Privacy Policy | StayBrand

1. Introduction and Definitions

This Privacy Policy describes how Jakub Pos ("we", "StayBrand") processes personal data of individuals ("You") who visit our website, use our platform, or communicate with us. We respect your privacy and are committed to protecting your personal data in accordance with the GDPR and other applicable regulations.

2. Our Role in Processing (Controller vs. Processor)

It is important to distinguish between two situations: 2.1 StayBrand as Controller If you visit our website, fill out a contact form, subscribe to a newsletter, or are our direct client (billing contact person), we act as the Data Controller. We determine the purpose and means of processing. 2.2 StayBrand as Processor If you use our application as an employee of our client (Your company), StayBrand acts as the Data Processor. The Controller of your data is your employer (our Client), who set up your account. We process your data only based on the Client's instructions and in accordance with the Data Processing Agreement (DPA).

3. What Personal Data We Process

We process the following categories of data: 3.1 Website Visitor and Inquiry Data • Contact details: Name, email, phone, company name (if provided). • Marketing data: Communication preferences, newsletter interactions. • Web analytics: IP address, browser type, pages visited (see Cookie Policy). 3.2 Platform User Data • Login credentials: Email address, password (encrypted). • Profile data: First name, last name, job title, profile photo (optional). • Usage Logs: Login times, actions performed in the editor, downloaded files, change history. We collect this data to ensure security, for auditing (who edited what), and service improvement. 3.3 Content Data Images, texts, and documents you upload to the platform. The Client is responsible for the content of this data.

4. Purposes and Legal Basis for Processing

We process your data for these purposes: • Service Provision (Contract Performance): To set up your account and enable application usage. • Security and Audit (Legitimate Interest): Activity monitoring for cyber attack prevention and retroactive traceability of system changes. • Product Improvement (Legitimate Interest): Analysis of how users work with the app to optimize UX. • Marketing and Communication (Consent / Legitimate Interest): Sending product news and business offers. You can unsubscribe at any time. • Billing and Taxes (Legal Obligation): Keeping records as required by accounting laws.

5. Data Retention Period

We retain personal data only for the necessary time: • Account Data: For the duration of the contract with the Client. After contract termination, data is deleted or anonymized within 30 days (unless law requires otherwise). • Marketing Data: Until consent withdrawal, but maximum 3 years from last activity. • Technical Logs: Usually 6 months for security purposes. • Invoices: 10 years according to VAT law.

6. Where We Store Data (Hosting and Transfers)

Your data is securely stored on servers in the European Union (primarily Germany/Ireland) with cloud infrastructure providers (e.g., AWS or Microsoft Azure) that meet the strictest security standards (ISO 27001, SOC 2). If data transfer outside the EEA occurs (e.g., due to technical support from a US subcontractor), it is always done based on Standard Contractual Clauses (SCC) approved by the European Commission, guaranteeing an adequate level of protection.

7. Data Sharing with Third Parties

Your data may be disclosed only to: • Sub-processors: Companies supplying us with IT infrastructure, emailing services, or analytics. We have processing agreements with all of them. • Public Authorities: If required by law. We never sell your personal data to third parties for their marketing purposes.

8. Your Rights

You have the right to: • Request access to your data. • Rectification of inaccurate data. • Erasure ("right to be forgotten"). • Restriction of processing. • Data portability. • Object to processing based on legitimate interest. If you are a platform user (employee of a Client), we recommend exercising rights primarily with your employer (Controller), who has full control over your account. We will provide them with all cooperation. Contact for exercising rights at StayBrand: info@staybrand.io

9. Final Provisions

We may update this policy continuously. The current version is always available on the website. In case of complaints, you can contact the Office for Personal Data Protection (www.uoou.cz).