1. Data controller
The data controller is Great Lab s.r.o., business ID: XXXXXXXX, based in Olomouc, Czech Republic ("Controller").
2. What data we collect
Identification data (name, email, phone), technical data (IP address, browser, OS), cookies for site functionality (see Cookie Policy), and content of any communication you send us.
3. Purpose of processing
We process your data for contract performance and business relations, communication and customer support, service improvement, and legal compliance.
4. Legal basis
Processing is based on contract performance (Art. 6.1.b GDPR), legitimate interest (Art. 6.1.f GDPR), consent (Art. 6.1.a GDPR), or legal obligation (Art. 6.1.c GDPR), depending on the specific purpose.
5. Retention period
Contract data is retained for 10 years per legal requirement, marketing data until consent withdrawal, cookies vary by type (see Cookie Policy).
6. Your rights
Under GDPR you have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), object (Art. 21), and to lodge a complaint with the supervisory authority (uoou.cz).
7. Exercising your rights
To exercise your rights, contact [email protected]. We respond to requests within 30 days as standard.
8. Third-party data sharing
We may share data with hosting (Railway, EU servers), CDN/CMS (Cloudflare, DPA in place), email service (Resend, DPA in place), and accounting firm (contractually limited). No data is transferred outside the EU without adequate safeguards.
9. Security
We use state-of-the-art technical and organizational measures: HTTPS encryption, encrypted backups, access controls, and regular security audits.
10. Policy changes
This policy may be updated. The last-updated date is shown when reviewing the document in the admin UI.