GDPR

Protecting Your Data Comes First – Transparently, Securely, and in Compliance with Applicable Law

Terms and Conditions

If you are our customer, you entrust us with your personal data. We are responsible for their protection and security. Please review these personal data terms, which DT – EXPERT s.r.o., with registered office at Pražská 1430/34, Prague 10, Hostivař, Company ID: 25094254 (hereinafter “the Company” or “Controller”), complies with in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: “GDPR”).

Personal data are defined by the GDPR as any information relating to an identified or identifiable natural person (“data subject”), where an identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Who is the Data Controller?

The Controller of personal data is DT – EXPERT s.r.o., with registered office at Pražská 1430/34, Prague 10, Hostivař, Company ID: 25094254 (hereinafter “the Company” or “Controller”). The person responsible for data protection within the Company is Mr. Pavel Dyba, email: gdpr@dtexpert.cz, phone: +420 272 011 190.

Questions regarding personal data processing can be addressed to the Company or to the designated Data Protection Officer.

Sources and Categories of Processed Personal Data

The Company processes personal data you have provided to us and data obtained in connection with the fulfilment of your order. The Company only processes your identification and contact data and data necessary for the performance of the contract.

Legal Basis and Purpose of Processing

Your personal data are processed by the Company on the legal bases pursuant to Article 6(1)(b) and (c) of the GDPR, i.e., for the performance of a contract between you and the Company and to comply with the Company’s legal obligations. The purpose of processing is to maintain records of contractual parties, communicate with them, perform the contract, and fulfil all applicable tax and accounting obligations.

Data Processing and Security Measures

The Controller processes your personal data both manually and automatically. All processing activities are properly documented, including both manual and automated operations.

The Controller does not transfer personal data outside the Czech Republic.

Activities Related to Personal Data and Their Protection Are Properly Documented. The Controller duly documents all activities related to personal data and their protection, i.e., keeps records of processing activities and other documents concerning the processing of personal data to comply with the accountability principle under the GDPR.

The Controller takes technical and organisational measures to ensure that personal data are adequately secured and protected against unauthorised access.

Personal data are retained only for the duration of the legal basis for processing and are subsequently destroyed.

INFORMATION ON DATA SUBJECT RIGHTS

Every identifiable natural person as a data subject, who proves their identity, has the following rights:

Right of Access.

This includes the right to obtain from the Controller:

  • confirmation as to whether or not personal data concerning the data subject are being processed,
  • information on the purposes of processing, the categories of personal data concerned, the recipients to whom the personal data have been or will be disclosed, the planned retention period, the existence of the right to request from the Controller rectification or erasure of personal data concerning the data subject, or restriction of processing, or to object to processing, the right to lodge a complaint with a supervisory authority, all available information on the source of personal data, if not obtained from the data subject, the fact that automated decision-making, including profiling, is taking place, and appropriate safeguards for transfers of data outside the EU,
  • and, where the rights and freedoms of others are not adversely affected, a copy of the personal data.

The above information and communications requested by the Data Subject are provided by the Controller free of charge. In case of repeated requests, the Controller is entitled to charge a reasonable fee for copies of personal data. The right to confirmation of processing and to information may be exercised via the Controller’s email address provided above.

Right to rectification of inaccurate data

The Data Subject has the right to have inaccurate personal data processed by the Controller corrected.

Right to Erasure

The Data Subject has the right to have personal data concerning them erased if the Controller cannot demonstrate legitimate grounds for processing these personal data. The Data Subject may exercise the right to erasure via email to the above address. Any erasure will be carried out by the Controller without undue delay, and in any event, within 30 days of receiving the request from the client.

Right to Restriction of Processing

The Data Subject has the right to request restriction of processing until the matter is resolved, where they contest the accuracy of the personal data, the reasons for processing, or have objected to the processing, via the email address above.

Right to notification of rectification, erasure or restriction of processing

The Data Subject has the right to be informed by the Controller in the event of rectification, erasure, or restriction of personal data processing.

Right to data portability

The Data Subject has the right to receive the personal data concerning them, which they have provided to the Controller, in a structured, commonly used, and machine-readable format, and the right to request the Controller to transfer these data to another controller. If the exercise of this right could adversely affect the rights and freedoms of third parties, the request may not be fulfilled.

Right to withdraw consent to personal data processing

Where the Company processes personal data based on the Data Subject’s consent, such consent may be withdrawn at any time. Withdrawal must be made by an explicit, informed, and unequivocal statement, either by email to gdpr@dtexpert.cz or by post to the address of the Controller stated at the beginning of this Privacy Policy.

Automated individual decision-making, including profiling

The Data Subject has the right not to be subject to any decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. The Controller states that no automated decision-making without human intervention with legal effects for the Data Subjects is carried out.

Right to contact the Office for Personal Data Protection

The Data Subject has the right to contact the Office for Personal Data Protection (https://www.uoou.cz/).

Protection of Personal Data

The Controller collects and stores personal data provided by the Data Subject, as well as technical personal data obtained from the Data Subject via electronic information carriers in a secure database. The Controller protects personal data to the maximum extent possible using modern technologies corresponding to the state of technical development.

The Controller declares that all possible currently known measures have been taken to secure these data against unauthorised third-party interference.

In the event of any serious breach of personal data security, the Controller is obliged to report it without undue delay, and, where possible, within 72 hours from becoming aware, to the supervisory authority and to ensure appropriate remedial action.

The Controller may, in accordance with its legal obligations, provide personal data to administrative authorities and offices as required by applicable law. The Data Subject acknowledges that the Controller may be required to provide personal data under law or to fulfil its legal obligations (e.g., in judicial or administrative proceedings).

Other Recipients of Personal Data – Processors

In fulfilling its obligations and duties towards Data Subjects, the Controller utilises professional and specialised services of other entities. The Controller is thus entitled to appoint a third party as a processor of personal data, using only processors who provide sufficient guarantees of appropriate technical and organisational measures to ensure the protection of the rights of Data Subjects. If such suppliers process personal data provided by the Controller, they do so solely under the Controller’s instructions and must not use them otherwise. The Controller concludes a data processing agreement with each such entity pursuant to Article 28 GDPR.

Other recipients of Data Subjects’ personal data include these external parties: IT developer, accountant, IT network administrator, cloud service providers, delivery service providers, legal service providers, insurance companies, and other contractual partners of the Company.

Confidentiality

The Controller and other recipients of personal data who will process Data Subjects’ personal data are obliged to maintain confidentiality regarding personal data and security measures whose disclosure would compromise the security of personal data. This obligation of confidentiality continues even after the contractual relationship with the Data Subject has ended. Personal data will not be disclosed to any other third party without the Data Subject’s consent.

COOKIES USAGE POLICY

When visiting the Administrator’s website, users are informed about the use of cookies through a clear notice (commonly referred to as a cookie banner), which allows them to provide or refuse consent for their use.

Consent to the use of cookies is given by the user’s active confirmation, for example by clicking the “Accept All” button or by adjusting their preferences.
Users may choose to accept only necessary cookies, reject optional cookies, or modify settings according to their preferences.
Consent may be withdrawn or changed at any time via the “Cookie Settings” link, which is permanently available in the footer of the Administrator’s website.

What Are Cookies
Cookies are small text files stored on the user’s device (e.g., computer, phone, or tablet) by websites. They are used to ensure the proper functioning of the website, analyse traffic, personalise content, and display targeted advertising.

Types of Cookies Used

1. Necessary Cookies
These cookies enable essential website functions, such as navigation, secure access to protected sections, or saving user preferences.
Without these cookies, the website could not function properly.
The legal basis for their use is the Controller’s legitimate interest pursuant to Article 6(1)(f) of the GDPR.

2. Analytical Cookies
These cookies are used to measure website traffic, analyse performance, and improve website functionality.
The Controller primarily uses Google Analytics 4 (GA4), which processes anonymised statistical data about visitor behaviour.
These cookies are stored only on the basis of the user’s consent pursuant to Article 6(1)(a) of the GDPR.

3. Marketing Cookies
Marketing cookies are used to display personalised advertising and measure the effectiveness of advertising campaigns.
The Controller primarily uses the following services:

  • Google Ads – for conversion tracking and remarketing,
  • Meta Pixel (Facebook / Instagram) – for advertising targeting and performance measurement.

These cookies allow the Administrator’s website to be linked with advertising platforms and are stored only after the user has given consent.

4. Preference (Functional) Cookies
These cookies allow the website to remember the user’s choices (e.g., language, region, or display settings), thereby enhancing user experience.
They are stored only on the basis of the user’s consent.

Retention Period and Data Transfer
The retention period of cookies varies depending on their type and purpose:

  • Necessary cookies are stored only for the duration of the session or shortly thereafter.
  • Analytical cookies (Google Analytics 4) may be retained for up to 14 months, according to the service settings.
  • Marketing cookies (Google Ads, Meta Pixel) are retained for a maximum of 13 months, or a shorter period depending on the platform settings (e.g., 90 days for Meta Pixel).
  • Preference cookies are typically retained for 6 to 12 months.

Where services provided by Google Ireland Limited and Meta Platforms Ireland Limited are used, personal data may be transferred outside the European Union. Such transfers are conducted in accordance with the EU–US Data Privacy Framework or based on standard contractual clauses for the protection of personal data.

Users may delete cookies at any time through their web browser settings or change their consent via the cookie management interface available on the Controller’s website.

These data protection terms take effect on 13 October 2025.

In Prague, on 13 October 2025

Cookie Preferences
By pressing “Accept All”, you consent to the use of cookies on your device to enhance site navigation, analyse site performance, and support our marketing efforts. You can manage your preferences at any time. Learn more.
Manage Preferences
Accept Necessary
Accept All
Close Cookie Preference Manager
Cookie Preferences
By pressing “Accept All”, you consent to the use of cookies on your device to enhance site navigation, analyse site performance, and support our marketing efforts. You can manage your preferences at any time. Learn more.
Cookies icon
Cookie Preferences