Personal Data Protection
Effective from 16 June 2026
1. Data controller
The controller of personal data is Jakub Procházka, IČO —, DIČ —, with its registered office at , e-mail prochazka@ai-scan.eu. We have not appointed a data protection officer; for all data protection matters, please contact us at the e-mail address provided.
2. What data we process
• Identification and contact data: e-mail, company name, billing details (IČO, DIČ, billing name and address). • Data entered into the audit: field of business, city, products/services, website address. • Order and payment data: product, price, payment status (without payment card details — these are processed directly by Stripe). • Technical data: IP address, approximate location derived from the IP address, device and browser type, and, following the granting of consent, data on interaction with the website.
3. Purposes and legal bases of processing
• Performance of the contract (Art. 6(1)(b) GDPR): carrying out the audit, delivering the PDF, making the result available. • Compliance with a legal obligation (point (c)): issuing and archiving tax documents. • Legitimate interest (point (f)): securing the website, fraud prevention, enforcement of claims, and direct marketing of the provider’s own similar products to existing customers. • Consent (point (a)): analytics tools and optional marketing communications. Consent may be withdrawn at any time.
4. E-mail communication
Transactional e-mails (confirmation, result, invoice) are always sent on the basis of performance of the contract. Reminders of incomplete orders and offers of related products are sent on the basis of legitimate interest, or consent where applicable; you may unsubscribe from them at any time via the link in the e-mail or at prochazka@ai-scan.eu.
5. Recipients and processors
We use the following processors to operate the service: • Stripe Payments Europe, Ltd. — payment processing. • OpenAI — processing of audit queries (we transmit only the company name, field of business, city and products, not personal contact data). • Hetzner Online GmbH — server infrastructure (EU). • Webglobe, s.r.o. — sending e-mails. • Microsoft Ireland Operations Ltd. (Microsoft Clarity) — website analytics following the granting of consent. We do not pass data on to other third parties for their own marketing purposes.
6. Transfer to third countries
Some processors (in particular OpenAI and Microsoft Clarity) may also process data outside the EU/EEA, in particular in the United States. The transfer is secured by appropriate safeguards under the GDPR — the European Commission’s standard contractual clauses, or on the basis of an adequacy decision (the EU–US Data Privacy Framework). A copy of the safeguards may be requested at prochazka@ai-scan.eu.
7. Retention period
• Tax documents and order data: 10 years (statutory obligation). • Audit results: for the period necessary to provide the service and to display them again, after which we delete or anonymise them. • Data processed on the basis of consent: until consent is withdrawn. Once these periods have elapsed, we securely delete the data.
8. Your rights
You have the right of access to your data, to its rectification, erasure, restriction of processing, portability, and the right to object to processing based on legitimate interest, including direct marketing. You also have the right to withdraw any consent granted at any time. We handle requests at prochazka@ai-scan.eu without undue delay.
9. Supervisory authority
If you believe that the processing of your data has infringed your rights, you may lodge a complaint with a supervisory authority. For the Czech Republic, this is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz. Data subjects from other EU countries may turn to the supervisory authority in their own country.
10. Cookies and analytics
We use necessary cookies for the functioning of the website and to store your consent choice. We launch analytics tools (Microsoft Clarity) only after your consent. You can find details in the Cookies document.
11. Automated decision-making
We do not carry out automated decision-making with legal effects for the data subject within the meaning of Art. 22 GDPR. The audit is the output of a tool that serves as informational supporting material.
12. Changes and effectiveness
We may update these principles; the current wording is always available on the website. These principles are effective from the date stated above.