Privacy Policy

1. Data Controller

The data controller responsible for the processing of personal data described in this Privacy Policy is Helize s.r.o., a limited liability company incorporated under the laws of the Czech Republic, with its registered office in the Czech Republic and registered in the Czech Commercial Register ("Helize", "we", "us", or "our").

For any questions regarding the processing of your personal data, or to exercise any of your rights under the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") or Czech Act No. 110/2019 Coll. on the Processing of Personal Data, you may contact us at info@helize.eu.

Helize operates the websites helize.eu, handyman.helize.eu, hifix.cz, and the forthcoming Happie Hour service, and provides technology agency services (web development, search engine optimisation, and digital advertising) as well as its proprietary Handyman Platform offering across the Czech Republic, Slovakia, Germany, and the wider European Union.

2. Data Protection Officer and Privacy Contact

Although Helize s.r.o. is not legally required under Article 37 GDPR to appoint a formal Data Protection Officer, we have voluntarily designated a dedicated privacy contact to ensure that all data protection matters are handled by a single accountable point of contact.

All privacy-related enquiries, data subject access requests, complaints, or concerns should be addressed to: privacy@helize.eu.

We endeavour to respond to all legitimate privacy requests within thirty (30) calendar days of receipt, in line with Article 12(3) GDPR. Where a request is particularly complex, we may extend this period by up to two further months and will inform you of any such extension and the reasons for the delay.

3. Categories of Personal Data We Collect

We collect only the personal data strictly necessary to provide our services, operate our websites, comply with legal obligations, and respond to your enquiries.

Website visitors: when you visit helize.eu or any of our sub-domains, our EU-based hosting provider automatically logs your IP address, the timestamp of the request, the URL requested, the HTTP response code, the referring URL (if any), and basic user-agent information (browser and operating system). These logs are generated at the infrastructure level for security, abuse prevention, and debugging purposes.

Contact form submissions: when you submit our contact form, we collect your name, email address, the subject of your enquiry, the content of your message, and the timestamp of submission. We additionally record the fact that you gave explicit consent by ticking the consent checkbox prior to submission.

Handyman Platform customers: where you engage Helize as a customer of the Handyman Platform, we process your business name, contact person's full name, billing address, VAT identification number (where applicable), email address, telephone number, domain name details, invoicing data, and any technical credentials reasonably required to provision and maintain your platform instance.

Communications: we retain correspondence (including emails) exchanged between you and Helize for the purposes of contract performance, customer support, and legal record-keeping.

We do not knowingly collect any special categories of personal data as defined in Article 9 GDPR.

4. Purposes of Processing and Legal Bases

We process personal data only where we have a lawful basis to do so under Article 6 GDPR.

Provision of services (Article 6(1)(b) GDPR — performance of a contract): we process customer data to enter into and perform service agreements, deliver the Handyman Platform, issue invoices, provide customer support, and maintain the services you have subscribed to.

Responding to enquiries (Article 6(1)(a) GDPR — consent, or Article 6(1)(f) — legitimate interest): contact form submissions are processed on the basis of your explicit consent, which you provide by ticking the consent checkbox before sending the form. For pre-contractual communications, processing may additionally rely on our legitimate interest in responding to business enquiries and taking steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).

Legal obligations (Article 6(1)(c) GDPR): we process and retain accounting and tax-relevant data to comply with Czech Act No. 563/1991 Coll. on Accounting, Act No. 235/2004 Coll. on Value Added Tax, and other applicable legal obligations imposed on Czech limited liability companies.

Security and abuse prevention (Article 6(1)(f) GDPR — legitimate interest): we process server logs and technical metadata to detect, prevent, and investigate fraud, abuse, security incidents, and unauthorised access. Our legitimate interest lies in maintaining the security and integrity of our infrastructure and our customers' data, and we have assessed that this interest is not overridden by the rights and freedoms of data subjects.

We do not sell personal data. We do not profile users. We do not use tracking cookies or behavioural advertising technologies.

5. Data Retention Periods

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements.

Server logs (IP addresses, access logs): retained for a maximum of thirty (30) days for security and debugging purposes, after which they are automatically purged or anonymised.

Contact form submissions: retained for twelve (12) months from the date of submission unless a business relationship arises, in which case the relevant correspondence is retained for the duration of the service plus the statutory retention period.

Customer account data (Handyman Platform and agency customers): retained for the duration of the service relationship plus seven (7) years for tax and accounting obligations under Czech Act No. 563/1991 Coll. on Accounting and Act No. 235/2004 Coll. on VAT.

Invoices and accounting records: retained for ten (10) years, in accordance with Section 35 of the Czech VAT Act and Section 31 of the Czech Accounting Act.

Correspondence relating to claims or disputes: retained for the duration of the limitation period applicable under Czech civil law (generally three to ten years), plus a reasonable additional period to handle any post-dispute matters.

At the end of the applicable retention period, personal data is securely deleted or irreversibly anonymised.

6. Recipients and Sub-Processors

We disclose personal data only to carefully selected third parties who act as processors on our behalf, and only to the extent necessary for the provision of our services. Each sub-processor is bound by a data processing agreement compliant with Article 28 GDPR.

Hosting infrastructure: our websites and the Handyman Platform are hosted on infrastructure provided by our EU-based hosting provider, currently Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany. All data is stored on servers physically located within the European Union.

Contact form delivery: submissions from our contact form are transmitted through Web3Forms. Because Web3Forms may process data outside the European Economic Area, transfers are carried out on the basis of the European Commission's Standard Contractual Clauses (Decision 2021/914) pursuant to Article 46(2)(c) GDPR, and we only transmit data you have expressly consented to send via the form consent checkbox.

Payment processors (Handyman Platform customers only): where applicable, payments are processed by established providers such as Stripe Payments Europe Ltd. (Ireland) and PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg). These providers act as independent controllers for the processing of payment data and apply their own privacy policies.

Professional advisers: we may disclose data to our accountants, auditors, and legal advisers where strictly necessary for the performance of their professional services, each of whom is subject to confidentiality obligations.

Public authorities: we may disclose personal data to competent authorities where required by a binding legal obligation, court order, or official request complying with applicable law.

We do not share, rent, trade, or sell personal data to any third party for marketing purposes.

7. International Transfers

Helize is committed to keeping personal data within the European Economic Area ("EEA") wherever possible. Our hosting infrastructure, our offices, and our primary operations are located within the EEA.

The only routine transfer of personal data outside the EEA concerns contact form submissions transmitted through Web3Forms. This transfer is governed by the European Commission's Standard Contractual Clauses adopted under Commission Implementing Decision (EU) 2021/914 of 4 June 2021, which provide appropriate safeguards within the meaning of Article 46 GDPR. Transfers only occur after you have given explicit consent via the form's consent checkbox.

A copy of the Standard Contractual Clauses applicable to this transfer, and information about any supplementary measures we apply, is available on request by writing to privacy@helize.eu.

8. Your Rights as a Data Subject

Under the GDPR and Czech data protection law, you have the following rights in relation to your personal data:

Right of access (Article 15 GDPR): you may request confirmation of whether we process your personal data, and if so, a copy of that data along with information about the processing.

Right to rectification (Article 16 GDPR): you may request the correction of any inaccurate personal data or the completion of incomplete personal data.

Right to erasure ("right to be forgotten", Article 17 GDPR): you may request the deletion of your personal data where one of the grounds listed in Article 17 applies.

Right to restriction of processing (Article 18 GDPR): you may request that we limit the processing of your personal data under certain circumstances.

Right to data portability (Article 20 GDPR): where processing is based on consent or contract and carried out by automated means, you may receive the personal data you have provided in a structured, commonly used, and machine-readable format, or request its transmission to another controller.

Right to object (Article 21 GDPR): you may object, on grounds relating to your particular situation, to processing based on our legitimate interests.

Right to withdraw consent (Article 7(3) GDPR): where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint: you may lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, "ÚOOÚ"), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz, or with the supervisory authority of your EU Member State of habitual residence or place of alleged infringement.

To exercise any of the above rights, please contact privacy@helize.eu. We will respond without undue delay and in any event within one month of receipt of the request.

9. Automated Decision-Making and Profiling

Helize does not carry out any automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

We do not build behavioural profiles of visitors, we do not score users, and we do not make any decisions about individuals using solely automated means.

10. Cookies and Similar Technologies

Helize does not set any cookies at page load on helize.eu. Our sites use self-hosted fonts, no Google Analytics, no Meta Pixel, no advertising trackers, and no third-party tracking technologies of any kind.

Browser session storage may be used briefly and locally (on your own device) to remember your language preference during a visit. This information never reaches our servers and is not a cookie within the meaning of Directive 2002/58/EC.

For full details please refer to our separate Cookie Policy.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 GDPR.

These measures include, without limitation: TLS/HTTPS encryption of all traffic to and from our websites, encrypted storage at rest on our EU hosting infrastructure, regular security updates of all server and application components, access controls and principle-of-least-privilege for Helize personnel, secure credential management, and regular backups.

Despite our efforts, no method of transmission over the internet or method of electronic storage is completely secure. In the event of a personal data breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the ÚOOÚ within 72 hours as required by Article 33 GDPR, and, where the breach is likely to result in a high risk, we will notify affected data subjects without undue delay as required by Article 34 GDPR.

12. Children's Data

Helize does not direct its services to children. Our websites and the Handyman Platform are intended for use by businesses and adults acting in a professional capacity.

We do not knowingly collect personal data from children under the age of 16. If you believe that a child has provided us with personal data, please contact privacy@helize.eu and we will take steps to delete that information promptly.

13. No Sale of Data; No Profiling; No Tracking

For the avoidance of doubt, Helize hereby confirms: we do not sell personal data to any third party; we do not rent or trade personal data; we do not profile users for advertising or any other purpose; we do not use tracking cookies, fingerprinting, or cross-site tracking technologies; we do not embed third-party analytics or advertising scripts on our websites.

This commitment reflects Helize's privacy-first engineering philosophy, not merely a contractual undertaking.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where appropriate, provide additional notice (for example, by posting a notice on our website or contacting you by email).

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the revised policy, to the extent permitted by applicable law.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please contact us at:

Helize s.r.o. Czech Republic General enquiries: info@helize.eu Privacy and data protection: privacy@helize.eu

We are committed to resolving any complaint about our collection or use of personal data. If you would prefer, you may also contact the Czech Office for Personal Data Protection (ÚOOÚ) directly at www.uoou.cz.