Privacy Policy
Last updated: 10 July 2026
1. Controller
Onfria s.r.o., ID No. 29728878, registered office at Vlněna 526/5, Trnitá, 602 00 Brno, Czech Republic, registered in the Commercial Register maintained by the Regional Court in Brno, Section C, Insert 152584 (hereinafter "Onfria", "we", "us").
Contact for data protection matters: legal@onfria.com
2. Technical data and website logs
This website is an informational marketing site. We do not use cookies, tracking pixels, analytics scripts or advertising. Apart from the contact form described in section 3, we do not collect personal data through this website.
When you visit this website, technical data may be recorded automatically as part of the HTTP request and in server, error or security logs. This may include:
- IP address
- date and time of access
- requested page or URL, HTTP method, status code and transferred data volume
- information about the device, operating system and browser
- referrer URL, if sent by the browser
- technical errors and security-event information
We process this data to ensure the security, stability and proper functioning of the website, diagnose errors and protect the website against misuse. The legal basis is Article 6(1)(f) GDPR — our legitimate interest in operating and securing a publicly accessible website. Log data is not used for profiling or cross-site tracking.
Standard server access and error logs are retained for 30 days. Security records are retained for up to 90 days. If a specific record is required to investigate a security incident, protect our legal rights or comply with a legal obligation, it may be retained for the period necessary to resolve that case. Any such exception must be documented, time-limited and reviewed when the reason for retention ends.
3. Contact form and e-mail correspondence
If you use the contact form on this website, we process the data you enter — your name, e-mail address, optionally your company, and the content of your message — in order to respond to your inquiry. The form does not use any third-party form service: your submission is processed by a script on our own hosting and delivered to our mailbox as an e-mail. We do not store form submissions in a separate database; they are retained only as e-mail correspondence, as described below.
If you contact us via the e-mail addresses listed on this website, we process your name, e-mail address and the content of your message for the purpose of responding to your inquiry.
Legal basis: Article 6(1)(b) GDPR (pre-contractual measures) or Article 6(1)(f) GDPR (legitimate interest in handling business inquiries).
General inquiries that do not lead to a contract or further cooperation are normally retained for 12 months after they have been resolved. Business inquiries and related correspondence that do not lead to a contract are normally retained for 2 years from the last contact. After the relevant period, messages are deleted or anonymized unless another lawful reason requires their continued retention.
Correspondence relating to a contractual relationship, accounting records, orders, complaints, legal claims, security incidents or data-protection requests is retained for the period appropriate to its purpose and for as long as required by applicable law or necessary to establish, exercise or defend legal claims.
4. Session storage
This website stores a single technical flag (onfria.introSeen) in your
browser's sessionStorage to avoid replaying the introductory animation
within the same browser session. This data:
- is stored locally in your browser only — it is never transmitted to any server
- contains no personal information
- is automatically deleted when you close the browser tab
- does not require your consent under Article 5(3) ePrivacy Directive (strictly necessary for a function explicitly requested by the user)
5. Service providers and third-party tracking
All scripts, fonts and assets used by the website are self-hosted. The website code does not load analytics, advertising, social-network widgets or other third-party tracking services.
We use the following processors to operate the website and to communicate with you:
- Website hosting: WEDOS Internet, a.s. (Czech Republic, EU) — hosts this website and processes the contact form, and generates the server, error and security logs described above.
- E-mail: Microsoft (Microsoft 365) — hosts our mailboxes and processes the correspondence described in section 3. Microsoft may process data outside the EU; where that happens, transfers are safeguarded by appropriate mechanisms (such as EU Standard Contractual Clauses and Microsoft's EU Data Boundary).
These providers process technical or correspondence data only to the extent necessary to provide their services and under a data processing agreement. The exact processing locations, access controls, backup arrangements and retention settings are documented and verified before launch and whenever a provider changes.
6. Your rights
Under applicable data protection law you have the right to:
- access the personal data we hold about you (Art. 15 GDPR)
- rectification of inaccurate data (Art. 16 GDPR)
- erasure ("right to be forgotten") where applicable (Art. 17 GDPR)
- restriction of processing (Art. 18 GDPR)
- data portability (Art. 20 GDPR)
- object to processing based on legitimate interest (Art. 21 GDPR)
To exercise these rights, contact us at legal@onfria.com.
7. Supervisory authority
You have the right to lodge a complaint with the Czech supervisory authority:
Úřad pro ochranu osobních údajů (ÚOOÚ)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
www.uoou.cz
8. Changes to this policy
We may update this policy from time to time. The current version is always available at this URL. Material changes will be communicated via the website.