Privacy Policy

Digi Wolf Agency s.r.o., IČO 243 44 648 ("we", "our", "us") is a digital agency registered in the Czech Republic. Our registered office is at Varšavská 715/36, Vinohrady, 120 00 Praha 2. We operate in the European Union and can be contacted at info@digiwolf.agency. We are the data controller for personal data collected through our website at digiwolf.agency and through our services.

We collect only the personal data you provide to us, plus limited technical data generated when you visit our site. Contact form (/contact): • Name • Email address • Company name (optional) • Message content • Service and budget range you select in the form Bookings (/book via Cal.com): • Name • Email address • Booking details needed to schedule your call (date, time, event type, and any notes you provide) Technical data: • IP address, browser type, device type, and pages visited — collected automatically by our hosting provider for security and performance We do not collect special category data (health, race, political opinions, etc.) and we do not sell your personal data.

We process your personal data for the following purposes: • To respond to contact form enquiries and follow up on your project (pre-contractual steps / legitimate interest) • To schedule, confirm, and manage discovery calls and consultations booked through Cal.com (pre-contractual steps / contractual necessity) • To send internal email notifications to our team when you submit a form or booking (legitimate interest) • To store enquiry and booking records in our database (legitimate interest / contractual necessity) • To operate, secure, and improve our website (legitimate interest) • To comply with legal obligations under Czech and EU law We do not use your data for automated decision-making or profiling.

Under the General Data Protection Regulation (EU) 2016/679 ("GDPR"), we rely on the following legal bases: • Art. 6(1)(b) — Contractual necessity / pre-contractual steps: processing needed to respond to your enquiry, schedule a call, or deliver services you request • Art. 6(1)(f) — Legitimate interests: operating our website, storing records, sending internal notifications, and preventing abuse — balanced against your rights • Art. 6(1)(c) — Legal obligation: processing required to comply with Czech or EU law (e.g. accounting records for clients) • Art. 6(1)(a) — Consent: only where we explicitly ask for it (e.g. optional marketing). You may withdraw consent at any time.

We keep personal data only as long as necessary for the purposes above: • Contact form submissions: up to 3 years from your last interaction with us, unless a client relationship continues • Booking records: up to 3 years after the scheduled call, or longer if you become a client • Client project and invoice data: up to 10 years where required by Czech accounting law • Server and security logs: typically up to 90 days When data is no longer needed, we delete or anonymise it. You may request earlier deletion (see Section 9).

We use trusted service providers to run our website and handle your data. Each acts as a data processor on our instructions: • Supabase — database hosting and storage of contact and booking records (EU-based infrastructure) • Resend — transactional email delivery when you submit the contact form (notification to our team) • Cal.com — scheduling platform embedded on /book; processes name, email, and booking details when you book a call • Vercel — website hosting, content delivery, and serverless functions; may process IP addresses and request logs We have data processing agreements in place with these providers where required. We do not authorise them to use your data for their own marketing purposes.

We aim to process data within the European Economic Area (EEA). Some providers (including Vercel and Cal.com) may process data in the United States or other countries outside the EEA. Where transfers occur, we rely on appropriate safeguards under GDPR Chapter V — such as Standard Contractual Clauses approved by the European Commission, or adequacy decisions where applicable. You may request more information about safeguards for a specific transfer by contacting us.

Our website uses strictly necessary cookies required for basic site operation and security. When you book a call, Cal.com may set its own cookies in the embedded scheduler. We do not currently use analytics or advertising cookies on digiwolf.agency. Your cookie preference is stored locally in your browser when you respond to our cookie notice. See our Cookie Policy at /cookies for full details.

You have the following rights regarding your personal data: • Right of access (Art. 15): request a copy of the personal data we hold about you • Right to rectification (Art. 16): correct inaccurate or incomplete data • Right to erasure (Art. 17): request deletion of your data ("right to be forgotten") • Right to restriction (Art. 18): limit how we process your data in certain circumstances • Right to data portability (Art. 20): receive your data in a structured, commonly used format • Right to object (Art. 21): object to processing based on legitimate interests • Right to withdraw consent (Art. 7(3)): where processing is based on consent, withdraw it at any time To exercise any of these rights, email info@digiwolf.agency. We will respond within 30 days. You also have the right to lodge a complaint with the Czech supervisory authority: Office for Personal Data Protection (Úřad pro ochranu osobních údajů) Pplk. Sochora 27, 170 00 Prague 7, Czech Republic www.uoou.cz

We implement appropriate technical and organisational measures to protect your personal data, including: • Encrypted data transmission (HTTPS/TLS) • Encrypted database storage via Supabase • Access controls limiting who can view enquiry and booking data • Webhook signature verification for inbound booking data No method of transmission over the internet is completely secure. We take reasonable precautions but cannot guarantee absolute security.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Where appropriate, we may also notify you by email. Continued use of our website after changes constitutes acceptance of the updated policy.