Legal

Privacy Policy

Last updated: 15 March 2026

1. Who We Are

ArcaFlow Systems (“ArcaFlow”, “we”, “us”, “our”) is the data controller responsible for your personal data. We are based in Prague, Czech Republic, and operate under the laws of the European Union.

We are a GDPR-first organisation. This means data protection is not a legal checkbox for us — it is a core principle of how we design and operate every system we build, including this website.

Data Controller contact:
ArcaFlow Systems
Prague, Czech Republic
Email:

2. What Personal Data We Collect

We only collect data you actively provide to us. We do not use tracking pixels, advertising networks, or behavioural analytics tools.

When you submit the contact form, we collect:

  • Your name
  • Your email address
  • The content of your message
  • The date and time of submission

We do not collect payment information, sensitive personal data (as defined under GDPR Article 9), or data from minors under 16 years of age.

3. How We Use Your Data

We use the information you submit solely to:

  • Respond to your enquiry or project request
  • Follow up on a business conversation you have initiated

We do not use your data for marketing without your explicit consent. We do not sell, rent, or share your data with third parties for commercial purposes.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

  • Legitimate interests (Article 6(1)(f)): Responding to a direct enquiry you have submitted constitutes a legitimate interest.
  • Pre-contractual measures (Article 6(1)(b)): Where your enquiry is in preparation for entering into a business relationship with us.
  • Consent (Article 6(1)(a)): Where you have explicitly agreed to further communication beyond your initial enquiry.

5. Third-Party Data Processors

We use the following third-party service to process contact form submissions:

Static Forms (staticforms.xyz)

Purpose: Secure delivery of contact form submissions to our team inbox.

Data transferred: Name, email, message content.

GDPR status: Static Forms processes data as a data processor on our behalf. Data is not retained beyond delivery and is not used for any secondary purpose.

We do not use Google Analytics, Meta Pixel, or any other advertising or tracking platform on this website. Google Fonts and the Tailwind CDN may load resources from external servers; no personal data is transmitted in these requests beyond a standard browser IP request, which is not stored or processed by us.

6. How Long We Keep Your Data

We retain contact form submissions in our inbox for a maximum of 12 months from the date of receipt, unless a business relationship has developed, in which case data may be retained for the duration of that relationship and for up to 3 years thereafter in line with standard contractual obligations.

You may request deletion at any time (see Section 7).

7. Your Rights Under GDPR

You have the following rights under Regulation (EU) 2016/679:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): Request correction of inaccurate data.
  • Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”).
  • Right to restriction (Art. 18): Request that we limit processing of your data.
  • Right to data portability (Art. 20): Request your data in a structured, machine-readable format.
  • Right to object (Art. 21): Object to processing based on legitimate interests.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at . We will respond within 30 days as required by law.

8. Cookies

This website does not use cookies for tracking, advertising or analytics purposes. No cookie consent banner is displayed because no non-essential cookies are set.

If this changes in the future, we will update this policy and implement appropriate consent mechanisms before deploying any such technologies.

9. Right to Lodge a Complaint

If you believe we have processed your personal data in a manner inconsistent with GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Czech Office for Personal Data Protection (ÚOOÚ)

Web: www.uoou.cz

Address: Pplk. Sochora 27, 170 00 Prague 7, Czech Republic

10. Changes to This Policy

We may update this policy as our services evolve or as legal requirements change. The “last updated” date at the top of this page will reflect any revisions. We encourage you to review this page periodically.