Personal data protection
Information on personal data processing
Here you can find an overview of how Bravion Group s.r.o. works with personal data during enquiries, recruitment, contractual cooperation and website operation Bravion. The overview shows what data we use, why we need it, who it may be transferred to and what rights you can exercise.
Last updated: 12 July 2026
Personal data controller
- Name
- Bravion Group s.r.o.
- Company ID
- 23281839
- Registered office
- Lidicka 700/19, 602 00 Brno - Veveri
In brief
We do not sell personal data and do not use it for mass marketing without an appropriate legal basis.
Do not send sensitive data, birth numbers, copies of documents or information that is not necessary for first contact or assignment description through forms.
We do not perform automated decision-making or profiling on the website that would have legal or similarly significant effects for you.
Cookies and similar storage are described on a separate page Cookie policy.
What happens if you do not provide data
You provide contact details in the form voluntarily. Without e-mail or phone, however, we cannot reply, clarify the brief or prepare an offer.
Data for the contract, assignment operation and invoicing is necessary to order and properly provide the service. Without it, it may not be possible to conclude cooperation or fulfil statutory accounting and tax obligations.
For assignments involving visitor records, entrance regimes, camera supervision or other personal data of people on site, processing roles and scope are handled according to the specific contract and operating documents.
Enquiries and business communication
- Purpose
- Handling a form message, follow-up communication, preparing an offer and agreeing the next steps.
- Legal basis
- Art. 6(1)(b) GDPR if the communication is directed toward concluding a contract. For ordinary business records, also Art. 6(1)(f) GDPR - legitimate interest in handling and documenting communication.
- Data scope
- Name, company or organisation, e-mail, phone, service type, location, date, message content and data you add yourself about the assignment.
- Retention period
- For the time needed to handle the enquiry and then for no longer than 12 months from the last communication, unless a contractual relationship is created. If cooperation is concluded, contractual, accounting and tax retention periods follow.
- Recipients and processors
- Formspree for form delivery, hosting provider, website technical administration and people handling business communication.
Contractual and operational agenda
- Purpose
- Contract preparation, fulfilment of ordered services, operational communication, performance records, invoicing and fulfilment of accounting or tax obligations.
- Legal basis
- Art. 6(1)(b) GDPR - performance of a contract. Art. 6(1)(c) GDPR - compliance with legal obligations. For protection of legal claims, also Art. 6(1)(f) GDPR.
- Data scope
- Identification and contact details of the client, billing details, contractual documentation, operating instructions, handover information and related communication.
- Retention period
- For the duration of the contractual relationship and then for the period required by law. Accounting and tax documents are usually retained for 10 years.
- Recipients and processors
- Accounting and tax advisers, operational IT service providers, legal advisers and public authorities if required by law.
Recruitment and career form
- Purpose
- Assessment of a response to a job offer, communication with the candidate and organisation of the selection process.
- Legal basis
- Art. 6(1)(b) GDPR - steps prior to entering into an employment or similar relationship at the candidate request. For protection of legal claims, also Art. 6(1)(f) GDPR.
- Data scope
- Name, e-mail, phone, selected position, message, experience, availability and information about a certificate or qualification if you provide it.
- Retention period
- For the duration of the selection process and then for no longer than 6 months after it ends, unless cooperation is created or another legal reason for longer retention exists.
- Recipients and processors
- Formspree for form delivery and, internally, people involved in recruitment, shifts and operational leadership.
Form protection and website security
- Purpose
- Limiting repeated form submissions, spam prevention and protection of the website against technical abuse.
- Legal basis
- Art. 6(1)(f) GDPR - legitimate interest in secure website operation and form protection.
- Data scope
- IP address, request time and basic technical context needed for form protection.
- Retention period
- For the necessary time for form protection, usually in minutes. For operational security logs, the period may be longer depending on hosting settings.
- Recipients and processors
- Website operator, hosting provider and possibly a technical service for limiting repeated requests.
Website analytics after consent
- Purpose
- Traffic measurement, basic evaluation of website use, contact click measurement and indicative evaluation of traffic sources.
- Legal basis
- Art. 6(1)(a) GDPR - consent given in the cookie banner. You can change consent at any time through cookie settings.
- Data scope
- Technical and analytical identifiers, information about the visit, website interaction, traffic source and clicks on phone or e-mail.
- Retention period
- According to the lifetime of individual identifiers, Google Analytics settings and the stored browser choice. Details are stated in the cookie policy.
- Recipients and processors
- Google Analytics and technical services related to website analytics, only after consent is given.
Advertising conversion measurement after consent
- Purpose
- Evaluates whether an advertising campaign led to an enquiry accepted by the server or a phone click, and prevents duplicate counting of the same enquiry.
- Legal basis
- Article 6(1)(a) GDPR - separate consent for the Advertising measurement category in the cookie banner. You can change your consent at any time.
- Data scope
- The technical identifier of an accepted enquiry, the form type or phone-click information, and advertising identifiers where Google Ads uses them.
- Retention period
- The website does not set its own fixed retention period for Google Ads identifiers. Retention depends on the identifier type and current Google service settings; the cookie policy provides details.
- Recipients and processors
- Google Ads and technical services related to conversion measurement, only after consent.
Where we obtain data from
- data you send yourself via form, e-mail, phone or during a business meeting
- data created during offer preparation, contract conclusion and operation of the ordered security service
- data from career responses and follow-up recruitment communication
- technical data generated while using the website, forms and enabled measurement categories
- data from public registers or publicly available sources if needed for company verification, contract preparation or invoicing
How we protect data
- only people who need the data for a specific purpose have access
- business communication, recruitment, contractual documentation and analytics are kept separately by purpose
- we use external services only to the extent necessary for forms, hosting, analytics, accounting or legal protection
- we delete or archive data after the set retention periods expire
- contact and company details in legal texts, forms and website footer come from one company source
Processors, transfers and legal claims
We disclose personal data only where necessary for a specific processing purpose. This typically includes hosting, website administration, Formspree for form delivery, Google Analytics or Google Ads according to the consent category granted, accounting and tax advisers, legal advisers or public authorities.
Some external services may process data outside the European Union or European Economic Area. In that case, we use services only to the extent needed for the given purpose and rely on contractual and security mechanisms required by GDPR for data transfers.
Some data may be retained longer than ordinary operational periods if necessary to fulfil a legal obligation, accounting, tax records, complaint handling, inspection by a public authority or protection and defence of legal claims.
Your rights
- request access to your personal data
- request correction of inaccurate or incomplete data
- request erasure or restriction of processing if GDPR conditions are met
- object to processing based on legitimate interest
- withdraw consent if processing is based on consent
- request data portability within the scope set by GDPR
- file a complaint with the Office for Personal Data Protection
You can file a complaint with the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, uoou.gov.cz.
How to contact us about data
You can exercise your rights by e-mail at info@bravion.cz, by phone or another understandable method. If we need to verify identity, we will request reasonable additional information.
We respond to requests without undue delay, no later than within one month. For more complex or repeated requests, the period may be extended under GDPR; in that case you will receive information about the reason for extension.
If the question concerns the website, forms or analytics, a link to the specific page or a short description of the situation helps us.
