Skip to content
/
Back

Privacy Policy

Effective from: 2026-05-11Last updated: 2026-05-11

This Privacy Policy explains how Vojtěch Stehlík (the "Controller") collects, uses, and protects your personal data when you visit stehlik.bio. It applies to all visitors and complies with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Czech Personal Data Processing Act (No. 110/2019 Coll.).

1. Data Controller

The data controller is Vojtěch Stehlík, self-employed (OSVČ), IČO 23003049, with registered place of business at Suchý vršek 2125/27, Stodůlky, 158 00 Prague 5, Czech Republic.

Contact: vojtech@stehlik.bio.

No Data Protection Officer (DPO) has been appointed, as none is required under Article 37 GDPR.

2. What Data We Process

We process the following categories of personal data:

  • Technical data about your visit: IP address, browser type and version, operating system, screen size, referrer URL, pages visited, visit duration, and language preference.
  • Cookie and tracking identifiers: unique identifiers stored in cookies set by Google Analytics 4 and Meta Pixel after consent.
  • Communication content: any information you share when you contact the Controller by e-mail.

3. Purposes and Legal Basis

For each data source, we list the purpose and the legal basis under GDPR Article 6:

  • Umami Analytics (self-hosted instance at umami.xcrux.team, operated by the Controller in the EU) — aggregate, cookieless visitor measurement. Legal basis: legitimate interest in understanding site usage and improving content (Art. 6(1)(f) GDPR).
  • Google Analytics 4 — measurement of visits, conversions, and custom events. Legal basis: your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time via the cookie banner.
  • Meta Pixel — measurement of conversions originating from Meta platforms (Facebook, Instagram), retargeting, and creation of custom and lookalike audiences for marketing. Legal basis: your consent (Art. 6(1)(a) GDPR).
  • E-mail communication — handling and responding to your inquiry. Legal basis: legitimate interest in communicating with you (Art. 6(1)(f)) and, where applicable, taking steps prior to entering into a contract (Art. 6(1)(b)).

4. Cookies and Similar Technologies

You can review and change your cookie preferences at any time via the cookie banner on the site.

  • Necessary: your language preference is stored in browser localStorage. This is not a cookie and does not require consent.
  • Analytics cookies (GA4): set only after you give consent through the cookie banner. They identify a returning visitor and store session data.
  • Marketing cookies (Meta Pixel): set only after consent. They are used by Meta Platforms to recognize you across sites and to deliver targeted advertising.
  • Umami: no cookies are set. Visitor identification is hash-based and session-bound, with the IP address discarded after geolocation.

5. Third Parties (Processors)

We use the following third parties:

  • Umami — self-hosted by the Controller in the EU. No third-party processor involved.
  • Google LLC — provider of Google Analytics 4. Address: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
  • Meta Platforms, Inc. — provider of Meta Pixel. Address: 1601 Willow Road, Menlo Park, CA 94025, USA.
  • Hosting provider — the website is hosted in the European Union.

6. International Data Transfers

Google Analytics 4 and Meta Pixel transfer personal data to the United States. Both providers self-certify under the EU-US Data Privacy Framework, which the European Commission has recognized as providing an adequate level of protection (Implementing Decision (EU) 2023/1795). No further transfer mechanism is required.

7. Data Retention

  • Umami: up to 12 months of aggregate visitor data.
  • Google Analytics 4: 14 months from the date of the visit (default platform setting).
  • Meta Pixel: up to 90 days for behavioural events; up to 180 days for custom audiences.
  • E-mail communication: for the duration needed to handle the inquiry plus 3 years thereafter (defence against potential legal claims under Art. 6(1)(f) GDPR).

8. Your Rights

Under GDPR (Articles 15–22 and 7(3)), you have the right to:

  • Access your personal data and request a copy;
  • Have inaccurate data rectified;
  • Have your data erased ("right to be forgotten");
  • Restrict processing;
  • Object to processing based on legitimate interest;
  • Receive your data in a portable format;
  • Withdraw your consent at any time (without affecting the lawfulness of processing before withdrawal);
  • Lodge a complaint with the supervisory authority: Úřad pro ochranu osobních údajů (Office for Personal Data Protection), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, https://www.uoou.cz.

9. Children

The site is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact the Controller and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the policy was most recently revised. We encourage you to review this policy periodically.

11. Contact

For any questions about this Privacy Policy or your personal data, please contact the Controller at vojtech@stehlik.bio.