Skip to content
Czech IT — Making IT easy for everyone

GDPR & Privacy Notice

Last updated: 6/23/2026

Who we are

Czech IT Consulting and Services s.r.o., Dlouhá 3403/2b, 702 00 Moravská Ostrava a Přívoz, IČO: 29699088, is the data controller for personal data collected through this website. Contact: info@czech-it.eu. No DPO is appointed — our processing does not meet the Art. 37 GDPR thresholds.

What we collect

Contact form submissions (name, email, optional phone/company, message). Server logs (truncated/anonymised IP address, user agent, timestamps) kept for security and abuse prevention. Cookie consent records (per-device random id, choices, timestamp). Authenticated admin accounts (email, hashed password, role). Analytics events via Google Analytics 4 and Microsoft Clarity — only with your consent.

Why we process it

To respond to enquiries (Art. 6(1)(b) GDPR — pre-contract steps), to operate and secure the site (Art. 6(1)(f) — legitimate interest), to comply with legal obligations (Art. 6(1)(c)), and for analytics on the basis of your consent (Art. 6(1)(a)).

How long we keep it

Contact submissions: up to 36 months unless a contract is formed. Security/server logs: up to 90 days. Cookie consent records: 12 months from your last choice. Google Analytics: 14 months (shortest GA4 setting). Microsoft Clarity: 13 months (default). Admin accounts: until deleted.

Processors / Sub-processors

Supabase Inc. (database, auth, storage — EU region, Frankfurt). Cloudflare, Inc. (CDN, DDoS protection, edge). Resend (transactional email). Google LLC (Google Analytics 4, Search Console) — EU-US Data Privacy Framework certified. Microsoft Corporation (Clarity) — EU Data Boundary, DPF certified. We have signed Data Processing Agreements (Art. 28 GDPR) with each. No personal data is sold.

International transfers

Data is processed primarily in the EU. Transfers to Google and Microsoft (US) rely on the EU-US Data Privacy Framework and Standard Contractual Clauses. Google Analytics is configured with IP anonymisation, Google Signals disabled, ad personalisation disabled, and shortest data retention. Microsoft Clarity is configured for EU data boundary.

Your rights

Under the GDPR you have the right to access, rectify, erase, restrict and object to processing of your data, withdraw consent at any time, and to data portability. You may also lodge a complaint with the Czech Data Protection Authority (ÚOOÚ, www.uoou.cz). To exercise these rights email info@czech-it.eu — we respond within 30 days as required by Art. 12(3) GDPR.

Automated decision-making

We do not carry out automated decision-making or profiling that produces legal effects concerning you.