Skip to content
Advanced R&D
AdvancedR&D
Privacy

Privacy Policy

Poslední aktualizace · 2026-04-19

This policy explains how Advanced R&D a.s. ("we", "us", "controller") processes personal data in connection with the website advancedrd.eu and related services. Processing complies with Regulation (EU) 2016/679 ("GDPR"), the Czech Personal Data Processing Act No. 110/2019 Coll., and the ePrivacy directive 2002/58/EC.

1. Data controller

Advanced R&D a.s.
Registered office: Šafránkova 1238/1, Stodůlky, 155 00 Prague 5, Czech Republic
Company ID (IČO): 14130467
VAT ID (DIČ): CZ14130467
Registered with the Municipal Court in Prague, section B, file 26888
Contact: info@advancedrd.eu

Under Art. 37 GDPR we are not required to appoint a Data Protection Officer, but you can reach us on privacy matters at privacy@advancedrd.eu.

2. Categories of data processed

  • Identification and contact data — name, email, phone number, company name, job title (if provided).
  • Content data — contents of your message and attachments, project description, information shared during communication.
  • Technical and network data — IP address (anonymised), browser type, operating system, referring page, timestamps.
  • Usage data — pages viewed, interactions, cookie banner choices (only with granted consent).

3. Purposes and legal bases

  • Responding to inquiries and pre-contractual steps — Art. 6(1)(b) GDPR.
  • Legitimate interest in security — Art. 6(1)(f) GDPR; protection against attacks, rate-limiting, bot detection. Balancing test performed per WP 217.
  • Compliance with legal obligations — Art. 6(1)(c) GDPR (accounting, tax, archival).
  • Analytics and marketing — Art. 6(1)(a) GDPR (explicit consent via the cookie dialog). Consent can be withdrawn at any time.

4. Retention

  • Inquiries and related communications — 24 months from last interaction, unless a contract is concluded.
  • Contractual documentation — 10 years after contract end (statutory archival period).
  • Technical logs — 12 months in anonymised form.
  • Marketing consent — until withdrawn, maximum 36 months; renewed consent required thereafter.

5. Processors and recipients

We may share data with carefully selected processors bound by data processing agreements (Art. 28 GDPR):

  • Resend Inc. — transactional email delivery (EU/US).
  • Cloudflare, Inc. — CDN, attack protection, Turnstile (EU/US).
  • Vercel Inc. — static site hosting (EU/US).
  • External legal counsel (when relevant).
  • Accounting firm — for bookkeeping.

We do not disclose personal data to any other third parties, except as required by law (e.g. to law-enforcement authorities upon lawful request).

6. International transfers

Some processors operate infrastructure outside the EEA (notably the US). Transfers are safeguarded by:

  • European Commission adequacy decision (EU–US Data Privacy Framework), or
  • Standard Contractual Clauses (SCCs) 2021/914, supplemented by additional technical and organisational measures.

7. Cookies and similar technologies

We use cookies and similar technologies (localStorage, pixel tags). Details about categories, retention and how to withdraw consent are in our separate Cookie Policy.

8. Automated decision-making and profiling

We do not perform automated decision-making or profiling within the meaning of Art. 22 GDPR that would have legal effects or similarly significantly affect you.

9. Your rights

Under GDPR you have the following rights, exercisable free of charge at privacy@advancedrd.eu:

  • Right of access (Art. 15).
  • Right to rectification (Art. 16).
  • Right to erasure (Art. 17) — "right to be forgotten".
  • Right to restriction (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object (Art. 21).
  • Right to withdraw consent (Art. 7(3)).
  • Right to lodge a complaint with the Czech Office for Personal Data Protection (uoou.cz) or your local supervisory authority.

10. Security

We apply appropriate technical and organisational measures including encryption at rest and in transit (TLS 1.3, AES-256), least-privilege access control, audit logs, regular audits and staff training. In the event of a data breach we notify the supervisory authority within 72 hours under Art. 33 GDPR.

11. Children

The website is not intended for persons under 16. We do not knowingly process children's personal data without parental consent.

12. Changes to this policy

We may update this policy over time. We will notify you of material changes via a visible notice on the website or by email. The last update date appears at the top of this document.