Skip to content
We process personal data only when necessary and to the extent required for our specified purposes. At the same time, we ensure that the data available to us is accurate, appropriately protected, and not used for any other purpose. Processing is carried out only for the necessary period. This document serves primarily to inform you about the details of the processing we perform and your rights.
1. Responsible persons
Personal Data Controller:
Stride XL s.r.o.
ID No. 072 34 783, with its registered office at Sekaninova 869/3, Husovice, 614 00 Brno (hereinafter also referred to as "the company", "we", "us" or "our")
Email: david.tuc@stridexl.com
Web: www.stridexl.com
Processors of personal data:
Your personal data may be processed by the following contractual processors:
MAJAK agency, s.r.o.
ID No. 060 47 548, Sekaninova 869/3, Husovice, 614 00 Brno – marketing and web supportID No. 060 47 548, with registered office at Sekaninova 869/3, Husovice, 614 00 Brno
Webflow, Inc.
398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (EIN: 46-1068692) – platform for web management and hosting
Ecomail.cz, s.r.o.,
Na Zderaze 1275/15, Prague 2 – distribution of email newsletters
Microsoft Clarity (Microsoft Corporation) – analytical tool for monitoring website traffic (in anonymized form), legal basis: legitimate interest of the controller
Google Analytics (Google Ireland Ltd.) – analytical tool for monitoring website traffic (in anonymized form), legal basis: legitimate interest of the controller
Through Microsoft Clarity and Google Analytics, we are able to determine in anonymized form how our website is laid out and what areas need improvement. We can see, for example, mouse movements or steps within website browsing. We use these applications for analytical purposes based on our legitimate interest. You may object to such processing (primarily of your IP address) at the contact points listed below. More information about Microsoft Clarity can be found here, and about Google Analytics here.
All processors are contractually bound by a duty of confidentiality and process data exclusively according to our instructions.
2. Basic concepts
GDPR:
Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Data Subject (=you):
An identified or identifiable natural person who can be directly or indirectly identified, in particular by reference to a specific identifier such as a name, identification number, location data, or online identifier.
Controller (=us):
A natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4(7) GDPR). We act as a controller in relation to your personal data.
Processor:
A natural or legal person who processes personal data for the controller based on its instructions (Art. 4(8) GDPR).
Supervisory Authority:
In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ÚOOÚ).
Contractual Partners and Clients:
This category includes business and non-business entities with whom we have concluded any contract. This may include clients, suppliers, cooperating freelancers, or tenants.
3. Categories of data subjects, personal data processed, purpose, legal basis and duration of processing
We process personal data for clearly defined purposes. An overview of the categories of data subjects and processing conditions is provided below.
Respondents of Questionnaires and Interviews
Purpose of processing
Legal basis and scope
Retention period
Evaluation of the interview with the respondent and obtaining feedback.
The legal basis is the respondent's consent.
For this purpose, we process: name, surname, contact details, answers in the questionnaire or interview, and audio/video recording of the interview.
Personal data is processed for the duration of the consent, or until its withdrawal, but for a maximum of 3 years. After this period, we re-evaluate whether retention is still necessary.
Contractual Partners and Clients
Purpose of processing
Legal basis and scope
Retention period
1. Performance and implementation of contracts.
1. Fulfillment of contract: We process identification, contact, and accounting data (e.g., bank account number) of the persons and parties we communicate with for contract performance.
1. For the duration of obligations under the contract.
2. Exercise of claims from contractual relationships after contract termination.
2. Legitimate interest: We process identification, contact, accounting data, and communication history for debt collection and enforcement of obligations after contract termination. This may include data of persons representing legal entities.
2. For 3 years from the end of the contractual relationship; if administrative or judicial proceedings are initiated, for the entire duration of such proceedings.
3. Fulfillment of the company's obligations in the field of accounting, taxes, and according to other legal regulations.
3. Legal obligation: Compliance with laws such as the Accounting Act, VAT Act, and Anti-Money Laundering (AML) Act. We process identification, contact, and accounting data as required by law.
3. Up to 10 years from the end of the tax period in which the transaction took place.
Marketing and Communication (Newsletters, web inquiries)
Purpose of processing
Legal basis and scope
Retention period
Sending newsletters and business communications, responding to inquiries from contact forms, presentation of services, and direct marketing.
Consent (for newsletters) or legitimate interest (for responding to inquiries and direct marketing). We process: name, surname, email address, phone number, and message content.
For the duration of the consent or until an objection is raised. Contact form data is kept for a maximum of 1 year.
Job applicants
Purpose of processing
Legal basis and scope
Retention period
Selection of suitable candidates and proving the legality of the selection process.
Negotiation of an employment contract, candidate consent (for future offers), and legitimate interest (proving non-discrimination). We process identification and contact data, CVs, motivation letters, and criminal records (if necessary).
Up to 6 months after the selection process or for the duration of consent. Data for proving non-discrimination is kept for 3 years.
All data subjects
Purpose of processing personal data
Legal basis and personal data processed
Processing time
Selection of archival material (archiving)
The legal basis is the fulfilment of legal obligations arising in particular from Act No.499/2004 Coll., on archiving and file service.
Personal data of natural persons may exceptionally appear in archived documents.
For this purpose, personal data may be processed for the period required by law or by the relevant district archives.
4. Review of Retained Data
We keep personal data only for the time necessary to fulfill the purpose for which it was obtained. After the specified period, data may only be kept for statistical, scientific, or archiving purposes. At least once a year, we review the necessity of the personal data we hold and securely delete or anonymize data that is no longer needed.
5. Sources of Personal Data
We primarily obtain personal data directly from data subjects. In some cases, we may obtain data from publicly available sources such as commercial and trade registers, professional networks (e.g., LinkedIn), or public business databases.
6. Recipients and Transfer of Data Outside the EU
We may transfer your data to:
Contractual processors (IT specialists, marketing agencies, software providers).
Public authorities (Financial administration, Police, etc.) if required by law.
Other entities in extraordinary situations to protect life, health, property, or our rights.
We do not transfer your personal data to third countries outside the scope of the GDPR. Some software providers are based in "safe third countries" that ensure an adequate level of protection.
7. Your Rights as a Data Subject
Under the conditions of the GDPR, you have the right to:
Access your personal data (Art. 15).
Withdraw consent at any time (Art. 7).
Rectification (Art. 16), Restriction (Art. 18), or Erasure (Art. 17).
Data portability (Art. 20).
Object to processing (Art. 21).
Information regarding a security breach (Art. 34).
Not be subject to automated decision-making, including profiling (Art. 22).
Note: We do not use automated decision-making or profiling.
File a complaint with the supervisory authority (Art. 77).
Office for Personal Data Protection (ÚOOÚ)
Pplk. Sochora 27, 170 00 Praha 7
E-mail: posta@uoou.cz, Web: www.uoou.cz, Data Box: qkbaa2n
Exercise your rights at: david.tuc@stridexl.com
8. Data Security
We protect personal data using technical and organizational measures to prevent loss, misuse, or unauthorized access. Access is restricted to authorized persons bound by confidentiality.
9. Final Provisions
This Privacy Policy is effective from February 25, 2026. The current version is always available at: https://www.stridexl.com/en/privacy-policy
Just leave us your contact details and we will get back to you soon.