Privacy Policy

1. Introduction

Welcome to ProfDigital.

In this Privacy Policy, “ProfDigital” refers to the website available at https://profdigital.net and the services offered through it. The website and services are operated by River net s.r.o.

This Privacy Policy explains how ProfDigital collects, uses, stores and protects personal data when you:

  • visit the ProfDigital website
  • place or pay for an order
  • contact our Sales or Support Team
  • use services provided by ProfDigital

participate in a referral, affiliate or promotional programme connected with our website.

We believe privacy information should be clear and easy to understand. This Policy explains what information we process, why we need it and what rights you have.

2. Who Is Responsible for Your Personal Data

The ProfDigital website and services are operated by:

River net s.r.o.

Company ID: 23308958

Zbraslavská 12/11, Malá Chuchle

159 00 Prague 5

Czech Republic

Telephone: +420 720 589 535

River net s.r.o. is the data controller for personal data collected through the ProfDigital website, ordering process, payment administration, customer communications and business operations.

Privacy-related requests may be submitted through the contact form or other contact methods published on the ProfDigital website. Please include the words “Privacy Request” in your message so that we can identify and process it correctly.

3. Scope of This Policy

This Policy applies to personal data processed by ProfDigital in connection with the website and our services.

It does not normally apply to personal data contained in websites, applications, files, databases or other content that customers store or process using ProfDigital hosting or server services.

For customer-hosted personal data, the customer normally determines why and how the data is processed and therefore acts as the data controller. ProfDigital acts as a data processor or service provider to the extent required for providing the purchased service.

More information about customer-hosted data is provided in Section 11.

4. Personal Data We Collect

The personal data we collect depends on how you use the website and which services you purchase.

4.1 Information provided during an order

When you place an order, we may collect:

  • your first and last name
  • email address
  • telephone number
  • company or organisation name
  • billing address
  • country of residence or business
  • tax or VAT information, where required
  • the service selected
  • service configuration and technical requirements
  • order number
  • amount, currency and payment status
  • transaction or payment reference
  • information necessary to issue an invoice

information relating to refunds, disputes or chargebacks.

You are responsible for ensuring that the information provided during checkout is accurate and up to date.

4.2 Payment information

Payments are generally processed by independent payment service providers.

ProfDigital does not normally receive or store complete payment-card details. Depending on the payment method, we may receive:

  • the payer’s name
  • billing details
  • transaction identifier
  • payment amount and currency
  • payment status
  • payment date
  • limited fraud-prevention or verification information

confirmation that the payment was approved, declined, refunded or disputed.

The payment provider processes payment information according to its own privacy notice and legal obligations.

4.3 Information provided when contacting us

When you contact ProfDigital through a form, email, telephone or support channel, we may collect:

  • your name
  • email address
  • telephone number
  • company name
  • order number
  • the content of your message
  • attachments or screenshots you provide
  • support and communication history

technical information necessary to investigate your request.

Please do not send passwords, private encryption keys, payment-card details or other highly sensitive information unless we specifically request it through an appropriate secure channel.

4.4 Service and technical information

To configure, provide and support a purchased service, we may process:

  • domain names and hostnames
  • server IP addresses
  • operating-system and software selections
  • selected server resources and configurations
  • certificate information
  • access details generated for the service
  • service activation and expiry dates
  • usage, traffic and resource information
  • technical and diagnostic logs
  • abuse, security and network-event records

information provided during technical-support requests.

We process this information only to the extent reasonably necessary to provide, secure and support the service.

4.5 Information collected automatically

When you use the website, our systems may automatically collect:

  • IP address
  • browser type and version
  • device type
  • operating system
  • language settings
  • approximate geographic region derived from the IP address
  • date and time of access
  • pages viewed
  • links and buttons used
  • referring website or search engine
  • campaign, affiliate or referral identifier
  • cookie and session identifiers

server, security and error logs.

This information helps us operate the website, protect it against abuse and understand how visitors use it.

4.6 Information received from third parties

We may receive limited information from:

  • payment providers and financial institutions
  • data-centre, network and infrastructure providers
  • SSL-certificate issuers and software suppliers
  • security, fraud-prevention and abuse-monitoring providers
  • referral and affiliate partners
  • advertising or analytics providers, where such tools are used lawfully
  • public business registers

professional advisers and public authorities.

We do not purchase personal profiles or demographic databases for the purpose of creating detailed profiles of website visitors.

5. How We Use Personal Data

We use personal data only where we have a valid purpose and a lawful basis.

5.1 To provide the website and services

We process personal data to:

  • receive and review orders
  • confirm payments
  • configure and deliver services
  • issue access information
  • provide customer and technical support
  • manage renewals, expiry and termination

communicate about an order or service.

The usual legal basis is the performance of a contract or taking steps requested by you before entering into a contract.

5.2 To process payments and maintain financial records

We process order, billing and transaction information to:

  • collect and verify payments
  • issue invoices
  • process refunds
  • investigate payment disputes and chargebacks

maintain accounting and tax records.

The legal bases are performance of a contract, compliance with legal obligations and our legitimate interest in preventing payment fraud and protecting our financial interests.

5.3 To communicate with you

We use contact information to:

  • respond to questions
  • provide support
  • send order confirmations
  • provide service-delivery instructions
  • notify you about important technical or security matters

respond to complaints and privacy requests.

The legal bases are performance of a contract and our legitimate interest in operating an effective customer-support service.

5.4 To protect security and prevent abuse

We may process technical, payment and usage information to:

  • protect the website and infrastructure
  • detect malware, fraud and unauthorised access
  • prevent spam, phishing and network abuse
  • investigate violations of our Terms of Use
  • enforce resource and security restrictions
  • respond to security incidents

protect customers and third parties.

The legal basis is our legitimate interest in maintaining secure, stable and lawful services and, where applicable, compliance with legal obligations.

5.5 To comply with law and protect legal rights

We may process and preserve information where necessary to:

  • comply with tax, accounting and regulatory requirements
  • respond to lawful requests from public authorities
  • establish, exercise or defend legal claims
  • investigate suspected unlawful activity

enforce our agreements and policies.

The legal bases are compliance with legal obligations and our legitimate interest in protecting our rights.

5.6 To improve the website and services

We may use technical and usage information to:

  • understand website performance
  • identify technical problems
  • improve page structure and usability
  • analyse general service demand

improve security and infrastructure.

Where optional analytics technologies require consent, we use them only after the required consent has been obtained.

5.7 Marketing communications

We may send information about ProfDigital services, updates or offers where:

  • you have requested such communications

you have provided consent; or

another lawful basis permits the communication.

You may unsubscribe from marketing messages at any time.

Order confirmations, service notices, security alerts and other necessary operational messages are not marketing communications and may continue while they are relevant to your order or service.

6. Legal Bases for Processing

Depending on the situation, ProfDigital relies on one or more of the following legal bases:

Contract: processing is necessary to take an order or provide a purchased service.

Legal obligation: processing is required by tax, accounting, regulatory or other applicable law.

Legitimate interests: processing is necessary to operate, secure and improve our business, prevent fraud, protect infrastructure or establish legal claims, provided that your rights do not override those interests.

Consent: you have freely agreed to a specific use of your data, such as optional cookies or certain marketing communications.

Legal claims: processing is necessary to establish, exercise or defend legal rights.

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect processing that was lawful before the consent was withdrawn.

7. Cookies and Similar Technologies

ProfDigital may use cookies, local storage, pixels and similar technologies.

7.1 Necessary cookies

Necessary technologies may be used to:

  • operate website functions
  • maintain a checkout or service-selection session
  • remember language or basic preferences
  • protect forms and payments
  • prevent fraud and abuse

maintain website and network security.

These technologies are required for the website to operate correctly.

7.2 Optional cookies

Where used, optional cookies may help us:

  • measure website traffic and performance
  • understand how visitors use the website
  • remember additional preferences
  • measure advertising or referral campaigns

improve marketing relevance.

Where consent is required, optional cookies are activated only after you make a choice through the cookie notice or consent tool.

7.3 Managing cookies

You may manage optional cookies through the website’s cookie settings, where available, and through your browser settings.

Blocking necessary cookies may prevent parts of the website or checkout process from working correctly.

Third-party services may set their own cookies and process data according to their own privacy policies.

8. Referral, Affiliate and Advertising Sources

Visitors may arrive at the ProfDigital website through search engines, advertisements, banners, social media, partner websites, affiliate programmes or referral links.

To identify the source of a visit and measure a campaign, we may process:

  • the referring page
  • campaign or affiliate identifier
  • date and time of the visit
  • cookie or session identifier
  • whether an order was completed

limited order value or commission information.

Where necessary, we may confirm a qualifying transaction to the relevant affiliate or referral partner.

We do not provide affiliate partners with complete payment-card details, customer-hosted content or technical access credentials.

Optional advertising or tracking technologies are used only in accordance with applicable consent requirements.

9. How We Share Personal Data

We share personal data only where reasonably necessary for the purposes described in this Policy.

Recipients may include:

9.1 Payment and financial service providers

Banks, payment processors, card networks and fraud-prevention providers may receive information necessary to process or verify a payment.

9.2 Infrastructure and technical providers

Data centres, hosting providers, network operators, software suppliers, licence providers, SSL-certificate issuers and technical contractors may receive information necessary to provide the selected service.

9.3 Communication and support providers

Email, messaging, telephone, ticketing and support-system providers may process information necessary to deliver communications and support.

9.4 Security and fraud-prevention providers

Security, DDoS-protection, logging, anti-abuse and fraud-prevention services may process IP addresses, technical logs and transaction indicators.

9.5 Analytics, referral and advertising providers

Where these tools are used lawfully, providers may receive cookie identifiers, IP addresses, referral information and website-usage data.

9.6 Professional advisers

Accountants, auditors, lawyers, insurers and other professional advisers may receive information where necessary for professional services or legal claims.

9.7 Public authorities

We may disclose information where required by law, court order or a valid request from a competent authority.

9.8 Business transactions

If River net s.r.o. is involved in a merger, restructuring, acquisition, financing or sale of assets, personal data may be disclosed as part of that transaction, subject to appropriate confidentiality and legal safeguards.

Service providers acting on our behalf are permitted to process personal data only for authorised purposes and are expected to protect it appropriately.

ProfDigital does not sell personal data.

10. International Data Transfers

We aim to process personal data within the European Economic Area whenever reasonably possible.

Some service providers may operate or store data outside the European Economic Area.

Where personal data is transferred internationally, we use appropriate safeguards where required, such as:

  • a European Commission adequacy decision
  • approved Standard Contractual Clauses
  • contractual and technical security measures

another lawful transfer mechanism.

You may contact us for general information about the safeguards relevant to your personal data.

11. Personal Data Stored by Customers

ProfDigital hosting, VPS, VDS and related services may be used by customers to store or process personal data relating to their own visitors, users, employees or clients.

For such customer-hosted data:

  • the customer normally acts as the data controller
  • ProfDigital normally acts as a data processor
  • ProfDigital processes the data to provide, secure and support the service
  • the customer is responsible for having a lawful basis for the processing
  • the customer is responsible for providing its own privacy notices
  • the customer is responsible for responding to requests from its data subjects

ProfDigital may assist the customer where reasonably required and technically possible.

We do not use customer-hosted content for advertising or for creating marketing profiles.

We may access customer-hosted data only where reasonably necessary to:

  • provide technical support requested by the customer
  • maintain or secure the infrastructure
  • investigate abuse or a security incident
  • comply with applicable law

protect ProfDigital, customers or third parties.

Where required by applicable data-protection law, the relationship between ProfDigital and a business customer may be governed by a separate data processing agreement.

A person seeking to exercise rights regarding data controlled by a ProfDigital customer should normally contact that customer first.

12. Data Retention

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected.

Retention periods depend on the type of information and the legal or operational reason for keeping it.

For example:

  • order, invoice and payment records may be retained for the period required by accounting and tax law
  • service information may be retained while the service is active and for a reasonable period afterwards
  • support communications may be retained to manage the service, resolve disputes and improve support
  • security and technical logs are normally retained for a limited period appropriate to their purpose
  • fraud, abuse and chargeback records may be retained to protect our business and prevent repeated misuse
  • marketing information is retained until you unsubscribe, withdraw consent or the information is no longer required

information relevant to legal claims may be retained until the applicable limitation period has ended.

When data is no longer required, we delete, anonymise or securely restrict it.

Customer-hosted data may be removed after service expiry or termination in accordance with the service configuration and our Terms of Use. Where backup copies exist, deleted data may remain in protected backups for a limited period until those backups are overwritten or securely deleted.

13. Data Security

We use reasonable technical and organisational measures designed to protect personal data against:

  • unauthorised access
  • unlawful use or disclosure
  • accidental loss
  • alteration
  • destruction

malware and network attacks.

Measures may include access controls, encryption in transit, authentication, logging, backups, network protection, monitoring and staff or contractor confidentiality requirements.

No internet-based service can guarantee absolute security. Customers are also responsible for protecting their devices, systems, software and access credentials.

If you believe personal data or service credentials have been compromised, please contact us promptly.

14. Your Data-Protection Rights

Depending on the circumstances and applicable law, you may have the right to:

14.1 Access

You may ask whether we process your personal data and request a copy of that data.

14.2 Rectification

You may ask us to correct personal data that is inaccurate or incomplete.

14.3 Erasure

You may ask us to delete personal data where there is no longer a lawful reason to retain it.

14.4 Restriction

You may ask us to temporarily restrict the way certain personal data is processed.

14.5 Data portability

Where applicable, you may request personal data that you provided to us in a structured, commonly used and machine-readable format.

14.6 Objection

You may object to processing based on legitimate interests, including direct marketing.

14.7 Withdrawal of consent

Where processing is based on consent, you may withdraw that consent at any time.

14.8 Complaint

You may lodge a complaint with a competent data-protection authority.

These rights are not absolute. We may retain or continue processing information where permitted or required by law.

To protect personal data, we may ask you to verify your identity before responding to a request.

We aim to respond without undue delay and normally within one month, unless the law allows additional time due to the complexity or number of requests.

15. Supervisory Authority

You may submit a complaint to the Czech data-protection authority:

Office for Personal Data Protection

Úřad pro ochranu osobních údajů

Pplk. Sochora 27

170 00 Prague 7

Czech Republic

We encourage you to contact ProfDigital first so that we have an opportunity to investigate and resolve your concern.

16. Automated Decision-Making

ProfDigital does not normally make decisions based solely on automated processing that produce legal or similarly significant effects for customers.

Payment, fraud-prevention or security providers may use automated systems to assess transactions or suspicious activity. Those providers operate under their own legal obligations and privacy notices.

Where ProfDigital introduces significant automated decision-making in the future, we will provide the information required by law.

17. Children

ProfDigital services are intended for persons who have the legal capacity to purchase and use digital services.

We do not knowingly collect personal data directly from children who are not legally able to enter into such arrangements.

If you believe that a child has provided personal data to us without appropriate authorisation, please contact us so that we can review and, where appropriate, delete the information.

18. Third-Party Websites

The ProfDigital website may contain links to third-party websites or services.

ProfDigital does not control the privacy practices of independent third parties. Their collection and use of personal data are governed by their own privacy policies.

We recommend reviewing the relevant privacy information before providing data to a third party.

19. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • changes to the website or services
  • new legal or regulatory requirements
  • changes to our suppliers or technical systems

improvements to our privacy practices.

The current version will be published on the ProfDigital website together with the date of the latest update.

Where a change materially affects how personal data is processed, we may provide an additional notice where reasonably required.

20. Contact Us

Questions, complaints and requests relating to this Privacy Policy or personal data may be submitted through the contact methods published on the ProfDigital website.

Please write “Privacy Request” in the subject line or at the beginning of your message.

River net s.r.o.

Company ID: 23308958

Zbraslavská 12/11, Malá Chuchle

159 00 Prague 5

Czech Republic

Telephone: +420 720 589 535