This policy is established between Rail Academy Group s.r.o. (hereinafter: Data Controller) and the undersigned participant (hereinafter: Participant).

​

1. Purpose of Data Management The Data Controller processes the Participant's personal data for the following purposes:

• Issuing certificates and qualifications.

• Managing attendance sheets, exams, and evaluations.

• Fulfilling legal obligations.

• Maintaining contact with the student.

• Organizing and conducting training and education.

• Maintaining student records.

​

2. Scope of Processed Personal Data The processed data may include the following:

• Name, birth name.

• Date and place of birth.

• Home address.

• Phone number, email address.

• ID card / passport details (if necessary).

• Education-related data (attendance, results, exam data).

• Data on certificates and qualifications.

​

3. Legal Basis for Data Management The legal bases for data management are:

• The Participant's consent.

• Performance of a contract.

• Fulfillment of legal obligations.

The Data Controller does not perform profiling based on the provided personal data and does not apply automated decision-making mechanisms. The Data Controller uses external IT service providers (hosting providers), accountants, and online educational platforms.

​

4. Duration of Data Management The Data Controller manages personal data:

• During the period of the training.

• Accounting documents and fundamental documents certifying the completion of the training are kept for 10 years in accordance with legal regulations.

• Until the withdrawal of consent.

The withdrawal of consent or the deletion of data can be initiated at the office@railacademygroup.com email address.

​

5. Data Transfer Personal data may be transferred to third parties only:

• In case of a legal/authority obligation.

• To exam organizers.

​

6. Rights of the Participant The Participant is entitled to:

• Request information about the management of their personal data.

• Request access to their personal data.

• Request the correction or deletion of their data.

• Request the restriction of data management.

• Request data portability.

• Withdraw their consent at any time.

In case of a violation of rights, the Participant may lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky). If the alleged violation does not occur in Slovakia, a complaint may also be filed with the local authority.

​

​