Privacy Policy
Your privacy matters to us. This policy explains how we collect, use, and protect your personal data in accordance with GDPR.
Last updated: 27 January 2026
Introduction
Callisto Grand s.r.o. ("Callisto", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, enroll in our courses, attend our events, or use our services.
We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and applicable data protection laws.
Data Controller:
Callisto Grand s.r.o.
Příkop 843/4, Brno, Czech Republic
Email: info@callistogrand.com
Information We Collect
Information You Provide
We collect information you voluntarily provide when:
- Creating an account: Name, email address, password, professional title, company name
- Enrolling in courses: Contact details, professional background, billing information
- Registering for events: Name, email, company, job title, dietary requirements, accessibility needs
- Making payments: Payment card details (processed securely by our payment providers)
- Contacting us: Name, email, phone number, message content
- Downloading resources: Name, email, company, job title
- Joining our membership: Professional credentials, LinkedIn profile, areas of interest
Information Collected Automatically
When you visit our website, we automatically collect:
- Device information: Browser type, operating system, device type
- Usage data: Pages visited, time spent, referring website
- Location data: Country and city (derived from IP address)
- Cookie data: See our Cookie Policy
How We Use Your Information
We use your personal data for the following purposes and legal bases:
| Purpose | Legal Basis |
|---|---|
| Delivering courses and training programs | Contract performance |
| Processing event registrations and tickets | Contract performance |
| Processing payments and invoicing | Contract performance |
| Sending course materials and certificates | Contract performance |
| Responding to enquiries and support requests | Legitimate interest |
| Sending newsletters and marketing communications | Consent |
| Improving our website and services | Legitimate interest |
| Complying with legal obligations | Legal obligation |
How We Share Your Information
We do not sell your personal data. We may share your information with:
- Payment processors: Stripe for secure payment processing
- Event platforms: Pretix for event ticketing and registration
- Email service providers: For course materials and communications
- Analytics providers: Google Analytics (with your consent)
- Event venues: For catering and access requirements
- Professional bodies: For certification verification (with your consent)
We require all third parties to respect the security of your personal data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.
International Data Transfers
Some of our service providers are based outside the European Economic Area (EEA). Where we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Data Processing Agreements with all processors
Data Retention
We retain your personal data only for as long as necessary:
- Account data: Until you request deletion
- Course records and certificates: Indefinitely (to verify qualifications)
- Event registration data: 2 years after the event
- Payment records: 7 years (legal requirement)
- Marketing consent: Until you withdraw consent
- Analytics data: 26 months
Your Rights Under GDPR
Under the GDPR, you have the following rights:
Right of Access
Request a copy of your personal data
Right to Rectification
Request correction of inaccurate data
Right to Erasure
Request deletion of your data ('right to be forgotten')
Right to Restrict Processing
Request limitation of how we use your data
Right to Data Portability
Receive your data in a machine-readable format
Right to Object
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent at any time (for consent-based processing)
To exercise any of these rights, please contact us at info@callistogrand.com. We will respond within 30 days.
Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- SSL/TLS encryption for all data transmission
- Secure payment processing through PCI-DSS compliant providers
- Regular security assessments and updates
- Access controls and staff training
Cookies
We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage your preferences, please see our Cookie Policy.
Contact Us
If you have any questions about this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer:
You also have the right to lodge a complaint with a supervisory authority. In the Czech Republic, this is the Office for Personal Data Protection (ÚOOÚ).
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.