Privacy policy, s.r.o. , ID No.: 036 68 681, with registered office at Šumavská 31, 602 00 Brno, represented by Vladimír Šandera, Managing Director, registered in the Commercial Register maintained by the Regional Court in Brno, file No. C 86206 (for simplicity, hereinafter referred to as “we” or “the Controller“)

Last update: July 15th 2022

We do not take the protection of personal data lightly. We need some Personal data to provide the Smartsupp Service (to comply with the Terms of Service), and we process some Personal data based on our legitimate interest. For some Personal data, we are required by law to process it (for example, for bookkeeping). In some cases, we will use Processors who may have access to your Personal data. We will only seek consent from you if it is really necessary.

Data Protection Officer: Mgr. Petra Stupková, with whom we regularly consult GDPR processing processes (contact:

When is Smartsupp a controller? We are the controller of Personal data in relation to Users of our website. You have entrusted us with certain information about yourself (such as your name, email, or cookies) in order for us to, for example, register an account for you. An overview of the Personal data we process, including the reasons for processing it, can be found below. If anything is unclear, please do not hesitate to contact us at

When is Smartsupp in the position of a processor? We provide a Chat box service that our customers can place on their website. We are in the position of a Personal Data Processor in relation to users of our customers’ websites. This relationship is governed by the Personal Data Processing Agreement, which is attached to the Smartsupp Terms of Service (the “Agreement“).

In order to make the text clearer, we will simplify your reading with some terms we use in this Privacy Policy:

Service is a software service consisting mainly of the provision of electronic tools for a fee to implement the Chat Box on our customers’ websites, provided under our Terms;
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council;
Business messages generally an email or text message sent for the purpose of promoting similar products and services to those who have previously agreed or are our customers;
Personal data any information about the User that can directly or indirectly identify the User;
User / you the natural person to whom the Personal data relates, most often a customer or potential customer, or a user of our website who is simply browsing our website;
Processor we use other entities to, for example, provide us with secure data storage or to send you a newsletter. In the course of this cooperation, they may process the Personal data you have provided to us;
Processing of Personal Data Simply put, it is any handling of Personal Data – whether it is storing, sharing, deleting, or changing it;
Special Categories of Personal Data data that we understand to be more sensitive. For example, it relates to what your ethnicity or your sexual orientation is, whether you are in a trade union, what your health is like, and what your faith is. Genetic and biometric data are also considered to be a special category of data if they are processed for the purpose of uniquely identifying a natural person. We do not process this Personal data.


→ Name and surname → Contact details (especially e-mail, phone number)
→ Invoicing details and bank details (details necessary for bookkeeping and payment for the Service) Information you provide to us in the course of communicating with us (in particular, your questions and answers to your questions, communication with you)
→ Data in an enquiry sent by a customer or other person → Cookies and IP address (including information about your device or operating system)
→ the comments you add to our posts on social networks (in particular Facebook, Twitter, Youtube, LinkedIn), as well as your profile name (nickname) on these social networks and your publicly accessible information on your profiles → Login to the user account and behavior in the user account (in particular the data filled in by the User in the user account, time of registration, date of the last profile update)

Special category of Personal Data. We do not process any Personal Data of a sensitive nature about you.

How do we process your personal data?  Only to the extent necessary for the duration of the contractual relationship, for the time necessary to exercise the rights and obligations arising from the contractual relationship between you and us, and the possible exercise of claims under those contractual relationships (e.g. refunds). The processing of Personal Data is automated, but we do not carry out profiling.

A. Visiting our website, its operation, personalized advertising.

What data? Information about when and how you visit and view our website, which may include: your IP address, the date and time you access our website, information about your internet browser, your operating system or language settings, your website behavior history, e.g. what links you visit on our website. However, information about your web behavior is anonymized for your maximum privacy. If you visit our website via your mobile phone, we may also process data about your phone.
How? Cookies or other technologies for tracking User behavior
Why? Providing the core functions of our website, analytics, improving our services, and marketing. We also process personal data to show you relevant content or our advertising on other websites. You can set your preferences in the cookie bar. The legal basis is consent or legitimate interest (necessary cookies).
How long? The processing time varies according to the type of cookie. Some process data only for a session (visit), and some for longer. More information can be found in the Cookie Policy.

B. Registration, fulfillment of the Contract

What data? Email, Google account, AppleID, name, website URL, job title, number of employees, type of business. 
How? You will provide us with this information when you complete the registration form.
Why? In order to start using the Service, you must first enter into a Contract with us. It is by completing the registration that the Contract is concluded between us.
How long? The data is processed for the duration of the Contract or until its transfer and then for 4 years after its termination. The transfer of personal data is governed by the Data Processing Agreement.

C. Complaints and claims.

What data? Name, surname, phone number, email, invoice number, and user account. 
How? You will provide this information to us in the event of a complaint or claim.
Why? The Personal data obtained in the course of handling a complaint or complaint are processed on the basis of the concluded Contract.
How long? Closed complaints and claims are periodically deleted, but no later than 3.5 years after the claim or complaint has been resolved. 

D. Communication with customer support and your other questions

What data? Name, surname, phone number and email, invoice number, user account. 
How? We process Personal data necessary for the purpose of processing the enquiry. Communication with customer support takes place by phone, email, or directly on our website.
Why? By submitting an enquiry, you consent to the processing of Personal data for the purpose of processing your enquiry.
How long? Closed questions from customer support are deleted periodically, but no later than 3.5 years after the question was asked.

E. Newsletter (direct marketing).

What data? Name, surname, phone number and email, invoice number.
How? We send a newsletter to inform you about our services and news.
Why? You have agreed to receive our newsletter. We may send newsletters to our customers based on a legitimate interest in improving and promoting our services. If you do not want to receive the newsletter, you can unsubscribe in the footer of the email.
How long? The data is processed for a period of 2 years from the last active viewing of the newsletter, unless you unsubscribe earlier. 

F. Reviews

What data? Name, surname, email, Smartsupp account number. In case of your explicit consent, also photo, company name, position and other personal data included in the text of the review.
How? Reviews are uploaded to our website with your consent, by prior agreement. 
Why? Customer reviews are important to us. It helps us in the development of the Service. We are also interested in promoting our services. 
How long? Reviews are posted until your consent is revoked, at the latest 5 years.   

G. Competitions, promotions, and social networks.

What data? Name and surname, address, date of birth, phone number, e-mail, username.
How? Whether it’s filling in a form or leaving a comment (for example, to enter a competition), you’ll find out the exact process described directly in a social media post or email. We have profiles on Facebook, LinkedIn, Instagram, and YouTube. When working with social networks, we must follow the privacy policies of these platforms. Reviews are posted on our website with your consent, by prior arrangement.
Why? Participation in competitions is voluntary, as is the disclosure of personal data. We only process Personal Data that is necessary to fulfill the purpose of the processing. If you withdraw your consent, it will not be possible to participate in the competition.

If you send us an enquiry via a social network, we will respond on the basis of your agreement to handle your enquiry.

How long? Personal data will be deleted after your social media enquiry has been dealt with, this does not apply if you become a customer. In the case of a competition/webinar, it will be processed for the time necessary for the competition to take place. We carry out social media marketing for the duration of your consent to cookies, the period of time cookies are stored may vary depending on the type of cookie.

H. Training courses, webinars

What data? Name and surname, telephone number, e-mail, billing information.
How? We organize training and webinars. We process your Personal data that you fill in the order form. We process this data for the purpose of fulfilling the contract, i.e. your participation in the event. Please note that we may take video footage or photographs of some of these events. We aim to be as anonymous as possible, so we will not include your name or other details in photographs or video footage unless you give us permission to do so (e.g. if it is a reference).
Why? You can order training or webinar from us using the form. We will conclude the contract by submitting the event registration form or by our individual agreement.
How long? For the duration of the contractual relationship with us and thereafter for a period of 4 years from the termination of the contractual relationship.

I. Job applicants.

What data? Name and surname, address, date of birth, phone number, email address, social networking link, former employment information, education, interests, skills, and certifications.
How? If you get in touch and say you’d like to work for us, we’d love to hear from you! We will look at the documents you send us that contain Personal data and get back to you based on that.
How long? In order to protect our legitimate interests (in the event of litigation), we retain the Personal Data of job applicants for a period of 3 years.

J. Accounting.

What data? Invoice details: name, surname, email address, billing address, or other identification of the User and details of the performance under the Contract. Tax invoice details: name, surname, email address, billing address, or other identification of the User and details of the services provided. 
How? After filling in the payment information in the profile, we save this information to create an invoice.
Why and how long? We are legally obliged to keep accounting documents and accounting records (invoices) for 5 years starting from the end of the accounting period to which they relate. We are also obliged to keep the invoice for 3 years from the end of the tax year in which the tax liability relating to the invoice arose. We are also obliged to keep tax documents for 10 years from the end of the tax year in which the transaction took place.


Processors. We only use verified Processors with whom we have a written contract and who provide us with at least the same guarantees as we provide to you. We have set out above the data that may be processed by Processors, including their purpose and the legal title of the processing.

Website visits, website traffic, personalized advertising

Website visits, website traffic, personalized advertising  

Registration, contract performance

Complaints and Claims

Communication with customer support and your other questions

Newsletter (direct marketing)


  • Amazon, Shoptet, Shopify,, Capterra, G2, WordPress

Competitions, promotions and social networks

Training and webinars

  • [Demio]

Job applicants


Legal obligations. We may transfer Personal data to third parties in addition to the Processors listed above if required to do so by law or in response to lawful requests by public authorities or court orders in litigation.


Our customers can influence the extent of processing within the provision of SaaS by customizing the settings in the Dashboard.

Technical and organizational measures. Security is very important to us and we are constantly working to ensure that your data is protected. When choosing measures, we take into account the scope of processing, the risks of the processing, or the state of our technology.

  • We regularly back up data;
  • we encrypt data using SSL/TLS (“secure sockets layer/transport layer security”) for all data transmission outside our infrastructure;
  • access passwords to information systems where Personal Data will be processed and access permissions are controlled at the individual level.

Organizational measures. We have adopted and commit to maintain the following measures:

  • Our employees are bound by confidentiality;
  • Our employees are properly trained and also regularly trained on GDPR and familiarized with the rules of safe work on work equipment;
  • Access to all systems, including the information system, is personalised and covered by secure passwords;
  • The information system records logs so that we can control employee access to individual User Personal data.


Where to contact us? Write to us at, or to our head office address.

When will we handle your message? We will reply to you within one month at the latest. If providing the information would compromise the privacy of others, or if providing it would be disproportionate to the risks or costs of providing it, we may not be able to comply. We may need to verify your identity in order to better process your request. In the event of a repeat request, the Controller will be entitled to charge a reasonable fee for a copy of the Personal data.

Right of access 
  • We will confirm whether we are processing your Personal Data.
  • You have the right to be informed about the purposes of processing, the categories of personal data, the recipients to whom they are disclosed, and the duration of processing.
  • You have the right to know whether a right has already been exercised.
  • It is also a prerequisite that the rights and freedoms of other persons and copies of personal data are not adversely affected.
Right to repair 
  • You have the right to request the rectification of personal data.
  • You can correct some information in your user account.
Right to erasure
  • If there is no other reason to continue processing this data, we will delete or anonymize the data requested by you.
Right to restriction of processing
  • If you believe that we are processing data incorrectly. Whether it is the reasons for the processing or the extent of the processing, please let us know.
Right to notification of rectification, erasure or restriction of processing
  • If you contact us with a request, we will inform you of the outcome. Sometimes we may not be able to comply (e.g. the email address you wrote to us from is no longer working).
Right to portability 
  • We will provide the data that you have provided to us in a structured and machine-readable format to another controller at your request.
Right to object
  • If we process your data for legitimate interest (e.g. sending a newsletter to Users).
  • It is up to us to demonstrate our legitimate interest. If your objection is justified, we will stop processing Personal Data.
Right to withdraw consent
  • Have you changed your mind? Never mind, write to us. You can revoke the processing for marketing and commercial purposes at any time.
Automated individual decision-making including profiling
  • Don’t want to be subject to computer decisions? We respect your right, so we do not carry out profiling. We provide an online service, your Personal data may be processed automatically.


This Privacy Policy may only be amended in writing. You will be informed of this via our website. 

If you have any questions about our Privacy Policy, please contact us at

 If you are dissatisfied, you can at any time file a complaint with the Office for Personal Data Protection, located at Pplk. Sochora 727/27, 170 00 Prague 7 – Holešovice (more at

This Privacy Policy is effective from 15 July 2022.