Privacy Policy

Effective: September 1, 2022

This Privacy Policy follows the General Terms and Conditions, the Terms of Use, and the Cookie Policy.

All processing of personal data is always carried out following Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data and repealing Directive 95/46/EC ("GDPR").

Basic Information

Identification and contact details of the Provider

Name Pitchbie s.r.o.
Identification number 17138531
Headquarters Anny Rybnickove 2615/1, 155 00 Prague, Czech Republic
Contact email [email protected]

(from now on, referred to as "Provider")

Data Protection Officer

We have not appointed a data protection officer within the meaning of the GDPR as we are not the entity obliged to establish one.

Automated individual decision-making and profiling

We do not carry out profiling or automated individual decision-making within the meaning of the GDPR.

Supervisory Authority

The supervisory authority in the place of the Provider's registered office is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Praha 7, e-mail: [email protected], tel.: +420 234 665 125.

Status of the Provider

When processing personal data, we act as data controllers and processors.

The Provider is the Controller of the Personal Data

The Provider acts as a data controller concerning the personal data of the following persons: (a) Persons who register for the Pitchbie service ("Customer") and (b) Persons who visit the website ((a) and (b) together also "Users").

What personal data does the Provider process, for what purpose, and on what legal basis?

Visit the website The Provider processes the data it receives from individuals by visiting the Provider's website. When visiting the website, the Provider collects, processes, and stores the following types of personal data: IP address (or other online identifiers). Furthermore, the Provider processes the following data: browser type and language, server requests, time, and referring URL. These data are necessary for the website to be displayed correctly. In addition, they may also be used as required to maintain the secure operation of the website and for other purposes as described in this Privacy Policy. The Provider processes this personal data based on the natural person's legitimate interest or consent.

The cookie policy is available here.

Performance of the contract and legal obligations: for the execution of the contract (in particular, conclusion of the contract, communication with the Customer), implementation of measures taken before the conclusion of the contract (pre-contractual negotiations), or performance of legal obligations (in particular, bookkeeping, issuing and recording of tax documents), the Provider processes, in particular, the following personal data: first name, surname, company name, identification number, tax identification number, residence/headquarters, telephone, email.

The Provider obtains personal data directly from Customers when concluding a contract, so it always informs which personal information it must provide for contract performance or registration purposes.

The principle of data minimization is respected by requesting only the information that the Provider necessarily needs to conclude the contract, to fulfill its contractual obligations, or which the Provider has a legal obligation to handle. The provision of other personal data is voluntary.

User account: when setting up a Customer's user account, the following personal data is provided to the Provider: first name, last name, company name, company address, and email. The Provider adheres to the data minimization principle; therefore, only the necessary fields are marked as mandatory during registration.

Suppose the Provider intends to process personal data other than the above or for other purposes. In that case, it may only do so based on a validly granted consent to personal data processing provided on a separate document.

Newsletter: the Provider may send commercial communications - newsletters to the email address of the Customers due to their legitimate interest. Other persons may receive newsletters only based on consent. You can cancel the sending of newsletters at any time.

The Provider declares that it does not process payment data of the Customers. A third party processes all payment data, namely:

Name Stripe, Inc.
Identification number 270465600
Headquarters 354 Oyster Point Blvd South San Francisco, CA 94080 United States

Sensitive personal data

The Provider does not process personal data as a data controller, which belongs to particular categories of personal data within the meaning of the GDPR.

For how long does the Provider process personal data?

Personal data is processed only for as long as there is a legal reason to store it, after which it is deleted without delay.

Personal data processed for the performance of obligations arising from special legal regulations are processed by the Provider for the period specified by the relevant legislation. It includes, for example, statutory data retention or documentation obligations. These are, in particular, data retention obligations arising from civil, commercial, or tax law. If the data retention obligation ceases to apply, the personal data will be deleted without delay.

The Provider is the Processor of the Data

The Provider acts as a processor of personal data for other controllers.

The controller of this personal data is obliged to comply with all the rules of personal data protection set out in the GDPR and other legislation governing this issue. The Provider shall not be liable for any breach of the data protection rules by the controller of such personal data.

What personal data does the Provider process as a personal data processor, and what is the purpose?

The Provider provides the Customer with data space for storage on the Provider's servers. The Customer's data may also include the personal data of natural persons; concerning the personal data that the Customer stores on the Provider's servers, the Provider acts as a personal data processor. The Customer is the controller of this personal data.

The Provider does not perform any operations with the Customer's data, including personal data, except for storing them on servers.

Suppose the Provider becomes a controller of personal data belonging to particular categories of data. In that case, the Customer is responsible for the lawfulness of obtaining and handling such data under the GDPR and national legislation. The Provider reserves the right to remove such personal data from its servers upon discovering non-compliance with the conditions for processing special categories of personal data. Before deleting personal data, the Provider shall contact the Customer with a request for rectification.

For how long does the Provider process personal data?

The Provider processes personal data for the duration of the contractual relationship with the Customer and subsequently for ten years. Customers are entitled to request the deletion of data at any time during the contractual relationship. In the event of receiving a request from the Customer to delete data, the Provider shall delete all data without undue delay.

Recipients of Personal Data

The Provider does not transfer personal data to any other controllers.

The processors of personal data are:

Type and purpose of service Personal data transmitted Name of the processor Processor's IN Headquarters of the processor
Hosting Data provided as part of registration Hostinger International Ltd. HE 301365 61 Lordou Vironos st. 6023 Larnaca, the Republic of Cyprus
Scheduling tool Name, email Calendly, Inc. 27-2763491 115 E Main St., Ste A1B, Buford, GA 30518 USA

Personal data may also be transferred to cookie providers for processing, as listed in the Cookie Policy.

The processing of personal data may only be carried out by processors based on a contract for the processing of personal data, i.e., with guarantees of the organizational and technical security of the data, specifying the purpose of the processing, and the processors may not use the data for other purposes.

Under certain conditions, personal data may be disclosed to state authorities (courts, police, notaries, tax authorities, etc., in exercising their legal powers) or may be disclosed to other entities to the extent a specific law provides.

We guarantee that we do not sell user data to any third party.

Data Security Methods

To secure the User's data against unauthorized or accidental disclosure, the Provider uses reasonable and appropriate technical and organizational measures.

The Provider shall ensure that in the case of the location of servers in a data center operated by a third party, similar technical and organizational measures are implemented at that third party.

All data is located only on servers in the European Union or in countries that ensure the protection of personal data in a manner equivalent to the protection provided by the legislation of the Czech Republic.

The Provider uses the following procedures for data security: Technical measures consist of the application of technologies that prevent unauthorized access to Customer data by third parties, in particular the use of firewalls, updated antivirus programs, etc. For maximum protection, the Provider uses data encryption. Electronic security systems protect access to areas with a high concentration of personal data processing. Organizational measures constitute a set of rules of conduct for employees and are incorporated into the Provider's internal regulations, which are considered confidential for security reasons. The procedures are based solely on minimizing the number of persons who have access to and the possibility of handling personal data. All employee access to and handling of personal data is monitored.

User Rights

You are entitled to a range of rights regarding the protection of your personal data:

  • The right of access to personal data: The User has the right to obtain confirmation from the Provider as to whether or not the personal data concerning them are being processed and, if they are, the right to access such personal data and the following information: (a) the purpose of the processing; (b) the categories of personal data concerned; (c) the recipients to whom the personal data have been or will be disclosed; (d) the intended duration for which the personal data will be stored; (e) the existence of the right to request from the controller the rectification or erasure of the personal data or the restriction of their processing, or to object to such processing; (f) the right to complain at a supervisory authority; (g) any available information on the source of the personal data unless obtained from Users; (h) the fact that automated decision-making, including profiling, is taking place. The User also has the right to obtain a copy of the personal data processed.
  • The right to rectify personal data: the User has the right to have the Provider correct inaccurate personal data concerning them without delay or to complete incomplete personal data.
  • The right to the erasure of personal data: the User has the right to have the Provider erase the personal data concerning them without undue delay if: (a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (b) the User withdraws the consent based on which the data were processed, and there is no other legal basis for the processing; (c) the User objects to the processing, and there are no overriding legitimate grounds for the processing; (d) the personal data have been unlawfully processed; (e) the personal data must be erased to comply with a legal obligation under Union or Member State law; (f) the personal data were collected in connection with the offer of information society services. However, the right to erasure shall not apply where the processing is necessary for compliance with a legal obligation, for the establishment, exercise, or defense of legal claims, and in other cases provided for in the GDPR.
  • The right to restriction of processing: the User has the right to have the Provider restrict processing in any of the following cases: (a) the User denies the accuracy of the personal data for the time necessary to allow the Provider to verify the accuracy of the personal data; (b) the processing is unlawful, and the User refuses to erase the personal data and requests instead to restrict its use; c) the Provider no longer needs the personal data for the processing, but the User requires them for the establishment, exercise or defense of legal claims; d) the User objects to the processing until it is verified that the legitimate grounds of the Provider outweigh the legitimate grounds of the data subject.
  • The right to object to processing: the User has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, which are processed on the grounds of legitimate interest. In this case, the Provider shall not further process the personal data until it has demonstrated compelling legitimate grounds for the processing which override the interests or rights of the Users or for the establishment, exercise, or defense of legal claims.
  • The right to data portability: the User has the right to obtain the personal data concerning them that has been transmitted to the Provider in a structured, commonly used, and machine-readable format and the right to transfer these data to another controller if a) processing is based on consent and b) the processing is carried out by automated means. In exercising their right to data portability, the User has the right to have personal data transmitted directly from one controller to the other, if technically feasible.
  • The right to complain to the supervisory authority: If the User considers that the Provider does not process their personal data lawfully, they have the right to complain to the supervisory authority. The contact details of the supervisory authority are listed above.
  • The right to be informed about the rectification or erasure of personal data or restriction of processing: the Provider is obliged to notify the individual recipients to whom the personal data have been disclosed of any rectification or erasure of personal data or restriction of processing, except where this proves impossible or requires disproportionate effort. If the User requests, the Provider shall inform the User of these recipients.
  • The right to be informed in the event of a personal data breach: if a particular personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Provider is obliged to notify the User of the breach without undue delay.
  • The right to withdraw consent to the processing of personal data: if the processing of some of the personal data is based on consent, the User has the right to withdraw their consent to personal data processing at any time in writing by sending a letter of disagreement to the email address: [email protected].

The Provider undertakes to respond to Users' requests for the exercise of rights without undue delay, but no later than 30 days after receipt of the request. If the Provider needs a more extended period to fulfill its obligation, it is entitled to extend it by another 30 days. In this case, it undertakes to send the User information about the extension within the original 30-day period.

The Provider expressly declares that the exercise of the User's rights will in no case be the basis for different treatment of the User by the Provider compared to other Users.

Cookies and Similar Technologies

Find information in the Cookie Policy.

Changes to the Personal Data Processing Policy

We recognize that maintaining transparency is an ongoing process and will review this policy regularly, at least once every 12 months.