Principles of Personal Data Protection

These Principles of Personal Data Protection suplement the Business Conditions and Conditions for using the Disputio Platform (hereinafter the "Terms")

These Principles also include the Cookie Policy. A simple explanation and summary are provided on the right side so that you don’t have to read everything; however, only the formal text of the Principles is binding.

Principles of Personal Data Protection

Personal Data Protection

I. Introductory Provisions
In Simple Terms

We protect your privacy and your personal data. That is why we created these Principles for you, which will provide answers to the most important questions concerning your personal data. We are the controller (and in some cases also the processor) of personal data, while you are the data subject. We can start processing your personal data from the moment you visit our Disputio platform.

  1. These Principles of Personal Data Protection (hereinafter the “Principles”) describe how we process the personal data of data subjects – natural persons who register on our Disputio platform as well as those who merely visit our website located at (hereinafter the “Website”).
  2. When processing personal data, we adhere to Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (“GDPR”), and Act 110/2019, on the processing of personal data. Of course, we also adhere to Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the “ePrivacy Directive”).
  3. Unless specified otherwise in these Principles, the controller (or processor) of the personal data on the Disputio platform and on the website are us, i.e., the company Catallaxy, s.r.o., identification number 106 76 201, registered address Na Paloučku 323, 267 18 Hlásná Třebaň, entered in the trade register of the Municipal Court in Prague file reference C 346423. However, there are multiple forms of relations that may arise during the provision of the Services, and that is why the Principles are organized in an easy-to-navigate fashion based on these types of relations and roles.
  4. These Principles also make use of certain definitions and abbreviations which may be ambiguous, and which we defined in article II of the Terms.
  5. The services provided on the website are based on the operation and allow access to the Disputio platform - a space for connecting Participants who are interested in using the platform to resolve their disputes, and Guides, who strive to motivate the Participants towards an amicable solution of their Dispute and help guide the parties through the whole negotiations to a successful agreement.
  6. The data subjects, who may either be Participants or Guides, take into account that from the moment of their registration, subscribing to the newsletter and browsing our website, their personal data starts being processed by us and/or the third parties that we entrusted the processing to. However, this is always carried out in compliance with these Principles.
  7. We have divided the principles into individual passages so that it is clear to all participants when and in what role we act in relation to specific data subjects. You will learn when we are a controller, when we are a processor and when we are a joint data controller. Below these explanations, you will also find the individual provisions that always apply, whether they relate to our security, the improvement of our services through aggregated anonymised data and/or the rights you can exercise towards us.

    Translated with (free version)

  8. The use of websites and applications as well as any other third-party software (e.g., a payment gateway) may be governed by separate third-party principles for the protection of personal data.
II. The operator as the controller of personal data
In Simple Terms

We may process your personal data from the moment you visit our website and begin using our services. 

We strive to only collect the minimum amount of information required to provide you with our Services, improve our Services in the future, help you with the use of our Services, and last but not least also technically protect our Disputio platform as well as its Users.

Furthermore, we commit to only process all of the data you provided for the absolutely necessary amount of time required to achieve these goals.

  1. As the controller of personal data, we process the personal data of Users, including Participants and Guides, notably including the data entered during the registration that is used as a basis for the conclusion of the Service agreement. This includes especially the following:
    • alias (the nickname you want to use)
    • Email address
    Further, in relation to Participants, we also process all the data they provide us within the resolution of Disputes. This may include a very varied set of data. Since we are not able to categorize these data in advance, we would like to at least note here that while we as administrators can see the data, they are only processed in the form of being stored on our servers and allowing access to the parties to the Dispute and the selected Guide. The selected Guide then, as the personal data controller (more details on this will be provided below), may utilize the provided data to help with the resolution of the Disputes.

    These data are obtained for the purposes of achieving the goals of the contract (allowing access to the platform, creation of user accounts and their activation, informing about news and the status of the provided Services, informing about organizational and technical matters related to the provided Services) and processed for the duration of the Service contract.
  2. In relation to persons who contacted us via our contact form, we process the
    • alias
    • email address
    • content of their message
    • and potentially any other data they have provided
    These data are obtained within the justified interests of us as well as the User concerning the handling of questions. We store all such communication for a period of 3 months in order to allow us to provide higher-quality Services and to immediately and effectively be able to help Users in case of reoccurring problems.
  3. In relation to the subscribers of our newsletter, we process personal data in the scope of the email address required to deliver information and news concerning our Services by email, but only after such a person expressed their interest in such use of their email address and provided the appropriate consent by entering their email on our website. News is sent for the duration of the provided consent. It is possible to unsubscribe from the newsletter at any time by clicking on the link in the footer of the email.
  4. We also automatically record information about your device and browser, especially the IP address, software and hardware attributes, the visited websites, information about the login times for the User account, notably with the aim of preventing the misuse of login data and ensuring the proper operation of our Services, i.e., due to the justified interests of us as well as our Users and in order to ensure the performance of the contract.
  5. In order to prevent the unnecessary storage of data and information about Users and potential third parties on our side, all inactive Disputes (those with no activity by any of the Participants in the past 3 months) are closed and together with all already closed cases are deleted along with all the data and information contained therein except for reached agreements. Neither we nor our authorized processors shall be liable for any damage caused by the loss of provided data after this period has passed.
  6. Further personal data as per this article (notably the data listed under paragraph 1) are processed for the duration of the Service contract and for up to 30 days after its expiration. We store email addresses for the time necessary to send notifications about news on the Disputio platform, and further within the scope of justified interests, where we may contact you with an offer regarding our Services for up to 12 months after the termination of the provision of Services. We may store selected personal data for at most 15 years after the expiration of the User account for the case of disputes concerning the relations between us and you arising from the Terms or these Principles and in relation to damage compensation. We will delete your personal data after this period unless we were authorized to process these data due to another legal basis.


III. The User as the controller of personal data = the Operator as the processor 
In Simple Terms

Within the resolution of disputes, you will also be uploading the data of third parties into our Disputio platform. In principle, we have no control over such data.

For this reason, you yourselves will be considered the controllers of the personal data (and will bear the corresponding responsibilities). That is why we are concluding a processor contract in which you commit to adhere to the high standards of the protection of personal data so that you won't need to worry about violating any of your obligations concerning the protection of the personal data of third parties.

However, please only upload the data for which you can make the appropriate guarantees.
  1. In view of the fact that the core of our Services is the provision of a space where Users can resolve their Disputes with the help of Guides, the platform will very often be used to store other data and information, frequently also about third parties that are not Users, as was already indicated in article II par. 1 herein. We cannot influence this in any way.

    We then process the personal data of this personnel based on an instruction of these Users – we place the data on our servers and make them accessible to the persons designated by the Users.

    That is why, simultaneously with their User account registration, all Users also conclude a royalty-free personal data processing contract with us as per article 28 par. 3 of the GDPR, the content of which is determined by the following provisions.
  2. Towards such persons, the personal data controller shall always be the User who uploaded the data on the Disputio platform. We ensure the provision of Services, but when working with data we only use means which allow us to process the data of such persons and contact them exclusively in relation to their requirements and based on the User's instructions. We only process personal data in compliance with this designation and do not perform any other processing actions which would lie outside of this scope.
  3. We are well aware of how important the protection of personal data is and commit to ensuring that we as well as our processors and/or persons who take part in the processing based on our authorization always meet high standards of trust, for instance through the conclusion of a non-disclosure agreement. For the same reason, we commit to securing the personal data in a way that will prevent their unauthorized processing by third parties.
  4. On the other hand, users take into account that they have full control over and responsibility for the data which they provide us. That is why the Users must themselves ensure adherence to the requirements of correctness, adequateness, time limitation and minimization of stored data.
  5. At the same time, with respect to the processing activities arising from this contract, the Users agree with the use of subprocessors as per article V par. 2 of the Principles.
  6. We are obliged to provide each other (i.e., we to the Users, and the Users to us) with collaboration in case of suspected misuse of personal data of data subjects, to exert maximum effort and adopt measures aimed at preventing the risk of misuse of personal data.
  7. We will delete all data provided in this way within 30 days from the expiration of the effective period of this processing contract, i.e., from the expiration of the Service agreement. Neither we nor our authorized processors shall be liable for any damage caused by the loss of provided data after 30 days have passed after the termination of the agreement/contract.
  8. In order to prevent the unnecessary storage of data and information about Users and potential third parties on our side, all inactive Disputes (those with no activity by any of the Participants in the past 3 months) are closed and together with all already closed cases are deleted along with all the data and information contained therein except for reached agreements. Neither we nor our authorized processors shall be liable for any damage caused by the loss of provided data after this period has passed.
IV. The Guide as the controller of personal data = the operator as the joint controller
In Simple Terms

A Guide is an independent unit that takes equal part in the processing of personal data within the scope of resolving Disputes. We provide the Space and Guide the execution.

To this end, similarly as in the case of processors, we conclude a contract on the joint processing of personal data with the Guide, whereas the contract describes the division of the activities between us along with the rights and obligations during the processing.

However, you provided all of your data to us voluntarily and on your own, and this can also be found within the User account and/or active Disputes, meaning that you don’t even need to wait for our response and can check yourselves.

  1. Guides have a rather specific position in the whole system. We provide a space for the resolution of Disputes and the Guides then individually execute the resolution of Disputes and/or help the Participants resolve their problems. In view of the fact that Guides determine the rules for the processing of personal data jointly with us while resolving Disputes, we as well as the Guide hold the position of personal data controllers.

    As of the moment of the registration of the Guide’s User account, a contract as per article 26 of GDPR on the joint processing of personal data is also concluded free of charge between the Guide and us, the content of which is determined by the following provisions.

    Joint processing as per this article takes place exclusively within the scope of activities concerning the provision of Services from our side. The processing of personal data that takes place exclusively from the side of the Guide or other Users as well as any potential other processing activities which are outside of our control are governed by the separate processing conditions of specific Users or third parties, which all Users hereby acknowledge.
  2. The division of the processing activities between us and the Guide matches the division of the scope of activities as described above, i.e., we as the Operators are responsible exclusively for the processing of personal data within the scope of the provision of the Services (collection of data, their storage on servers, making them accessible to selected Users and Guides), while the Guide is responsible for the processing of personal data within the scope of the resolution of Disputes (reading of data, checking of data and their potential analysis within the scope of helping with the Dispute, preparation of the amicable agreement, anonymization of the amicable agreement). The processing of personal data during all further activities that we do not participate in is the exclusive responsibility of the Guide.
  3. The Participant may, however, as the data subject, apply individual rights for aid when processing personal data as per article VI herein against any of us. The Guide as well as we are obliged to provide each other with necessary collaboration to meet individual obligations as the joint controllers.
  4. However, all processing always takes place within the Disputio platform and we never process data that the Users don't provide us themselves. This means that you can find all such data within your User accounts and active Disputes. It is therefore not necessary to contact the Guides or us for this reason. However, if you still have questions concerning article VI of these Principles, please feel free to contact us.
  5. This contract on shared processing also includes the provisions of Article II of the Principles as well as the following provisions.
V. Further provisions on the protection of personal data
In Simple Terms

When processing your personal data, we can make use of third-party services as well as those of further suppliers.

We may also aggregate data about the use of our platform in an anonymised form to further improve it.

However, we never process the personal data of children, information about race, gender as well as other sensitive data.

When processing the data, we, you as well as all other parties involved in the processing of the personal data must adhere to the high standards on the protection of personal data. At the same time, when processing personal data we must always provide each other with collaboration so as to prevent interference with the rights of the data subjects.

We do not process your data automatically and also do not use the data for profiling. On the other hand, you commit to always providing us with up-to-date, truthful and accurate data.
  1. The following provisions shall be applied for the processing of personal data within the provision of services by the Operator from the position of the controller as well as processor and are part of the agreement on the processing of personal data as well as the contract on joint processing of personal data.
  2. When providing our Services, we receive aid from processors who process personal data on our behalf in compliance with European personal data protection standards.

    The processing of personal data by third parties is governed by their own service provision conditions. The users of the Platform take into account that their personal data may be provided to processors for the aforementioned purposes and agree that also personal data as per article II herein shall be provided to processors
    • cloud services of Amazon (specifically those for databases and CDN servers)
    • analytical services provided by Google (specifically Google Analytics)
    • Zendesk chat
    • CMS system from Strapi
    • we may also occasionally use other services, however always exclusively to achieve the goals of processing
    • further trustworthy third parties (our contractors) that help us with the provision of Services and who are obliged to adhere to at least the same levels of protection that we ourselves guarantee as per these Principles. All potential consents provided by the Users also apply for the processors as per this provision.
  3. All data obtained during the provision of Services are stored in the territory of the EU or in third countries while meeting the conditions for the handover of data to third countries as per article 44 and following the GDPR.   The processing of personal data while providing the Services may include the international transfer of personal data to countries whose legal regulations governing the protection of personal data are not as complex as the regulations in the European Economic Area. If required by EU law, we will only provide personal data to those recipients that provide an adequate level of protection for personal data as per article 44 and following the GDPR.  To this end, we then conclude at least a non-disclosure agreement with the recipients so as to ensure that the User's personal data shall continue to be protected on the same level as in the EEA.
  4. We never knowingly process the personal data of children or special categories of personal data, so-called sensitive personal data, as per article 9 of the GDPR.
  5. Through websites, we can collect and make use of technical and statistical data and related information, among others including technical information about the devices of Users, systems and application software as well as peripherals, which are regularly collected with the aim of facilitating the provision of Services.

    In order to improve the Services, i.e. for our and your legitimate interest, we may also store other technical and analytical data about the use of our platform, in particular, which parts you use the most, how long on average each solution takes, etc. For this, we use third-party systems as standard, which we have already informed you about above. If these systems store cookies on your device, you can read more about them in the section on cookies. The data is anonymised and aggregated by the systems and then used as a global indicator of the use of our platform. We can use these data as long as they remain in a form that does not personally identify the User, notably to improve the Disputio platform and/or the provision of Services or technologies, even for an unlimited amount of time.

  6. We, as the Operator, and Users as the controllers (within the relations as per article III herein) and the Guides as joint controllers (within the relations as per article IV herein), hereby commit to secure personal data as per article 32 of the GDPR, i.e., to adopt technical, personal as well as other measures aimed at preventing unauthorized or accidental access to personal data, their change, destruction or loss, unauthorized transmission, or other unauthorized processing or misuse of personal data. We also commit to continue adhering to these measures even after the end of the provision and/or use of the Services at least for a period during which the data shall be available.
  7. If any of the subjects as per paragraph 6 learns of a security risk associated with personal data, they shall notify the other subjects without unnecessary delay. We, as the Operator, accept the responsibility of informing the affected Users. We also commit that, in case of damage caused in relation to a leak of personal data or other facts which lead to damage, we shall provide the Users with collaboration and assistance with claiming their due compensation from the responsible entities.
  8. We also commit to always exerting maximum effort to prevent the unauthorized processing of personal data by other parties, however, we are not responsible towards the Users or other data subjects for damage caused by the unauthorized processing of personal data by a third party. We ourselves are also not responsible for any errors of the authorized processors as per paragraph 2 of this article herein, or for errors of Users acting in the position of personal data controllers as per article III herein and/or errors of Guides as per joint controllers of personal data as per article IV herein.
  9. The Users confirm that the provided personal data are truthful, accurate, and apply exclusively to their person or that they inserted data whose use does not represent a violation of third party rights. The Users of the Platform are also obliged to notify us of any and all changes concerning personal data so that only up-to-date and complete data are processed. If we request it, the Users commit to always providing up-to-date and truthful information.
  10. Personal data are processed in electronic form. However, these data are never subjected to or used by the Operator for automated individual decision-making or profiling as per article 22 of the GDPR.
  11. Emails that we may send to the Users shall not be considered by the Users to be unsolicited commercial messages as per Act 40/1995, on advertising, and Act 480/2004, on certain services of an information society.
VI. Cooperation concerning the handling of personal data
In Simple Terms

As Users who are data subjects, you of course have certain rights with respect to your data. For instance, you can request an explanation, make objections, ask us to wait before deleting data, request information about processing or request a copy of the personal data that you provided to us. Last but not least, if you are not satisfied you can contact the Office for Personal Data Protection.
  1. If the User is convinced that we are processing their personal data in violation of their personal or private life or in violation with the law, they can:
    • request an explanation from us by sending an email to the following email address:,
    • make an objection against the processing for the purpose of justified interests by sending an email to the following email address:,
    • ask us to temporarily limit the processing in case the User will need such data to protect their claims or if the User already submitted an objection by sending an email to the following email address:
  2. Furthermore, Users also have the right to:
    • by sending an email to the following email address:, request that we provide the User with information about the scope or manner of processing of their personal data, whereas we shall provide such information to the User within an adequate deadline (max. 30 days),
    • by sending an email to the following email address: request that we send the User the personal data they provided to us in a structured and machine-readable format, if the processing takes place based on the performance of a contract or consent.
  3. If the User is not satisfied with the provided cooperation concerning the processing of personal data, they of course have the right to contact the Office for Personal Data Protection directly.
VII. Final provisions
In Simple Terms

Here, you’ll find a few additional legal clauses. What's most important for us is that we can unilaterally change these Principles from time to time, after a previous notification. The legal relations between the Users and us are governed by Czech law.

These terms and conditions enter into effect on 15 March 2022
  1. We have the right to unilaterally alter or amend the wording of the Principles, especially when this is necessary in view of changes to the manner in which the Services are provided, the scope of the Services and/or changes of legal regulations. We will inform the Users of each such change in a suitable manner (via the User account and/or the email address entered during registration), at least 30 days before the changes enter into effect. If the User does not agree with the changes made to the Principles, their continued use of the Disputio platform will not be possible. If they do not agree with a change of the Principles, the User is obliged to notify us of their disagreement at the latest one day prior to the planned effective date of the changes to the Principles by deactivating their User account. If the User does not do so and continues to use the Disputio platform even after the change to the Principles enters into effect, it is assumed that they agree with the change to the Principles.
  2. If a provision of the Principles is or becomes invalid or ineffective, provisions whose sense is as close as possible to the invalid provision will be used instead of such invalid provision. The invalidity or ineffectiveness of any provision is without prejudice to the validity and effectiveness of the other provisions. The invalidity or ineffectiveness of any provision only in relation to a particular entity or a group of entities is without prejudice to the validity and effectiveness of such provision with respect to other entities.
  3. All civil relations arising based on or in relation to the processing of personal data are governed by Czech law, regardless of where the data were accessed from. Any disputes arising in relation to the protection of privacy between the User and us shall be resolved by Czech courts, which will apply Czech law.
  4. These Principles are drawn up in English and in Czech language versions. In case of any dispute, the Czech language version shall prevail.
  5. These Principles enter into effect on the day of their publication on the website, i.e., on 1 August 2022

Cookies Policy

I. What are cookie files
In Simple Terms

We can store cookies in your browser. These primarily help us to continue improving our website.

Cookies are small text documents used by most websites, created by the web server and stored in your device by your web browser. When you return to the same website, the browser sends these cookie files back to the server, so that the website receives all the information that were previously stored in the cookies. Cookie files are created to track information about a user’s activities on a website, e.g., logging in and browsing the website and the web application. Clicks on specific links or errors are tracked as well. Cookies are not programs and cannot be used to spread malware. Cookie files are used primarily for:

  • identification of users using network identifiers;
  • saving user preferences;
  • use of website functionalities without requiring users to enter the same information when moving from one page to another or when visiting the website after some time;
  • searching for bugs and other errors on the website;
  • recording the user’s activities;
  • targeting ads and marketing messages to the relevant users.
II. Cookie Types
In Simple Terms

We distinguish several types of cookies depending on the length of storage and the entity that issues them. Our website uses all types of cookies.

We have two types of cookies, which can be distinguished based on the time they are stored for and based on the entity they belong to.
Depending on their storage period, we distinguish:

  • short-term cookies, which are deleted once the browser is closed;
  • long-term cookies, which are stored in the browser even after it is closed, and expire based on their settings. This type of cookies can be manually removed from your browser.

Based on the entity that issued the cookies, we distinguish:

  • first-party cookies, which are created by our website's server and ours web application and are usually necessary for the proper functioning of the website and our application;
  • third-party cookies, which can also be stored via our website but do not originate from our servers. This is made possible by referencing a file, such as a JavaScript file, that is stored outside of our domain. These are usually cookies which allow us to analyze our websites and our web application and/or share marketing content.


III. The cookies we use
In Simple Terms

Cookies have various purposes, from purely technical ones which ensure the proper operation of our platform, through statistical ones which collect aggregated anonymized statistical data, up to marketing cookies, which provide you with advertisements. They are always stored based on your preferences.

Cookies are used for a range of reasons as described above, for instance, to give you the best experience when using our website and our web application by remembering your user settings. In most cases there, unfortunately, is no standardized option to disallow the use of all cookies without a loss of functionality for a significant part of the website and web application.

We do not store non-technical cookies on your device until you provide us with consent to do so on our cookie tab.

You can always revoke your consent with the storage of cookies by changing the settings of your browser.

Technical cookies

These are necessary short-term cookies used for the correct operation of functional elements of our website, allowing users to for instance search on our website, browse it, view videos or enter secure parts of the website or web application.

Statistical cookies

These cookie files help us understand how you and other visitors interact with our website and our web application, which parts are the most interesting for you and so forth, by collecting information and reporting errors. All data collected by these cookies are aggregated and cannot be used to identify you.


IV. Third-party websites or tools which help us analyze data from individual cookies
In Simple Terms

We use tools by Google. A full list of cookies with additional information is provided in the table below.

Google Analytics is a tool by Google that allows us to obtain statistical data about the web and web app users, their behaviour, and a website’s and web app's number of visitors. This is the tool used on most existing websites to collect anonymous statistical data.

Google Tag Manager is a system used to manage measurement codes and records the activity of users on websites. Google Tag Manager collects aggregated statistical data on the website and our web app and sends these to Google Analytics.

Google AdWords is an online advertising service that uses cookies and keywords to increase the relevance of our website on Google searches.

A full list of cookies we use on the website and our web application, their storage period and the functionality of each of these is provided below.

V. How to disallow or restrict the use of cookies

In Simple Terms

When storing cookies in your browser, we always respect your preferences. However, so that you don’t need to always rely just on the promises made by a website's operator, we’ll also tell you about several technical ways to take care of the storage of cookies.

As mentioned earlier, we do not store non-technical cookies into your browser without your consent. However, if you want to in general have greater control over the storage of cookies also on other websites, you can also decide which cookies to allow and which to disallow using your web browser.

You can set a general ban on the use of some or even all types of cookies. As was mentioned earlier, if you ban the use of all cookies, it may happen that some parts of (not only) our website and web app will stop working. If you are not sure whether a specific cookie file is needed or not, we recommend keeping all cookies in order to ensure the proper functioning of the website and web application.

More information about the ban on cookies and the settings in individual browsers is available here:

If you don't want Google's cookies to be stored on your device, you can also install the following plugin.

We recommend visiting the website if you want more information about cookies and how they are used; alternatively, you can also contact us by email at any time.

Our website and web application uses the following cookies:






Catallaxy, s.r.o.


Stores information about allowed or forbidden cookies by the user


1 year



A cookie that ensures the management of the current user session.



Google Inc.


A cookie which creates a statistical identifier that generates information about how you use a given website. It is a part of Google Analytics.


2 years

Google Inc.


A cookie which allows Google Analytics to reduce the amount of data processed on our pages with many visitors.


1 day

Google Inc.


A cookie which allows Google Analytics to create a statistical identifier that tracks how you use a given web page.


1 day

The Cookie Policy as of 1 August 2022