Privacy Policy

Antikhaus a.s.

Effective Date: 01 January 2026   |   Last Updated: 11 May 2026

Regulation: Regulation (EU) 2016/679 (GDPR)

1. Identity of the Data Controller

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), Antikhaus a.s.(hereinafter “the Controller”, “we”, “us”, or “our”) hereby informs you of the following.

The Controller responsible for this website is:

Legal name:  Antikhaus a.s.

Registration number:  CZ15889173

Registered address:  Ještědská 357, 468 02 Rychnov u Jablonce n/Nisou, Czech Republic

Phone:  + 420 483 388 462

Email:  info@antikhaus-historischefenster.com

Website:  antikhaus.cz

2. Data Protection Officer (DPO)

DPO not required:  We have assessed that the appointment of a Data Protection Officer is not mandatory under Article 37 GDPR for our organisation, as we do not carry out large-scale processing of special category data or systematic monitoring of individuals.

3. Scope of This Policy

This Privacy Policy applies to the website located at https://www.antikhaus.cz, which is a portfolio and informational website showcasing the works and services of the Controller. The website does not:

  • Offer products or services for direct purchase online;
  • Include contact forms or any other data submission mechanism;
  • Require users to create accounts or authenticate;
  • Collect any personal data directly from visitors through the website interface.

Visitors who wish to engage with us are invited to contact our team directly by phone or email, as listed in Section 1. Any personal data you share through those direct channels is processed separately and in accordance with this Policy and the GDPR.

4. Personal Data We Process

4.1  Data processed through the website

The Controller does not directly collect personal data through the website. No forms, tracking accounts, or active data capture mechanisms are present.

4.2  Server log data (processed by the Hosting Provider)

The website is hosted by Via Aurea, s.r.o, established in the EU at Lidická 81, 602 00 Brno, Czech Republic (hereinafter “the Hosting Provider”). As part of normal server operation, the Hosting Provider’s infrastructure automatically records standard technical log data, which may constitute personal data under Article 4(1) GDPR, including:

  • IP address of the requesting device;
  • Date, time, and duration of the request;
  • URL path requested and HTTP status code;
  • Referring URL (if any);
  • Browser type, version, and operating system.

This processing is carried out by the Hosting Provider in its capacity as a Data Processor acting on behalf of the Controller, pursuant to a Data Processing Agreement (DPA) in accordance with Article 28 GDPR. The legal basis for this processing is Article 6(1)(f) GDPR — legitimate interests: specifically, the legitimate interest in ensuring the security, integrity, and operational availability of the website.

For full details of how the Hosting Provider processes this data, please refer to: https://www.viaaurea.cz/zasady-zpracovani-osobnich-udaju/t1100.

4.3  Data shared proactively by users (phone / email)

When you contact us voluntarily by phone or email, you may share personal data such as your name, email address, phone number, and the content of your message. This data is processed on the basis of Article 6(1)(b) GDPR(steps prior to entering into a contract) and/or Article 6(1)(f) GDPR(our legitimate interest in responding to enquiries). It is not collected through the website itself.

5. Cookies & Tracking Technologies

The Controller does not use cookies, tracking pixels, web beacons, analytics scripts, or any other tracking technologies on this website.

The Hosting Provider may set strictly necessary technical cookies required for the security and delivery of the website (e.g. load balancing or DDoS protection cookies). These are set by the Hosting Provider as Data Processor and are not used for profiling, marketing, or analytics purposes. In accordance with Recital 25 of Directive 2002/58/EC (ePrivacy Directive) and applicable national implementing law, strictly necessary cookies do not require prior consent.

Should the Controller introduce any non-essential cookies in the future, this policy will be updated and a cookie consent mechanism will be implemented in compliance with Article 5(3) of the ePrivacy Directive and applicable GDPR requirements.

6. International Data Transfers

Both the Controller (Antikhaus a.s.) and the Hosting Provider (Via Aurea, s.r.o.) are established within the European Union. All processing described in this Policy takes place within the EU/EEA. No personal data is transferred to third countries outside the EU/EEA in connection with this website.

Should this change in future, any such transfer would be subject to appropriate safeguards in accordance with Chapter V GDPR (e.g. adequacy decision, Standard Contractual Clauses, or other approved mechanism), and this Policy would be updated accordingly.

7. Data Retention

Server log data collected by the Hosting Provider is retained for the period necessary for security and operational purposes, as defined in the Hosting Provider’s own privacy policy and DPA. The Controller does not independently store server log data.

Personal data shared directly with us via email or phone in connection with a pre-contractual or commercial enquiry will be retained for 3 years from last contact, unless a longer retention period is required by applicable law (e.g. tax or accounting obligations under Czech law.

8. Your Rights as a Data Subject

Under the GDPR, where we process personal data for which we act as Controller, you have the following rights:

  • Right of access (Art. 15 GDPR): You may request confirmation of whether we process personal data about you and, if so, obtain a copy.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your personal data where the processing is no longer necessary, you withdraw consent, or processing is unlawful.
  • Right to restriction (Art. 18 GDPR): You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month of receipt of your request, as required by Article 12 GDPR. This period may be extended by a further two months where requests are complex or numerous, in which case we will notify you.

9. Right to Lodge a Complaint

If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the competent supervisory authority in your EU Member State of habitual residence, place of work, or place of the alleged infringement, pursuant to Article 77 GDPR.

The supervisory authority competent for the Controller is:

Authority:  ÚOOÚ for Czech Republic

Website:  https://uoou.gov.cz/

Address:  Úřad pro ochranu osobních údajů, Pplk. Sochora 27, 170 00 Praha 7

You also retain the right to seek judicial remedy before a court of competent jurisdiction pursuant to Article 79 GDPR.

10. Third-Party Links

This website may contain links to external websites or platforms (e.g. professional networks, partner organisations). The Controller is not responsible for the privacy practices of those third parties. We recommend reviewing the privacy policy of any third-party site before submitting personal data to it.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, hosting arrangements, or applicable law. Where changes are material, we will update the “Last Updated” date at the top of this document. We encourage you to review this page from time to time.

This Privacy Policy was last reviewed on 11 May 2026.