Privacy Policy

1. Introduction and scope of this document

WeAutomate s.r.o. ("controller" or "WeAutomate") processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR") and the applicable laws of the Czech Republic.

These principles apply to all personal data processing carried out by WeAutomate as controller, in particular in relation to:

• visitors of the www.weautomate.cz website,
• potential customers and persons who contact us through the contact form or by email,
• customers, business partners and their contact persons,
• job applicants,
• employees and contractors engaged under other agreements.

The controller has not appointed a Data Protection Officer because this obligation does not arise for the controller's current scope of activities. Questions related to personal data protection can be sent to gdpr@weautomate.cz.

2. Identity and contact details of the controller

WeAutomate s.r.o.

Company ID: 234 56 990

VAT ID: CZ 234 56 990

Registered office: Jerabinova 295/19, Motol, 150 00 Prague 5

Registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File C 426982

Managing Director: Mgr. Pavel Kuzel

GDPR contact email: GDPR@weautomate.cz

Phone: +420 277 277 010

The controller is a small limited liability company providing IT consulting and automation services primarily for business customers (B2B).

3. Purposes of processing, legal bases and retention periods

The controller processes personal data only for the specific, explicit and legitimate purposes listed below.

Contact form and inquiries: name, email address, company name and message content. Legal basis: contract steps before conclusion or legitimate interest in responding. Retention: for the time necessary to handle the inquiry, no longer than 2 years.

Contracts with clients: name, surname, job title, email, phone, company ID / VAT ID, address and billing details. Legal basis: performance of a contract. Retention: duration of the contractual relationship plus 3 years after termination.

Invoicing and accounting: identification and billing data. Legal basis: compliance with a legal obligation. Retention: 10 years from the end of the relevant tax period.

Employment agenda: personal and payroll data of employees as required by law. Legal basis: contract and legal obligation. Retention: according to applicable labour and tax regulations.

Recruitment: name, contact details, CV, education and work experience. Legal basis: pre-contractual steps. Retention: duration of the recruitment process, typically up to 6 months unless a longer consent-based period applies.

Business communication and marketing: name, work email, work phone, company and role. Legal basis: legitimate interest in direct marketing towards existing business contacts. Retention: for the duration of the business relationship or until objection.

Website cookies and analytics: IP address, cookie identifiers, website behaviour, device and browser type. Legal basis: consent for non-essential cookies and legitimate interest for necessary cookies. Retention: according to the selected cookie category.

Whistleblowing agenda: identity of the reporting person if not anonymous and related notification data. Legal basis: compliance with a legal obligation. Retention: 5 years from receipt of the notification.

4. Recipients and processors of personal data

The controller transfers personal data only when necessary for the fulfilment of the processing purpose or when required by law.

4.1 Categories of recipients

• accounting and tax advisors,
• providers of IT services and cloud hosting,
• law firms where legal advice or dispute resolution is required,
• public authorities and institutions where disclosure is required by law,
• banking institutions where necessary for payment processing.

4.2 Transfers to third countries

As a rule, the controller does not transfer personal data outside the European Economic Area. If such transfer occurs, an appropriate level of protection will be ensured, for example through standard contractual clauses.

An overview of currently used processors with servers outside the EEA will be provided on request via gdpr@weautomate.cz.

5. Rights of data subjects

As a data subject, you have the rights guaranteed by GDPR. We handle requests free of charge within 30 days, unless the law allows a longer period in exceptional cases.

5.1 Right of access

You have the right to obtain confirmation whether your personal data is processed and, if so, access to the relevant information.

5.2 Right to rectification

You have the right to request correction of inaccurate or incomplete personal data.

5.3 Right to erasure

You may request deletion of personal data where the legal conditions for erasure are met.

5.4 Right to restriction of processing

You may request restriction of processing in situations provided for by GDPR.

5.5 Right to data portability

If processing is based on consent or contract and carried out by automated means, you may request the data in a structured, commonly used and machine-readable format.

5.6 Right to object

You may object at any time to processing based on legitimate interest, especially in relation to direct marketing.

5.7 Right to withdraw consent

Where processing is based on consent, you may withdraw that consent at any time.

5.8 Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority, in the Czech Republic especially with the Office for Personal Data Protection.

6. How to exercise your rights

You can exercise your rights in the following ways:

• by email to GDPR@weautomate.cz,
• in writing to the registered office of the controller marked "GDPR request".

To properly process your request, we may need to verify your identity to prevent unauthorised access to personal data of third parties.

We respond without undue delay and no later than 30 days after receiving the request.

7. Cookies and web analytics

7.1 What cookies are

Cookies are small text files stored on your device when you visit a website. They help operate the website, remember your preferences and analyse traffic.

7.2 Types of cookies we use

Necessary / technical cookies: legal basis legitimate interest. Purpose: website functionality, security and login. Retention: session or up to 1 year.

Analytical / statistical cookies: legal basis consent. Purpose: traffic analysis such as Google Analytics or similar tools. Retention: up to 2 years.

Marketing cookies: legal basis consent. Purpose: targeted advertising and remarketing if active on the website. Retention: up to 2 years.

7.3 Cookie management

When visiting www.weautomate.cz for the first time, a cookie banner is displayed where you can allow or reject non-essential cookies. Your choice can later be changed through the "Cookies" link in the footer or in your browser settings.

Cookies can also be refused or deleted directly in your browser settings. Rejecting necessary cookies may affect website functionality.

8. Security of personal data

The controller has implemented appropriate technical and organisational measures to ensure the security of processed personal data.

• encrypted data transmission (HTTPS / TLS),
• regular backups,
• access restrictions based on the need-to-know principle,
• staff training in data protection,
• contractual obligations of processors regarding security standards,
• regular review and updating of security measures.

If a personal data breach is likely to result in a high risk to rights and freedoms, the controller will inform affected persons in accordance with GDPR.

9. Automated decision-making and profiling

The controller does not carry out automated decision-making within the meaning of Article 22 GDPR that would produce legal or similarly significant effects.

The controller also does not carry out profiling of personal data for direct marketing purposes.

10. Special categories of personal data

Within its business activities, the controller generally does not process special categories of personal data under Article 9 GDPR.

If health-related data is processed in employment matters, it is only to the extent necessary to comply with legal obligations.

11. Links to third-party websites

The website may contain links to third-party websites. The controller is not responsible for personal data protection or content on those third-party websites.

12. Changes to this policy

The controller reserves the right to amend this privacy policy at any time. The current version is always available on the website.

This policy was last updated in April 2026.

13. Contact for data protection matters

Questions, requests or complaints relating to personal data protection can be sent to:

WeAutomate s.r.o. - GDPR contact

Email: GDPR@weautomate.cz

Postal address: Jerabinova 295/19, Motol, 150 00 Prague 5, marked "GDPR"

We respond within 30 days of receiving the request.