Legal

Privacy Policy

Effective date: 23 April 2026

Data Controller

The data controller for your personal data is:

Daniel Rombakh

Registration No.: 09872604

Registered address: Kaprova 42/14, Praha 1, 110 00, Czech Republic

Contact: info@prazskyzubar.cz

What Data We Collect

  • Account data: name, email address, company name
  • Clinic information: address, phone number, website, description, photos
  • Payment data: payments are processed by Stripe — we never see or store your card number or bank details
  • Technical data: IP address, browser type, pages visited, access timestamps
  • Communications: content of emails you send to us

Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide our services
  • Legitimate interest (Art. 6(1)(f) GDPR): security, fraud prevention, traffic analysis
  • Legal obligation (Art. 6(1)(c) GDPR): accounting and tax records
  • Consent (Art. 6(1)(a) GDPR): marketing communications where you have given consent

Data Processors and Recipients

We share your data only with the following GDPR-compliant processors:

SupabaseDatabase hosting and authentication
StripePayment processing
ResendTransactional emails
NetlifyWeb application hosting

We never sell your data to third parties — ever.

Data Retention

  • Account data: for the duration of your subscription plus 3 years after termination (for legal and accounting purposes)
  • Payment records: 10 years per accounting regulations
  • Technical logs: maximum 12 months
  • Deleted account: anonymised within 30 days

Your Rights

You have the right to access, rectify, erase, port, and object to the processing of your personal data. Submit requests to info@prazskyzubar.cz. We will respond within 30 days.

You also have the right to lodge a complaint with the supervisory authority: Úřad pro ochranu osobních údajů (UOOU), Pplk. Sochora 27, 170 00 Praha 7, www.uoou.cz.

Cookies

We use only technically essential cookies for session management (login). We do not use advertising or tracking cookies. We do not store any information beyond what is necessary for the website to function.

Data Breach Notification

In the event of a personal data breach, we will notify you within 72 hours of becoming aware of the incident, in accordance with Art. 34 GDPR, where the breach is likely to result in a high risk to your rights and freedoms.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email. The effective date at the top of this document will always reflect the date of the most recent update.