Privacy Policy

Last updated: February 2026

This Privacy Policy describes how the Gingerbread Academy (operated by PhDr. Dana Holmanová) collects, uses, and protects your personal data when you visit gingerbread.academy or enroll in our courses.

1. Data Controller

The data controller responsible for your personal data is:

PhDr. Dana Holmanová
Email: info@gingerbread.academy
Website: gingerbread.academy

2. What Data We Collect

We collect the following personal data:

• Registration data: name and email address when you register for the Free Trial or purchase the Academy.
• Payment data: payments are processed by Stripe. We do not store your card number or payment details — these are handled securely by Stripe (see Stripe's Privacy Policy).
• Usage data: we may collect basic information about how you use the website (pages visited, browser type) for analytical purposes.
• Email communications: if you contact us by email, we retain your message and contact details to respond to your inquiry.

3. How We Use Your Data

We use your personal data to:

• Create and manage your account and course access.
• Send you course access credentials and relevant updates about your enrollment.
• Send educational email communications related to the course (you may unsubscribe at any time).
• Process payments securely via Stripe.
• Improve our website and course offerings.
• Respond to your support inquiries.

4. Legal Basis for Processing

We process your data on the following legal bases under GDPR:

• Contract performance: processing your registration and payment to deliver the course you purchased.
• Legitimate interests: communicating with you about your enrollment and improving our services.
• Consent: for marketing communications (you may withdraw consent at any time).

5. Data Sharing

We do not sell your personal data. We may share your data only with:

• Stripe — payment processing.
• FunnelKit / WordPress hosting provider — email automation and website infrastructure.
• Vimeo — video delivery (course videos are hosted on Vimeo; see Vimeo's Privacy Policy).

All third-party providers are bound by data processing agreements and GDPR compliance.

6. Data Retention

We retain your personal data for as long as your account is active, or as long as necessary to provide you with course access. If you request deletion of your account, we will erase your data within 30 days, except where we are required to retain it by law.

7. Cookies

Our website uses cookies to ensure proper functionality and to analyze usage. These include:

• Essential cookies: required for login and course access.
• Analytics cookies: we may use Google Analytics to understand how visitors use our site. You can opt out via your browser settings or a cookie preference tool.

8. Your Rights (GDPR)

As an EU/EEA resident, you have the following rights regarding your personal data:

• Right of access: request a copy of the data we hold about you.
• Right to rectification: request correction of inaccurate data.
• Right to erasure: request deletion of your data ("right to be forgotten").
• Right to restrict processing: request that we limit how we use your data.
• Right to data portability: request your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests.

To exercise any of these rights, contact us at info@gingerbread.academy. We will respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, or loss. Payments are encrypted via SSL/TLS and processed exclusively through Stripe's secure infrastructure.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this page periodically.

11. Contact

For any questions about this Privacy Policy or your personal data, please contact us at:
info@gingerbread.academy