Privacy Policy

1. Introduction

Welcome to DevSecOps.cz. Your privacy is our priority. This document explains what information we collect, how we use it, and what rights you have under the GDPR (General Data Protection Regulation).

2. Data Controller

Operator: DevSecOps.cz

Contact email: gleb.kushnir@devsecops.cz

For any questions regarding the processing of your personal data, you can contact us at the email address above.

3. What Data We Collect and Why

3.1 Google Analytics (with IP Anonymization)

We use Google Analytics 4 to understand how visitors use our website.

Data collected:

• Anonymized IP address (the last octet is removed)
• Device type and browser
• Pages viewed and time spent on the website
• Traffic source (e.g., Google, direct access)
• Geographic location (country, city)

Purpose of processing:

• Improving user experience
• Understanding which content is most relevant
• Optimizing website performance
• Measuring content effectiveness

Legal basis: User consent (Art. 6(1)(a) GDPR)

Retention period: Google Analytics retains data for 14 months

Third-party transfer: Google LLC (USA) - certified under the EU-U.S. Data Privacy Framework

3.2 Job Applications (Careers)

If you apply for a position through our careers form, we process the following data:

Data collected:

• First and last name
• Email address
• Resume (CV) as an attached file
• Brief introduction / cover letter
• Position applied for

Purpose of processing:

• Evaluating your application for a specific position
• Contacting you regarding the recruitment process
• Maintaining candidate records for potential future positions (with consent)

Legal basis: User consent (Art. 6(1)(a) GDPR) - granted by checking the consent box when submitting the application

Retention period: Candidate data is retained for 6 months after the completion of the recruitment process and is then automatically deleted. Upon your request, we will delete the data sooner.

Data processors:

• HubSpot, Inc. (USA) - CRM system for contact management, certified under the EU-U.S. Data Privacy Framework
• Amazon Web Services (AWS) - S3 storage for resumes in the EU region (Frankfurt); data remains within the EU

3.3 Contact Form

If you contact us through our contact form, we process:

• Name
• Email address
• Company name
• Message content

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) - responding to your inquiry

Retention period: 2 years from the last contact

4. Cookies and Their Use

4.1 What Are Cookies?

Cookies are small text files stored in your browser that help us provide better services.

4.2 What Cookies Do We Use?

Analytics cookies (Google Analytics):

• _ga - Distinguishes users (validity: 2 years)
• _ga_* - Maintains session state (validity: 2 years)
• _gid - Distinguishes users (validity: 24 hours)

Functional cookies (localStorage):

• cookieConsent - Stores your cookie acceptance/rejection preference

4.3 Managing Cookies

You can manage cookies in several ways:

1. Cookie banner: On your first visit, a banner is displayed where you can accept or decline analytics cookies
2. Browser settings: Most browsers allow you to block or delete cookies
3. Opt-out: You can install the Google Analytics Opt-out Browser Add-on

5. IP Address Anonymization

Your IP address is automatically anonymized before being sent to Google Analytics. This means that the last octet of the IP address is removed, so you cannot be directly identified.

Example:

• Your actual IP: 192.168.1.100
• Anonymized IP: 192.168.1.0

This feature is implemented using the anonymize_ip: true parameter in the Google Analytics configuration.

6. Your Rights Under GDPR

Under the GDPR, you have the following rights:

1. Right of access: You can request information about what data we process about you
2. Right to rectification: You can request the correction of inaccurate data
3. Right to erasure: You can request the deletion of your data ("right to be forgotten")
4. Right to restriction of processing: You can request a restriction on the processing of your data
5. Right to data portability: You can request the transfer of your data to another controller
6. Right to withdraw consent: You can withdraw your consent to processing at any time
7. Right to object: You can object to the processing of your data

How to exercise your rights:

Contact us by email: gleb.kushnir@devsecops.cz

We will respond within 30 days of receiving your request.

Complaint to a supervisory authority:

If you believe that the processing of your personal data violates the GDPR, you can file a complaint with the Office for Personal Data Protection:

• Website: www.uoou.cz
• Email: posta@uoou.cz
• Address: Pplk. Sochora 27, 170 00 Praha 7

7. Data Security

We employ the following security measures:

• HTTPS encryption: All communication is encrypted using TLS/SSL
• CloudFront CDN: AWS CloudFront provides DDoS protection
• IP anonymization: Your IP addresses are automatically anonymized
• Secure cookies: Cookies are marked as Secure and SameSite
• Data minimization: We collect only the minimum necessary data

8. Data Transfers to Third Countries

Google Analytics stores data on Google LLC servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of personal data protection.

Additional information:

• Google Privacy Policy
• Google Analytics Data Privacy

9. Changes to the Privacy Policy

We may update this policy from time to time. We will notify you of significant changes by:

• A prominent notice on the website
• Updating the "Last updated" date below

We recommend that you review this page periodically for any changes.

10. Contact

For any questions regarding personal data protection, please contact us:

• Email: gleb.kushnir@devsecops.cz
• Website: https://devsecops.cz