Privacy Policy

Last updated: 07 Oct 2025

webdesignacademycz ("we", "our", or "us") provides web design, UX, and SEO services in the Czech Republic. This Privacy Policy explains what personal data we collect, how we process it, why we process it, and the rights you can exercise. We act as a data controller for data we determine the purposes and means of processing for, and as a data processor where we handle data on behalf of clients.

Data we collect may include identification data (name, company, role), contact details (email, phone), project context (requirements, assets, feedback), technical data (IP address, device characteristics, browser), usage data (pages viewed, actions, timestamps), and communication records. We collect data directly from you, from publicly available sources, and via analytics tools configured with privacy safeguards and minimal retention.

Purposes of processing include: responding to inquiries, preparing proposals, delivering and maintaining projects, managing subscriptions, improving our website, ensuring security, and meeting legal or contractual obligations. Our legal bases typically include performance of a contract or steps prior to entering a contract, legitimate interests such as service improvement and security, and consent where required (for example, marketing communications). When we rely on legitimate interests, we balance them against your interests and fundamental rights.

Sharing of data occurs only when necessary. Typical recipients are hosting and infrastructure providers, analytics and monitoring platforms, payment and invoicing services, professional advisors, and subcontractors engaged for delivery under confidentiality obligations. We may also share data when required by law or to protect our rights. International transfers, if any, follow appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to ensure adequate protection.

Retention periods depend on purpose and legal requirements. Inquiry data is kept for a reasonable time to follow up on discussions. Contractual and invoicing records are retained according to statutory obligations. Technical logs are kept for security and troubleshooting for limited durations. When data is *** longer necessary for the stated purposes, we delete or anonymize it using documented processes. Backups are cycled on schedules aligned with our disaster recovery plan.

Security measures include least-privilege access, encrypted transport, secure credential storage, change management, and routine audits. We regularly review dependencies, monitor for vulnerabilities, and update components. While we implement strong safeguards, the internet involves risks; therefore we encourage responsible use of our website and timely reporting of suspected issues.

Your rights, subject to applicable law, may include access, rectification, erasure, restriction, portability, and objection to certain processing. Where processing relies on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal. You also have the right to lodge a complaint with a competent supervisory authority in the EU. We will respond to requests within applicable timeframes and may take steps to verify identity before acting on a request.

Cookies and similar technologies help us run essential features and collect aggregated analytics. You can manage preferences via the cookie banner on our site or through your browser settings. Essential cookies enable core functionality; analytics cookies help us understand usage and improve content. For details, use the consent interface provided on each page; the choice you make is stored with a one-year duration.

For client projects, we process data according to the contract and documented instructions. We ensure confidentiality, restrict access to authorized personnel, and support clients with requests related to data subjects where contractually agreed. Subprocessors used in delivery are assessed for security posture and are bound by written terms that reflect GDPR requirements. Additional legal details about engagements are described in our internal documentation and referenced on the Legal information page.

Children’s data is not targeted by our services, which are intended for professionals and organizations. If we learn that a minor’s personal data was provided to us without appropriate authorization, we will take steps to delete it promptly. Marketing communications are sent only with appropriate consent or under legitimate interest with an easy opt-out.

Contact us regarding privacy using the details below. We will make reasonable efforts to address your inquiry promptly and transparently: Email: [email protected]; Phone: + (420) 72 584-31-96; Address: Opletalova 20, Praha 1, 110 00, Czech Republic. If you have questions about this Policy, our data practices, or your rights, reach out using any of these channels.

Policy updates may occur to reflect changes in law, technology, or our services. We indicate the effective date at the top of this page. Material changes will be communicated through our website or direct communication when appropriate. Continued use of our website after an update indicates that you have read the revised version and understand the changes described.