Privacy Policy

This Privacy Policy was last updated on 20. 4. 2026 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

This Privacy Policy describes how Notum Technologies s.r.o. ("Notum", "we", "us", "our") collects, uses, and protects your personal data when you visit notum.tech, contact us via our forms or email, or engage with us as a client, candidate, or partner. We are committed to transparency and to processing your data lawfully under the EU General Data Protection Regulation (GDPR) and Czech Act No. 110/2019 Coll. on Personal Data Processing.

1. Who we are (Data Controller)

Notum Technologies s.r.o.
Dornych 678/90, Komárov, 617 00 Brno, Czech Republic
Company ID (IČO): 07020015
VAT ID (DIČ): CZ07020015
Registered in the Commercial Register maintained by the Regional Court in Brno, file no. C 105675.

Contact for all matters (including privacy): info@notum.tech

We do not have a formally appointed Data Protection Officer (DPO), as we are not legally required to. Privacy inquiries are handled by our management team.

2. What personal data we collect

We only collect data you provide voluntarily or that is strictly necessary for the website to function.

2.1 When you fill in a contact or demo form
  • Full name
  • Business email address
  • Company name
  • Phone number (optional)
  • Message content and any attachments
  • Technical metadata (IP address, browser, timestamp) — for spam prevention
2.2 When you subscribe to our newsletter or content
  • Name
  • Email address
  • Consent timestamp and source
2.3 When you visit our website
  • Cookies and similar technologies (see Section 9)
  • Usage data via analytics tools (pages visited, referrer, device type, approximate location)
2.4 When you apply for a job
  • Information in your CV and cover letter
  • LinkedIn profile (if provided)
  • Correspondence related to the recruitment process
2.5 When you become a client or supplier
  • Contact person details
  • Billing and company identification data
  • Contract and project-related correspondence

We do not intentionally collect special categories of personal data (health, religion, political views, etc.). Please do not send us such information.

3. Why we process your data (Legal basis)

Purpose Legal basis (GDPR)
Responding to your inquiry via form or email Art. 6(1)(b) — pre-contractual steps; Art. 6(1)(f) — legitimate interest
Performing a contract with a client or supplier Art. 6(1)(b) — contract performance
Sending marketing communications to existing clients Art. 6(1)(f) — legitimate interest (with opt-out)
Sending newsletters to subscribers Art. 6(1)(a) — your consent
Analytics and website improvement Art. 6(1)(a) — your consent (via cookie banner)
Recruitment Art. 6(1)(b) — pre-contractual steps; Art. 6(1)(a) — consent for talent pool
Legal compliance (accounting, tax) Art. 6(1)(c) — legal obligation
Defending legal claims Art. 6(1)(f) — legitimate interest

4. How long we keep your data

Data category Retention period
Contact form inquiries (no contract signed) 12 months from last contact
Client and project data Duration of contract + 10 years (statutory accounting obligation)
Newsletter subscribers Until you unsubscribe
Job applications (unsuccessful, no consent for talent pool) 6 months
Job applications (with consent for talent pool) 2 years
Website analytics data Up to 14 months
Cookies See Section 9

After these periods, data is deleted or irreversibly anonymized.

5. Who we share your data with

We never sell your data. We share it only with:

Processors acting on our behalf (under data processing agreements):
  • Webflow, Inc. (USA) — website hosting and CMS
  • HubSpot, Inc. (USA) — CRM and marketing automation
  • Google LLC (USA) — Google Analytics, Google Workspace (email, storage)
  • Fireflies.ai (USA) — meeting transcription (only with all participants’ consent)
  • Slack Technologies (USA) — internal communication
  • Stripe / banking providers — payment processing (clients only)
Third parties in specific situations:
  • Accountants and tax advisors (legal obligation)
  • Legal counsel (when defending a claim)
  • Public authorities (when legally required)

We may also share aggregated, non-identifying data publicly (e.g. “40% of our revenue comes from Switzerland”). This is not personal data.

6. International data transfers

Some of our processors (listed in Section 5) are based in the United States. When we transfer data outside the European Economic Area (EEA), we rely on:

  • EU–US Data Privacy Framework certifications (where applicable), or
  • Standard Contractual Clauses (SCCs) approved by the European Commission, combined with additional safeguards where needed.

You can request a copy of the relevant safeguards by contacting us at info@notum.tech.

7. Your rights

Under GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate or incomplete data
  • Erasure (“right to be forgotten”) — request deletion, subject to legal limits
  • Restriction — limit how we process your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest, including direct marketing
  • Withdraw consent — at any time, without affecting prior lawful processing
  • Lodge a complaint with the Czech Data Protection Authority

Úřad pro ochranu osobních údajů (ÚOÚ)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
www.uoou.cz

To exercise any of these rights, email info@notum.tech. We respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest where supported by the service
  • Access controls and role-based permissions
  • Regular backups
  • Employee training and confidentiality agreements
  • Vetted processors under GDPR-compliant agreements

No system is 100% secure, but we take reasonable steps to minimize risk.

9. Cookies

Our website uses cookies to function, analyze traffic, and (with your consent) personalize content.

Strictly necessary cookies — required for the site to work. No consent needed.

Analytics cookies — help us understand how visitors use the site (e.g. Google Analytics). Set only with your consent.

Marketing cookies — used for retargeting and ad measurement (e.g. Google Ads, LinkedIn Insight Tag). Set only with your consent.

You can manage or withdraw your cookie consent anytime via the cookie banner or your browser settings. A full list of cookies, their purpose, and retention is available in our Cookie Policy.

10. Children

Our services are aimed at businesses. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided us with personal data, please contact us at info@notum.tech and we will delete it.

11. Changes to this Privacy Policy

We may update this policy to reflect changes in our services or legal requirements. The “Last updated” date at the top indicates the most recent revision. Material changes will be communicated via our website or email (for registered contacts).

12. Contact us

Questions, requests, or complaints about this policy or your data?

Notum Technologies s.r.o.
Dornych 678/90, Komárov, 617 00 Brno, Czech Republic
Email: info@notum.tech

We read every message and respond within 30 days, usually much faster.
Notum Technologies s.r.o.
VAT: CZ07020015
Dornych 678/90, Komárov, 617 00 Brno, Czechia
© 2025 Notum. All rights reserved.
Company
ServicesCase StudiesNotum & StrapiTeamBlogCareersContact
Legal
Privacy PolicyCookie Settings