Our Data Philosophy: Transparent, Limited, and Yours.

Name: Pixexo
Address: Nám. Republiky 1, 110 00 Praha 1, Czechia
Telephone: +420 734 441 990

At Pixexo, we build digital systems. The data that passes through them is a byproduct of a transaction, not a product to be mined. This policy reflects a single principle: we collect the minimum required to deliver our services, protect your account, and meet legal obligations.

We do not sell, trade, or monetize your personal information. We have no advertising partners and no third-party analytics tracking you across the web.

Review Data Collection

Policy At a Glance

• Account info: name, email, password (hashed).
• Billing data: invoicing details for clients.
• Communication: project files, feedback, messages.
• Technical: server logs for security and uptime.
• No cookies for tracking or advertising.

What We Actually Collect

Our data collection is a direct response to the services we provide. We do not gather speculative data for future use. Each category is paired with its specific purpose and legal justification under the GDPR.

1. Contact & Project Data

This includes your name, email address, phone number, and any project files or messages you send through our contact form or project management interface. We use this to initiate and execute our design and development contracts.

Legal Basis:

Performance of Contract (Art. 6(1)(b) GDPR)

2. Billing Information

For our clients, we require invoicing details (company name, VAT number, address). This data is processed solely for financial compliance and is stored for the legally required period (typically 7 years).

Legal Basis:

Legal Obligation (Art. 6(1)(c) GDPR)

3. Technical & Security Logs

Our servers record anonymized IP addresses, browser types, and request timestamps for security monitoring (e.g., detecting brute-force attacks). These logs are purged after 30 days and are not linked to personal profiles.

Legal Basis:

Legitimate Interest (Art. 6(1)(f) GDPR)

What We Do Not Collect

No Behavioral Tracking

No Google Analytics, Facebook Pixel, or cross-site tracking cookies. Your journey from our site ends with you.

No Third-Party Ad Data

We do not participate in ad networks. We have no data to sell to marketing platforms.

No Health or Biometric Data

Our services are digital. We do not request or process sensitive health information.

No Political or Sexual Data

Our forms are for business and project inquiries. We do not collect sensitive personal data.

Legal Note

This policy is governed by Czech and EU law. As a company based in Prague, we are subject to the GDPR and the Czech Data Protection Act (Act No. 110/2019 Coll.).

Decision Matrix: Data Retention

Data Type	Retention Period
Project Communication	5 years
Invoices & Tax Docs	7 years
Server Security Logs	30 days
Newsletter Subs	Until unsubscribe

Due Diligence for Partners

If you are engaging Pixexo for a project, these questions help establish a shared understanding of data responsibility and compliance.

1. Where is our data physically hosted?

All Pixexo infrastructure resides on EU-based servers (e.g., Hetzner, OVH). We do not transfer data outside the EEA unless specifically contracted and under Standard Contractual Clauses.

2. What is your breach protocol?

We follow a 72-hour GDPR notification clock. All breaches are logged, assessed, and reported to authorities and affected clients within the legal timeframe. We conduct annual penetration testing.

3. Do you process subprocessor data?

Yes, for specific tools (e.g., our hosting provider, email service). A full list of subprocessors is available upon request and is included in our Data Processing Addendum (DPA).

4. How do you handle data subject requests?

We provide a direct channel for access, rectification, and deletion requests. Response time is typically under 30 days. Automated exports are provided where technically feasible.

5. What about legacy systems?

For projects involving legacy data migration, we conduct a DPIA (Data Protection Impact Assessment) to identify risks. Data is anonymized in non-production environments.

6. Can you prove compliance?

We maintain records of processing activities (ROPA), DPAs with all subprocessors, and internal security policies. We are subject to audit by relevant authorities.

Visual: The Framework of Rights

Your Rights Are Not Abstract

Under the GDPR, you possess specific rights regarding your personal data. We do not merely acknowledge these rights; we have built operational processes to fulfill them.

Right of Access

You can request a copy of all personal data we hold about you. We provide this in a common, machine-readable format (JSON or CSV).

Right to Rectification

If your data is inaccurate or incomplete (e.g., a changed email address), we will correct it promptly upon verified request.

Right to Erasure (‘Right to be Forgotten’)

You may request deletion of your personal data. Note: we may retain data required by law (e.g., tax records).

Right to Data Portability

We will transfer your data to another controller, where technically feasible, to facilitate switching services.

To exercise any right, contact our Data Protection Officer at [email protected].

Contact Our Privacy Team

For any questions regarding this policy, our data processing, or to submit a data subject request, use the contact details below or the form.

Email: [email protected]

Phone: +420 734 441 990

Address: Nám. Republiky 1, 110 00 Praha 1, Czechia

Hours: Mon-Fri: 9:00-18:00