Legal · GDPR · Czech Republic

Privacy policy.

How i46 s.r.o. collects, uses, and protects personal data : written for humans, structured for the regulators.

Controller
i46 s.r.o., Prague, CZ
Effective
15 January 2026
Version
v2026.01

On this page

1. Controller 2. What we collect 3. Purposes & legal bases 4. Sharing & processors 5. International transfers 6. Retention 7. Your rights 8. Cookies 9. Security 10. Children 11. Changes 12. Contact & DPA

1. Data Controller

For the purposes of Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR”) and Czech Act No. 110/2019 Coll. on the processing of personal data, the controller of personal data processed via this website and our services is:

  • i46 s.r.o.
  • Registered office: Prague, Czech Republic
  • Identification: registered in the Czech Commercial Register
  • Contact: privacy@i46.cz

i46 s.r.o. has not appointed a Data Protection Officer (DPO) as it is not required to do so under Article 37 GDPR. All privacy enquiries are handled by management at the address above.

2. What personal data we collect

We process only the personal data necessary to operate our website, deliver our services, and meet our legal obligations under EU and Czech law.

2.1 Data you give us directly

  • Contact form data : name, work email, company, role, the contents of your message and the topic you selected.
  • Commercial correspondence : emails, signed agreements, invoicing details, sample-shipment metadata when you engage our laboratory services.
  • Consortium & project data : partner identifiers, technical specifications, contractual records when we collaborate on EU- or ESA-funded projects.

2.2 Data collected automatically

  • Server logs : IP address, user agent, referrer, requested URL, timestamp. Retained for security and abuse-prevention purposes only.
  • Essential cookies : a single first-party preference cookie that records your cookie-consent choice. No analytics, no advertising, no fingerprinting.

2.3 Data we deliberately do not collect

We do not run marketing analytics, behavioural tracking, third-party advertising pixels, or session replay. The training datasets we sell (i46 Product P05) are derived from network traffic of devices we operate or are explicitly licensed to monitor; they exclude personal identifiers and are processed under separate contractual safeguards.

3. Purposes & legal bases

PurposeCategoriesLegal basis (Art. 6 GDPR)
Replying to enquiries from the contact formIdentification & contact data(b) pre-contractual measures · (f) legitimate interest in operating the business
Performing commercial services (assessment, testing, certification)Contact, technical, billing(b) performance of a contract
Statutory accounting & tax recordsBilling, identifiers(c) legal obligation (Czech Act No. 563/1991 Coll.)
Operating consortium and grant-funded R&DPartner identifiers, project metadata(b) contract · (f) legitimate interest in delivery
Network security & abuse preventionServer logs, IP(f) legitimate interest in keeping our services secure
Cookie consent recordConsent flag(c) legal obligation (ePrivacy / GDPR Art. 7)

4. Sharing & processors

We share personal data only with carefully selected processors and only to the extent necessary. Current processors include:

  • Formspree, Inc. : contact-form delivery; receives the fields you submit.
  • Hosting & CDN providers : operate the servers that deliver this website. Server-log access only.
  • Email provider : handles commercial correspondence with our team.
  • Accountants & auditors : when required to satisfy our statutory obligations.
  • Consortium partners and EU funding bodies : when you participate in joint projects, only as defined in the relevant grant agreement and consortium contract.

We do not sell personal data. We do not share data for direct-marketing purposes. Each processor is bound by a written data-processing agreement consistent with Art. 28 GDPR.

5. International transfers

Some of our processors operate from countries outside the European Economic Area. Where this happens, transfers rely on European Commission adequacy decisions or on Standard Contractual Clauses (SCCs) as published by the European Commission, supplemented where appropriate by additional technical and organisational safeguards. You may request a copy of the safeguards used by writing to privacy@i46.cz.

6. Retention

  • Contact-form enquiries : up to 24 months from last contact, then deleted.
  • Commercial contracts & deliverables : for the duration of the contract plus 10 years (Czech tax/accounting law).
  • Server logs : up to 90 days for routine traffic; up to 12 months for security investigations.
  • Cookie-consent record : up to 12 months in your browser, until cleared by you.
  • Project & grant records : as required by the relevant funder, typically up to 5 years after project closure.

7. Your rights under the GDPR

Under Articles 15–22 of the GDPR you have the right to:

  • Access : obtain confirmation of, and a copy of, your personal data we process.
  • Rectification : correct inaccurate or incomplete data.
  • Erasure : request deletion when we no longer have a lawful reason to retain your data.
  • Restriction : limit processing in defined circumstances.
  • Portability : receive data in a structured, commonly used, machine-readable format.
  • Object : object to processing based on our legitimate interests.
  • Withdraw consent : at any time, where processing is based on consent.
  • Lodge a complaint : with the Czech supervisory authority, the Úřad pro ochranu osobních údajů (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic : or with the supervisory authority of your EU member state.

To exercise any of these rights, write to privacy@i46.cz. We respond within one month, extendable by two further months for complex requests (Art. 12(3) GDPR).

8. Cookies

This site uses only strictly necessary cookies. Specifically, a single first-party preference cookie (i46_cookie_consent) records whether you accepted or declined our cookie banner so we don't show it again. We do not use analytics, advertising, or cross-site tracking cookies. Because no non-essential cookies are set, no consent is required under Czech and EU ePrivacy rules : but the banner is offered for transparency.

9. Security

We apply state-of-the-art technical and organisational measures, including encryption in transit (TLS 1.3), encryption at rest where personal data is stored, principle-of-least-privilege access controls, access logging, and routine penetration testing of our internal systems. Our security practice is informed by the EU Cyber Resilience Act requirements that we help our customers meet.

10. Children

Our services are directed at businesses, research institutions, and public bodies. We do not knowingly collect personal data from children under 16. If you believe a child has submitted personal data to us, please contact us and we will erase it promptly.

11. Changes to this policy

We may update this policy to reflect operational, legal, or regulatory changes. The version number and effective date at the top of this page are authoritative. Material changes are announced on the homepage at least 14 days before they take effect.

12. Contact & data-protection enquiries

For privacy enquiries, complaints, or to exercise your GDPR rights:

  • Email: privacy@i46.cz
  • Postal: i46 s.r.o., Prague, Czech Republic
  • General contact: contact form

This document is provided in English. The Czech-language version, available on request, prevails in any conflict of interpretation under Czech law.