Prague Detectives — antique gold monogram crest
    ·
    Confidential consultation

    Legal

    GDPR Policy

    Last updated: 25 May 2026

    This policy describes how Prague Detectives — operated by Exero Group s.r.o., IČO: 09022104, registered in Prague, Czech Republic — complies with its obligations as a data controller under the EU General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”) and Czech Act No. 110/2019 Coll. on the processing of personal data.

    1. Data controller

    The data controller responsible for personal data processed in connection with our services is:

    Exero Group s.r.o.
    IČO: 09022104
    Prague, Czech Republic
    contact@praguedetectives.cz

    2. Lawful bases for processing

    • Contract (Art. 6(1)(b)) — to provide the investigative services you engage us to perform and to manage the client relationship.
    • Legal obligation (Art. 6(1)(c)) — to comply with Czech and EU laws, including tax, accounting, AML and licensing requirements.
    • Legitimate interests (Art. 6(1)(f)) — to conduct lawful investigations on behalf of clients with a demonstrable legitimate interest (e.g. legal proceedings, fraud prevention, protection of rights), subject to a documented balancing test.
    • Consent (Art. 6(1)(a)) — for optional communications such as enquiry follow-ups submitted through our contact form.

    3. Categories of data and data subjects

    We process identification and contact data, correspondence, billing data, and — when strictly necessary for an instructed investigation — observational data relating to subjects of inquiry. Processing is limited to what is necessary, proportionate, and lawful for the agreed purpose.

    4. Recipients and international transfers

    Personal data may be shared with our vetted processors (IT, hosting, accounting, legal counsel) under written data-processing agreements, and with competent authorities or courts where required by law. We do not transfer personal data outside the EEA unless an adequacy decision or appropriate safeguards under Chapter V of the GDPR apply.

    5. Retention

    Personal data is retained only for as long as necessary for the purpose for which it was collected and to meet legal retention obligations (typically up to 10 years for accounting records and the duration of any applicable limitation period for engagement files).

    6. Your rights

    • Right of access (Art. 15)
    • Right to rectification (Art. 16)
    • Right to erasure (Art. 17)
    • Right to restriction of processing (Art. 18)
    • Right to data portability (Art. 20)
    • Right to object (Art. 21)
    • Right to withdraw consent at any time, without affecting prior lawful processing

    7. Exercising your rights and complaints

    To exercise any of your rights, write to contact@praguedetectives.cz. We will respond within one month. You also have the right to lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, ÚOOÚ), at www.uoou.cz.

    8. Security measures

    We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit, restricted storage, staff confidentiality undertakings, and incident-response procedures aligned with Articles 32–34 of the GDPR.

    9. Updates

    This policy will be reviewed at least annually and whenever EU or Czech data-protection law materially changes.

    Questions about this document?

    contact@praguedetectives.cz