Privacy Policy

 

This document describes how Cortigile, s.r.o. processes personal data while operating the Sniffy website, user accounts, kontaktní formulář, orders, payments, device licensing, and related authentication services.

Last updated: května 23, 2026

 

1. Who is the data controller

The data controller is Cortigile, s.r.o., operator of the Sniffy website at https://sniffy.cz/. If you have any questions about personal data processing, you can contact us at info@sniffy.cz or via the kontaktní formulář on this website.

 

2. What personal data we process

  • user account data: username, first name, last name, email address, password hash, and related account status data,
  • kontaktní formulář data: name, email, message subject, and message content,
  • order, payment, and invoicing data necessary to process orders, payments, accounting, and tax obligations,
  • authentication and security metadata: IP address, host info, user-agent, session ID, login timestamps, and data needed to verify authorized access,
  • licensing and technical device data: device name, MCU ID, device activation status, active device history, and related logs,
  • technical usage data related to website use and the ordering process, including required cookies and session settings.

 

3. Purposes and legal bases of processing

  • Performance of a contract: account registration, download access, order processing, license and device management, digital content delivery, customer support.
  • Legitimate interest: security of the website and services, abuse prevention, access auditing, fraud detection, infrastructure protection, and incident handling.
  • Compliance with legal obligations: accounting, tax, and consumer-law obligations, records of orders and complaints.
  • Consent: only where required by law, especially for non-essential cookies, marketing, or similar technologies.

 

4. Přehled of systems and processors

  • hosting and technical infrastructure for WordPress, databases, and server scripts,
  • Ultimate Member for user account and registration management,
  • WPForms for kontaktní formulářs,
  • WooCommerce for orders and digital delivery,
  • WooPayments and Stripe for payment processing,
  • Woo Fakturoid for issuing and recording accounting documents,
  • TranslatePress and GTranslate for language versions of content,
  • Google for WooCommerce and related Google services, if actively used for business or marketing purposes.

 

We disclose personal data only to the extent necessary to operate the service, process orders, handle payments, accounting, security, and legal obligations.

 

5. Specific retention periods

  • Account and profile data: for the duration of the account and for 3 years after account deletion or last activity, unless law or an ongoing dispute requires longer retention.
  • Proof of consent at registration: for the duration of the account and for 3 additional years to demonstrate legal compliance.
  • Kontaktní formulář form and support communication: 12 months after request closure, unless longer retention is needed due to follow-up resolution.
  • Orders, invoicing, and tax records: 10 years from the end of the relevant accounting and tax period.
  • Data about active and decommissioned devices: for the duration of the active license or account and for 3 additional years after device decommissioning or account deletion.
  • Authentication attempts in user metadata: 30 days.
  • Metadata of the last successful token and device verification: 90 days.
  • Detailed session and licensing logs: detailed records for 7 days, daily aggregates up to 30 days, weekly aggregates up to 12 months, and monthly aggregates up to 24 months.
  • Binary and license generation records: 24 months, unless longer retention is required due to complaint handling or a security incident.

 

6. Cookies and similar technologies

The website uses necessary cookies for sign-in, session security, cart, checkout, language management, and remembering consent settings. If we use third-party analytics, marketing, or advertising technologies, they are processed only in a manner consistent with applicable legal requirements and your cookie consent settings.

A more detailed overview of cookie categories is available on the Cookie Policy page: https://sniffy.cz/cs/cookie-policy/.

 

7. Your rights

  • right of access to personal data,
  • right to rectify inaccurate or outdated data,
  • right to erasure where legal conditions are met,
  • right to restriction of processing,
  • right to object to processing based on legitimate interest,
  • right to data portability where processing is based on consent or contract performance by automated means,
  • right to lodge a complaint with the competent supervisory authority.

We usually respond to personal-data requests within 30 days. Before processing a request, we may ask for reasonable identity verification.

 

8. Security and incidents

We implement appropriate technical and organizational measures to protect personal data, especially access control, authentication, technical logging, role-based access restrictions, and incident response procedures.

 

9. GDPR and privacy contact

If you want to exercise your rights or have any questions about this Privacy Policy, contact us at info@sniffy.cz or via the Kontaktní formulář Form page: https://sniffy.cz/kontaktni-formular/.