Privacy Notice

This Privacy Notice describes how MIGHT OF FLIGHT s.r.o. ("we", "us", "the Company") processes personal data submitted through this website, in particular through the contact form, and the rights available to data subjects under Regulation (EU) 2016/679 ("GDPR") and Czech Act No. 110/2019 Coll. on the Processing of Personal Data.

The controller responsible for processing personal data is:

The Company has not appointed a Data Protection Officer. All matters concerning the processing of personal data may be addressed to the contact email above.

When you submit an enquiry through the contact form, we process the following categories of personal data:

• Identification full name, name of the organisation you represent
• Contact email address, telephone number (where provided)
• Communication the substance of your enquiry and any subsequent correspondence
• Technical IP address and request metadata transiently processed by the form-handling service for delivery and abuse-prevention purposes

We do not knowingly collect special categories of personal data (GDPR Art. 9) through this website and request that such data not be included in unsolicited enquiries.

Personal data is processed for the following purposes:

• Enquiry response to assess and respond to your enquiry. Legal basis: legitimate interest of the Company in conducting professional correspondence and evaluating prospective engagements (GDPR Art. 6(1)(f)). Where the enquiry leads to a contractual relationship, the basis becomes performance of a contract or pre-contractual steps taken at your request (GDPR Art. 6(1)(b)).
• Legal compliance to comply with obligations to which the Company is subject, including obligations under accounting, tax, and applicable export-control or sanctions legislation (GDPR Art. 6(1)(c)).
• Defence of claims to establish, exercise, or defend legal claims, where necessary. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).

Personal data submitted through this website is processed internally by authorised personnel of the Company. We do not sell personal data and do not share it with third parties for marketing purposes.

Personal data may be disclosed to:

• Service providers acting as processors on our behalf (form handling, email, hosting, IT infrastructure), bound by written processor agreements in accordance with GDPR Art. 28
• Competent public authorities where disclosure is required by law or judicial order
• Professional advisers (legal, accounting) bound by confidentiality obligations

Personal data is processed within the European Economic Area ("EEA"). The Company does not transfer personal data to recipients in countries outside the EEA as a routine matter. Where such transfer becomes necessary, it will be effected only on the basis of an adequacy decision, standard contractual clauses, or another lawful transfer mechanism recognised under GDPR Chapter V.

Personal data is retained for as long as is necessary to fulfil the purposes set out above, and thereafter only to the extent required to comply with legal obligations or to establish, exercise, or defend legal claims.

• Enquiries — no engagement up to 12 months from the last substantive correspondence
• Enquiries — leading to engagement for the duration of the contractual relationship and thereafter as required by applicable accounting, tax, and contract law (typically up to 10 years)
• Records of consent and rights requests for the duration required to evidence compliance with the GDPR

Subject to the conditions set out in the GDPR, you have the right to:

• Access obtain confirmation as to whether your personal data is being processed and a copy of that data (Art. 15)
• Rectification request correction of inaccurate or incomplete personal data (Art. 16)
• Erasure request deletion of personal data where the legal grounds for processing no longer apply (Art. 17)
• Restriction request limitation of processing under specific circumstances (Art. 18)
• Portability receive personal data in a structured, commonly used format and transmit it to another controller (Art. 20)
• Object object, on grounds relating to your particular situation, to processing based on legitimate interests (Art. 21)
• Withdraw consent where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing (Art. 7(3))

Requests may be addressed to the contact email above. We will respond within one month of receipt, extendable by two further months for complex or numerous requests in accordance with GDPR Art. 12(3).

You have the right to lodge a complaint with the competent supervisory authority. In the Czech Republic this is:

You may also lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing, in accordance with GDPR Art. 32. These measures include access controls, encryption of communications in transit, segregation of environments, and periodic review of security practices.

We do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning data subjects, within the meaning of GDPR Art. 22.

This website does not set non-essential cookies and does not employ third-party analytics, advertising, or behavioural-tracking technologies. Web fonts are served by Google Fonts; please refer to the provider's privacy notice for details on its processing of technical request data.

We may amend this Privacy Notice from time to time to reflect changes in our processing activities or in applicable law. The effective date at the head of this Notice indicates when it was last revised. Material changes will be highlighted on the website.

Questions regarding this Notice or the exercise of data subject rights should be directed to: