GDPR

Privacy Policy – Processing of Personal Data

I protect data with the same care I devote to people.
(After all, HR is about people.)

Version 1.0 – effective from 1 August 2025

1. Who I am and how you can contact me

The controller of your personal data is Anetta Franková, Company ID: 70742189 registered office: Machovcova 19/1278, Praha 4, 147 00, entered in the Trade Register kept by Prague 4.

E-mail: anetta@hrstr.com
Telefon: +420  737  572  597
Web: www.hrstr.com

2. What data I process and why

Kontaktní formuláře

  • Contents: first and last name, e-mail, phone, message text,
  • Purpose: responding to your enquiry, arranging a meeting,
  • Legal basis: contract negotiation (Art. 6 (1)(b)), legitimate interest (Art. 6 (1)(f) GDPR).

Client data

  • Contents: identification, contractual and invoicing details,
  • Purpose: contract conclusion and performance, accounting, legal protection,
  • Legal basis: contract performance, legal obligation (Art. 6 (1)(c)), legitimate interest.

Marketing (newsletter)

  • Contents: e-mail + open-rate statistics,
  • Purpose: sending HR inspiration and news,
  • Legal basis: consent (Art. 6 (1)(a)).

Technical & analytics 

  • Contents: IP address, cookies, browser type,
  • Purpose: secure website operation, audience measurement, content improvement,
  • Legal basis: legitimate interest; consent for optional cookies.

2. 1. Cookies

For details, see the separate Cookie Policy. A banner for setting/declining cookies appears on your first visit.

3. How long I keep the data

Client contracts

Throughout the cooperation and 10 years afterwards (statutory accounting rules).

Non-binding enquiries

3 years from last communication, unless they evolve into a contract.

Marketing consents

Until withdrawn or max. 5 years.

Cookies

According to their set lifetime, max. 13 months.

4. Who gains access to the data

Hosting and e-mail provider

Website operation and communication.

Accounting & tax advisor

Statutory bookkeeping obligation.

Legal advisor

Protection of rights, preparation of NDAs.

Marketing & analytics tools (e.g. Google LLC, Ecomail)

Audience measurement, newsletter distribution.

All partners have a data-processing agreement and act in accordance with the GDPR.

5. Data transfers outside the EU/EEA

Some services are based in the USA. Transfers occur on the basis of the EU Standard Contractual Clauses and additional technical and organisational safeguards.

6. How I protect your data

  • Encrypted transmission (HTTPS/TLS),

  • Two-factor authentication and strong passwords,

  • Regular updates and backups,

  • Access granted only to persons who strictly need it.

7. Your rights

You have the right to:

  1. Access your personal data
  2. Rectify inaccuracies
  3. Erase data (“right to be forgotten”)
  4. Restrict processing
  5. Data portability
  6. Object to processing based on legitimate interest
  7. Withdraw consent (for marketing)
  8. Lodge a complaint with the Data Protection Authority (www.uoou.cz).

Write to me and we will find a solution—preferably straight away and without bureaucracy.

8. Final provisions

This Privacy Policy enters into force on 1 August 2025.
It may be updated if regulations or my services change.
Significant changes will be announced on the website or by e-mail.

Thank you for sharing your data with me and for your confidence in my work.