under Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
In case you are providing your personal data, we as a data controller:
Spaceflow s.r.o., with its registered seat at: Pernerova 676/51, Karlín, 186 00 Praha 8, ID: 05184142, registered by the Commercial Register maintained by the Municipal Court in Prague, File No. C 259630,
would like to inform you about the processing of your personal data and of your rights related to the said processing.
Our philosophy is to be open and transparent at all times. This includes being open to communication from any person interested in Spaceflow and the Application. Additionally, we have also published email, so you can contact them at any time with any question related to our Application and business you may have. However, to ensure such effective, flawless and clear communication, we process some of your personal data (including unstructured personal information – contained in email correspondence). If you send us your personal data based on a web-form on our pages, the processing is wider, therefore based on a consent, if you book a meeting with us (through a booking feature), we process such data upon the purpose of promotion of our products and services.
As soon as we no longer need your personal data for the processing purposes for which the personal data have been collected, we will delete them unless the statute-barred period applies. Certain details and correspondence may be retained until the time limit for claims, in respect of the pre-contractual or contractual relationship, has expired or in order to comply with regulatory requirements regarding the retention of such personal data.
Linkedin Insight Tag: This tag enables LinkedIn ads to our site visitors. The LinkedIn browser cookie is stored in a browser until cookies are deleted or the cookie expires (based on a rolling six-month expiration from the last time your browser loaded the Insight tag). You may also block or delete cookies. LinkedIn does not share personal data with us, it only provides summary reports about the website target group and ad performance. LinkedIn also provides a retargeting service for a website that allows us to use this data to show targeted adverts outside our website without identifying the member. For further information, please go here.
Facebook Pixel and Facebook direct marketing: This technology enables Facebook to identify visitors of our website as a target group for the display of ads (“Facebook Ads”). Accordingly, we use Facebook Pixel to display the Facebook Ads placed by us only to such Facebook users, who have actually shown an interest in our website or who have certain attributes (e.g. interests in certain topics or products as identified based on the visited webpages) that we transmit to Facebook (“Custom Audiences” and for further “Lookalike Audiences”).
By means of the Facebook Pixel, we would also like to ensure that our Facebook Ads match your potential interests and do not bother you. We can also track the effectiveness of the Facebook Ads by means of Facebook Pixel for purposes of statistics and market research because we can see whether you have been redirected to our website after clicking on a Facebook Ad (“Conversion”). Facebook Pixel is used when our website is retrieved directly from Facebook and it can store so-called cookies on your device. If you sign in to Facebook afterwards or visit Facebook while signed in there, the visit of our online offer will be logged in your profile.
The data gathered about you are anonymous to us, meaning they do not permit us to identify the users. However, the data is stored and processed by Facebook, so that it is possible to link them to the respective user profile and Facebook can use the data for its own market research and advertising purposes. If we should transmit data to Facebook for purposes of reconciliation, these will be encrypted locally in the browser and then be sent to Facebook via a secure https connection. This is done solely for the purpose of creating a comparison to the data equally encrypted by Facebook. How Facebook Pixel is used for advertising measures can be found out here. You can find more information on the data processing by Facebook here.
Based on Custom Audience we can create within Facebook the Lookalike Audiences and advertise our Product to the Lookalike Audiences which are not known to us. Facebook is the only actor who knows who the Lookalike Audience is and is capable of identifying them. Therefore we are in no position of controller to the Lookalike Audience.
Google Analytics: The information generated by the cookie about your use of our website (e.g. IP address, accesses, navigation flow, duration of the visit, browser and end devices used, language and country) will be transmitted to and stored by Google on its servers in the USA.
By activation of the IP anonymisation on this website (“_anonymizeIp()” function), your identified IP address, however, will be truncated within Member States of the European Union or in other signatory states of the Treaty on the European Economic Zone. In exceptional cases the complete IP address will only be transmitted into a server of Google in the USA and it will be truncated there. Google will use this information to analyse your use of our website, to compile reports about your website activities for the website operators, and to perform additional services relating to the use of the website and of the internet. Google may also transfer this information to third parties if applicable, provided that such is mandated by law or to the extent, as third parties process these data on account of Google.
By means of browser plug-ins, you can prevent Google from recording the data relating to your use that is generated by cookies. To do so, you can use the following browsers plug-in. If you use the internet with your mobile end device, you can prevent cookies from being recorded – similar as on a desktop device – by clicking the button below for deactivating Google Analytics.
Google Marketing Platform: For the purposes of the Google Marketing Services, your data are pseudonymized for processing. Google does not store and process, for example, your names and email addresses but resorts to cookie-related processing of the data within pseudonymous user profiles. This means that, from Google’s perspective, the advertisements are not managed and displayed for a specifically identifiable person, but for the holder of the cookie, regardless of who the holder of the cookie is. This does not apply if you have given Google express consent to process the data without pseudonymization. Your data collected by Google Marketing Services is transmitted to Google and stored on Google servers in the US.
We can use the “Google Tag Manager” to incorporate and manage Google analytics and marketing services on our website.
For a specific type of cookies
Hotjar: We use Hotjar to analyze the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the below data by Hotjar.
Terminal-specific data: (The following information can be collected from your terminal device and the browser): IP address of your device (it is collected and stored in an anonymised format); size of the terminal screen; terminal device type (individual terminal identification features) and browser information; geographic location (country only); Preferred language when displaying the web page;
Log data: Our servers automatically record the information generated when using Hotjar. Among others the following data are recorded: referencing domain; pages visited; geographic location (country only); preferred language when displaying the web page; access date and time of the website pages;
If you do not want to be recorded by Hotjar, you can disable it by setting the DoNotTrack header in your browser. For more information and more about Hotjar’s data processing, please see here.
For a certain reason, we might provide your personal data to personal data recipients, to perform part of our activities through them (meant outsourced activities). Within our business, we use the following categories of personal data recipients:
– Google Ireland Limited (Marketing and Remarketing services, Cloud Service Provider, providing “platform as services“ e.g. environment, computing capabilities, for more information see here, the App runs on the Google Cloud Platform and (E-mailing services out of the App and cloud-storage services, e-mailing services for us), service provider terms are listed here.
– Message Systems, Inc. d/b/a SparkPost, Delaware, US, (E-mail service – Sparkpost, sending the email from the Application), for more information see this. The Application uses the API of the Sparkpost to send: 1) Addressing message, 2) email address of the addressee 3) content of email. Message Systems, Inc. d/b/a SparkPost is certified under the EU-U.S. Privacy Shield Framework.
– The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (Email service Mailchimp, sending from and out of the Application), contractor who provides us with e-mailing services related to the newsletter); service provider terms are listed here.
We also may be obliged to provide your personal data to public authorities, in particular courts and law enforcement agencies (police and prosecutors) only to the extent necessary and within the limits of the law.
We get personal data from you and in order not to be so vague in explanation, by “you” we mean:
No, we do not use automated individual decision-making.
Your personal data is processed within the territory of the Czech Republic and other states of the European Union. Your personal data can be processed by a country outside of European Union if this third country has been confirmed by the European Commission as a country with an adequate level of data protection or if other appropriate data protection safeguards exist (for example, binding corporate privacy rules or EU standard data protection clauses).
Personal data may also, in justified cases, be subject to use (processing) for the purpose of dealing with legal matters, including the performance of public authority obligations and monitoring for possible legal protection. Personal data may also be archived for a given public interest, as well as for scientific, historical or statistical research.
Your rights as a data subject are stated below. Please note that the exact conditions to exercise these rights are set out in detail in Chapter III of GDPR, while in a particular circumstance not all rights may be exercised. You have the following rights:
Spaceflow s.r.o., registered seat at: Pernerova 676/51, Karlín, 186 00 Praha 8, or
We strive to protect your privacy as much as possible and therefore we process your personal data in compliance with GDPR and all other relevant laws. However, if you disagree with the way we handle your personal data, you can exercise your rights via our Data Protection Officer at:
Data Protection Officer’s contact:
JUDr. Theodor Klán, attorney-at-law
Seat at: Pobřežní 18/16, 186 00 Praha 8,
or you can file a complaint in supervising authority regarding the processing of your personal data. Your local supervisory authority may be found at: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm