Legal

Privacy Policy

Last updated: 25 May 2026

This Privacy Policy explains how CONFORVAL s.r.o. ("Conforval", "we", "us") collects, uses, and protects personal data of visitors to conforval.cz and people who contact us through this website. We process data in accordance with Regulation (EU) 2016/679 (GDPR) and Czech Act No. 110/2019 Coll. on the Processing of Personal Data.

1. Data controller

CONFORVAL s.r.o.

Company ID (IČO): 21409421

Registered office: Cihelna 243, 507 58 Mlázovice, Czech Republic

Contact: emil.karaus@conforval.com

We have not appointed a Data Protection Officer; the contact above is the responsible person for all data-protection matters.

2. What data we collect

We collect only data that you actively provide through the contact form on this website:

  • Identification data: full name
  • Contact data: email address
  • Optional context: organisation name, service of interest, the message you send us
  • Technical metadata attached to the form submission for security and audit purposes: IP address, browser user-agent, timestamp

We do not use analytics, advertising, or social-tracking cookies. The site sets no cookies for marketing purposes.

3. Purpose and legal basis of processing

  • Responding to your inquiry — Art. 6(1)(b) GDPR (pre-contractual steps at your request) and Art. 6(1)(f) GDPR (legitimate interest in conducting our business).
  • Protecting the website against abuse (storing IP/user-agent with the submission) — Art. 6(1)(f) GDPR (legitimate interest in network and information security).
  • Complying with legal obligations (accounting, tax) where a project results from your inquiry — Art. 6(1)(c) GDPR.

4. Retention

We retain inquiry data for as long as necessary to respond to and complete the related project, and afterwards:

  • Inquiry correspondence: up to 3 years after the last contact, after which it is deleted.
  • Contractual and accounting records arising from a paid engagement: 10 years per Czech accounting law (Act No. 563/1991 Coll.).

5. Recipients of data

Your data is processed by Conforval staff. We do not sell or share personal data with third parties for marketing. Limited processors may have access for the purpose of operating our infrastructure:

  • Web hosting provider (servers physically located in the EU)
  • Email/SMTP provider for delivering your inquiry to us

All processors are bound by appropriate data-processing agreements where required by Art. 28 GDPR.

6. International transfers

We do not transfer personal data outside the European Economic Area. If this changes (e.g. for a specific international engagement), we will inform the affected individuals and apply appropriate safeguards under Chapter V of the GDPR.

7. Your rights

Under the GDPR you have the right to:

  • Access your personal data and obtain a copy (Art. 15)
  • Request rectification of inaccurate data (Art. 16)
  • Request erasure of your data (Art. 17) where applicable
  • Restrict processing of your data (Art. 18)
  • Object to processing based on legitimate interest (Art. 21)
  • Receive your data in a portable format (Art. 20)
  • Lodge a complaint with the Czech supervisory authority — Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Praha 7, uoou.cz

To exercise any of these rights, contact us at emil.karaus@conforval.com. We will respond within 30 days.

8. Security

We use HTTPS encryption on the entire website, strict access controls on infrastructure, and minimum-necessary access for staff. We do not store sensitive personal data (special categories under Art. 9 GDPR).

9. Changes to this policy

We may update this policy to reflect changes in our services or legal requirements. The current version is always published on this page with a revision date. Material changes will be flagged on the homepage for at least 30 days.