A practical guide to trade licences, self-employment and business in Czechia
Information

Personal Data Protection

In brief

Practical, verified information on running an OSVČ business. Not sure where to start? Check the navigation hub at the bottom of the page.

Personal data processing policy

We care about making it clear what happens to your data when you visit this website. No convoluted legalese – read in plain terms what personal data we process, why, how long we keep it and what you can do with it yourself.

This policy is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council, known as the GDPR, and by the related Act No. 110/2019 Coll., on the processing of personal data.

Last updated: 13 June 2026.

Who is the controller of your data

The controller of personal data is the operator of the zivnostenskylist.cz portal:

  • Name / company: ROOTIO z.s. (registered in the Register of Associations kept by the Municipal Court in Prague (Městský soud v Praze), file ref. L 75628)
  • IČO (business identification number): 14056623
  • Registered seat: Kurzova 2222/16, Stodůlky, 155 00 Praha 5
  • Contact e-mail: [email protected]

The controller has not appointed a data protection officer (DPO), as it is not legally required to do so. For all questions concerning data processing, please therefore contact the e-mail address above directly.

What data we process and why

We try to collect as little as possible. The vast majority of the content is purely informational – you read an article and leave without revealing anything about yourself. Some processing does occur, however, in three situations.

Contact form and e-mail communication

When you write to us through the contact form or directly by e-mail, we process the data you provide to us yourself:

  • name (or company name),
  • e-mail address,
  • the content of the message and anything else you write into it.

Purpose: so that we can reply to you and deal with your enquiry. Legal basis: taking steps prior to entering into a contract or our legitimate interest in handling the communication (Article 6(1)(b) and (f) GDPR). Please note – do not send us sensitive data in your message (health status, birth number, etc.), they are not needed for anything.

Traffic analytics

In order to know which articles you read and which, on the contrary, are of no interest to anyone, we measure traffic. Here we have two options depending on which tool is active on the website:

  • Plausible Analytics – privacy-friendly analytics. It does not store cookies, does not collect your IP address in an identifiable form and does not link data across websites. It works without your consent on the basis of legitimate interest (Article 6(1)(f) GDPR), because the impact on your privacy is minimal. The data is processed in aggregate form; we cannot identify you specifically from it.
  • Google Analytics – if deployed, it stores cookies and measures visitor behaviour in more detail. It is activated only after your consent given in the cookie banner (Article 6(1)(a) GDPR).

Advertising

We finance the operation of the website partly through advertising via Google AdSense. Advertising and measurement cookies are set only if you give your consent to this in the cookie banner. Without consent, you will either not be shown any advertising, or you will see only non-personalised advertising that is not based on your behaviour.

Cookies

Cookies are small files that a website stores in your browser. We classify them as follows:

Type of cookies What they are for Consent
Necessary Basic functioning of the website, language choice, saving your choice in the cookie banner Not required
Analytical Traffic measurement (Google Analytics) Consent required
Advertising Personalisation and measurement of advertising (Google AdSense) Consent required

You give consent on your first visit via the cookie banner, where the Reject button carries the same weight as Accept. You can change your decision at any time – simply open the cookie settings again (you will find the link in the website footer) or delete the cookies directly in your browser. Instructions on how to manage cookies can be found in the help section of your browser (Chrome, Firefox, Edge, Safari).

To whom we pass on data (processors)

We do not pass on your data to anyone who would want to use it for their own purposes. We do, however, use technical suppliers – so-called processors – who process data for us according to our instructions:

  • Google Ireland Ltd. / Google LLC – operation of the Google AdSense (advertising) and Google Analytics (analytics) services, where active.
  • Plausible analytics operator – privacy-friendly traffic measurement, where this tool is deployed.
  • bullDev (bulldev.cz) – web hosting and operation of the website on the server.

With Google services, transfer of data outside the EU/EEA may occur (typically to the USA). Such transfer is covered by the European Commission's standard contractual clauses, or by the EU–US Data Privacy Framework. Details of how Google handles data can be found in its privacy policy.

How long we keep data

We do not keep data longer than necessary:

  • Messages from the contact form and e-mails: for the duration of handling the enquiry and subsequently, as a rule, for 24 months for any follow-up communication, after which we delete them.
  • Analytical data: in aggregate form for the period necessary to evaluate trends; for Google Analytics, according to the configured retention period (usually 14 months).
  • Cookies: for the period of their validity set for the individual file, but no longer than the period for which you have given consent (usually a maximum of 13 months, after which it is requested again).

What rights you have

The GDPR gives you strong control over your data. You can exercise the following rights against us at any time:

  • Right of access – to find out what data we process about you and to obtain a copy of it.
  • Right to rectification – to have inaccurate data corrected or incomplete data completed.
  • Right to erasure ("right to be forgotten") – to have data deleted once the reason for its processing has ceased.
  • Right to restriction of processing – to temporarily "freeze" processing until, for example, your objection is resolved.
  • Right to object – to processing based on legitimate interest (typically analytics); we will then no longer process the data, unless we demonstrate compelling legitimate grounds.
  • Right to portability – to receive your data in a machine-readable format, or to have it transferred to another controller.
  • Right to withdraw consent – if the processing is based on consent (advertising and analytical cookies), you can withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

How to do it? Write to us at [email protected]. So that we do not mistakenly release your data to someone else, we may ask you to verify your identity. We will handle the request without undue delay, no later than within one month.

Complaint to the supervisory authority

If you believe that we handle your data in breach of the law, tell us – we resolve most matters quickly and amicably. However, you also have the right to turn directly to the supervisory authority:

Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7 Web: www.uoou.gov.cz E-mail: [email protected] · Tel.: +420 234 665 111

Changes to this policy

Both the website and the legislation evolve, which is why we reserve the right to update this policy. The current version is always available on this page; in the case of significant changes, we will inform you in an appropriate manner directly on the website. You will find the date of the last revision at the beginning of the document.

Looking for something specific?
Browse the trade licence catalogue, read the news and guides, or use search.