Privacy Policy.
How we handle the personal data of website visitors, contact-form submitters and clients. No analytical tracking, no data exports beyond what is strictly necessary for operation.
If you are an EEA, UK or Swiss resident, this policy applies to you under the EU GDPR.
1. Who we are (data controller)
The controller of your personal data is accelapps s.r.o., Reg. No.: 06628362, VAT No.: CZ06628362, with registered office in Prague, registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 285754. We operate the product brand EasyPortal 365.
Controller contact details:
- Email: info@easyportal365.com
- Phone: +420 234 715 878
- Address: see contact page
We have not appointed a Data Protection Officer (DPO) — our processing does not fall within the categories where the GDPR requires one. Please direct any data protection enquiries to the email above.
2. What data we process
2.1 Contact form
When you send us a message via the contact form at /en/contact, we process:
- first name and surname (required)
- email address (required)
- message content (required)
- optionally: company name, phone number
2.2 Meeting bookings
If you book a consultation or support slot through our online widget (Zoho Bookings), we process the data you fill into the widget — typically name, email, phone number and a note.
2.3 Contractual relationship with clients
If you become our client, we process the data necessary for the performance of the contract and for invoicing: company name, Reg. No./VAT No., billing address, contact persons (name, email, phone, position).
2.4 Web server logs
The web server (GitHub Pages) records standard access logs (IP address, timestamp, HTTP request, user-agent). They are used solely for operation, security and error analysis. We do not use Google Analytics or any similar tool on the website.
3. Purposes of processing
- handling your enquiry from the contact form
- arranging and conducting a meeting
- performance of the contractual relationship including invoicing
- protecting the operation and security of the website
- compliance with legal obligations (accounting, tax, AML)
4. Legal basis for processing
We process your personal data on the basis of:
- your consent (contact form — given by ticking the GDPR checkbox) — Article 6(1)(a) GDPR;
- performance of a contract or pre-contractual measures (meeting bookings, client data) — Article 6(1)(b) GDPR;
- compliance with a legal obligation (accounting and tax records, archiving) — Article 6(1)(c) GDPR;
- legitimate interest (server logs, website security, enforcement of claims) — Article 6(1)(f) GDPR.
5. How long we retain data
| Category of data | Retention period |
|---|---|
| Contact form (after handling) | up to 24 months or until consent is withdrawn |
| Meeting booking data | up to 24 months |
| Client data (contractual relationship) | for the duration of the contract + statutory periods |
| Accounting documents | 10 years (Czech Accounting Act) |
| Web server logs | maximum 30 days |
6. To whom we disclose your data
We share your data only with processors that help us operate our services — always under a data processing agreement and only to the extent strictly necessary:
- Zoho Corporation B.V. — operation of the contact form and online bookings; data hosted in EU data centres (forms.zohopublic.eu, bookings.nimbuspop.com).
- Microsoft Ireland Operations Limited — Microsoft 365 as our internal email and office infrastructure.
- GitHub, Inc. — hosting of the website via GitHub Pages.
- providers of accounting and tax services (under a written contract);
- public authorities, where required by law.
We do not routinely transfer data outside the European Economic Area. Where this exceptionally happens with certain third-party services (typically GitHub), it is carried out under the Standard Contractual Clauses approved by the European Commission (Article 46 GDPR).
Note on EP365 products: EasyPortal 365 applications deployed as part of client projects run directly within the customer's Microsoft 365 tenant. Data processed by these applications never leaves the customer's tenant, and we as the supplier access it only to the extent agreed in the contract (typically support and maintenance).
7. Your rights
In relation to your personal data you have the following rights under the GDPR (Articles 15–22):
- right of access — to find out what data we process about you and obtain a copy;
- right to rectification of inaccurate or incomplete data;
- right to erasure ("right to be forgotten"), where the reason for processing has ceased;
- right to restriction of processing in specific cases;
- right to data portability in a structured, machine-readable format;
- right to object to processing based on legitimate interest;
- right to withdraw consent at any time (where processing is based on consent) — withdrawal does not have retroactive effect;
- right to lodge a complaint with a supervisory authority. In the Czech Republic this is the Czech Data Protection Authority (ÚOOÚ) — Úřad pro ochranu osobních údajů.
It is enough to send your request to info@easyportal365.com. We will handle it within 30 days of receipt at the latest; if the request is complex, we may extend this period by a further two months and will inform you of the extension.
8. Cookies and similar technologies
The EasyPortal 365 website deliberately uses a minimum of cookies. We have no Google Analytics or any other analytical or advertising tool. Fonts are served locally from our hosting, so no information about your visit is leaked to third parties just because of typography.
Details in the separate Cookies document.
9. Security
We implement appropriate technical and organisational measures to protect personal data: HTTPS across the entire site, restricted access to systems containing personal data, multi-factor authentication for internal systems, and regular review of security procedures.
10. Changes to this policy
This policy may be updated from time to time — typically when the scope of processing, legal obligations or processors change. The current version is always available on this page. We will give you advance notice of material changes (by email to addresses you have provided to us, or via a visible notice on the website).