Company Logo
Sign in

Privacy Policy

Effective from: 7 July 2026

This privacy policy (the "Policy") explains how CircuitNinja s.r.o. processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (the "GDPR") and Act No. 110/2019 Coll., on the Processing of Personal Data.

Effective from: 7 July 2026

Note: This Policy is issued in Czech and English. In the event of any discrepancy between the language versions, the Czech version prevails.

I. Data Controller

The controller of personal data is:

CircuitNinja s.r.o., Company ID (IČO): 23151200, VAT ID (DIČ): CZ23151200, with its registered office at Kurzova 2222/16, Stodůlky, 155 00 Prague 5, Czech Republic, registered in the Commercial Register maintained by the Municipal Court in Prague under file no. C 421560 (the "Controller").

Contact details:

  • E-mail: info@circuitninja.cz

The Controller has not appointed a data protection officer.

II. Personal Data We Process

Depending on the nature of the relationship, we process in particular:

  1. Identification and contact data – first and last name, company name, IČO, DIČ, billing and delivery address, e-mail, phone.
  2. Account data – where a user account is set up (in particular for business customers and invoicing), the login identifier (e-mail), account settings, and the order history linked to the account.
  3. Inquiry and order data – inquiry content, specification and materials (in particular manufacturing data), order history, and communication.
  4. Sign-up and lead data – contact details voluntarily provided through the sign-up, waitlist, or contact form on the website (in particular e-mail and name), and the related communication.
  5. Payment and invoicing data – bank account number, data on tax documents.
  6. Website usage data – IP address, cookies, and similar technical data (see Article VIII).

We obtain personal data primarily directly from the data subject (when submitting an inquiry, order, sign-up, or when creating an account).

Manufacturing materials (e.g. Gerber files) are generally not personal data in themselves; however, if they contain data allowing the identification of a natural person, we handle them in accordance with this Policy.

III. Purposes and Legal Bases of Processing

PurposeLegal basis (Art. 6 GDPR)
Conclusion and performance of the contract, handling inquiries and orders, manufacture and delivery, complaintsArt. 6(1)(b) – performance of a contract
Setting up and operating a user account and enabling ordering through itArt. 6(1)(b) – performance of a contract (steps prior to and under the contract)
Registering a sign-up/waitlist request and contacting the interested party about the launch and availability of our servicesArt. 6(1)(a) – consent, or Art. 6(1)(b) – steps taken at the request of the data subject prior to entering into a contract
Bookkeeping, issuing tax documents, fulfilling tax and archiving obligationsArt. 6(1)(c) – legal obligation
Protection of the Controller's legitimate interests (debt recovery, defence of legal claims, security and operation of the website)Art. 6(1)(f) – legitimate interest
Sending commercial communications to existing customers about similar servicesArt. 6(1)(f) – legitimate interest (may be objected to at any time)
Web analytics and other non-essential cookies where consent is requiredArt. 6(1)(a) – consent

IV. Retention Period

  • Data necessary for the performance of the contract is retained for the duration of the contractual relationship.
  • Data on tax documents and in accounting is retained for the period required by law (generally 10 years for tax documents under the VAT Act).
  • Data processed on the basis of legitimate interest is retained for the period necessary to fulfil the given purpose, at most for the duration of the limitation periods for potential legal claims.
  • Data processed on the basis of consent is retained until the consent is withdrawn.

V. Recipients and Transfers of Personal Data

Personal data may be made available to the following categories of recipients, always only to the extent necessary:

  • transport and logistics companies for the purpose of delivering the Goods (e.g. DPD);
  • providers of accounting and invoicing software and economic services, and the accounting/ERP system (currently Fakturoid, transitioning to Abra);
  • IT, hosting, and e-mail service providers;
  • our web analytics provider (PostHog, with servers in the EU);
  • legal, tax, and similar advisors;
  • public authorities, where required by law.

The Controller does not transfer personal data to third countries outside the EU/EEA. Should such a transfer occur (e.g. for IT services), the Controller will ensure appropriate safeguards under Art. 44 et seq. of the GDPR.

VI. Security of Personal Data

The Controller adopts appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, loss, or misuse. Personal data and the Customer's manufacturing materials are made available within the company only to persons who need them to perform their tasks (the need-to-know principle). Persons authorised to process personal data are bound by confidentiality. The Controller selects only processors that provide sufficient guarantees of appropriate protection of personal data and that keep the data within the EU/EEA.

VII. Rights of the Data Subject

In connection with the processing of personal data, you have the right to:

  • access your personal data (Art. 15 GDPR);
  • rectification of inaccurate or incomplete data (Art. 16 GDPR);
  • erasure ("right to be forgotten") under the conditions of Art. 17 GDPR;
  • restriction of processing (Art. 18 GDPR);
  • data portability (Art. 20 GDPR);
  • object to processing based on legitimate interest, including direct marketing (Art. 21 GDPR);
  • withdraw any consent given at any time, without affecting the lawfulness of processing before its withdrawal;
  • lodge a complaint with a supervisory authority.

You may exercise your rights at info@circuitninja.cz or at the Controller's registered office.

The supervisory authority in the Czech Republic is the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 727/27, 170 00 Prague 7, www.uoou.cz.

VIII. Cookies

The circuitninja.cz website uses cookies and similar technologies, which fall into the following categories:

  • Essential (technical) cookies – ensure the basic functionality of the website; processed on the basis of legitimate interest and always active. They do not require consent.
  • Analytics cookies (PostHog) – we use the PostHog analytics tool to measure traffic and user behaviour in aggregate in order to improve the website. PostHog processes this data on servers located in the European Union; no data is transferred outside the EU/EEA for this purpose.

Analytics cookies are set only on the basis of consent given via the cookie banner, which lets you choose between allowing analytics and using necessary cookies only. We do not use marketing, advertising, or cross-site tracking cookies. Consent can be changed or withdrawn at any time in the cookie settings or in your browser settings, without affecting the lawfulness of processing before withdrawal.

IX. Provision of Data

The provision of personal data needed to conclude and perform the contract is a contractual requirement; without it, the contract cannot be concluded or performed. The provision of data for purposes required by law (e.g. invoicing) is a statutory requirement.

X. Changes to This Policy

The Controller is entitled to update this Policy. The current version is always available on the Controller's website. This Policy takes effect on the date stated in its heading.