1. Data Controller
The data controller within the meaning of Art. 4(7) GDPR is:
Divine Way s.r.o.
Braunerova 563/7, 18000 Praha
Company ID: 02608596
E-mail: info@divineway.cz
Web: divineway.cz
2. Overview of Personal Data Processing
We process only personal data that is necessary for a specific purpose.
| Purpose | Legal Basis | Data Categories | Recipient / Location | Retention Period |
|---|---|---|---|---|
| Sending PDF report and follow-up e-mail communication | Consent (Art. 6(1)(a) GDPR) | E-mail address, domain name | EU server (Zoho Mail EU, Webglobe CZ) | Until consent is withdrawn, max. 3 years |
| Security newsletter (once per quarter) | Consent (Art. 6(1)(a) GDPR) | E-mail address | EU server (Zoho Mail EU) | Until consent is withdrawn |
| Website traffic analysis | Legitimate interest / cookie consent (Art. 6(1)(f) or (a)) | IP address (anonymised), website behaviour | Google LLC (USA), server CZ, Yandex (Russia) | Per platform settings (see § 4) |
| Technical website operation (security logs, functional cookies) | Legitimate interest (Art. 6(1)(f) GDPR) | IP address, session data | Webglobe CZ — server in the Czech Republic | Max. 90 days |
3. Domain Security Audit Form
Through the free domain audit tool on our website we process:
- E-mail address — to deliver the PDF report and follow-up communication
- Domain name — to perform the technical analysis
By submitting the form you give your consent to the processing of your e-mail address for:
- delivery of the audit results (PDF report),
- sending up to 3 follow-up e-mails with IT security recommendations,
- sending a security newsletter approximately once per quarter.
Consent is voluntary and may be withdrawn at any time by clicking the “Unsubscribe” link in any e-mail, or by writing to info@divineway.cz. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Your e-mail data is not shared with third parties for their own marketing purposes.
4. Analytics Tools and Cookies
4.1 Burst Statistics (own server)
The Burst Statistics plugin records traffic directly on our server (Webglobe, Czech Republic). No data is transferred to third parties. IP addresses are anonymised. Processing is based on legitimate interest.
4.2 Google Analytics 4
We use Google Analytics 4 (Google LLC, USA). Once analytics cookies are accepted, the tool collects pseudonymous traffic data (anonymised IP address, website behaviour). Data is transferred to the USA under the EU–USA Data Privacy Framework.
- Data retention in GA4: 14 months.
- Opt-out: Google Analytics Opt-out Browser Add-on
- Google Privacy Policy: policies.google.com/privacy
4.3 Yandex Metrica
We use the Yandex Metrica analytics service (Yandex N.V.). The service processes pseudonymous traffic data (anonymised IP address, website behaviour). Data is transferred to the Russian Federation on the basis of Standard Contractual Clauses (SCC) approved by the European Commission under Art. 46(2)(c) GDPR. Traffic analytics data is not shared with any third parties.
- Yandex Metrica is activated only after you have consented to analytics cookies.
- Only anonymised website behaviour data is processed — no personal identifiers.
- Opt-out: yandex.com/support/metrica/general/opt-out.html
- Yandex Privacy Policy: yandex.com/legal/confidential/
5. Cookies
Our website uses cookies. On your first visit we display a cookie banner where you can choose the scope of your consent.
| Category | Description | Legal Basis |
|---|---|---|
| Necessary | Enable core website functions (login, CSRF protection). Cannot be declined. | Legitimate interest |
| Analytics | Website traffic statistics (GA4, Burst Stats, Yandex Metrica). Collected only with your consent. | Consent |
| Preferences | Remember your choices (language, settings). Collected only with your consent. | Consent |
You can change or withdraw your cookie consent at any time by clicking “Cookie Settings” in the website footer.
6. Recipients and Processors
We process your data primarily ourselves. The following processors receive data on our behalf:
- Webglobe s.r.o. — website hosting, server in the Czech Republic
- Zoho Corporation Pvt. Ltd. — e-mail platform, EU datacenter (Amsterdam)
- Google LLC — Google Analytics 4, USA (transfer under EU–USA Data Privacy Framework)
- Yandex N.V. — Yandex Metrica (only with cookie consent; transfer to Russia under SCC)
We do not sell or share personal data with third parties for their own marketing purposes.
7. Your Rights
You have the right to:
- Access — request information on whether and which personal data we process
- Rectification — request correction of inaccurate or completion of incomplete data
- Erasure (“right to be forgotten”) — request deletion of data where the purpose has ceased
- Restriction — request temporary restriction of processing
- Portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdraw consent — withdraw consent at any time without affecting prior processing
To exercise your rights, write to info@divineway.cz. We will respond within 30 days.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. In the Czech Republic:
Office for Personal Data Protection (UOOU)
Pplk. Sochora 727/27, 170 00 Prague 7, Czech Republic
Tel.: +420 234 514 111
E-mail: posta@uoou.cz
Web: uoou.cz
9. Updates
This policy may be updated periodically. The current version is always available at divineway.cz/privacy-policy.
Last updated: 15.05.2026