Thank you for your trust in using the services and products of Librum, a member of the SCHREIBER group, s.r.o. Your trust is crucial to us, and therefore we ensure that all personal data you provide is processed in accordance with applicable legal regulations and the highest standards in this area.
These Privacy Rules, prepared with regard to the new Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of individuals in the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation") and also with regard to Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as the "Act"), clarify which personal data we collect in connection with providing our services and products and communicating with customers, and how we use and protect this data.

1. WHO WE ARE – OUR CONTACT DETAILS
SCHREIBER GROUP, a member of the SCHREIBER group, s.r.o., Staré Grunty 9B, 941 04 Bratislava, Company ID: 54 029 929, VAT ID: 212 156 1035, registered in the Commercial Register of the District Court Bratislava III, section: Sro, insert no. 155246/B.
SCHREIBER group, s.r.o. is the operator of www.librum.sk in relation to the personal data of its customers and potential customers.
Our goal was simplicity, clarity, and transparency in drafting this document. If you do not find the answers you are looking for or have further questions regarding personal data protection, or have other related suggestions, please contact us at business@schreibergroup.sk, by phone: +421 905 259 869, or in writing at the company's address. Please mark the envelope with "Data Protection Suggestion".

2. WHAT DATA WE PROCESS
We do not process special categories of personal data. We only process standard personal information or online identifiers from our customers, data subjects, or information about our customers and data subjects to the minimum extent necessary depending on which services or products they use, particularly the following personal data for these purposes:
Information necessary for order processing and communication with the operator: We do not request consent; it is a legitimate interest. We process data about our customers necessary for processing orders of individuals (title, first name and surname, date of birth, residential address, email address, mobile phone number, delivery address, specific identification and registration numbers, assignment/approval codes, and records of ordered services, courses, or goods). We do not request consent for joint communication in any form.
Creating a database of Customers and Participants: We do not request consent; it is a legitimate interest. We process data such as name and surname, date of birth, email address, mobile phone number, billing address, records of ordered goods, services, or courses, professional information, user notes.
Creating a database of Partners (suppliers): We do not request consent; it is a legitimate interest. We process data such as name and surname, date of birth, email address, mobile phone number, billing address, professional information, user notes, photographs, or video recordings of likeness.
Taking photographs, videos, audio recordings: We do not request consent; it is a legitimate interest. We create audio recordings, photographs, and videos featuring faces to document events and services we provide. Materials may be used for further education, marketing, self-presentation, and other purposes related to our activities, as well as provided to third parties.
Marketing communication: We do not request consent if it is our legitimate interest in direct marketing (sending business and marketing offers to our clients with whom we are already in business, processing photo-video-audio recordings at our events such as seminars and courses, and their subsequent marketing use on websites and social networks such as Facebook, Instagram, LinkedIn, and other promotional materials of us and our partners). We request consent if we want to send business offers to non-clients, visitors, and other data subjects, potential customers (e.g., newsletters, push notifications). We collect their basic identification and contact data related to sending informational materials about products and services (such as name, surname, customer email contact).
We also request consent for pop-up communication windows on the website.
The website (e-shop, landing page, informational page, registration page), various types of its forms (Google form, physical form). We do not request consent; it is a legitimate interest if our company obtains personal data of potential customers or customers through forms in physical and electronic form. (Through registration or filling out interest in products/services, a customer can order products/services from our company or send an inquiry for information. We also use physical forms for participation in our events and Google forms for signing up for our events.)
Complaints: We do not request consent; it is a legitimate interest. We process data about our customers necessary for processing and handling complaints (such as name, surname, address, phone contact, and email contact of the customer).
Analytics of online behavior of visitors to our sites: We, as the provider, in some situations also our processor, use network identifiers and cookies for the purpose of improving service quality and personalizing offers. Necessary cookies are required for displaying and running the website and your consent is not required. Other non-necessary cookies, which aim to anonymously track the traffic and behavior of users on our websites (e.g., analytical and marketing) will only be activated after your consent.

3. HOW WE USE DATA
We collect and use our customers' personal data in accordance with applicable legal regulations for several purposes, particularly:
In connection with and based on the fulfillment of a concluded contract and provision of service or delivery of ordered product, primarily for the purpose of unambiguous identification, management, and invoicing, and ensuring pre-contractual negotiations with potential customers. Providing personal data is a contractual obligation in this case, and failure to provide it would prevent us from concluding a contract with the customer.
In connection with and based on our legitimate interests, primarily to ensure and monitor the exceptional quality of the services and products we provide, to ensure your satisfaction, as well as to demonstrate, assert, and defend our rights and claims.
In connection with sending business and marketing offers to customers, based on our legitimate interests, which is achieving the basic purpose of business activity – profitability of provided services and sold products, whereby only through these offers do you have the opportunity to learn about useful news, our services, and products (including presentations on social networks).
In connection with and based on our legitimate interests, primarily to ensure effective internal administration of customers' personal data.
Based on the explicit consent of the customer granted to us for the purpose specified in the wording of the consent itself.
As a guarantee of compliance with our obligations, we have ensured that personal data will be used exclusively for the specified purpose or for a lawful and compatible purpose, with these rules applying to each of the stated purposes. We do not disclose customers' personal data.

4. TRANSFER TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
In processing personal data, the operator processes personal data within the EU and in exceptional cases also outside the European Economic Area (hereinafter referred to as "EEA"). In the case of processing personal data by our processors, there may be cases of their transfer within the EU or to countries outside the European Union with guaranteed and adequate levels of protection, in accordance with Article 45 of the Regulation. (e.g., our processor providing newsletter services – Mailchimp may process personal data in databases in data centers in the United States. Another example, our foreign lecturers from countries outside the EU process attendance lists of participants in their data storage outside the EU, but with an adequate level of protection).

5. AUTOMATED DECISION-MAKING AND PROFILING
We do not engage in automated decision-making based on the automated processing of personal data in accordance with Article 22 of the GDPR. We have automation set only in the analytics of visitor traffic to our website and in the Mailchimp email service used for communication purposes (sending/not sending newsletters based on granted consent, sending notifications and SMS messages based on consent).

6. DATA SHARING
We share customers' personal data only in ways permitted by legal regulations and based on relevant contracts ensuring adequate protection of personal data.

6.1. OUR PROCESSORS
We share personal data with the following categories of processors:
State administration authorities
Web platform hosting
Accounting and economic services
Web platform management
Providers of seminars, courses, workshops, conferences, training – both physical and online (external physiotherapists, trainers, lecturers, consultants…)
Provider of chat on the website
Provider of online behavior analytics of site visitors
Provider of email service – newsletter
Distribution and courier companies
Slovak Chamber of Physiotherapists or other umbrella chambers, professional organizations, guilds, etc.
We share personal data depending on specific circumstances and purposes based on (I) your consent, (II) our legitimate interests – profitability of services, and (III) legitimate interests for effective internal administration of customers. The servers of our processors and partners may also be located outside the European Economic Area.

6.2. OTHER RECIPIENTS
We share personal data with legal and natural persons, state authorities, and public institutions if we are in good faith convinced that access to such information, its use, storage, or disclosure is reasonably necessary to:
Comply with applicable legal regulations, legal processes, or enforceable requests from state administration (e.g., tax office, Slovak Chamber of Physiotherapists, etc.).
Protect against damage to the rights, property, or safety of our company, our customers, or the public, as required or permitted by law.
Enforce relevant contractual conditions, including investigating possible breaches.
Take action aimed at addressing fraud, technical difficulties, or security incidents.
We always ensure that we provide only the necessary minimum of data required to achieve the given purpose of processing.
The servers of "Other recipients" may also be located outside the European Economic Area.

7. HOW YOU CAN MANAGE YOUR DATA
As our customer and data subject, you have the right to decide on the management of your personal data to the extent specified. You can exercise the rights listed below (I) in person at the company's premises, (II) by phone at: +421 905 259 869, (III) by email at business@schreibergroup.sk, (IV) in writing to the company's address.
We will always strive to respond as quickly as possible, but we will respond to you no later than 30 days from your request (especially if we need to consult to answer all your questions). If necessary to verify your identity, we may ask for additional information needed for verification.

8. APPLICABLE LEGAL REGULATIONS AND REGULATIONS OR LAWS ENSURE YOU MAINLY:
A) RIGHT OF ACCESS
You have the right to request confirmation from us as to whether your personal data is being processed, and if so, to obtain a copy of such data and additional information as provided in Article 15 of the Regulation or § 21 of the Act. If we obtain a large amount of data about you, we may ask you to specify your request regarding the specific data we process about you.

B) RIGHT TO RECTIFICATION
To ensure that we process only current personal data about you, you need to inform us of any changes as soon as they occur. If we process outdated or incorrect data about you, you have the right to request their rectification.

C) RIGHT TO ERASURE
If the conditions of Article 14 of the Regulation or § 23 of the Act are met, you may request the erasure of your personal data. You may request erasure, for example, if you have withdrawn your consent to the processing of personal data and there is no other legal basis for processing, or if we process your personal data unlawfully, or the purpose for which we processed your personal data has ceased, and we do not process them for another compatible purpose. However, we will not erase your data if they are necessary for the establishment, exercise, or defense of legal claims or for accounting purposes.

D) RIGHT TO RESTRICT PROCESSING
If the conditions of Article 18 of the Regulation or § 24 of the Act are met, you may request that we restrict the processing of your personal data. You may request restriction, for example, while you contest the accuracy of the processed data or if the processing is unlawful and you do not wish us to erase the data, but need the processing to be restricted while you exercise your rights. We will continue to process your data if there are reasons for establishing, exercising, or defending legal claims.

E) RIGHT TO DATA PORTABILITY
If processing is based on your consent or carried out for the purpose of fulfilling a contract we have concluded with you and is also carried out by automated means, you have the right to receive your personal data that we have obtained from you in a commonly used machine-readable format. If you are interested and have sufficient technical capabilities, we will transfer your personal data directly to another operator. This right cannot be exercised for processing carried out for the purpose of performing a task carried out in the public interest or in the exercise of official authority.

F) RIGHT TO OBJECT TO PROCESSING
If we process your personal data due to the performance of a task carried out in the public interest or in the exercise of official authority entrusted to us, or if the processing is carried out based on our legitimate interests or the legitimate interests of a third party, you have the right to object to such processing. Based on your objection, we will restrict the processing of personal data, and if we do not demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms or reasons for establishing, exercising, or defending legal claims, we will not continue to process personal data and will erase your personal data.
You have the right to object at any time to the processing of personal data for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing. Upon raising an objection, we will no longer process your personal data for this purpose.

G) RIGHT TO LODGE A COMPLAINT
If you believe that the processing of your personal data is in violation of the Regulation or the Act, you have the right to lodge a complaint with one of the relevant supervisory authorities, particularly in the member state of your habitual residence, place of work, or in the place of the alleged infringement. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection, located at: Hraničná 4826/12, 820 07 Bratislava, Slovak Republic, website: www.dataprotection.gov.sk, phone: +421 /2/ 3231 3220.

H) RIGHT TO WITHDRAW CONSENT
If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the processing already carried out. If you decide that you are again interested in receiving business and marketing offers about our products and services and news, you can re-grant your withdrawn consent (or submitted objection) at any time, using any of the above-mentioned contact methods.

9. WHERE WE OBTAIN YOUR DATA
The personal data we process about customers is primarily obtained directly from our customers. We can obtain this from customers directly and based on their free decision to provide it.

10. HOW LONG AND WHERE WE STORE DATA
We store customers' personal data for varying lengths of time depending on the reason for processing. In general, we process personal data:
Based on consent – for the duration explicitly stated in the consent or until its withdrawal.
Due to the fulfillment of our legal obligations or possibilities – for the duration required by the relevant law.
Due to the fulfillment of a contract – for the duration of the contract, or the duration of pre-contractual conditions and negotiations.
Due to legitimate interests – for the duration of the fulfillment of the contract, or until the objection to processing.

11. TRANSITIONAL PROVISIONS ON THE PROCESSING OF PERSONAL DATA AFTER 25. 5. 2018
We would like to inform you that your personal data obtained and processed for marketing purposes before May 25, 2018, will continue to be processed for this purpose after this date and in accordance with this purpose. Processing will be carried out based on our legitimate interest – direct marketing, or profitability of provided services and sold products. Our company may contact you for the purpose of direct marketing in writing, electronically, by phone, through an automatic calling system, or in any other available form. You have the right to object to such processing according to point 5 f) of these rules.

12. CHANGES TO THESE RULES
We are entitled to change the wording of these rules, particularly for the purpose of incorporating legislative changes or changes in the purpose and means of processing. However, we will not limit your rights arising from these rules or relevant legal regulations. If there are changes to the rules that may affect your rights, we will notify you in advance in the most appropriate way possible.

13. TECHNICAL-ORGANIZATIONAL MEASURES FOR THE PROTECTION OF PERSONAL DATA
We are committed to taking appropriate technical and organizational measures to ensure personal data so that unauthorized access to this data or loss does not occur. We declare that only authorized persons obliged to maintain confidentiality about personal data will have access to personal data. The operator has taken adequate technical measures to secure data storage and personal data recorded in paper form.

Created by Mgr. Martin Miklánek, January 1, 2022, in Bratislava
Revised on: July 20, 2025

Approved by: Mgr. Martin Miklánek, Managing Director of SCHREIBER group, s.r.o.