PRIVACY POLICY (GDPR)

1. GENERAL PROVISIONS

The purpose of this Policy on personal data processing pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter “GDPR”) is to provide information about what personal data the Company, as the data controller, processes about natural persons in connection with the provision of its services/products, for what purposes and for how long such personal data is processed in accordance with applicable laws, to whom and for what reason it may be disclosed, and to inform you of the rights of individuals in relation to the processing of their personal data and how those rights may be exercised.

This Policy applies to the processing of data of our customers, meaning you, if you are a natural person and/or your employees or members of governing bodies if you are a legal entity, or visitors to the Company’s website, always to the extent of personal data corresponding to your position in relation to the Company. All services we provide are intended for you as our Client, who acts within the scope of their business or other professional activities and/or on behalf of their employer, who is our client (hereinafter the “Client” or “you”).

This Policy is effective from 1 August 2025 and is issued in accordance with the GDPR for the purpose of fulfilling the Company’s information obligation as a data controller under Article 13 GDPR.

2. DATA CONTROLLER

The controller of your personal data is the Company, with current contact information available in the “Contacts” section.

3. DATA PROTECTION OFFICER

The Company is not required to appoint a Data Protection Officer. No Data Protection Officer has been appointed.

You may contact Legix Expert Consulting as the data controller directly at:

Legix Expert Consulting, s.r.o.

Blanická 922/25, 120 00 Prague

Tel.: +420 720 777 100

E-mail: info@legix.cz

4. CATEGORIES OF PERSONAL DATA PROCESSED BY THE COMPANY

Personal data means any information relating to a natural person – that is, you – that the Company is able to identify. In connection with the provision of services, the Company may process the following categories of personal data:

4.1 BASIC PERSONAL IDENTIFICATION DATA

These are data necessary for concluding and performing a contract with you and include in particular:

 • Academic title
 • First and last name
 • Date of birth
 • Personal identification number
 • Birth surname
 • Personal data related to identification documents (passport, ID card, driver’s license, etc.), including ID number, issuing authority, and validity
 • Your job position (if ordering our services/products on behalf of a company)
 • Your role as a statutory body of a client company
 • Company ID and VAT number
 • Payment details
 • Signature

4.2 CONTACT DETAILS

Including:

 • First and last name
 • Email address
 • Telephone number
 • Mailing address

4.3 PAYMENT INFORMATION RELATED TO THE SERVICE PROVIDED

Including:

 • Bank account number
 • Payment details
 • Tax documents

4.4 PERSONAL DATA PROCESSED IN RELATION TO THE INCORPORATION OF READY-MADE COMPANIES

These are necessary for concluding and performing a contract with you and are also required in connection with compliance with Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime and terrorist financing (the “AML Act”), including:
 • First and last name
 • Date of birth
 • Personal identification number
 • Birth surname
 • Personal data related to identification documents (passport, ID card, driver’s license, etc.), including ID number, issuing authority, and validity
 • Your role as a statutory body of a client company

4.5 RECORD OF EMAIL AND WRITTEN COMMUNICATION

Including personal data contained in email and written communication with the Client.

5. PURPOSE, DURATION AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

5.1 PROCESSING FOR THE PURPOSE OF CONTRACT PERFORMANCE, LEGAL OBLIGATIONS, AND LEGITIMATE INTERESTS

5.1.1 PROCESSING OF PERSONAL DATA FOR CONTRACTUAL OBLIGATIONS

To provide services to you, the Company must know and process your personal data. We primarily process your data to conclude and perform a service contract between you (the Client) and the Company, with the legal basis being contract performance.
 The scope of data processed for this purpose includes Basic Personal Identification Data as defined in Section 4.1 of this Policy.

Such data is collected from you directly when concluding or negotiating the service contract.
 These personal data are processed only for the duration of the contractual relationship and for the general limitation period thereafter.

5.1.2 PROCESSING TO FULFILL LEGAL OBLIGATIONS

In providing services, the Company is required to comply with obligations under Act No. 563/1991 Coll., on Accounting (“Accounting Act”), Act No. 586/1992 Coll., on Income Taxes (“ITA”), Act No. 235/2004 Coll., on VAT (“VAT Act”), and the AML Act.
 Certain personal data may appear on accounting records (invoices, documents related to company formation, etc.). These laws require the Company to retain such documents for up to 10 years. If retention is legally mandated, your personal data included in such documents will be retained accordingly.

5.1.3 PROCESSING BASED ON LEGITIMATE INTEREST

If you delay payment or fail to fulfill your obligation, or we suffer loss or damage, your personal data may be processed based on the legitimate interest of recovering claims and/or protecting the Company’s legal rights.

In such cases, your data may be retained for the statutory limitation period under Act No. 89/2012 Coll., the Civil Code.

5.1.4 PROCESSING BASED ON CONSENT

The Company generally processes your personal data when required by law, for contract performance, or based on legitimate interest.

Only exceptionally do we process data based on your explicit consent, in which case it is processed only for the specified purpose and duration stated in the consent.

6. THIRD PARTIES TO WHOM PERSONAL DATA IS DISCLOSED

To fulfill its obligations, the Company uses professional services of other entities. These service providers act as data processors and may only process data have based on the Company’s instructions.

This includes:

 • External legal representatives (e.g., for debt recovery or legal protection)
 • External accounting and tax service providers
 • External IT infrastructure and hardware service providers
 • Cookies used on our website – more information is available in the Cookies section of our website.

Data processing agreements have been concluded with these processors to ensure a level of protection at least equivalent to this Policy.

In compliance with legal obligations, the Company may also disclose your data to public authorities and regulatory agencies as required by applicable law.

7. PERSONAL DATA SECURITY

The Company has implemented and maintains appropriate technical and organizational measures, internal controls, and information security processes to protect your personal data from accidental loss, destruction, alteration, unauthorized disclosure, or access. These include:

 • Employee accountability measures
 • Staff training
 • Regular data backups
 • Data recovery procedures
 • Incident response policies
 • Software security protections

Company personnel are bound by confidentiality, which extends beyond the end of employment. A signed confidentiality clause is part of every employee’s contract.

8. YOUR RIGHTS REGARDING PERSONAL DATA

When you exercise any rights under this Section 8 or applicable laws, we will notify each data recipient (as described in Section 6) of any changes or deletions of your data or any restrictions on processing, where feasible and unless it requires disproportionate effort.

To exercise your rights or request more information, contact us at info@legix.cz or in writing at our registered office.

We may request certain identifying information to verify your identity. We will respond within one month, with a possible extension of up to two additional months.

8.1 RIGHT OF ACCESS

Under Article 15 GDPR, you have the right to obtain:

 • Confirmation whether your personal data is being processed
 • Information on processing purposes, categories of personal data, recipients, storage duration, your rights, data sources, automated decision-making (including profiling), data transfers outside the EU, and
 • A copy of the personal data (unless it adversely affects the rights of others).
 Repeated requests may be subject to a reasonable administrative fee.

8.2 RIGHT TO RECTIFICATION

Under Article 16 GDPR, you have the right to have inaccurate personal data corrected. You must also notify us of any data changes and provide evidence thereof.

8.3 RIGHT TO ERASURE

Under Article 17 GDPR, you may request deletion of your personal data unless we demonstrate overriding legitimate grounds for its processing.

8.4 RIGHT TO RESTRICT PROCESSING

Under Article 18 GDPR, you may restrict processing while contesting accuracy, legality, or if you object to the processing.

8.5 RIGHT TO DATA PORTABILITY

Under Article 20 GDPR, you may receive your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller, provided it does not infringe the rights of others.

8.6 RIGHT TO OBJECT

Under Article 21 GDPR, you have the right to object to the processing of your personal data. Unless we demonstrate compelling legitimate grounds, we will cease processing without undue delay.

8.7 RIGHT TO WITHDRAW CONSENT

Where processing is based on your consent, you may withdraw it at any time by submitting a clear, express notice in writing to our registered office or via email at info@legix.cz.

8.8 RIGHT TO LODGE A COMPLAINT

You may lodge a complaint with the Data Protection Authority:
 Úřad pro ochranu osobních údajů
 Pplk. Sochora 27, 170 00 Prague 7
 Website: www.uoou.cz

9. UPDATES TO THIS PRIVACY POLICY

Please note that this Privacy Policy may be updated or modified. Any changes will become effective upon publication on the Company’s website.

‍