New guide: How to obtain a CPSR and legally sell soap in the EU →

Privacy Policy

Effective from: 1 April 2026

1. Identification of the data controller

Administrator: Jan Krasny
Individual: Yes (non-business)
Web: 7virides.com - blog about soap making, natural cosmetics and permaculture
Contact: [email protected]

Data Protection Officer: Unnamed. The processing of personal data is not the main activity of the controller, therefore the appointment of a DPO is not required.

2. Overview of the purposes of processing and legal bases

Purpose Legal basis Subjects Categories of data
Newsletter subscription Consent (Art. 6/1/a GDPR, § 7 of Act 480/2004 Coll.) Interested in the newsletter E-mail, IP address, timestamp
Sending commercial communications Consent (Art. 6/1/a GDPR, § 7 of Act 480/2004 Coll.) Newsletter subscribers E-mail
Google Analytics 4 Consent (Article 6/1/a GDPR - cookie consent) Visitors to the site Cookie identifiers, IP address, device
Technically necessary cookies Legitimate interest (Art. 6/1/f GDPR) Visitors to the site Session cookie, consent cookie, language

3. Detailed description of the individual processing purposes

3.1 Newsletter and commercial communications

Objective: Sending emails containing blog articles, information about natural cosmetics, soap making and permaculture, and product and service promotions.

Legal basis: Consent of the data subject pursuant to Article 6(1)(a) GDPR and Section 7(2) of Act No. 480/2004 Coll.

Collection mechanism (double opt-in):

  1. The user enters an email address
  2. The system sends a confirmation email with a clickable link
  3. By clicking on the link, the user confirms their consent

The consent is kept with time stamp, IP address, text version of the information a the consent identifier for demonstration during controller inspection.

Beneficiaries: Emails are sent via Sendy (self-hosted software) running on the controller's own server in the EU. The data does not leave the controller's infrastructure and is not passed on to third parties.

Retention time: The email address is stored for the duration of the active subscription. After unsubscribing, the email is transferred to Robinson letter and kept for 3 years.

Right to withdraw consent: Consent can be withdrawn at any time by clicking the unsubscribe link in the footer of each email. Withdrawal does not affect the lawfulness of the processing during the period in which the consent was valid.

3.2 Google Analytics 4

Objective: Site traffic analysis - number of visits, user behaviour, popular pages, sources of visits.

Legal basis: Consent of the data subject pursuant to Article 6(1)(a) GDPR. Consent is obtained via a cookie bar (Borlabs Cookie CMP). The website implements Google Consent Mode v2.

Processor: Google LLC (Google Ireland Limited for EEA).

Transfers to third countries: Yes - the data is sent to Google servers in the USA. Legal framework: the EU-US Data Privacy Framework (DPF). Standard Contractual Clauses (SCCs). IP addresses are anonymised.

Retention time: GA4 keeps detailed data for a period of 14 months, then aggregated.

For details on individual cookies, please see Cookie Policy.

3.3 Technically necessary cookies and services

Objective: Manage cookie consent (Borlabs Cookie), session maintenance, language preference, script loading management (Google Tag Manager).

Legal basis (storage of cookies): § 89 (3) ZEK - technically necessary cookies are an exception to the obligation of consent.
Legal basis (data processing): Legitimate interest of the controller pursuant to Article 6(1)(f) GDPR.

For a complete list of cookies, see Cookie Policy.

4. Data subjects and their rights

4.1 Right of access (Article 15 GDPR)

The data subject shall have the right to ask the controller to confirm whether his or her personal data are being processed and to obtain a copy thereof. The controller shall provide the data within 30 days at the latest.

How to apply: E-mail to [email protected] with the subject "Request for access to personal data“.

4.2 Right to rectification (Article 16 GDPR)

The data subject has the right to have inaccurate data corrected.

How to apply: E-mail to [email protected] with the subject "Data correction request“.

4.3 Right to erasure (Article 17 GDPR) - "Right to be forgotten“

The data subject has the right to request the erasure of his or her personal data if:

  • The data are no longer necessary for the original purpose
  • The subject withdraws consent and there is no other legal basis
  • The subject objects to processing pursuant to Article 21
  • The data was processed illegally

How to apply: E-mail to [email protected] with the subject "Request for deletion of data“.

4.4 Right to restriction of processing (Article 18 GDPR)

The data subject has the right to request a restriction of processing if he or she questions the accuracy of the data, the processing is unlawful, or the data subject objects to the processing.

How to apply: E-mail to [email protected] with the subject "Request for restriction of processing“.

4.5 Right to portability (Article 20 GDPR)

The data subject has the right to obtain his or her data in a structured, commonly used and machine-readable format (CSV, XML, etc.).

How to apply: E-mail to [email protected] with the subject "Data portability requirement“.

4.6 Right to object (Article 21 GDPR)

The data subject has the right to object to the processing of their data. If the legal basis is a legitimate interest (Article 6/1/f), the controller must immediately stop the processing, unless he or she demonstrates compelling reasons.

How to apply: E-mail to [email protected] with the subject "Objection to data processing“.

4.7 Right to withdraw consent (Article 7 GDPR)

Consent to processing may be withdrawn at any time. For the newsletter just click on "unsubscribe“ in the email, or write to [email protected].

4.8 Automated decision making

Web does not perform no automated decision making or profiling.

4.9 Right to complain to the OOOÚ

Office for Personal Data Protection (OPDP)
Pplk. Sochor 27, 170 00 Prague 7
Phone: +420 234 665 411
E-mail: [email protected]
Web: www.uoou.gov.cz

5. Security measures and data protection

The controller implements physical, technical and organisational measures to protect personal data:

  • Communication encryption (HTTPS)
  • Restricted access to the database only by the administrator
  • Regular data backups
  • Server firewall and virus protection
  • Strong passwords and two-factor authentication

In the event of a personal data breach, the controller shall report the incident to the OCCP within 72 hours.

6. Voluntary provision of data

The provision of personal data is Voluntary. No legal or contractual requirement obliges the subject to provide the data. The website is fully functional without the consent to analytical cookies.

7. Data retention period - summary overview

Type of data Purpose Preservation time
Email + consent (newsletter) Sending newsletters After the period of active subscription, then Robinson sheet 3 years
GA4 data on Google servers Analytics 14 months

The retention periods of cookies in the browser are specified in Cookie Policy.

8. Multilingualism and language versions

This Policy is available in Czech a English. In the event of a conflict, the text in the Czech language shall prevail.

9. Changes to the Policy

The Administrator reserves the right to change this Policy. In the event of a significant change, the Administrator will notify the newsletter subscriber by email.

10. Contact the administrator

Jan Krasny
E-mail: [email protected]
Web: 7virides.com

Effective from: 1 April 2026

Scroll to Top