Privacy Policy

Effective from: 17 May 2026

1. Data Controller

Lidinsky Masin Expert Office s.r.o. (Czech legal name: Znalecká kancelář Lidinský Mašín s.r.o.), Company ID 08622515, VAT ID CZ08622515, registered office Na Bateriích 822/9, Prague 6 – Střešovice, 162 00, Czech Republic (the "Controller"). Contact: info@zklm.cz.

2. Scope and Purpose

This website (www.zklm.cz) is an informational presentation of our expert office. It processes only the minimum personal data necessary for the site to function and to be measured.

2.1 Automatically processed data

  • Technical browser data (type, language, resolution) — used only during page rendering, never stored server-side by us.
  • Visit statistics via Google Analytics 4 (pseudonymous identifier, language, traffic source, time on page) — only with your consent.
  • Browser localStorage — for the ZKLMxeso game (player count, best result). This data never leaves your browser.

2.2 Data you send us

If you contact us by email (info@zklm.cz or our experts' personal addresses), we process the data you provide (name, email, message). Purpose: to reply and possibly enter a contractual relationship. Legal basis: Art. 6(1)(b) GDPR (performance of a contract / pre-contractual steps) and Art. 6(1)(f) GDPR (legitimate interest in communication).

3. Cookies and similar technologies

The site uses two cookie-like categories:

  • Necessary — functional browser storage that remembers your map and analytics consent. The site cannot function without these. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
  • Analytics (optional) — Google Analytics 4 (provider: Google Ireland Limited, EU). Records anonymous aggregate visits. Loaded only after your explicit opt-in via the cookie banner. You can withdraw consent at any time using the button below.

4. Map embed

The Contact section can embed a Google Map. The map loads from maps.google.com only after you click the consent button. Without your consent the map never loads and no data is sent to Google's servers. Once you consent, Google may process your IP address and other technical data per Google's privacy policy.

5. Sharing with third parties

We share no data with anyone other than:

  • Google Ireland Limited (analytics, maps) — only with your consent, hosted in the EU.
  • Web hosting provider — keeps standard server logs (IP, time, URL) for the period strictly necessary for operations and security.

Google may also process data in the US under the EU-U.S. Data Privacy Framework and standard contractual clauses pursuant to Art. 46(2) GDPR. Outside this framework we do not transfer data to third countries.

6. Retention

  • Cookies / analytics consent: 12 months (we ask again afterwards).
  • Email communication: as long as needed for the purpose, up to the duration of the contractual relationship plus 10 years (deadlines set by Act No. 254/2019 Coll. on Experts).
  • Google Analytics: 14 months by default (configurable in GA4 admin).

7. Your rights

As a data subject you have the right to:

  • Access your data — we will tell you what we process about you.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten") when the data is no longer needed or processed unlawfully.
  • Restriction of processing.
  • Data portability.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time (via the button above or your browser settings).
  • Lodge a complaint with the Office for Personal Data Protection (Pplk. Sochora 27, 170 00 Prague 7, Czech Republic).

You can exercise your right by emailing info@zklm.cz. We respond within 30 days at the latest.

8. DPO, profiling, breach notification

  • Data Protection Officer (DPO): The office has not appointed a DPO — the requirement under Art. 37 GDPR does not apply. Contact for data protection matters: info@zklm.cz.
  • Profiling and automated decision-making: We do not perform profiling or automated decision-making within the meaning of Art. 22 GDPR.
  • Breach notification: In the event of a personal data breach likely to result in a risk to your rights, we will notify the Office for Personal Data Protection within 72 hours (Art. 33 GDPR) and, where the breach poses a high risk, the affected data subjects directly (Art. 34 GDPR).

9. Security

The site runs exclusively over HTTPS with HSTS (Strict-Transport-Security, 1-year validity including subdomains). Communication with GA4 and Google Maps is encrypted. We collect no sensitive data (Art. 9 GDPR categories) on this site.

10. Changes

We may update this policy. The current version is always published on this page with the effective date. We will notify you of material changes via the cookie banner.

← Back to homepage