Privacy Policy
This Privacy Policy explains how BerrySoft.cz ("we", "us") processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Czech law. As of 3 Sep 2025 we operate a minimal‑data service and have introduced optional Google Analytics for aggregate usage metrics (only after consent). No marketing / advertising profiling is performed.
1. Controller
Ondřej Pavlíček
Za Kovárnou 238, 250 73 Podolanka, Czech Republic
Email: info@berrysoft.cz
No Data Protection Officer is required (Art. 37 GDPR conditions not met). Point of contact for privacy matters: the Controller.
2. Categories of Personal Data
| Category | Elements | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Account | Email, password hash, verification flag, user ID | Registration, authentication, account management | Art. 6(1)(b) | Life of account + up to 30 days after closure (backup cycles) |
| Security & Logs | Login attempts (IP, timestamp, success flag), session ID, reset tokens (ephemeral), verification tokens | Abuse prevention, rate limiting, integrity, incident response | Art. 6(1)(f); Art. 6(1)(c) where legal obligations apply | Ephemeral tokens: <=60 min; login attempts: pruned periodically (current policy: <=90 days) |
| Preferences | Language choice (cookie/local storage), cookie consent record (versions), cookie banner status | User experience customization, consent demonstration | Art. 6(1)(f) (UX); Art. 6(1)(c)/(f) (compliance record) | Until changed or deleted (consent key versioned) |
| Analytics (optional) | Pseudonymous identifiers (Google Analytics cookies), page path, referrer, device/browser metadata, event timestamps | Understand aggregate usage, capacity planning, reliability improvement | Art. 6(1)(a) (consent) | Standard GA retention (currently 24 months) or earlier if deleted |
| Communications | Support / security messages, contact email metadata | Responding to requests, vulnerability coordination | Art. 6(1)(b) (support), Art. 6(1)(f) (security interest) | Active ticket lifecycle + limited archive (<=24 months) unless legal hold |
We do NOT collect: marketing profiles, precise geolocation, behavioural advertising identifiers, or special category data (Art. 9). Optional analytics identifiers are pseudonymous. We do not perform automated decision-making or profiling producing legal effects (Art. 22).
3. Purposes & Legal Bases (Summary)
- Provide and maintain accounts – Art. 6(1)(b).
- Secure the service (rate limiting, fraud/abuse prevention) – Art. 6(1)(f) legitimate interest (security & reliability).
- Comply with legal duties (e.g., responding to lawful requests) – Art. 6(1)(c).
- Demonstrate consent & preferences – Art. 6(1)(c)/(f).
- Aggregate usage analytics (capacity planning, product decisions) – Art. 6(1)(a) (only after consent).
- Communicate with you (support, security disclosure) – Art. 6(1)(b)/(f).
4. Legitimate Interests Assessment
Security logging (IP, attempt count) is necessary to mitigate brute force attacks and service abuse. Impact on individuals is low (minimal data, limited retention) and proportionate to the security aim, so legitimate interest is not overridden by data subject rights.
5. Retention Policy
We implement data minimization: only required fields; ephemeral tokens expire automatically. After account deletion, residual data may remain briefly in backups (encrypted, segregated) until overwritten by rotation cycles.
6. Data Sources
Data is provided directly by you (registration, support messages) or generated by system security processes (login attempts, session identifiers). We do not purchase or enrich with third‑party datasets.
7. Recipients & Processors
At present we do not share data with external analytics, advertising, or social platforms. If infrastructure or email delivery vendors are engaged, they will act as processors under Art. 28 GDPR with appropriate contractual safeguards. Any such processors will be listed here with purpose and location before activation.
8. International Transfers
Core service data hosting is within the EU/EEA. Google Analytics (if you consent) involves processing by Google Ireland Limited with potential transfer to Google LLC in the United States. Standard Contractual Clauses and supplementary measures apply. You may decline analytics to avoid this transfer.
9. Cookies & Local Storage
Essential cookies/local storage (session, language, consent record) plus optional Google Analytics cookies (only set after consent) are used. See the Cookie Notice for details, specific names, and how to withdraw consent.
10. Security Measures
Technical/organizational measures include: TLS encryption; security headers (CSP, HSTS, X‑Frame‑Options, Referrer‑Policy, Permissions‑Policy); password hashing (password_hash/bcrypt); session regeneration; rate limiting; tokenized password resets; principle of least privilege; periodic log pruning.
11. Your Rights
- Access (Art. 15) – Confirm processing and obtain a copy.
- Rectification (Art. 16) – Correct inaccurate data.
- Erasure (Art. 17) – Request deletion (subject to legal obligations).
- Restriction (Art. 18) – Temporarily limit processing.
- Portability (Art. 20) – Obtain data in a structured, commonly used format.
- Object (Art. 21) – Object to processing based on legitimate interests.
- Withdraw Consent – For analytics you may revoke consent at any time via Cookie Settings; this does not affect the lawfulness of prior processing.
- Complaint – With the Czech Data Protection Authority (ÚOOÚ) or your local EU supervisory authority.
To exercise rights email info@berrysoft.cz. We may request additional information to verify identity.
12. Children’s Data
Services are not directed to children under 16. We do not knowingly collect their data. If you believe a child has provided data, contact us for prompt deletion.
13. Automated Decision-Making
No automated decision-making or profiling producing legal or similarly significant effects (Art. 22) is performed.
14. Changes to this Policy
Updates will be posted here with a new “Last updated” date. Material changes (e.g., adding processors or new optional categories) may trigger prominent notice or renewed consent where required.