Privacy Policy

1. Introduction and Scope

This privacy policy (the "Policy") describes how the Operator of the StackLinker service collects, uses, stores, processes, protects, and discloses your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Act No. 110/2019 Coll., on personal data processing, and other applicable laws of the Czech Republic and the European Union. This Policy applies to all personal data we collect in providing the StackLinker service, including the web interface, API, browser extension, and any other parts of the service.

2. Data Controller and Contact Information

The data controller pursuant to Article 4(7) GDPR is: Jan Kuthan, Mariánovice 42, 25601 Benešov, Czech Republic, ID: 74900722 (the "Controller" or "Operator"). For questions regarding personal data processing, to exercise your rights under GDPR, or to file a complaint, you can contact the Controller through the contact form available on the StackLinker service website or by email at the address provided in the contact information on the website. The Controller undertakes to respond to your requests within 30 days of their delivery, in accordance with GDPR requirements.

3. What Personal Data We Collect and Data Categories

In providing the StackLinker service, we collect and process the following categories of personal data: Identification data: email address (required for registration and communication), name or nickname (optional, for service personalization), account information (registration date, last login date, account status). Service usage data: bookmarks, folders, tags, and other content created by the user (User Content), information about activities within the service (creating, editing, deleting bookmarks and folders), information about sharing content with other users and access rights settings, user preferences (language settings, interface, notifications). Technical data: IP address and network connection information, browser type and version, operating system and device, cookies and similar technologies, access and error logs, API usage information (if API is used). Communication data: messages sent through the contact form, email communication between the user and the Controller, notifications and announcements sent to users. Payment data (if relevant): payment and billing information, if the service includes paid features. We note that the Controller does not process special categories of personal data pursuant to Article 9 GDPR (e.g., data on racial or ethnic origin, political opinions, religious beliefs, health status, sexual orientation).

4. Purposes of Personal Data Processing and Legal Basis

We process your personal data for the following purposes and on the following legal bases: Service provision and contract performance (Article 6(1)(b) GDPR): processing is necessary for the performance of the service provision contract you entered into with the Controller by registering an account. We process your data to create and manage your account, provide service features (bookmark management, sharing, synchronization), communicate with you regarding the service, provide technical support. Fulfillment of legal obligations (Article 6(1)(c) GDPR): processing is necessary for the fulfillment of legal obligations of the Controller, including accounting and tax obligations, obligations under the Act on Sales Records, or obligations arising from other legal regulations. Legitimate interest of the Controller (Article 6(1)(f) GDPR): processing is necessary for the legitimate interests of the Controller, including improving the service and developing new features, ensuring service security and fraud prevention, analyzing service usage and statistics, marketing of own services (if you have not refused marketing communications). Your consent (Article 6(1)(a) GDPR): we process some data based on your explicit consent, which you can withdraw at any time, including newsletter subscription, use of cookies for marketing purposes (if relevant), or processing data for other specific purposes that require consent.

5. Personal Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes for which they were collected, or for the period prescribed by law. Specific retention periods: Account data and User Content: for the duration of your account. After account deletion, data is deleted within 30 days, except for data that must be retained by law. Technical data and logs: usually for 12 months, unless otherwise prescribed by law or the Controller's legitimate interest. Communication data: for as long as necessary to handle your inquiries or complaints, usually 3 years from the end of communication. Accounting and tax records: according to Act No. 563/1991 Coll., on accounting, usually 10 years from the end of the accounting period. Marketing data: until consent is withdrawn or 3 years from the last interaction, whichever comes first. After the retention period expires, personal data is securely deleted or anonymized so that it can no longer be linked to a specific person.

6. Your Rights Under GDPR

In accordance with GDPR, you have the following rights regarding your personal data: Right of access (Article 15 GDPR): you have the right to obtain confirmation as to whether your personal data is being processed, and if so, the right to access such data and information about its processing. Right to rectification (Article 16 GDPR): you have the right to request correction of inaccurate personal data or completion of incomplete data. Right to erasure - "right to be forgotten" (Article 17 GDPR): you have the right to request deletion of your personal data if it is no longer necessary for the original processing purposes, you withdraw consent, or if processing is unlawful. Right to restriction of processing (Article 18 GDPR): you have the right to request restriction of processing of your personal data in certain situations, for example if you contest the accuracy of the data or object to processing. Right to data portability (Article 20 GDPR): you have the right to receive your personal data in a structured, commonly used, and machine-readable format and the right to transmit such data to another controller. Right to object (Article 21 GDPR): you have the right to object to processing of your personal data based on the Controller's legitimate interest or processing for direct marketing purposes. Right to withdraw consent (Article 7(3) GDPR): if processing is based on your consent, you have the right to withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Right to lodge a complaint with a supervisory authority (Article 77 GDPR): you have the right to lodge a complaint with the Office for Personal Data Protection (www.uoou.cz), if you believe that processing of your personal data violates GDPR. To exercise your rights, contact us through the contact form or by email. The Controller undertakes to respond to your requests within 30 days, in accordance with GDPR requirements.

7. Personal Data Sharing and Recipients

We may share your personal data with the following categories of recipients: Service providers (processors pursuant to Article 28 GDPR): hosting service providers and cloud infrastructure, analytics service providers (if used), email and notification service providers, payment service providers (if relevant), other technical service providers necessary for service operation. All processors are bound by data processing agreements pursuant to Article 28 GDPR and may use data only to provide services to the Controller, not for their own purposes. Public authorities: if we are required by law or court order, we may share data with public authorities. Other service users: if you share bookmarks or content with other service users, such data is accessible to these users to the extent you have set through access rights. The Controller does not sell, rent, or otherwise commercially exploit your personal data to third parties for their own marketing or other commercial purposes.

8. Personal Data Security and Technical Measures

The Controller implements appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, alteration, or disclosure, in accordance with Article 32 GDPR. These measures include: Technical measures: data encryption during transmission (HTTPS/TLS) and at rest, regular security updates and patches, use of firewalls and other security tools, regular data backups, monitoring and detection of security incidents, use of strong passwords and multi-factor authentication (where possible). Organizational measures: limiting access to personal data only to authorized employees and processors who need data to fulfill their work duties, regular training of employees on personal data protection, documented procedures for personal data processing and response to security incidents, regular audits and evaluation of security measures. Although the Controller takes all reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. The Controller cannot guarantee absolute security of your data.

9. Transfer of Personal Data to Third Countries

Your personal data is primarily processed and stored within the European Union or the European Economic Area (EEA). If the Controller were to transfer personal data to third countries (outside EU/EEA), it will ensure that such transfer takes place in accordance with GDPR and that appropriate safeguards are implemented pursuant to Article 46 GDPR, for example: use of standard contractual clauses approved by the European Commission, transfer to countries with an adequacy decision by the European Commission, or other appropriate safeguards. In case of data transfer to third countries, we will inform you of the specific safeguards.

10. Cookies and Similar Technologies

The StackLinker service uses cookies and similar technologies (collectively "cookies") for the following purposes: Essential cookies: these cookies are essential for the service to function and cannot be turned off. They include cookies for authentication, security, and basic service functions. Functional cookies: these cookies allow the service to remember your choices and preferences (e.g., language, interface) and provide enhanced and personalized features. Analytics cookies: these cookies help us understand how users use the service, which allows us to improve the service. Marketing cookies (if used): these cookies are used for marketing purposes and tracking. You can manage or refuse cookies through your browser settings. Most browsers automatically accept cookies, but you can change settings to refuse cookies. We note that refusing some cookies may affect service functionality. More detailed information about cookie use can be found in our Cookie Policy (if available) or in the service settings.

11. Automated Decision-Making and Profiling

The StackLinker service currently does not use automated decision-making including profiling pursuant to Article 22 GDPR that would have legal effects or similarly significantly affect you. If the Controller were to introduce automated decision-making or profiling in the future, it will inform you and ensure that such processing takes place in accordance with GDPR, including providing appropriate safeguards and the possibility of human intervention.

12. Changes to This Privacy Policy

The Controller reserves the right to change, modify, or supplement this Policy at any time. You will be informed of significant changes to the Policy via email to the address associated with your account or through a prominent notice in the service. We recommend that you regularly review this Policy to be informed about how we protect your personal data. By continuing to use the service after Policy changes take effect, you express your agreement to the modified Policy. If you do not agree to the changes, you must stop using the service and delete your account. The date of the last update of this Policy is indicated in the document header.