(a) — consent | until consent is withdrawn |
| Service improvement based on anonymised analytics | Art. 6(1)(f) — legitimate interest | aggregated, indefinitely |
Legitimate interest — the controller has performed a legitimate interest assessment (LIA) and considers that its legitimate interests are not overridden by the rights and freedoms of users. You may object to processing based on legitimate interest at any time (Art. 21 GDPR).
To operate the platform, we use the following providers who, acting as processors, process your personal data exclusively under our instructions and on the basis of Data Processing Agreements (DPAs):
| Provider | Purpose | Data location | Transfer mechanism |
|---|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | EU — Dublin (eu-west-1) | Data remain in the EU |
| Vercel, Inc. | Application hosting, CDN | USA (edge nodes in the EU) | Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework |
| Cloudflare, Inc. (R2) | File storage (images, video) | Global distribution | Standard Contractual Clauses (SCCs) |
| Provider | Purpose | Location | Note on AI training |
|---|---|---|---|
| OpenAI, L.L.C. | Text generation (GPT-4o-mini), translations, embeddings, TTS, image generation | USA | Data are not used to train models (API tier) |
| Anthropic, PBC | Advanced text processing, AI Vision (Claude) | USA | Data are not used to train models (API tier) |
| ElevenLabs Inc. | Text-to-speech voice generation for presentation narration | USA | Per ElevenLabs terms |
Transfers to the USA: All US providers are either certified under the EU-US Data Privacy Framework, or transfers are conducted on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission.
| Provider | Purpose | Location | Role |
|---|---|---|---|
| Mo.one (operated by Z-net Technologies s.r.o., znpay.tech) | Processing bank transfer payments (CZ only) | Czech Republic | Independent controller — Mo.one processes payment data under its own privacy policy |
| Provider | Purpose | Location | Mechanism |
|---|---|---|---|
| Resend (Resend, Inc.) | Transactional email delivery (registration confirmation, invoices, notifications) | USA + EU | SCCs |
| Provider | Purpose | Activation |
|---|---|---|
| LinkedIn (Microsoft Ireland Operations Limited) | Sharing content from the platform to the user's LinkedIn account | Only if the user connects their LinkedIn account (OAuth) |
Where required by law, we may disclose data to: - tax and financial authorities - law enforcement authorities - courts and public prosecutors
| Data category | Retention |
|---|---|
| Account and profile | for the duration of the registration |
| Content (posts, comments, messages) | for the duration of the account; after account deletion, content is anonymised or deleted |
| Invoices and tax documents | 10 years (§ 35 of Czech Act No. 235/2004 Coll., on VAT) |
| Accounting records | 5 years (§ 31 of the Czech Accounting Act) |
| Billing audit log (incl. IP address) | 5 years |
| AI usage log | 12 months |
| Credit transaction records | for the duration of the account + 3 years |
| Server logs (IP, User-Agent) | 30 days |
| CSP reports | 90 days |
| Consent records | 3 years after withdrawal or account termination |
Upon account deletion the following occurs: - immediate removal of publicly visible profile data - anonymisation of content (author = "deleted user") or its complete deletion - retention of invoices and related data for the statutory period with detachment from the identifiable person where possible (Art. 17(3)(b) GDPR — processing necessary for compliance with a legal obligation)
Under the GDPR you have the right to:
We will respond to requests within 30 days. In justified cases (complexity, volume of requests) this period may be extended by a further two months, of which you will be informed.
We reserve the right to verify the identity of the requester by reasonable means (e.g. confirmation from the registered email address).
If you believe that we process your personal data unlawfully, you have the right to lodge a complaint with the Czech Office for Personal Data Protection:
Úřad pro ochranu osobních údajů Pplk. Sochora 27, 170 00 Prague 7, Czech Republic www.uoou.cz Phone: +420 234 665 111 Email: posta@uoou.cz
Citizens of other EU Member States may also lodge a complaint with the supervisory authority in their country.
The platform uses cookies and similar technologies (localStorage). For details, please refer to our separate Cookie Policy.
When you use AI features (text generation, translation, AI images, voice narration), the inputs (prompts, uploaded documents, text for translation) are transmitted for processing to the AI providers listed in section 4.2.
Important information:
Detailed information about AI features is available in the AI Policy.
The platform is intended for persons aged 16 and over. We do not knowingly process data of persons under 16. If we learn that an account has been created by a person under 16, we will delete it without delay.
If you are a parent or legal guardian and believe that your child is using the platform contrary to this rule, please contact us at info@pmgclub.com.
The controller implements appropriate technical and organisational measures to protect personal data, in particular:
However, no measure can guarantee 100% security. In the event of a personal data breach likely to result in a risk to the rights and freedoms of users, we will notify users without undue delay, and no later than 72 hours after becoming aware of it (Art. 33–34 GDPR).
This Policy may be updated from time to time. We will notify users of material changes:
In case of a material change (different processing purpose, new processor, extended retention period), re-confirmation of consent may be required.
The version history of this Policy is archived and available upon request. The version you accepted at registration or at the last consent update is stored in your profile (gdpr_consent_version).
For any questions, requests to exercise your rights, or complaints, please contact:
PMG Capital s.r.o. Bohuslava Niederleho 1018, 272 04 Kladno, Czech Republic Email: info@pmgclub.com
Effective from: 1 June 2026 PMG Capital s.r.o. · Company ID: 06998771 · VAT ID: CZ06998771