Privacy Policy
1. Data Controller
The data controller is:
CAIROS Czech Republic Email: privacy@cairos.cz Web: cairos.cz
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 110/2019 Coll., on the processing of personal data.
2. What Personal Data We Collect
2.1 Waitlist
If you register for the Mendel platform waitlist, we process:
- Email address
- Date and time of registration
- Preferred interface language (if detected)
2.2 Cookies and Tracking Technologies
When you visit cairos.cz, we process technical and analytical data through cookies. Details are provided in Section 5.
2.3 Technical Operational Data
When you visit the website, the following data is recorded automatically:
- IP address (anonymized within 24 hours)
- Browser type and version
- Operating system
- Referring URL
- Date and time of visit
- Pages visited
3. Purposes and Legal Bases for Processing
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Waitlist management and launch notification | Email, registration date | Consent (Art. 6(1)(a) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) | |
| Web analytics | Anonymized visit data | Consent (Art. 6(1)(a) GDPR) |
| Language preferences | Language preference cookie | Legitimate interest (Art. 6(1)(f) GDPR) |
| Security and abuse prevention | Technical operational data | Legitimate interest (Art. 6(1)(f) GDPR) |
4. How Long We Retain Data
- Waitlist email: For the duration of the waitlist, maximum 24 months from registration, or until consent is withdrawn.
- Analytics data: Aggregated data for a maximum of 26 months, raw data for a maximum of 14 months.
- Technical operational logs: Maximum 90 days.
- Cookies: By category, see Section 5.
After the retention period expires, data is permanently deleted or anonymized.
5. Cookies
We use three categories of cookies.
5.1 Necessary Cookies
These cookies are technically required for the website to function. They do not require consent.
| Name | Purpose | Duration |
|---|---|---|
cairos_lang | Stores language preference (Czech / English) | 1 year |
cairos_session | Technical session (after platform launch) | Session |
cairos_cookie_consent | Stores your cookie decision | 1 year |
5.2 Analytics Cookies
We use these cookies to understand how visitors use the website. Data is anonymized and aggregated. Your consent is required.
| Name | Purpose | Duration |
|---|---|---|
| Analytics tool (to be specified before launch) | Visit counts, traffic sources, session duration | Up to 14 months |
5.3 Marketing Cookies
These cookies allow us to show you relevant content about CAIROS. Your consent is required.
| Name | Purpose | Duration |
|---|---|---|
| Marketing tool (to be specified before launch) | Conversion tracking, remarketing campaigns | Up to 90 days |
You can withdraw or change your cookie consent at any time at cairos.cz/cookies or through the cookie banner on your first visit.
6. Who We Share Data With
We do not sell your personal data to third parties. We share data only in the following cases:
6.1 Processors
We work with the following categories of processors who handle data solely on our instructions:
- Hosting and infrastructure providers — server infrastructure within the EU (Hetzner Cloud, Germany)
- AI model providers — processing of user queries; we use providers with data processing within the EEA and contractually guaranteed minimal data retention
- Email service providers — sending transactional and marketing emails
- Analytics providers — anonymized web analytics
We have a Data Processing Agreement (DPA) in place with all processors pursuant to Art. 28 GDPR.
6.2 Transfers Outside the EEA
Where data is transferred outside the European Economic Area, we ensure protection through the European Commission’s Standard Contractual Clauses (SCCs) or other appropriate safeguards under Art. 46 GDPR.
6.3 Legal Obligation
We may disclose data to public authorities where required by law.
7. Your Rights
As a data subject, you have the following rights, which you may exercise by contacting privacy@cairos.cz:
Right of access (Art. 15 GDPR) You have the right to know what data we process about you.
Right to rectification (Art. 16 GDPR) You have the right to request correction of inaccurate or completion of incomplete data.
Right to erasure (Art. 17 GDPR) You have the right to request deletion of your personal data where there is no lawful basis for continued processing.
Right to restriction of processing (Art. 18 GDPR) Under certain conditions, you have the right to request that we restrict the processing of your data.
Right to data portability (Art. 20 GDPR) You have the right to receive your personal data in a structured, machine-readable format.
Right to object (Art. 21 GDPR) You have the right to object to processing based on legitimate interest, in particular for direct marketing purposes.
Right to withdraw consent Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint You have the right to lodge a complaint with a supervisory authority. In the Czech Republic: Office for Personal Data Protection (ÚOOÚ), Pplk. Sochora 27, 170 00 Prague 7, uoou.cz. You may also contact the supervisory authority in your country of residence.
We will respond to your request within 30 days of receipt.
8. Security of Personal Data
We implement technical and organizational measures to protect your personal data:
- Data transmission encrypted using TLS 1.3
- Data at rest encrypted using AES-256
- Access to data restricted to authorized personnel only
- Regular security audits of infrastructure
- Infrastructure operated exclusively in EU data centers
9. Automated Decision-Making and Profiling
We do not carry out automated decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR based on the data you provide.
10. Minors
Our services are not intended for persons under the age of 16. We do not knowingly collect personal data from persons under 16. If we become aware that we have received such data, we will delete it promptly.
11. Changes to This Policy
We may update this policy. We will notify you of material changes by email (if provided) or by notice on the website. The date of the last update is always indicated at the top of this document.
12. Contact
For privacy-related inquiries, contact us at:
Email: privacy@cairos.cz Post: CAIROS, Czech Republic
This document was prepared as a general informational guide. We recommend review by a qualified lawyer specializing in GDPR before publication.