General Privacy Policy

Last updated: 26 May 2026

GUIDELINES ON PERSONAL DATA PROCESSING

Introduction

Personal data processing by our company is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or "GDPR"), as well as applicable Czech data protection laws.

Our company Engage Hill s.r.o., Ident. No.: 271 60 246, with its registered office at Francouzská 175/14, Vinohrady, 120 00 Praha 2, Czech Republic, listed in the commercial register maintained by the Municipal Court in Prague under file number C 100881 ("Engage Hill"), acts as your data controller and treats your data with the utmost care and security. The safety of your data is of paramount importance to us.

These guidelines concern the processing of personal data of our customers, partners, suppliers, subjects participating in our surveys, analyses, diagnostics, and coaching/development methodologies, as well as visitors to all web domains managed by Engage Hill, specifically including:

Engage Hill — https://engagehill.com/
Balance Management — https://balancemanagement.com/
Colormind — https://colormind.com/
MindsetView — https://mindsetview.com/

In these guidelines on personal data processing ("Guidelines"), you will find a summary of what personal data we process, for what purposes, to whom and for what reasons it may be disclosed, and what legal rights you possess as a data subject.

These Guidelines are updated periodically to ensure continuous compliance with legal frameworks and evolving regulatory standards across all our services and brand platforms.

Processing of Personal Data

According to the GDPR, personal data means any information relating to an identified or identifiable natural person (the data subject).

Which personal data are being processed and how do we obtain them?

Engage Hill processes personal data to the extent provided directly by you, or to the extent gathered by Engage Hill through legitimate business operations, compliance with legal obligations, or public records (such as the commercial register or trade register) in strict accordance with the law.

We primarily process the following categories of personal data:

Identification, contact, and address details of customers, partners, or potential customers (e.g., name, surname, business address, email, telephone number, Identification Number, VAT Identification Number).
Payment and Transaction Data provided when purchasing services, licenses, or products on our pages (e.g., billing details, payment status, transaction identifiers). Please note that your actual payment card details are securely captured directly by our third-party payment processor and are not stored on our systems.
Data concerning subjects of surveys, coaching diagnostics, and analyses provided voluntarily by participants during assessments (e.g., age interval, gender, profile/team name, and specific responses such as selected colors for individual objects or analytical diagnostics across corporate environments, personal development, coaching, or market research).
Communication history with customers, partners, or prospects (specifically email correspondence and records of professional interactions).
Technical and online activity data concerning visitors to Engage Hill domains (detailed in the "Cookies" section below).

This enumeration does not imply that every data subject is subject to all categories of data processing listed above.

Why do we process personal data?

Engage Hill processes personal data for clear, specific, and lawful purposes based on the following legal grounds:

Performance of a Contract: To identify customers, manage business relationships, process financial transactions for products/licenses, deliver our analytical, coaching, and advisory services, and fulfill mutual agreements or pre-contractual requests.
Compliance with Legal Obligations: To satisfy statutory obligations imposed on us by public authorities, such as accounting, financial reporting, tax, and corporate regulations.
Legitimate Interests:
- To protect our legal rights, secure our systems, prevent fraud, and resolve potential disputes or legal claims.
- To send marketing and commercial communications regarding our services to existing customers. You have an absolute right to object to such direct marketing processing at any time (see details below).
- To conduct specialized surveys, diagnostics, and evaluations in market research, corporate development, and coaching commissioned by our business clients. If you participate as a subject, your data is processed based on our legitimate interest in delivering high-quality analytical outputs to the client who invited you to participate.

Note regarding Survey and Diagnostics Subjects: The personal data collected directly by Engage Hill within standard evaluations does not allow Engage Hill to directly identify your physical identity. While outputs are delivered to the client who commissioned the survey, they do not contain your direct identifiers. However, because the client possesses its own internal datasets, employee records, or organizational charts, it cannot be entirely excluded that the client might infer individual responses in exceptional circumstances using data completely external to Engage Hill.

For how long do we process personal data?

Engage Hill retains personal data only for the period strictly necessary to fulfill the purposes for which it was collected:

Data processed for contract execution and order fulfillment is kept for the duration of the contractual relationship.
Statutory business, accounting, and tax records (including transaction/invoice history) are retained for the periods mandated by Czech law (typically up to 10 years).
Data processed on the basis of your explicit consent is retained for the period specified in the consent form or until you withdraw your consent.
Information collected for potential business development or inquiries is deleted once it becomes clear that no relationship will be established, or upon your explicit objection.

Is providing personal data mandatory?

For regular customers and business partners: Providing necessary identification, billing, and transactional data is a legal and contractual requirement. Without this information, Engage Hill cannot process your payments, provide its services, or execute mutual contracts.
For survey, diagnostic, and market research subjects: Your participation in Engage Hill surveys and analyses across all platforms is strictly voluntary. You are under no obligation to participate or provide personal data.
For consent-based processing: Providing data or consent is completely optional. You can refuse or withdraw consent at any time without any negative consequences.

Who has access to personal data?

Access to personal data is strictly limited to authorized personnel of Engage Hill who require the information to perform their specific professional duties.

Can we share personal data with third parties?

Personal data may be shared with trusted third parties only under the following conditions:

If it is necessary for providing our services, processing your orders, or operating our underlying digital infrastructure.
If you have given us explicit consent.
If we are required or permitted to do so by applicable legal regulations.

Categories of third-party processors and partners include:

Payment Gateways: To securely process online credit/debit card transactions on our product pages, we utilize Stripe (Stripe Technology Europe, Limited). Stripe acts as an independent or joint data controller for fraud prevention and financial compliance purposes.
Consent Management Platforms: To securely collect, manage, and document your privacy choices in full compliance with our legal accountability obligations under the GDPR, we utilize ArtaConsent (provided by Artatol, running on the artatol.net ecosystem). This service processes and stores temporary connection metadata and your explicit cookie preferences solely to maintain an audit trail of user consents.
Technical providers of server hosting, website management, cloud computing, and IT infrastructure.
Specialized external advisors, including accounting, tax, and legal service providers bound by professional confidentiality.
International Data Transfers: Engage Hill may transfer your data to countries outside the European Economic Area (EEA), such as the United States (e.g., when utilizing analytical tools like Google Analytics or cloud platforms). In such cases, we ensure your data is subject to a level of protection equivalent to the GDPR. This is achieved by transferring data exclusively to entities certified under the EU-U.S. Data Privacy Framework, or by utilizing standard contractual clauses (Standard Contractual Clauses - SCCs) approved by the European Commission.

Cookies

What are cookies?

Cookies are small data files transferred from a website to your device (computer, tablet, or smartphone). They allow the website to recognize your device, remember your preferences, and optimize your browsing experience during your visit or upon your return.

Cookies are categorized by their origin:

First-party cookies: Settled directly by Engage Hill as the owner of the website you are visiting.
Third-party cookies: Settled by independent platforms integrated into our page, such as external analytics, compliance, or payment systems.

Why and what kinds of cookies do we use?

Engage Hill uses cookies to deliver, secure, and improve your user experience across our domains.

We utilize the following categories:

Essential / Necessary Cookies (including ArtaConsent): These cookies are technically critical for the basic functions, security, and checkout processes of our websites. This includes the essential technical cookie dropped by ArtaConsent to securely remember your chosen privacy preferences so you aren't prompted on every single page load. They are deployed automatically and do not require prior consent because the website cannot operate correctly without them.
Analytical / Performance Cookies (e.g., Google Analytics): These cookies allow us to recognize and count the number of visitors and see how users move around our websites. This helps us improve the way our services work. These are non-essential cookies and are only deployed if you grant us explicit permission.

Managing and controlling cookies

Our websites feature active, explicit Cookie Consent Banners deployed individually.

Essential cookies will load automatically to ensure page and payment functionality.
Analytical and third-party tracking cookies are blocked by default and will only be activated if you click "Accept All" or configure your preferences to allow them.
You can change, review, or completely withdraw your cookie choices at any time by accessing the cookie configuration tool available on our respective websites.

You can also restrict, block, or delete cookies globally by adjusting your internet browser settings. However, disabling all cookies (including essential ones) may degrade your browsing experience or limit certain functional aspects of our web application.

Your Rights Under the GDPR

As a data subject, the GDPR grants you clear legal rights regarding the processing of your personal data. You can exercise these rights directly against Engage Hill:

The Right of Access (Art. 15 GDPR): You have the right to request confirmation as to whether we process your personal data and to obtain a copy of that data along with information regarding the processing specifics. To protect user privacy, we will strictly verify your identity before disclosing detailed records.
The Right to Rectification (Art. 16 GDPR): You have the right to request that we correct inaccurate personal data or complete incomplete records concerning you without undue delay.
The Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): You have the right to obtain the erasure of your personal data if the data is no longer necessary for its original purpose, if you withdraw your consent, or if there is no overriding legitimate grounds for the continued processing.
The Right to Restriction of Processing (Art. 18 GDPR): You have the right to restrict our processing of your data under specific conditions (e.g., if you contest the accuracy of the data or object to the processing, pending verification).
The Right to Data Portability (Art. 20 GDPR): Where processing is automated and based on your consent or a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format to transmit it to another data controller.
The Right to Withdraw Consent: If we process your data based on your explicit consent, you have the right to withdraw that consent at any time. The withdrawal will not affect the lawfulness of any processing carried out before its withdrawal.
The Right to Object (Art. 21 GDPR): * If your data is processed based on our legitimate interest, you have the right to object to such processing on grounds relating to your specific situation. Engage Hill will stop processing the data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
- You have an absolute, unconditional right to object to data processing for direct marketing and profiling purposes at any time. If you object, your data will immediately cease to be used for marketing purposes.
The Right to Lodge a Complaint with a Supervisory Authority: If you believe that our processing of your personal data violates the GDPR or applicable data protection acts, you have the right to lodge an official complaint with a regulatory authority. In the Czech Republic, the competent supervisory authority is:
- The Office for Personal Data Protection (Úřad pro ochranu osobních údajů - ÚOOÚ)
- Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
- Website: www.uoou.cz

Contact Information of the Data Controller

If you have any questions regarding these Guidelines, or if you wish to exercise any of your statutory data protection rights, please contact our designated representative:

Engage Hill s.r.o. Attn: MUDr. Filip Brodan
Francouzská 175/14
120 00 Praha 2 - Vinohrady
Czech Republic

Email: [email protected]