Privacy Policy
Effective from: January 1, 2025
This Privacy Policy describes how we collect, use, and protect your personal data when using the Ownerio web application.
1. Data Controller
The controller of your personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) is:
Martin Pánek
ID: 76125131
Registered office: Do Dědiny 2058, Šenov, Czech Republic
Email: kontakt@martinpanek.cz
You can contact us at the above email address for all matters relating to the processing of your personal data.
2. Personal Data We Process
2.1 Identification and Contact Data
- First and last name
- Email address
2.2 Financial Data
- Monthly income and savings
- Asset data (property, investments, savings)
- Liability data (debts, mortgages, loans)
- Financial goals
- Preferred currency
2.3 Demographic Data
- Date of birth
- Planned retirement age
- Marital status
- Number of children
2.4 Service Usage Data
- Login credentials and login history
- Account settings and preferences
- Application interaction data
2.5 Payment Data
Payment data (card numbers, bank accounts) are not stored by us. Payments are processed through the Stripe payment gateway, which is the controller of this data.
3. Purposes and Legal Bases of Processing
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Service provision and account management | Contract performance | Duration of account |
| Billing and accounting | Legal obligation | 10 years from document issuance |
| Service communication | Contract performance | Duration of account |
| Marketing and newsletters | Consent | Until consent withdrawal |
| Analytics and service improvement | Legitimate interest | 26 months (anonymized) |
4. Recipients of Personal Data
We may share your personal data with the following categories of recipients:
| Recipient | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | EU / USA |
| Vercel | Application hosting | EU / USA |
| Stripe | Payment processing | EU / USA |
| Resend | Email delivery | EU / USA |
| Google Analytics | Traffic analytics | EU / USA |
All processors are bound by data processing agreements and are required to maintain an appropriate level of protection.
5. Transfer of Data to Third Countries
Some of our processors may have servers in the USA or other countries outside the European Economic Area. In such cases, data transfer is ensured through:
- Standard Contractual Clauses approved by the European Commission
- EU-U.S. Data Privacy Framework for certified companies in the USA
6. Cookies and Tracking Technologies
6.1 What Are Cookies
Cookies are small text files stored in your browser when you visit websites. We use them to ensure the proper functioning of the application and to analyze traffic.
6.2 Types of Cookies We Use
| Type | Purpose | Consent Required |
|---|---|---|
| Essential | Login, session, language preferences, security | No |
| Analytical | Google Analytics - traffic statistics | Yes |
6.3 Cookie Management
On your first visit to the website, we will ask for your consent for analytical cookies. You can change your consent at any time in the cookie settings or in your browser settings.
7. Your Rights
In connection with the processing of personal data, you have the following rights:
Right of Access
You have the right to obtain confirmation as to whether we process your personal data, and if so, to access this data and information about the processing.
Right to Rectification
You have the right to request rectification of inaccurate personal data or completion of incomplete data.
Right to Erasure ("Right to Be Forgotten")
You have the right to request erasure of personal data if they are no longer necessary for the purposes for which they were collected, or if you withdraw your consent to processing.
Right to Restriction of Processing
You have the right to request restriction of processing in certain cases, e.g., if you dispute the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format (JSON/CSV).
Right to Object
You have the right to object at any time to the processing of personal data based on legitimate interest.
Right to Withdraw Consent
If processing is based on consent (e.g., marketing), you have the right to withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing before its withdrawal.
8. How to Exercise Your Rights
You can exercise your rights in the following ways:
- By email at kontakt@martinpanek.cz
- In the application in Settings > My Profile (for data correction)
- Data export – contact us by email to receive an export of your data
- Account deletion – contact us by email to delete your account and all related data
We will respond to your request without undue delay, within 30 days at the latest. In complex cases, the deadline may be extended by an additional 2 months, of which we will inform you.
9. Data Security
We take appropriate technical and organizational measures to protect your personal data:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of sensitive data in the database
- Access to data only for authorized persons
- Regular security updates
- Row Level Security (RLS) in the database – each user sees only their own data
10. Data Retention Period
- Active account – we retain data for the entire duration of your account
- After account cancellation – personal data is deleted within 90 days of account cancellation
- Accounting documents – invoices and payment records are retained for 10 years as required by law
- Marketing consents – until consent withdrawal
- Analytical data – 26 months in anonymized form
11. Automated Decision-Making
Your personal data is not used for automated decision-making or profiling that would have legal effects or similarly significantly affect you.
12. Right to Lodge a Complaint
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with the supervisory authority:
Office for Personal Data Protection (Czech Republic)
Pplk. Sochora 27, 170 00 Prague 7
Web: www.uoou.cz
13. Changes to This Policy
We may occasionally update this Privacy Policy. We will inform you of significant changes by email or notification in the application. We recommend regularly checking this page.
14. Contact
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us:
Email: kontakt@martinpanek.cz
This Privacy Policy becomes effective on January 1, 2025.
Last updated: December 8, 2024