Scope and Acceptance

This Statement covers data processing where DDFU acts as a data controller (determining purposes and means of processing) and where DDFU acts as a data processor on behalf of its customers. It applies to personal data such as name, address, e-mail, telephone number and similar identifiers that are necessary to provide our services.

Use of DDFU websites and services implies acceptance of the data processing described in this Statement. If you do not consent, you should not use our websites and services.

Whose Data We Process

DDFU processes personal data of job applicants, customer contact persons, users of services, and potential customers who contact us via our websites or other channels.

When acting as a data processor, DDFU also processes data on behalf of its customers in accordance with their instructions. In this Statement, data subjects may also be referred to as “the person” or “you”.

DDFU as Data Controller

When DDFU defines the purposes and means of processing personal data, for example in relation to job applicants, customer representatives or potential customers and users of the services, DDFU acts as a data controller.

Legal Bases and Purposes of Processing

Personal data is processed based on at least one of the following legal bases:

• Performance of a contract
• Compliance with legal obligations
• Legitimate interests that are not overridden by data subject rights
• Consent given by the data subject

Key purposes include:

• Provision of services – identifying customers, providing services, and invoicing.
• Communication and support – customer support, billing, service notifications, newsletters, and usage tips.
• Development of services and products – improving services based on usage data.
• Marketing – offering relevant services and products based on usage data.
• Abuse prevention – detecting and preventing misuse, unauthorized access, DDoS and virus attacks, and violations of terms.
• Legal obligations – complying with requirements of state and supervisory authorities.
• Job applicants – evaluating candidates for employment.

How We Collect Personal Data

Data is usually collected directly from you or other persons connected with the customer (such as managers or colleagues), or from partner companies when services are ordered through them. Data is also collected through:

• Information you provide to us (forms, contracts, support requests).
• Data created by using our services and visiting our websites (including cookies and similar technologies).
• Public sources, marketing partners, third-party aggregators, and social networks.

Automatic Data Collection, Cookies, and Tracking

We use cookies, pixel tags and similar technologies to collect information about movements on our websites and use of our services. Cookies are small text files stored in your browser; pixel tags are scripts invoked when a page or email is loaded.

We use tools such as Google Analytics, Google AdWords (and Remarketing), and Facebook Remarketing, as well as local providers such as Seznam, for analytics and marketing purposes. These tools help us understand visitor behavior in aggregate and show you relevant content and advertising.

You can manage cookies in your browser and, for Google Analytics, install the opt-out add-on at https://tools.google.com/dlpage/gaoptout .

Categories of Personal Data Processed

We may process, for example:

• Basic contact details (name, address, phone number, e-mail).
• Demographic data (date of birth, age, gender).
• Feedback, comments, and questions about DDFU and its services.
• Content you upload (images, videos).
• Login data (user ID, username, password, account recovery questions).
• Payment data (e.g. bank account details).
• Technical data from your browser (IP address, browser type, device, referrer URL).
• Information about ordered services and how you use them.
• Support interaction data and email engagement data.
• Professional profile data (title, position, interests related to your career).

DDFU, as data controller, does not process sensitive personal data.

Sharing of Personal Data

Personal data may be shared with:

• Government authorities – when required by law (e.g. police or supervisory bodies).
• Partner companies, subcontractors and related companies – for service provisioning, cloud hosting, payment processing, analytics and marketing.

Subcontractors may be located outside the EU. In such cases, appropriate safeguards such as EU Model Clauses or equivalent mechanisms are used to protect personal data.

Your Rights

You have, among others, the following rights:

• Right to object to or opt out of marketing communications.
• Right of access to your personal data.
• Right to rectification of inaccurate data.
• Right to erasure and restriction of processing in certain cases.
• Right to data portability.
• Right to lodge a complaint with the supervisory authority.

Requests related to these rights can be sent to legal@ddfu.eu.

Data Protection and Retention

DDFU uses organizational, technical and physical safeguards to protect personal data against unauthorized access, disclosure and processing. Measures include a Data Protection Board, a designated Data Protection Officer, mandatory records of processing activities, secure environments for storage and transfer, two-factor authentication for customer accounts, and access control to premises.

Personal data is retained only as long as necessary for the purposes described and in line with legal requirements. Data may be anonymised or pseudonymised for statistical use.

DDFU as Data Processor

For many services, DDFU processes personal data on behalf of its customers, who act as data controllers. In these cases, processing is governed by a Data Processing Agreement that forms part of DDFU’s General Terms and Conditions.

Customers are responsible for providing a legal basis for processing and for informing their own data subjects. DDFU and its customers must cooperate to ensure compliance with privacy laws.

Changes and Contact

This Privacy Statement may be updated from time to time. The current version is dated April 1, 2026. Material changes will be communicated in advance via email, the website and social media.

For questions or concerns about this Statement, contact DDFU at legal@ddfu.eu or by post at: DDFU, Jan Skopový, Castkova 689/74, 326 00 Plzen, Czech Republic, EU.