Effective Date: January 1, 2024
Last Updated: March 1, 2025
Data Controller: Marpeta s.r.o., IČO: 11879246
1. Introduction
Marpeta s.r.o. ("Company," "we," "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Czech data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
- Company: Marpeta s.r.o.
- Address: Karla Tomáše 1873/5, Horní Počernice, 193 00 Praha 9, Czech Republic
- IČO: 11879246
- Email: hello@marpeta.eu
- Phone: +420 770 410 505
3. What Data We Collect
We may collect the following categories of personal data:
3.1 Data You Provide
- Contact information: Name, email address, phone number, company name
- Communication data: Messages, emails, and call recordings (with consent)
- Billing information: Company name, billing address, VAT ID
3.2 Data Collected Automatically
- Usage data: Pages visited, time spent on pages, click patterns
- Device data: Browser type, operating system, screen resolution
- Network data: IP address, approximate location (country/city level)
3.3 Data We Do NOT Collect
- Payment card details: All payment processing is handled by third-party PCI DSS compliant payment service providers. We never have access to your full card number, CVV, or card expiration date.
4. How We Use Your Data
We process your personal data for the following purposes:
- Service delivery: To provide the consulting and digital services you requested (legal basis: contract performance)
- Communication: To respond to your inquiries and provide customer support (legal basis: legitimate interest)
- Billing: To process payments and issue invoices (legal basis: contract performance, legal obligation)
- Legal compliance: To comply with applicable laws, tax regulations, and legal obligations (legal basis: legal obligation)
- Website improvement: To analyze website usage and improve user experience (legal basis: legitimate interest or consent, depending on cookies used)
5. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
- Consent (Art. 6(1)(a)): For optional cookies and marketing communications
- Contract (Art. 6(1)(b)): For service delivery and related communications
- Legal obligation (Art. 6(1)(c)): For tax, accounting, and regulatory compliance
- Legitimate interest (Art. 6(1)(f)): For website analytics, business improvement, and customer support
6. Data Sharing & Third Parties
We may share your personal data with the following categories of third parties:
- Payment service providers: To process payments securely (e.g., Stripe, SumUp, GoPay)
- Cloud service providers: For hosting and data storage (servers located in the EU)
- Analytics tools: For anonymized website analytics
- Tax and legal advisors: As required by law
- Government authorities: When required by law or legal process
We do not sell your personal data to third parties. All third-party service providers are contractually bound to process your data only as instructed and in compliance with GDPR.
7. International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). If any data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:
- Client data: For the duration of the business relationship plus 5 years (as required by Czech tax law)
- Contact form inquiries: Up to 12 months after the last interaction
- Website analytics: Up to 26 months (anonymized)
- Invoicing and accounting records: 10 years (as required by Czech law)
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of your personal data
- Right to rectification (Art. 16): Request correction of inaccurate data
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten")
- Right to restriction (Art. 18): Request limited processing of your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time (without affecting the lawfulness of prior processing)
To exercise any of these rights, please contact us at hello@marpeta.eu. We will respond within 30 days.
10. Cookies
Our website uses cookies. For detailed information about the types of cookies we use, please refer to our Cookie Policy.
11. Security
We implement appropriate technical and organizational security measures to protect your personal data, including:
- HTTPS/TLS encryption for all data transmission
- Encrypted storage of sensitive data
- Access controls and authentication mechanisms
- Regular security assessments
- Staff training on data protection
12. Children's Privacy
Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.
13. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Czech Data Protection Authority:
- Úřad pro ochranu osobních údajů (ÚOOÚ)
- Pplk. Sochora 27, 170 00 Praha 7
- Website: www.uoou.cz
14. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with the updated "Last Updated" date. We encourage you to review this page periodically.
15. Contact
For any privacy-related questions or requests:
- Email: hello@marpeta.eu
- Phone: +420 770 410 505
- Address: Marpeta s.r.o., Karla Tomáše 1873/5, Horní Počernice, 193 00 Praha 9, Czech Republic
