Privacy Policy

The controller of your personal data is:

• Name: David Azarian
• Business name: Kosmoweb
• IČO: 17064619
• Address: K Beranovu 1190/15, 184 00 Praha 8, Czech Republic
• Email: [email protected]
• Phone: +420 774 147 594

As a data controller that does not meet the criteria set out in Article 37 of the GDPR, we are not required to appoint a Data Protection Officer (DPO). For all matters regarding personal data protection, you can contact us directly at the email address above.

We collect the following categories of personal data:

Data you provide directly

• Name, email address, and phone number – submitted through the contact form
• Message content – any information you include in your inquiry

Data collected during service delivery

• Billing information – name/company name, company ID, VAT ID, billing address
• Communication – email correspondence, meeting notes, project feedback
• Files and materials – texts, images, logos, and other materials provided by the client for project implementation

Data collected automatically

• Usage data – pages visited, time spent, referral source (via Google Analytics)
• Device data – browser type, operating system, screen resolution
• IP address – anonymized for analytics purposes

We process your personal data for the following purposes and legal bases under the GDPR:

• Contract performance: Processing is necessary for the performance of a contract or for taking steps at your request prior to entering into a contract (Article 6(1)(b) GDPR) – invoicing, project communication, service delivery
• Contact form submissions: Processing is based on your consent (Article 6(1)(a) GDPR) and, where applicable, performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR)
• Website analytics: Processing is based on our legitimate interest in understanding how visitors use the Website to improve our services (Article 6(1)(f) GDPR)
• Marketing and conversion tracking: Processing is based on your consent (Article 6(1)(a) GDPR)

• Contact form data: Retained for a maximum of 12 months from the date of submission, unless a longer retention period is required for an ongoing business relationship
• Contractual and billing data: Retained for the duration of the contractual relationship and subsequently for the period required by law – accounting documents (invoices) are retained for 5 years pursuant to Act No. 563/1991 Coll., on Accounting
• Analytics data: Retained in accordance with Google Analytics data retention policies (default: 14 months)
• Marketing data: Retained for the duration of the advertising campaign or until consent is withdrawn

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access (Article 15) – Obtain confirmation of whether your data is being processed and request a copy
• Right to rectification (Article 16) – Request correction of inaccurate or incomplete data
• Right to erasure (Article 17) – Request deletion of your personal data ("right to be forgotten")
• Right to restriction (Article 18) – Request limitation of processing under certain conditions
• Right to data portability (Article 20) – Receive your data in a structured, commonly used, machine-readable format
• Right to object (Article 21) – Object to processing based on legitimate interests, including profiling

To exercise any of the rights listed above, please contact us at [email protected]. We will respond to your request within 30 days of receipt. If we need additional time, we will notify you of the extension and the reasons for it.

We use the following third-party services that may process your data on our behalf:

• Google Analytics – website traffic analysis and reporting
• Google Ads – advertising conversion tracking
• Cloudflare Turnstile – bot protection for contact form submissions
• Seznam Retargeting – remarketing campaigns and conversion tracking

Each of these processors operates under their own privacy policy and data processing agreements.

Your personal data is primarily processed within the European Union / European Economic Area (EU/EEA). Where data is transferred to third countries (e.g., the United States by Google), such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.

We implement appropriate technical and organizational measures to protect your personal data, including:

• HTTPS encryption for all data transmitted between your browser and our servers
• Access controls limiting who can access personal data
• Regular review of our data processing practices

In accordance with Article 22 of the GDPR, we inform you that we do not use automated decision-making or profiling that would produce legal effects or similarly significantly affect you in the processing of your personal data.

Our Website uses cookies to ensure basic functionality, analyze traffic, and for marketing purposes. You can manage cookies through your browser settings.

In accordance with Articles 33 and 34 of the GDPR, in the event of a personal data breach that is likely to pose a risk to the rights and freedoms of individuals:

• We will notify the Office for Personal Data Protection (ÚOOÚ) within 72 hours of becoming aware of the breach
• If the breach is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay
• We will take appropriate measures to minimize the impact and prevent further breaches

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at [email protected].

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Czech supervisory authority:

• Úřad pro ochranu osobních údajů (ÚOOÚ)
• Pplk. Sochora 27, 170 00 Praha 7
• Website: www.uoou.cz