Back to Home

    GDPR Policy

    Last updated: March 16, 2026

    1. Introduction

    KF Consulting s.r.o., Žirovnická 3133/6, Praha 10, 106 00, Czech Republic, IČO: 09021680, is committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Czech Act No. 110/2019 Coll., on the Processing of Personal Data.

    2. Scope

    This policy applies to all personal data we process as a data controller, including data collected through our website, contact forms, email communications, and consulting engagements with clients in the European Economic Area (EEA).

    3. Data Protection Principles

    We adhere to the following GDPR principles:

    • Lawfulness, fairness, and transparency — Data is processed lawfully and transparently
    • Purpose limitation — Data is collected for specified, legitimate purposes
    • Data minimisation — Only necessary data is collected
    • Accuracy — Data is kept accurate and up to date
    • Storage limitation — Data is retained only as long as necessary
    • Integrity and confidentiality — Appropriate security measures are in place

    4. Lawful Bases for Processing

    We rely on the following legal bases under Article 6 of the GDPR:

    • Consent (Art. 6(1)(a)) — For marketing communications and optional cookies
    • Contract (Art. 6(1)(b)) — To deliver consulting services you have requested
    • Legitimate interest (Art. 6(1)(f)) — For website analytics and business development
    • Legal obligation (Art. 6(1)(c)) — For tax and accounting requirements

    5. Data Subject Rights

    Under the GDPR, you have the following rights:

    • Right of access (Art. 15) — Request a copy of your personal data
    • Right to rectification (Art. 16) — Correct inaccurate data
    • Right to erasure (Art. 17) — Request deletion of your data
    • Right to restrict processing (Art. 18) — Limit how we use your data
    • Right to data portability (Art. 20) — Receive your data in a portable format
    • Right to object (Art. 21) — Object to processing based on legitimate interests
    • Right to withdraw consent (Art. 7(3)) — Withdraw consent at any time

    To exercise your rights, contact us at hello@kfconsulting.cz. We will respond within 30 days.

    6. International Transfers

    We primarily process data within the EEA. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

    7. Data Breach Notification

    In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the Czech Data Protection Authority (Úřad pro ochranu osobních údajů — ÚOOÚ) within 72 hours and inform affected individuals without undue delay.

    8. Supervisory Authority

    You have the right to lodge a complaint with the Czech Data Protection Authority:
    Úřad pro ochranu osobních údajů (ÚOOÚ)
    Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
    Website: www.uoou.cz

    9. Contact

    For any GDPR-related inquiries, please contact us at hello@kfconsulting.cz.