Privacy policy

Contact details of personal data controller:
Malý zámeček, s.r.o., ID n.: 47900750, with its registered office at Herálec 1, 582 55 Herálec, contact e-mail:

Website to which this privacy policy applies:

By this document we would like to inform you about how we process your personal data. The processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter as "GDPR"). We process personal data as personal data controllers; we therefore determine the purposes and means of processing. As the GDPR is quite complex regulation, please do not hesitate to contact us at the e-mail address stated above and we will explain everything to you clearly.

1. Processed personal data

We process following information:

  • Personal data that you provide to us via the website (our forms available on website). Specifically, this includes:

    • Name and surname

    • Phone number

    • E-mail address

    • Text of message filled in the form

  • Personal data that we process when you purchase our products or services. The personal data may vary depending on the products or services you purchase from us, but in general it includes your contact details, address, data required for invoicing and to ensure rights and duties from the contractual relationship. We may obtain these data from you during the course of the contractual relationship, through forms on the website, or through other means of communication with you (when entering into contracts, etc.).

  • Personal data that we obtain from third party tools that are deployed on our website. Specifically, this may include:

    • Information obtained from Google Analytics and other tools operated by Google Ireland Limited;

    • Information obtained from Sklik, which is operated by, a.s.;

    • Information obtained from Facebook pixel and other tools operated by Facebook Ireland Ltd;

    • Information obtained from Twitter, operated by Twitter International Company.;

    • Information obtained from LinkedIn, operated by LinkedIn Ireland Unlimited Company.;

  • Personal data of job applicants (e.g. address, date of birth, educational qualifications, gender, photo, telephone and e-mail) from their CVs. The data is used for recruitment and selection purposes.

2. Purpose and legal basis of processing

  • Personal data that you provide to us via the website are used for the following purposes:

    • To contact you and, where appropriate, to establish mutual relationship. If we enter into relationship, the processing is based on the performance of a mutual contractual relationship pursuant to Article 6(1)(b) GDPR. If we do not enter into relationship, the processing is based on our legitimate interest under Article 6(1)(f) GDPR to ensure mutual communication.

    • Should you contact us with a request to provide support in connection with the products or services you bought, we will use this information for the purpose of processing this request, based on the fulfilment of contractual obligations under Article 6(1)(b) GDPR.

    • If you are a job applicant, we will process your personal data sent in CVs and other documents related to recruitment for the purpose of the selection process and the establishment of any employment relationship pursuant to Article 6(1)(b) GDPR. We may retain the personal data for a reasonable period of time after the end of the selection procedure, in case the position becomes vacant or we wish to offer you a similar position in our company. We will be happy to provide you with more detailed information about processing in connection with recruitment during the selection process.

  • We process personal data connected with your purchase of our products or services from us specifically for the purpose of providing you with our products or services. The legal basis is the performance of mutual contractual obligations under Article 6(1)(b) GDPR. At the same time, we need to protect ourselves in case of litigation and in case of claims that may be made to us by public authorities and you, therefore we will process personal data on the basis of our legitimate interest according to Article 6(1)(f) GDPR. We may also be required by law to store your personal data for a certain period of time. In that case, will process personal data on the basis of compliance with our legal obligations under Article 6(1)(c) of the GDPR.

  • We may use the personal data we collect from third party tools deployed on our website or from our own deployed tools for different purposes and it will always depend on which tools we are currently using. These may be tools that help us with analytics on our website, measuring traffic, recording your activity, etc. However, we most often use tools for analytics and to find out how you use our website or how many people visit our website. The legal basis for this will be our legitimate interest in improving our goods and services and website according to Article 6(1)(f) GDPR.

    • The tools used are in most cases based on so-called cookies that are stored in your browser. A specific list of cookies can be found in the information bar that is placed on the website when you access it. We will require your active consent to store cookies.

We process your personal data in accordance with this policy on the basis of the performance of a mutual contract or your request, on the basis of the performance of our legal obligations, on the basis of our legitimate interest or on the basis of your consent (if any) given for specific processing. We will always assess whether your consent is required before using information for a purpose not set out in this policy. If so, we will inform you and ask for your consent. If consent is not required, we will inform you in advance of the new purpose of processing.

You may receive an e-mail from us. If this e-mail is related to the provision of our services or goods or is related to answering an enquiry you have made via our forms, we do so on the basis of a contractual relationship or our legitimate interest.

However, we may send you an e-mail containing a commercial communication. We may send you commercial communications because:

  • You are our customers, and we send you communications about similar products or services based on our legitimate interest in direct marketing.

  • You have subscribed to our website or given your consent when you submit a form on our website, based on Article 6(1)(a) of the GDPR.

3. Who has access to your personal data

Our company cares about the protection of your personal data, so we only pass on personal data to third parties for the above stated purposes and only to the extent necessary.

The following recipients have access to your personal data:

  • state authorities in accordance with our legal obligations, in particular the Financial Administration of the Czech Republic and the Czech Social Security Administration, or other authorities for the defence of legal claims, or on the basis of an official request sent to us;

  • company managing our website and web analytics tools.

  • providers of server, web, cloud or IT services:

    • Wordpress, Outlook, Webglobe, s.r.o., INTERNET CZ, a.s., SiteGround Spain S.L.

  • providers of accounting services:

    • External accountant with its registered seat at Czech Republic.

  • providers of legal services:

    • External law firm with its registered seat at Czech Republic.

  • our staff, who work on the basis of a cooperation agreement;

If you would like to know with who your personal data is shared with, please e-mail us at our e-mail address and we will provide you with this information. In the event that we use providers located in third countries, we will only transfer personal data under appropriate safeguards required for the transfer.

4. Cookies

Cookies are small data files that websites store on your computer or mobile device when you browse our website. We then use these files to collect information, for example, to find out what pages you are viewing, to customize the advertising you see to your preferences, or simply to ensure that our website works.

We use cookies for these purposes on our website:

  • analytics purposes;

  • marketing purposes;

  • providing functionalities that are not necessary for displaying the website and providing other services;

We may also use so-called technical cookies on the website to ensure that the website works as intended or to record whether or not you have consented to cookies. Unfortunately, there is no way to refuse the use of these cookies.

However, in addition to technical cookies, we also use other cookies for the purposes listed above. All of these cookies are only stored with your consent, and for each of these purposes separately. If you choose to consent to only certain cookies according to your consent settings, those cookies for which you have not consented will not be activated. You can also withdraw your consent at any time by changing the settings according to the relevant button on the website. However, the withdrawal of consent does not affect the lawfulness of the processing prior to its withdrawal. In other words, until you withdraw your consent, the use of cookies is legitimate.

We use these tools in connection with cookies:

Should any of the tools listed above involve the transfer of personal data to a territory outside the EU, such transfer is based on appropriate safeguards (in particular standard contractual clauses and additional measures taken) or on an adequacy decision.

Cookies description:

Název cookies

Doba uložení

Popis účelu

Typ cookies


1 year

The cookie set by the GDPR Cookie Consent plugin is used to record the user's consent to technical cookies.



1 year

The cookie set by the GDPR Cookie Consent plugin is used to record the user's consent to analytics cookies.



1 year

The cookie set by the GDPR Cookie Consent plugin is used to record the user's consent to marketing cookies.



2 years

The _ga cookie, installed by Google Analytics, count data about visitor, session and campaign data and also tracks site usage for site analytics reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.



1 day

The _gid cookie installed by Google Analytics stores information about how visitors use the website and also generates an analytics report on the performance of the website. Some of the data that is collected includes the number of visitors, their source and the pages they visit anonymously.



1 minute

A variation of the _gat cookie set by Google Analytics and Google Tag Manager that allows website owners to track visitor behavior and measure website performance. The pattern element in the name of cookie contains a unique identifier for the account or website to which it relates



2 years

This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics



30 minutes

Google Analytics sets this cookie, to determine new sessions/visits. __utmb cookie is created when the JavaScript library executes and there are no existing __utma cookies. It is updated every time data is sent to Google Analytics.




The cookie is set by Google Analytics and is deleted when the user closes the browser. It is used to enable interoperability with urchin.js, which is an older version of Google Analytics and is used in conjunction with the __utmb cookie to determine new sessions/visits.



10 minutes

Google Analytics sets this cookie to inhibit request rate.



6 months

Google Analytics sets this cookie to store the traffic source or campaign by which the visitor reached the site.



1 year

The cid cookie helps to identify unique visitors and understand their site behaviour at different times.



1 year 24 days

Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.



3 months

AppNexus sets the anj cookie that contains data stating whether a cookie ID is synced with partners.



3 months

The uuid2 cookie is set by AppNexus and records information that helps in differentiating between devices and browsers. This information is used to pick out ads delivered by the platform and assess the ad performance and its attribute payment.


5. Period of storing personal data

We will only process your personal data for as long as necessary to fulfil the above purposes for which it was collected. The necessary retention period may vary for different types of data in the context of different products and services and therefore the actual retention period will vary. The criteria used to determine the retention period include:

  • How long is personal data needed to provide our products or services and to run our company? This includes activities such as maintaining and improving our products or services, keeping our systems secure and maintaining relevant business and financial records. This is a generally applicable rule and in most cases is the basis for determining how long data is retained.

  • Do you provide us with your data with the expectation that we will keep it until you explicitly want it deleted? If yes, we will keep it for that period.

  • Is this personal data sensitive? If so, it is generally appropriate to use a reduced retention period.

  • Have we established and communicated a specific retention period for a certain type of data? If so, we will certainly never exceed it.

  • Have you consented to the extension of the retention period? If yes, we will retain the data in accordance with your consent.

  • Are we subject to legal, contractual or similar obligations to retain data? If so, we will retain the data in accordance with those obligations. Examples include laws governing mandatory data retention, government regulations to retain data related to investigations, or data that must be retained for litigation purposes

  • If you receive commercial communications from us, we will continue to send them until you opt-out of receiving them, or for the period specified in the text provided to you when you subscribe or consent to receive them.

6. Rights in connection with personal data processing

You have the following rights in relation to our processing of your personal data:

  • right of access to personal data;

  • right to rectification;

  • right to erasure (‘right to be forgotten’);

  • right to restriction of data processing;

  • right to object to processing;

  • right to data portability;

  • right to withdraw a given consent;

  • right to file a complaint with respect to personal data processing.

Your rights are explained below so that you can get a better idea of their contents.

The right of access means that you can ask us at any time to confirm whether or not personal data concerning you are being processed and, if they are, you have the right to access the data and to information for what purposes, to what extent and to whom they are disclosed, for how long we will process them, whether you have the right to rectification, erasure, restriction of processing or to object; from which source we obtained the personal data, and whether automated decision-making, including any profiling, occurs on the basis of processing of your personal data.

The right to rectification means that you may request us at any time to rectify or supplement your personal data if they are inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you object to the processing and there are no overriding legitimate grounds for the processing, (iv) we are under a legal obligation to do so, or (v) you withdraw your consent in relation to the personal data for which you have given your consent to the processing.

The right to restriction of data processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data in other way than by storing it and, where appropriate, using it only with your consent or for the establishment, exercise, or defense of legal claims

The right to object means that you can object to the processing of your personal data that we process for direct marketing purposes or for legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. If you object to processing based on other grounds, we will evaluate the objection and then tell you whether we have complied with the objection and will no longer process your data, or that the objection was not justified, and processing will continue. In any event, processing will be restricted until the objection is resolved.

The right to withdraw consent to the processing of personal data means that if you have given us consent for a particular purpose (for example, in connection with commercial communications), you have the right to withdraw it at any time, for example, by contacting us at the email address below. If we send you commercial communications based on your consent, you can also withdraw your consent by unsubscribing in each individual commercial communication. We will always provide specific rules for withdrawing consent when we obtain your consent. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

The right to data portability means that you have the right to obtain personal data relating to you which you have provided to us on the basis of consent or contract, and which is also processed by automated means, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted directly to another controller.

If you have a comment or complaint about data protection or a question or exercise any of your rights, please contact us at stanislav. We will respond to your questions or comments within one month.

Our activities are also supervised by the Office for Personal Data Protection, to which you can file a complaint in case of your dissatisfaction. You can find out more on its website (


Our privacy policy may be amended from time to time. We will post any changes to our privacy policy on and will notify you in more detail if there are significant changes (for some services, we may notify you of policy changes by email). We archive previous versions of this policy for you to access in the future.

This privacy policy is effective from 29.6.2022