/ Legal /
Privacy Policy
Last updated: May 2026.
This document describes what personal data jakubkubista.com collects, why the data is processed, how long it is retained and how it is protected. The website is operated by Utima Solutions s.r.o., which acts as the data controller under the GDPR (Regulation EU 2016/679) and the Czech Act No. 110/2019 Coll., on Personal Data Processing.
For exercising rights or any inquiries, contact info@utima.cz.
1. Data controller
- Controller: Utima Solutions s.r.o.
- Registered office: Nové sady 988/2, 602 00 Brno, Czech Republic
- Company ID (IČO): 19285001
- VAT ID (DIČ): CZ19285001
- Commercial register: File No. C 133638 at the Regional Court in Brno
- GDPR contact e-mail: info@utima.cz
jakubkubista.com is the personal authority website of Jakub Kubišta, the founder and managing director of Utima Solutions s.r.o.
2. Categories of personal data processed
The following categories of personal data are processed:
| Category | Specifically | When collected |
|---|---|---|
| Identification | First name, last name | Contact form |
| Contact | E-mail, phone (optional) | Contact form, newsletter signup |
| Content | Message text, selected service | Contact form |
| Technical | IP address, browser user agent, visit timestamp | Automatically on website visit |
| Analytical | Anonymised behavioural data (visit counts, click-through, demographic aggregates) | After consent to analytical cookies |
| Communication | Content of e-mail communication | When the user writes to info@utima.cz |
3. Purposes of processing and legal bases
3.1 Handling enquiries (contact form)
- Data: First name, e-mail, phone, selected service, message text
- Legal basis: Steps prior to entering into a contract (Art. 6(1)(b) GDPR) — the enquiry constitutes pre-contractual negotiation
- Retention: 3 years from last communication; if a contract results from the enquiry, data transitions to purpose 3.5
3.2 Newsletter delivery
- Data: E-mail
- Legal basis: Consent (Art. 6(1)(a) GDPR), granted by the data subject by ticking the checkbox at signup
- Retention: Until consent is withdrawn (via the unsubscribe link in every e-mail); withdrawal does not affect the lawfulness of processing prior to withdrawal
3.3 Website operation and security
- Data: IP address, user agent, visit timestamp, security event logs
- Legal basis: Legitimate interest in website security and protection against attacks (Art. 6(1)(f) GDPR)
- Retention: 30 days in access logs, 12 months in security logs
3.4 Website traffic analysis
- Data: Anonymised behavioural data on the website, demographic aggregates
- Legal basis: Consent (Art. 6(1)(a) GDPR), granted via the cookie banner
- Retention: 14 months in Google Analytics 4 (default retention), then automatic deletion; until consent is withdrawn
3.5 Performance of contract and legal obligations
- Data: Identification, contact, content, billing
- Legal basis: Performance of a contract (Art. 6(1)(b) GDPR), compliance with legal obligations (Art. 6(1)(c) GDPR) — primarily Czech accounting and tax legislation
- Retention: Duration of contract + 10 years per the Czech Accounting Act and VAT Act
4. Disclosure to third parties
Some activities are carried out by external services (processors). It is contractually ensured that data is processed only on the controller's instructions and in accordance with the GDPR.
| Recipient | Function | Registered office | Processing region |
|---|---|---|---|
| Resend, Inc. | E-mail delivery (newsletter, notifications, autoresponders) | USA, Delaware | USA (SCC) |
| Google Ireland Ltd. | Google Analytics 4 (after consent), reCAPTCHA v3 (anti-spam) | Ireland | EU + USA (SCC) |
| Vercel Inc. | Website hosting | USA, San Francisco | USA + EU edge (SCC) |
| Cloudflare, Inc. | DNS, WAF, attack protection | USA, San Francisco | USA + global edge (SCC) |
| External accounting firm | Bookkeeping, tax advisory | Czech Republic | Czech Republic |
| Public authorities | Where required by law (tax authority, court, ÚOOÚ) | Czech Republic | Czech Republic |
5. International data transfers
Part of the processing takes place in the European Union / European Economic Area (EU/EEA). Some services (Resend, Google, Vercel, Cloudflare) also process data in the USA, where an adequate level of protection is ensured through Standard Contractual Clauses (SCC) approved by the European Commission, or via participation in the EU-US Data Privacy Framework (European Commission decision of 10 July 2023).
6. Retention periods
| Purpose | Retention period |
|---|---|
| Contact form enquiry | 3 years from last communication |
| Newsletter signup | Until consent is withdrawn |
| Analytical cookies (GA4) | 14 months, then automatic deletion |
| Access logs (website operation) | 30 days |
| Security logs | 12 months |
| Contractual documentation and accounting records | Duration of contract + 10 years (Czech Accounting Act § 31) |
| E-mail correspondence | 5 years (legitimate interest in protecting legal claims) |
7. Cookies and similar technologies
Cookies are small text files that the browser stores on your device when you visit a website. jakubkubista.com uses three categories:
7.1 Necessary cookies (always active)
- Purpose: Basic website functionality — language preference, persistence of cookie consent.
- These cookies do not require consent (they are strictly necessary).
- Examples:
cookie_consent,locale
7.2 Analytical cookies (consent required)
- Purpose: Understanding how visitors use the website (which pages, how long, click-throughs).
- Operator: Google Analytics 4
- Storage period: up to 14 months
- Consent: Tick „Analytical cookies" in the cookie banner; can be changed at any time via the „Cookie settings" link in the footer.
7.3 Marketing cookies
- Currently not used.
- If deployed in the future, this section will be updated and the banner will trigger a consent prompt.
To change cookie settings, click Cookie settings in the website footer, or delete cookies through your browser settings. Without necessary cookies, some website features may not work properly.
8. Your rights
You have the following rights regarding your personal data. All can be exercised by e-mail at info@utima.cz. A response is provided within 30 days (in exceptional cases up to 60 days with an explanation of the extension).
Right of access (Art. 15 GDPR)
You have the right to find out whether personal data about you is being processed and, if so, what data, for what purpose, for how long and to whom it is disclosed. The first copy of the data is provided free of charge.
Right to rectification (Art. 16 GDPR)
If your data is inaccurate or incomplete, you have the right to its correction or completion.
Right to erasure (Art. 17 GDPR, „right to be forgotten")
You may request erasure if the data is no longer necessary, you withdraw consent, or processing is not in compliance with the law. This right has limits — billing data required by the Czech Accounting Act cannot be deleted before the statutory period expires.
Right to restriction of processing (Art. 18 GDPR)
You may request temporary restriction of processing — for example, while the accuracy of your data is being verified.
Right to data portability (Art. 20 GDPR)
The data you have provided (newsletter e-mail, enquiry data) will be transferred to you in a machine-readable format upon request.
Right to object (Art. 21 GDPR)
If your data is processed on the basis of legitimate interest (e.g. website operation and security), you may object. It will be assessed whether the controller's interests continue to prevail.
Right to withdraw consent (Art. 7(3) GDPR)
Consent that you have granted (newsletter, analytical cookies) may be withdrawn at any time — with one click in the e-mail footer or via „Cookie settings" in the website footer. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Right to lodge a complaint (Art. 77 GDPR)
If you believe that your data is being processed unlawfully, you have the right to lodge a complaint with the supervisory authority:
Office for Personal Data Protection (Úřad pro ochranu osobních údajů)
Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
+420 234 665 111
9. Data security
Personal data is protected through technical and organisational measures:
- HTTPS encryption for all communication with the website
- Cloudflare WAF and DDoS protection
- Regular infrastructure security audits (Vercel, Cloudflare)
- Restricted access to data — only authorised personnel who genuinely need it
- Confidentiality obligations of personnel and external collaborators
- Backup and encryption of data at processors (Resend, Vercel, Google)
In the event of a security incident, the procedure follows Articles 33 and 34 GDPR — the incident is reported within 72 hours to the Office for Personal Data Protection and, where relevant, the affected users are notified.
10. Contact and complaints
For inquiries, requests or complaints regarding the processing of personal data:
- Utima Solutions s.r.o.
- E-mail: info@utima.cz
- Address: Nové sady 988/2, 602 00 Brno, Czech Republic
In case of dissatisfaction with the controller's procedure, every data subject has the right to contact the Office for Personal Data Protection (contact in section 8).
11. Changes to this policy
This policy may be updated in the future — for example when new features or processors are added. The current version is always available at jakubkubista.com/en/privacy with the last update date in the header.
For significant changes (new processing purposes, new processor outside the EU), data subjects will be informed by e-mail (where ongoing communication exists) or by a visible notice on the website.