Privacy and Cookie Policy
E.V.A. Platform (evaplatform.ai).
Introduction
Who is the data controller? The data controller is Agnostix, s.r.o., with its registered office at Hybernská 1009/24, 110 00 Prague 1, Company ID No.: 05577217. We are registered in the Commercial Register maintained by the Municipal Court in Prague, File No. C 265663 (“we” or “us”).
Who does this policy apply to? This Privacy and Cookie Policy (the “Policy”) applies whenever we process your personal data as a data controller, that is, when we determine the purpose and means of the processing. The data subject may be you (as an individual entrepreneur), a representative of your company (e.g. a manager), or your employees, contractors, or any other person acting on behalf of your company or using the Work Application (collectively referred to as “Data Subject(s)”).
Terms of Use. This Policy forms part of the Terms of Use of the E.V.A. Platform (the “Terms”). Capitalized terms not defined here have the meaning assigned to them in the Terms.
When are we a data processor? If you upload chatbot data into the Application that includes personal data relating to your customers, prospects, employees, or collaborators (particularly those not using the Application and therefore not considered Data Subjects under this Policy), you are the data controller, and we act as your data processor—or in some cases, you may be a processor and we a sub-processor. This type of data processing is not covered by this Policy but is governed by a separate Data Processing Agreement available here.
Legal regulations. This Policy and our handling of personal data comply with Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR) and Czech Act No. 110/2019 Coll., on the Processing of Personal Data. In this Policy, you’ll find information about what personal data we process, the purposes and legal bases for processing, how long we retain it, and what rights you have as a Data Subject.
Contact details. If you have any questions or concerns, you can always contact us by e-mail at gdpr@agnostix.cz.
What personal data do we process?
We process personal data that generally falls into the following categories:
- Identification data. Used to identify the Data Subject, such as name, surname and/or business name, date of birth, identification number, and registered office or home address.
- Contact details. Used to communicate with the Data Subject regarding the contract, the Application, or for sending commercial messages. This includes phone numbers and email addresses.
- Login credentials. Used for access to the Application. This includes your username and password.
- Information about your device. Used to ensure proper functionality of the Application and Website. This includes data obtained via cookies such as IP address, browser type, OS version, device location, and other data you choose to share.
- Invoicing and banking details. Processed in relation to identification and payment transactions. This includes invoice data, bank account numbers, and information about payments made or received.
- Communication history. Includes content from email correspondence, phone call records, contact forms, and any other communication. This may also include job titles or other personal data you voluntarily provide.
Do we really need your personal data?
We always aim to process only the minimum amount of personal data necessary. However, in some cases, processing is essential. To enter into a contract and provide you with access to the Application, we must process certain personal data.
Why and how long do we process personal data?
We only process personal data when we have a valid legal basis. That means each processing activity must be grounded in applicable legal regulations. We process personal data for the following purposes:
| What is the legal basis for processing under the GDPR? | Why do we process personal data? | How long will we process it? | What data do we process for this purpose? |
| CONTRACT Fulfillment of obligations under a contract or in the framework of pre-contractual negotiations Article 6(1)(a) 1 b) GDPR | If you’re negotiating a Contract with us or have already signed one, we need to process personal data of certain individuals in your organization (e.g. company representatives, legal signatories, or application administrators). We also process this data during the performance of the Contract (e.g. communication with administrators or users regarding questions or technical issues with the Application). | For the duration of the Contract. | Identification data Contact data Login data Information about your device Invoicing and banking data Information from our communication |
| LEGAL OBLIGATION Fulfillment of obligations arising from legal regulations Article 6 para. 1 c) GDPR | There are cases where we are required by law to process personal data. This mainly concerns accounting and tax regulations. | For the period defined by the applicable law, usually 10 years from the end of the accounting year in which a relevant event occurred. | Identification data Contact data Invoicing and banking data |
| LEGITIMATE INTEREST It is in our legitimate interest Article 6(1)(f) GDPR | To protect the Application from attacks, spam or technical issues, we may process log files that include the IP address of the accessing party. | A maximum of 3 months from each activity in the Application. | Information about your device |
| To send you newsletters as a customer, including updates on the Application’s new features or services. | We keep this data for 3 years from the end of the Agreement, or until you opt out (e.g. unsubscribe). | Identification data Contact data | |
| To notify you about important matters related to the Application (e.g. planned outages). | For the duration of the Contract. | Identification data Contact data | |
| To defend our legal claims or protect our rights (e.g. in case of a dispute connected to the Contract). | For a maximum period of 16 years after the Contract ends – this covers the 15-year limitation period under the Civil Code plus an additional year for delayed claims. | Identification data Contact data Information about your device Invoicing and banking data Information from our communication | |
| CONSENT We process your data based on your consent Article 6(1)(a) GDPR | In some cases, we process personal data that cannot be attributed to any of the legal grounds for data processing described above. | We retain this data for the duration of the consent. You can withdraw your consent at any time, for example by e-mail. Even if you withdraw your consent or it expires, we are not always required to delete all your data. We may retain and process data if another legal basis applies. Withdrawal of consent does not affect the legality of data processing that took place before the withdrawal. | We process only the data explicitly listed in your consent to personal data processing. |
Your personal data may be processed both manually and automatically. We do not carry out any profiling.
Who Do We Share Your Personal Data With?
To ensure smooth and efficient operations, we may share your personal data with third parties – primarily our service providers. These partners act as our data processors and may only process your data to the extent we’ve explicitly agreed with them.
Specifically, we may share data with:
- Technology partners whose tools we use within the Application (e.g. AWS cloud services).
- Service providers such as such as accountants, legal or tax advisors, and communication platform providers.
- Google Ireland Ltd, which provides tools like Google Analytics and reCAPTCHA. See how Google handles data.
- Hotjar Ltd., which operates user behaviour tracking tools (e.g. heatmaps). Learn more about Hotjar’s data processing.
We may also disclose your personal data to public authorities if required by law or where we believe it is in our legitimate interest to do so.
Where do we transfer your data?
We do not currently transfer your personal data outside the European Union. If such a transfer becomes necessary in the future, we will only do so in compliance with GDPR requirements – specifically, to countries or entities that ensure an adequate level of data protection, such as the United States.
Cookies
We use cookies to ensure that the Application functions correctly. Cookies are small text files stored on your device that capture specific information from your visit. Each category of cookie serves a different purpose, and you can manage your preferences here. We may use the following types of cookies:
- Essential cookies, which enable our Application to function properly and allow you to use its essential features. These cookies are necessary for the creation of a contract between us, so they do not require your consent.
- Functional cookies, which allow us to tailor the content of the Application to meet your needs and interests, for example your preferred language or the region where you are located. To use them, we need your consent, which you can grant us through the cookie bar.
- Analytical cookies, which help us generate usage statistics and traffic sources. We use them to track traffic to the Application and where you came from. These cookies also require your consent, which you can grant us via the cookie bar.
- Performance cookies, which help us improve site speed and functionality. These cookies help us find out how quickly the website loads, which parts you use most often, and whether any errors occurred. Your consent is required.
- Marketing cookies allow us to tailor our service offerings to your needs. They allow us to offer services through targeted advertising, including third-party tools. These cookies require your consent, which you can grant us through the cookie bar.
A complete list of cookies in use is available in our cookie bar, accessible anytime within the Application.
Your rights regarding personal data
You have several rights under GDPR. You can exercise them by contacting us at gdpr@agnostix.cz or by writing to our registered office:
- Right to withdraw consent. If we process your personal data based on your consent, you can withdraw it at any time.
- Right of access. You can request information about how we process your data and obtain a copy of it (the first copy is free; additional copies may incur a fee for the necessary costs of obtaining the copy).
- Right to correction and completion. You can ask us to correct or complete inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”). Under certain conditions, you can request the deletion of your data (e.g. if it’s no longer needed or you’ve withdrawn consent).
- Right to restriction of processing. You can ask us to limit how we process your data without deleting it.
- Right to data portability. You may request your data in a structured, commonly used format and transfer it to another controller.
- Right to object. You may object to processing based on our legitimate interests. We will evaluate the objection within one month and either stop processing or explain why we believe processing should continue. If you object to marketing communications, we will always honor that choice.
- Right to lodge a complaint. If you believe your data is being processed unlawfully, you may file a complaint with the Czech Data Protection Authority: https://uoou.gov.cz, address Pplk. Sochora 27, 170 00 Prague 7.
These Principles are effective as of 1.4.2025.