1. Our Commitment
Webito Future Tech s.r.o. is committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws. This statement sets out how we fulfil our obligations as a data controller.
2. Data Controller
The data controller responsible for your personal data is:
Webito Future Tech s.r.o.
Registration Number: 232 40 911
Registered Office: Plzeňská 3352/156, Smíchov, 150 00 Prague 5, Czech Republic
Cyprus Office: Agias Sofias No 6, Paphos, Cyprus
Email: info@webito.agency
3. Data We Process
3.1 Client data
Contact details (name, email, phone, business address)
Project-related communications and files
Invoice and payment records
Website access credentials (stored encrypted)
3.2 Website visitor data
Anonymised analytics data (pages viewed, session duration, device type)
IP addresses (stored for up to 90 days in server logs)
Cookie identifiers (see Cookie Policy)
4. Legal Bases for Processing
Article 6(1)(b) — Performance of a contract: processing necessary to deliver our services
Article 6(1)(c) — Legal obligation: financial records required by Czech and EU law
Article 6(1)(f) — Legitimate interests: responding to enquiries, improving our services, security
Article 6(1)(a) — Consent: marketing emails and non-essential cookies
5. International Transfers
We operate from the European Union (Czech Republic and Cyprus). Some of our third-party tools (such as Google Analytics and Cloudflare) may transfer data outside the EU. In such cases we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
6. Data Security
All data transmitted via our website uses TLS/SSL encryption
Access to client data is restricted to authorised personnel only
Passwords and credentials are stored using industry-standard hashing
We conduct periodic security reviews
In the event of a data breach we will notify affected parties and relevant authorities within 72 hours as required by GDPR
7. Data Subject Rights
You have the following rights under GDPR:
Right of access (Article 15): obtain a copy of your personal data
Right to rectification (Article 16): correct inaccurate data
Right to erasure (Article 17): request deletion of your data
Right to restriction (Article 18): limit how we process your data
Right to data portability (Article 20): receive your data in a structured format
Right to object (Article 21): object to processing based on legitimate interests
Right to withdraw consent (Article 7(3)): at any time for consent-based processing
To exercise these rights, contact us at info@webito.agency. We will respond within 30 days. If you are unsatisfied with our response, you may lodge a complaint with the Czech Office for Personal Data Protection (ÚOOÚ) or the Cyprus Commissioner for Personal Data Protection.
8. Data Retention Schedule
Client project files: 7 years (legal/tax obligation)
Invoice and payment records: 7 years
Contact form enquiries (no project): 12 months
Marketing consent records: until consent is withdrawn
Website server logs: 90 days
Analytics data: 26 months (anonymised)
9. Cookies
We use the following categories of cookies:
Strictly necessary: required for the website to function (no consent required)
Analytics: help us understand how visitors use our site (requires consent)
Marketing: used to personalise content (requires consent, currently not in use)
You may withdraw cookie consent at any time by adjusting your browser settings or contacting us.
10. Contact
For any data protection enquiries or to exercise your rights, please contact us at info@webito.agency. We aim to respond to all requests within 30 days.