Skip to main content
Book a Consultation

Privacy Policy

Last Updated: January 24, 2026

1. Controller Information

Buldok Marketing s.r.o.
Čechova 1446
290 01 Poděbrady
Czech Republic

Contact:

  • Email: info@buldok-marketing.cz
  • Phone: +420 775 344 950

Company ID (IČO): 04568915
VAT ID (DIČ): CZ04568915

2. Personal Data We Collect

We collect and process the following categories of personal data:

2.1 Information You Provide to Us

  • Contact Information: Name, surname, email address, phone number
  • Company Information: Company name, address, Company ID (IČO), VAT ID (DIČ)
  • Communication Data: Content of your messages, inquiries, and communications with us
  • Form Submissions: Information submitted through contact forms, newsletter subscriptions, and meeting bookings

2.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, device information, operating system
  • Website Usage Data: Pages visited, time spent on pages, referral source, links clicked
  • Cookie Data: Information collected through cookies and similar technologies (see Section 6)
  • Behavioral Data: Email open rates, link clicks in emails, form interaction data

3. Purpose and Legal Basis for Processing

We process your personal data for the following purposes with corresponding legal bases under GDPR:

Purpose Legal Basis (GDPR Article 6)
Providing marketing services and executing contracts Performance of contract (Art. 6(1)(b))
Responding to inquiries and customer support Legitimate interest (Art. 6(1)(f))
Email marketing and newsletters Consent (Art. 6(1)(a))
Website analytics and improvement Consent or Legitimate interest (Art. 6(1)(a) or (f))
Advertising and remarketing Consent (Art. 6(1)(a))
Accounting and tax obligations Legal obligation (Art. 6(1)(c))
Lead generation and business development Legitimate interest (Art. 6(1)(f))
Session recording and heatmap analysis Consent (Art. 6(1)(a))

Legitimate Interest Assessment: Where we rely on legitimate interest, we have balanced our business needs against your privacy rights. Our legitimate interests include improving our services, understanding customer needs, and growing our business. You have the right to object to processing based on legitimate interest.

4. Data Sharing and International Transfers

4.1 Third-Party Service Providers

We share your personal data with the following categories of third-party processors:

Customer Relationship Management (CRM)

  • HubSpot, Inc. (USA) - CRM, email marketing, form processing, analytics
    • Data Processing Agreement (DPA) in place
    • EU Standard Contractual Clauses (SCCs) for data transfers
    • Servers located in EU and USA

Analytics Providers

  • Google LLC (USA) - Google Analytics 4, conversion tracking
    • Server-side tracking via our domain (mereni.buldok-marketing.cz)
    • IP anonymization enabled
  • Microsoft Corporation (USA) - Microsoft Clarity for session recording and heatmaps
  • LeadInfo B.V. (Netherlands) - Company identification from website visitors

Advertising and Marketing Platforms

  • Meta Platforms, Inc. (USA) - Facebook Pixel for ad targeting and conversion tracking
  • LinkedIn Corporation (USA) - LinkedIn Insight Tag for B2B advertising
  • Google LLC (USA) - Google Ads remarketing and conversion tracking
  • X Corp (USA) - Twitter/X Universal Website Tag
  • Seznam.cz, a.s. (Czech Republic) - Sklik remarketing
  • Microsoft Corporation (USA) - Microsoft Ads (UET tag)
  • NextRoll, Inc. (USA) - AdRoll retargeting platform
  • Apollo.io (USA) - B2B contact database and enrichment

4.2 International Data Transfers

Personal data is transferred to countries outside the European Economic Area (EEA), primarily to the United States. We ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Agreement for UK data subjects
  • Data Processing Agreements (DPAs) with all processors
  • Additional safeguards: encryption in transit and at rest, access controls, regular security audits

You have the right to obtain a copy of the safeguards we use for international transfers by contacting us.

5. Data Retention

We retain personal data only as long as necessary for the purposes outlined above:

Data Category Retention Period
Contract and invoicing data 10 years (legal obligation - Czech Accounting Act)
Marketing communications and consent records Until consent withdrawal + 3 years (legal claims)
CRM and customer relationship data Duration of relationship + 3 years
Website analytics data 26 months (GA4 default, can be configured)
Email engagement data Until consent withdrawal
Cookie data As specified in cookie consent settings (max 13 months for marketing cookies)
Session recordings (Clarity) 90 days
Inquiry/contact form submissions 3 years if no contract established

After the retention period expires, we securely delete or anonymize personal data.

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies (pixels, tags, scripts) to enhance your experience, analyze usage, and deliver relevant advertising.

6.2 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be disabled.

  • Session management
  • Security features
  • Load balancing

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR)
Duration: Session or up to 1 year

Analytics Cookies

Help us understand how visitors interact with our website.

  • Google Analytics 4 (via server-side GTM at mereni.buldok-marketing.cz)
  • Microsoft Clarity (session recording and heatmaps)
  • HubSpot Analytics

Legal basis: Consent (Art. 6(1)(a) GDPR)
Duration: Up to 26 months

Marketing/Advertising Cookies

Used to deliver relevant advertisements and track campaign performance.

  • Facebook Pixel (Meta)
  • LinkedIn Insight Tag
  • Google Ads Remarketing
  • Twitter/X Pixel
  • Sklik Remarketing (Seznam.cz)
  • Microsoft Ads (UET)
  • AdRoll
  • Apollo.io

Legal basis: Consent (Art. 6(1)(a) GDPR)
Duration: Up to 13 months

Functional Cookies

Enhance website functionality and personalization.

  • HubSpot form management
  • Language preferences
  • Regional settings

Legal basis: Consent (Art. 6(1)(a) GDPR) or Legitimate interest (Art. 6(1)(f) GDPR)
Duration: Up to 13 months

6.3 Managing Cookie Preferences

You can manage your cookie preferences at any time through:

  • Cookie Banner: Displayed on your first visit, accessible via "Cookie Settings" link in footer
  • Browser Settings: Configure your browser to block or delete cookies
  • Opt-out Links: Use platform-specific opt-out mechanisms

Note: Disabling certain cookies may affect website functionality.

Platform-specific opt-out options:

  • Google: https://adssettings.google.com
  • Facebook: https://www.facebook.com/settings?tab=ads
  • LinkedIn: https://www.linkedin.com/psettings/guest-controls
  • Microsoft: https://account.microsoft.com/privacy/ad-settings

6.4 Google Consent Mode v2

We implement Google Consent Mode v2, which adjusts how Google tags behave based on your consent choices:

  • analytics_storage: Controls analytics cookies
  • ad_storage: Controls advertising cookies
  • ad_user_data: Controls sharing user data with Google for advertising
  • ad_personalization: Controls personalized advertising

Tags will only set cookies and collect full data when you provide consent. Without consent, tags operate in a limited, privacy-preserving mode.

7. Session Recording and Heatmaps

We use Microsoft Clarity to record user sessions (including clicks, scrolls, and mouse movements) and create heatmaps. This helps us understand how users interact with our website to improve user experience.

What is recorded:

  • Mouse movements, clicks, and scrolls
  • Pages visited and navigation patterns
  • Device and browser information
  • Text entered in forms (with sensitive fields masked)

What is NOT recorded:

  • Payment information
  • Passwords
  • Sensitive personal data (automatically redacted)

Legal basis: Consent (Art. 6(1)(a) GDPR)
Retention: 90 days
Your rights: You can opt out via cookie settings

8. Email Marketing

When you subscribe to our newsletter or provide consent for marketing communications, we may:

  • Send promotional emails about our services
  • Track email open rates and link clicks
  • Segment audiences based on engagement
  • Personalize content based on your interests

Legal basis: Consent (Art. 6(1)(a) GDPR)

How to unsubscribe:

  • Click "Unsubscribe" link in any marketing email
  • Contact us at info@buldok-marketing.cz
  • Update preferences in your account (if applicable)

After unsubscription, we retain your email address in a suppression list to ensure we don't accidentally email you again.

9. Your Rights Under GDPR

As a data subject in the EU/EEA or UK, you have the following rights:

9.1 Right of Access (Art. 15 GDPR)

Request a copy of the personal data we hold about you.

9.2 Right to Rectification (Art. 16 GDPR)

Request correction of inaccurate or incomplete data.

9.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

Request deletion of your personal data when:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent and no other legal basis exists
  • You object to processing based on legitimate interest
  • Data was unlawfully processed
  • Legal obligation requires deletion

Note: We may be unable to delete data if retention is required by law (e.g., accounting records).

9.4 Right to Restriction of Processing (Art. 18 GDPR)

Request limitation of processing in certain circumstances.

9.5 Right to Data Portability (Art. 20 GDPR)

Receive your data in a structured, machine-readable format and transmit it to another controller.

9.6 Right to Object (Art. 21 GDPR)

Object to processing based on legitimate interest or for direct marketing purposes.

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

9.8 Right to Lodge a Complaint

File a complaint with a supervisory authority:

Czech Republic:
Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27
170 00 Praha 7
Website: https://www.uoou.cz

9.9 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: info@buldok-marketing.cz
  • Phone: +420 775 344 950
  • Postal address: Čechova 1446, 290 01 Poděbrady

We will respond to your request within one month (extendable by two months for complex requests).

10. Data Security

We implement appropriate technical and organizational measures to protect personal data:

Technical Measures

  • Encryption: TLS/SSL for data in transit, encryption at rest for sensitive data
  • Access Controls: Role-based access, multi-factor authentication for systems
  • Monitoring: Continuous security monitoring and logging
  • Backups: Regular encrypted backups with secure storage
  • Security Testing: Regular vulnerability assessments

Organizational Measures

  • Data Processing Agreements: With all third-party processors
  • Staff Training: Regular GDPR and security awareness training
  • Policies and Procedures: Documented data protection procedures
  • Incident Response: Data breach notification procedures in place

Data Breach Notification

In case of a data breach likely to result in a risk to your rights and freedoms, we will:

  • Notify the supervisory authority within 72 hours
  • Inform affected individuals without undue delay if high risk exists
  • Document the breach and remediation measures

11. Children's Privacy

Our website and services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will delete it.

12. Automated Decision-Making and Profiling

We may use automated decision-making and profiling for:

  • Email segmentation: Categorizing subscribers based on engagement
  • Lead scoring: Assessing sales leads in CRM (HubSpot)
  • Personalized content: Showing relevant content based on behavior

Your rights: You have the right to request human intervention, express your point of view, and contest automated decisions under Art. 22 GDPR.

We do not use automated decision-making for decisions that produce legal effects or similarly significantly affect you.

13. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. Significant changes will be communicated via:

  • Email notification (for newsletter subscribers)
  • Prominent notice on our website
  • Updated "Last Updated" date at the top of this policy

Continued use of our website after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Protection Contact:
Buldok Marketing s.r.o.
Email: info@buldok-marketing.cz
Phone: +420 775 344 950
Address: Čechova 1446, 290 01 Poděbrady, Czech Republic

Acknowledgment

By using our website and services, you acknowledge that you have read, understood, and agree to this Privacy Policy.