ABOUTSERVICESAPPROACHCONTACTCONSULTATION
← Back to Home

Privacy Policy

Last updated: June 2026

1. Introduction

HP Security Consulting s.r.o. ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose and protect your personal data in accordance with the GDPR and the laws of the Czech Republic, in particular Act No. 110/2019 Coll., on the Processing of Personal Data.

2. Data Controller

The controller of your personal data is: HP Security Consulting s.r.o. Company ID (IČO): 29601916 Registered seat: Wiedermannova 1407/6, Stodůlky, 158 00 Praha 5 Registered in the Commercial Register maintained by the Municipal Court in Prague. Contact: Email: info@hpsec-consulting.com Phone: +420 728 545 701

3. What Data We Collect

We may collect and process the following categories of data: • Identification data: name and, where relevant, the organisation you represent. • Contact data: email address and phone number, provided through our contact form or in direct communication. • Enquiry data: information you choose to share about your situation, area of interest or request, submitted via our consultation form. • Technical data: IP address, browser type, device information and website usage data, collected only with your consent through analytics tools (Google Analytics, PostHog).

4. Purposes of Processing

We process your personal data for the following purposes: • Responding to your enquiry and providing information about our services. • Assessing whether a consultation or engagement is appropriate, and arranging it where relevant. • Meeting our accounting, tax and other legal obligations. • Understanding how our website is used, in order to improve it — only where you have given analytics consent.

5. Legal Bases for Processing

• Performance of a contract or steps prior to entering into one — e.g. responding to your enquiry. • Legitimate interest — e.g. ensuring the security and proper functioning of our website and services. • Legal obligation — e.g. accounting and tax record-keeping. • Consent — e.g. analytics cookies, which remain inactive until you opt in.

6. Sharing Data with Third Parties

We do not sell your personal data. We work with a small number of trusted service providers who process data on our behalf, strictly for the purposes described above: • Vercel Inc. — website hosting • Resend — transactional email delivery (e.g. confirming receipt of your enquiry) • Google Ireland Ltd. (Google Analytics) and PostHog Inc. — website analytics, only where you have given consent Some of these providers may process data outside the European Economic Area (in particular the United States). Where this occurs, we rely on appropriate safeguards recognised under the GDPR, such as the EU–U.S. Data Privacy Framework or Standard Contractual Clauses. We may also disclose data to public authorities where required by Czech law.

7. Data Retention

We retain enquiry and contact data for as long as necessary to respond to you and, where an engagement follows, for the duration of that engagement plus any period required by accounting and tax legislation (generally up to 10 years for accounting records). Analytics data is retained according to the default periods of the relevant provider, unless you withdraw consent sooner — in which case collection stops immediately and existing data is deleted or anonymised where technically possible.

8. Your Rights

Under the GDPR, you have the right to: • request access to your personal data; • request correction of inaccurate data; • request erasure of your data where there is no legal reason to keep it; • request restriction of processing; • object to processing based on legitimate interest; • request data portability; • withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal. To exercise any of these rights, please contact us at info@hpsec-consulting.com. You also have the right to lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Praha 7.

9. Cookies & Analytics

Our website uses only essential storage by default (e.g. to remember your language preference and your cookie choice). We use Google Consent Mode v2: before you give consent, Google Analytics runs in a restricted, cookieless mode — it stores no cookies or identifiers on your device and sends only anonymous, aggregated signals. Cookie-based analytics, together with our product-analytics tool (PostHog), are activated only after you accept through the cookie banner, and you can withdraw that consent at any time using the same banner.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version is always available on this page.