1. Data controller
1.1. The data controller is: DomusDigital, s.r.o. ID: 23956780 Registered office: Korunní 2569/108, 101 00 Prague (hereinafter "Controller").
1.2. Controller contact details for personal data protection inquiries: E-mail: info@dokumentarna.cz
2. What personal data we process
2.1. In connection with the operation of the Dokumentárna.cz service, we process in particular the following categories of personal data: identification data: name, surname, company name, ID, tax ID, contact data: email address, possibly phone, billing address, user account data: login email, account settings, access permissions, billing and payment data: data on tax documents (we do not store payment card numbers if processed by a third-party payment gateway), technical data: IP address, access logs, device and browser information, service usage data: operation logs in the system (e.g., creation, modification, deletion of documents, login, settings).
2.2. Documents containing personal data of third parties (e.g., contracts, invoices, internal records) may also be stored through the service. With respect to such data, the Controller usually acts as a processor, while the User is the controller of such personal data. Rights and obligations in this role may be governed by a separate data processing agreement (DPA).
3. Purposes and legal bases for processing
We process personal data only to the extent necessary for these purposes:
3.1. Providing the Dokumentárna.cz service: account creation and management, service operation, maintenance and development, customer support. Legal basis: contract performance (Art. 6(1)(b) GDPR).
3.2. Billing and accounting: issuing tax documents, fulfilling accounting and tax obligations. Legal basis: compliance with legal obligation (Art. 6(1)(c) GDPR).
3.3. Communication with users: responding to inquiries, resolving incidents, informing about service changes. Legal basis: contract performance and legitimate interest (Art. 6(1)(b) and (f) GDPR).
3.4. Service improvement and system protection: statistical and analytical purposes, monitoring system performance and security, preventing service abuse. Legal basis: Controller's legitimate interest (Art. 6(1)(f) GDPR).
3.5. Marketing communication (e.g., newsletter): sending information about service news, plan or feature changes. Legal basis: Controller's legitimate interest or consent, if required (Art. 6(1)(a) and (f) GDPR). Users can unsubscribe from commercial communications at any time.
4. Retention period for personal data
4.1. We retain personal data only for the period necessary for the respective processing purpose: data related to contractual relationship – for the duration of service use and then for the period necessary for potential claims (usually 3–5 years), accounting and tax documents – for the period prescribed by legal regulations (usually 10 years), data for marketing purposes – until consent is withdrawn or objection is raised, logs and technical data – for the period necessary for system security and operation.
4.2. After the expiration of the respective periods, personal data is securely deleted or anonymized.
5. Recipients and processors of personal data
5.1. Personal data may be transferred only to these categories of recipients: hosting and IT service providers (server, cloud, backup), accounting and tax advisors, payment service providers (payment gateway), email and communication system providers.
5.2. We transfer data to all these entities only to the extent necessary and on the basis of a personal data processing agreement that ensures adequate protection.
5.3. Personal data is not sold to third parties or transferred to unauthorized entities.
6. Transfer of personal data to third countries
6.1. We generally do not process personal data outside the territory of the European Union / European Economic Area.
6.2. If services of providers based outside the EU/EEA are used (e.g., some cloud or communication services), this is done only in accordance with GDPR, i.e., on the basis of: adequacy decision, or use of standard contractual clauses of the European Commission.
7. Personal data security
7.1. We protect personal data using appropriate technical and organizational measures to prevent their loss, misuse, unauthorized access, alteration or destruction.
7.2. These measures include in particular: encrypted data transmission (HTTPS), limited database access (authorized persons only), regular system updates and backups, logging of access and security events.
8. Your rights as a data subject
You have in particular the following rights: Right of access – you can request confirmation whether we process your personal data and obtain a copy. Right to rectification – if data is inaccurate or incomplete, you have the right to have it corrected. Right to erasure ("right to be forgotten") – in cases specified by law, you can request deletion of data. Right to restriction of processing – in certain situations, you can request restriction of processing. Right to data portability – for data processed on the basis of consent or contract, you have the right to obtain it in a structured format and/or transfer it to another controller. Right to object – in particular against processing for direct marketing purposes or on the basis of legitimate interest. Right to withdraw consent – if processing is based on consent, you can withdraw it at any time.
To exercise these rights, you can contact us at: info@dokumentarna.cz.
9. Right to lodge a complaint
If you believe that the processing of your personal data is in violation of legal regulations, you have the right to lodge a complaint with the supervisory authority: Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Web: www.uoou.cz
10. Cookies
This website may use cookies to ensure proper functionality, measure traffic and improve services. Details on the use of cookies are set out in a separate document Cookie Policy.
11. Final provisions
11.1. This Policy may be updated by the Controller from time to time.
11.2. The current version is always published on the Dokumentárna.cz website.
11.3. This Policy takes effect on [fill in date].