Privacy notice

This site is built to collect as little as possible. No cookies, no advertising trackers, no profiling, and nothing sold to anyone. This notice explains the small amount of data that is processed, why, and the rights you have under the GDPR GDPR EU General Data Protection Regulation. The European law that sets out how personal data must be handled and the rights people have over their own data. .

Last updated: 13 June 2026

At a glance

What this site does and does not do

No cookies are set, and no cookie consent banner is needed.
No advertising trackers, fingerprinting, or cross-site tracking.
No profiling and no automated decisions about you.
Your data is never sold, rented, or shared for marketing.
Analytics are aggregate and cannot identify you.
Email and bookings are handled through encrypted, privacy-first services.

Who is responsible

The data controller

The person who decides how and why your data is processed (the data controller) is:

Petr Pospíšil

Korunní 2569/108, 101 00 Praha - Vinohrady, Czech Republic

IČO: 21154856

Email: [email protected]

Given the very limited scope of processing, there is no statutory requirement to appoint a Data Protection Officer. Any question about your data goes to the email address above.

The detail

How your data is processed

Website analytics

Purpose: Understand, in aggregate, how the site is found and used so I can improve it.
Data: Non-identifying signals only: the referring or source domain, country, device type, platform, browser, language, time of visit, and screen resolution. No cookies are set, and the analytics backend never reads or stores your IP address.
Recipients: counter.dev, an open-source, cookieless analytics service. Its design makes it impossible to link a page view to an individual or to combine it with any other dataset.
Legal basis: My legitimate interest in measuring and improving the site (Article 6(1)(f)). Because the data cannot identify you and no cookies are used, no consent banner is required.
Retention: Held only as aggregate counts that are never tied to an individual.

Email correspondence

Purpose: Answer your enquiry, manage any conversation that follows, and keep you informed about relevant services from time to time.
Data: Your name, your email address, and anything you choose to write in your message.
Recipients: Stored in an end-to-end encrypted Proton Mail mailbox operated by Proton AG (Switzerland).
Legal basis: Taking steps at your request before a possible contract, and my legitimate interest in replying to enquiries and offering relevant services (Article 6(1)(b) and (f)). You can object to marketing contact at any time, with no effect on anything else.
Retention: I generally keep business contact details for up to 10 years so I can follow up on relevant services. You can ask me to delete them, or to stop hearing from me, at any time.

Call bookings

Purpose: Schedule and hold a call that you request.
Data: Your name, your email address, and the time slot you choose.
Recipients: Proton Calendar, operated by Proton AG (Switzerland).
Legal basis: Steps taken at your request before a possible contract (Article 6(1)(b)).
Retention: Removed once the booking is no longer needed for our records.

Signal messaging

Purpose: Give you an encrypted channel to reach me.
Data: Your Signal username or phone number and the content of your messages.
Recipients: Signal Messenger, LLC (United States). Messages are end-to-end encrypted, so Signal cannot read them.
Legal basis: My legitimate interest in offering a secure contact option (Article 6(1)(f)).
Retention: Messages stay on our own devices until either of us deletes them.

Hosting and delivery

Purpose: Serve the website to your browser and protect it from abuse.
Data: Standard connection data, including your IP address, processed transiently to deliver the page and to keep the site secure and available.
Recipients: Cloudflare, Inc. (Cloudflare Pages), acting as hosting provider on my behalf.
Legal basis: My legitimate interest in running a secure, reliable website (Article 6(1)(f)).
Retention: Held briefly in edge and security logs in line with the host's own policy.

Discovery questionnaire

Purpose: Let you self-assess your security position and, if you wish, share the result with me.
Data: Your answers are processed entirely inside your own browser. Nothing is transmitted to me or anyone else unless you actively choose to email the summary.
Recipients: No one, unless you send the result by email, in which case it is handled exactly as email correspondence above.
Legal basis: No processing by me takes place until you choose to send your answers.
Retention: Nothing is stored on the website.

Where data goes

International transfers

Some of the services above operate outside the European Economic Area. Each transfer rests on a recognised legal safeguard:

Proton (Switzerland) - covered by the European Commission's adequacy decision for Switzerland.
Cloudflare and Signal (United States) - covered by Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.

What you can ask for

Your rights

Under the GDPR you have the following rights over your personal data. To exercise any of them, email [email protected]. There is no charge, and I will respond within one month.

Access: Ask for a copy of the personal data I hold about you.
Rectification: Ask me to correct data that is wrong or incomplete.
Erasure: Ask me to delete your data where there is no overriding reason to keep it.
Restriction: Ask me to pause processing while a concern is resolved.
Portability: Receive the data you gave me in a portable, machine-readable form.
Objection: Object to processing based on legitimate interest, including any direct outreach.

There is no automated decision-making or profiling on this site.

If something is wrong

Raising a complaint

Please contact me first so I can put things right. You also have the right to complain to the Czech supervisory authority at any time:

Úřad pro ochranu osobních údajů (ÚOOÚ)

Pplk. Sochora 27, 170 00 Praha 7, Czech Republic

uoou.gov.cz

Keeping this current

Changes and questions

If the way this site works changes, this notice is updated and the date at the top is revised. Material changes will be made clear here. For anything about your privacy or this notice, reach me through any channel below.

Book a call