Privacy Policy

Who is the data controller

The controller of your personal data is the operator of Pivni Pruvodce Prahou:

• Operator:
• Legal form:
• Company ID (IČO):
• Tax ID (DIČ):
• Registered address:
• Contact email:

What personal data we process

We try to keep the amount of data we store to a minimum. The exact data we hold about you depends on whether you only browse the site, register as a member, or buy a paid plan.

Account data

When you sign in we store your email address and a signed session identifier used to keep you logged in. We do not store passwords because we use magic-link authentication.

Payment and membership data

If you start a paid membership we store your Stripe customer ID, subscription ID, plan, status, and renewal date. Card numbers and full billing details are processed and stored by Stripe, not by us.

Voucher and redemption data

When you generate a member voucher we store the voucher code, linked deal and pub, issuance time, expiry, and redemption status. This is necessary to enforce the weekly voucher limit and to let participating pubs verify your voucher.

Technical and security data

For security purposes our servers may temporarily log information about admin login attempts and failed authentication events. We do not currently use third-party analytics or advertising trackers.

Legal basis for processing

We process your personal data on the following legal bases under Article 6 of the GDPR:

• Performance of a contract — to provide the membership, vouchers, and tour booking you have requested.
• Legitimate interest — to keep the service secure, prevent abuse of vouchers, and improve the product.
• Consent — only where consent is required by law, for example for any future marketing communications or non-essential cookies. You can withdraw consent at any time.
• Legal obligation — to comply with Czech tax and accounting law for payments processed through the service.

Who we share data with

We do not sell personal data. We share the minimum data needed with the following processors, who act on our behalf under data processing agreements:

• Stripe Payments Europe, Ltd. — payment processing, subscription management, and customer billing.
• Resend (Resend.com, Inc.) — delivery of transactional emails such as magic-link sign-in and account notifications.
• Vercel Inc. — hosting and serverless execution of the website.
• If we add web analytics or marketing tools in the future, they will be listed here before they are activated.

Some of these processors may transfer data outside the European Economic Area. In that case the transfer is covered by the Standard Contractual Clauses or equivalent safeguards.

How long we keep your data

We keep account data for as long as your account is active. Billing and tax records are retained for the period required by Czech law. Voucher records are kept for a limited period for fraud prevention and reporting.

Your rights

Under the GDPR you have the following rights regarding your personal data:

• Right of access to your data.
• Right to correct inaccurate or incomplete data.
• Right to erasure (the right to be forgotten), where applicable.
• Right to restrict processing in certain situations.
• Right to data portability for data processed on the basis of consent or contract.
• Right to object to processing based on legitimate interest.
• Right to withdraw any consent at any time, without affecting prior lawful processing.
• Right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz).

Security

We use HTTPS for all traffic, signed session cookies, hashed admin sessions, and rate limiting on login. We never store payment card data on our servers.

How to exercise your rights

To exercise any of your rights or to ask any data protection question, contact us at .

Changes to this policy

We may update this policy as the service evolves. If the changes are material, we will notify active members by email. The current effective date is shown at the top of this page.