Privacy Policy

Last updated: January 1, 2025

1. Data controller

The data controller is Jan Malatinský, Company ID: 19152361, with registered office at Jasmínová 2241/12, Mizerov, 733 01 Karviná, Czech Republic (hereinafter "Controller").

Contact: [email protected]

2. What data we process

As part of providing our services, we process the following categories of personal data:

  • Registration data: name, email, company name, Company ID, VAT ID
  • Billing data: billing address, bank details
  • Operational data: IP address, browser information, access logs
  • Communication data: content of emails and messages from the contact form
  • Client tracking data: data passing through sGTM containers (processed based on the DPA)

3. Purpose of processing

  • Providing the server-side tracking service
  • User account management
  • Billing and accounting
  • Technical support
  • Service improvement and security
  • Fulfilling legal obligations

4. Legal basis for processing

  • Contract performance (čl. 6 odst. 1 písm. b) GDPR) — providing contracted services
  • Legitimate interest (čl. 6 odst. 1 písm. f) GDPR) — security, fraud prevention, analytics
  • Legal obligation (čl. 6 odst. 1 písm. c) GDPR) — accounting, tax obligations
  • Consent (čl. 6 odst. 1 písm. a) GDPR) — marketing, newsletter

5. Retention period

We retain personal data for the duration of the contractual relationship and further:

  • Billing data: 10 years (legal obligation)
  • Communication: 3 years from the last contact
  • Operational logs: 90 days
  • Client tracking data: according to DPA terms (typically max. 30 days)

6. Data recipients

Data may be shared with:

  • Hetzner Online GmbH (hosting, EU — Germany)
  • Google LLC (GTM API, contractual safeguards under Art. 46 GDPR)
  • Accounting and legal services (in the Czech Republic)

All recipients are bound by data processing agreements (DPA).

7. Transfers to third countries

DataNostro infrastructure runs on Hetzner servers in the EU (Germany). When using Google services (GTM API), some data may be transferred to the USA based on Standard Contractual Clauses (SCC) according to the European Commission's decision.

8. Your rights

As a data subject, you have the right to:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure of data (right to be forgotten)
  • Restriction of processing
  • Portability of data
  • Objection to processing
  • Withdrawal of consent (if processing is based on consent)

To exercise your rights, contact us at: [email protected]

9. Supervisory authority

You have the right to file a complaint with the Office for Personal Data Protection (ÚOOÚ):

Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz

10. Data security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Data transfer encryption (TLS/SSL)
  • Data encryption at rest
  • Access control
  • Regular security audits
  • Access logging