Privacy Policy

Last update: 18. 8. 2025

This English version is an informative translation. The definitive legal wording is the Czech version. In case of discrepancies, the Czech version prevails.

1. Data Controller

ThePirates s.r.o.
Company ID (IČO): 23266350
Registered office: Jeřmanická 480/13, Liberec XXV-Vesec, 463 12 Liberec, Czech Republic
Premises: Revoluční 126/11, 460 01 Liberec, Czech Republic
E‑mail: info@thepiratesbarber.cz
Phone: +420 777 413 886

The company acts as a personal data controller in accordance with Regulation (EU) 2016/679 (GDPR) and related Czech legislation.

2. Data We Process

Identification data: name and surname.
Contact data: email, phone.
Message content from the contact form.
Reservation data (if you use the booking system) – selected service, date and time.
Technical / operational data: IP address (security), form submission time, anti‑spam indicators.
Cookies & analytics (aggregated / anonymised if enabled).

3. Purposes & Legal Bases

Purpose	Legal basis	Description
Responding to enquiry	Art. 6(1)(b)	Steps prior to contract.
Service performance / booking	Art. 6(1)(b)	Contract performance (barber services).
Accounting & record keeping	Art. 6(1)(c)	Legal obligations (tax / accounting).
Security & abuse prevention	Art. 6(1)(f)	Legitimate interest in protecting services & anti‑spam.
Basic analytics & improvement	Art. 6(1)(f)	Legitimate interest – quality improvement (minimal scope).
Marketing (newsletter / offers)	Art. 6(1)(a)	Only with explicit consent (optional).

4. Retention Periods

Contact form communication: 12 months from last interaction (unless contract follows).
Reservation / contract data: duration of relationship + 3 years (defence of claims); accounting records up to 10 years (law).
Marketing consents: until withdrawn (max. 5 years of inactivity).
Security / anti‑spam logs: 6 months.
Cookies: per type – see Cookies section (session / several months, strictly per consent settings).

5. Recipients & Processors

Personal data may be shared only with essential partners:

Hosting & infrastructure: Vercel (EU / EEA edge) – website operation.
Email delivery: Resend – sending form notifications.
Internal administrators: Bound by confidentiality; access role‑based.

Other recipients (accountants, legal advisors, authorities) only if legally required or for defence of rights.

6. Third‑Country Transfers

Data are not intentionally transferred outside the EU/EEA. If a technical transfer occurs (global infrastructure), we rely on appropriate safeguards (SCCs, security measures).

7. Your Rights

Access – confirmation whether we process data.
Rectification of inaccurate data.
Erasure (if purpose ceased or consent withdrawn and no other legal basis).
Restriction of processing.
Portability (data processed by consent or contract, automated means).
Objection (legitimate interest processing).
Withdrawal of consent (affects future only).
Complaint: Czech DPA (ÚOOÚ).

Exercise rights via info@thepiratesbarber.cz. We respond within 30 days.

8. Cookies & Similar Tech

We use only necessary and limited functional / analytical cookies. No marketing / profiling cookies without your consent. You can change preferences in your browser or our banner (if available).

9. Security Measures

Technical & organisational safeguards: encrypted transport (HTTPS), role‑restricted access, access logging, anti‑spam (honeypot + timing) and dependency updates.

10. Changes

Current wording published here. Material changes may be announced (e.g. website notice).

11. Contact

Questions? Email info@thepiratesbarber.cz.

12. Note

This document is informational and not legal advice; periodic review recommended.