Privacy Policy
Effective from: March 6, 2026
1. Data Controller
The data controller is:
Lahoda & Ellis s.r.o. Jaurisova 515/4, Michle (Praha 4), 140 00 Prague, Czech Republic Company ID (IČO): 03758401 Data mailbox: v2ywenb E-mail: [email protected]
2. What Data We Process
2.1 Registration Data
- Full name
- E-mail address
- Company name
- Password (stored exclusively in hashed form, bcrypt)
2.2 Contact Form Data
- Name, company, e-mail, phone number (optional)
- Message content
2.3 Payment Data
- Processed by the Stripe, Inc. payment gateway (stripe.com)
- The Controller does not store payment card numbers or other sensitive payment data
2.4 Calculator Data
- CN codes, countries of origin, import volumes — data entered by the user for calculation purposes
- Saved calculations (for logged-in users only)
2.5 Support Data
- Ticket type and description, subject
- Association with user account
2.6 Technical Data
- IP address, browser type, operating system, access time
- Cookies (see separate Cookie Policy)
3. Purposes of Processing
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Operation of user account | Performance of contract (Art. 6/1b GDPR) | Until account deletion + 30 days |
| Responding to enquiries | Legitimate interest (Art. 6/1f GDPR) | 1 year from last contact |
| Invoicing and accounting | Legal obligation (Art. 6/1c GDPR) | 10 years |
| Analytics (GA4) | Consent (Art. 6/1a GDPR) | Until consent is withdrawn |
| Service improvement | Legitimate interest (Art. 6/1f GDPR) | Anonymised data, indefinitely |
| Support ticket handling | Performance of contract (Art. 6/1b GDPR) | 2 years after ticket closure |
4. Data Recipients (Processors)
| Processor | Purpose | Location | Transfer Safeguards |
|---|---|---|---|
| Stripe, Inc. | Payment processing | USA | Standard Contractual Clauses (SCCs) |
| Google LLC | GA4 analytics (only after consent) | USA | Standard Contractual Clauses (SCCs) |
| Railway Corp. | Application and database hosting | USA | Standard Contractual Clauses (SCCs) |
We do not sell or share personal data with third parties for marketing purposes.
5. Automatic Data Cleaning
The platform performs automatic cleaning of personal data:
- Deleted accounts: personal data and saved calculations removed within 30 days of account termination
- Contact forms: enquiry data older than 1 year is automatically deleted
- Support tickets: closed tickets older than 2 years are anonymised
6. Your Rights (under GDPR)
As a data subject, you have the right to:
- Access the data we process about you
- Rectification of inaccurate data
- Erasure of data ("right to be forgotten")
- Restriction of processing
- Data portability in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent for processing (without affecting the lawfulness of prior processing)
- Lodge a complaint with the Office for Personal Data Protection (uoou.cz)
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
7. Cookies
Detailed information about the cookies we use, their categories, and management can be found in our Cookie Policy.
8. Security
- Passwords are stored exclusively in hashed form (bcrypt)
- All communication is secured via HTTPS (TLS encryption)
- Database access is restricted to authorised personnel
- The platform runs on infrastructure with automatic backups
9. International Transfers
The Service is primarily intended for users in the EU/EEA. Data transfers to the USA (Stripe, Google, Railway) are safeguarded by Standard Contractual Clauses (SCCs) pursuant to Article 46 GDPR.
10. Changes to This Policy
We will notify users of changes to this privacy policy by e-mail and/or by a notice on our website at least 14 days in advance. The current version is always available on this page.
11. Contact
Data Controller: Lahoda & Ellis s.r.o. Jaurisova 515/4, 140 00 Prague 4, Czech Republic Company ID (IČO): 03758401 E-mail: [email protected]