Privacy Policy | Kompenzo

Privacy Statement of Kompenzo s.r.o. and Kompenzo International s.r.o.

Introduction
1. We place special emphasis on the protection of users of our website who provide us with their personal data. This privacy statement (“Privacy Statement”) is provided to you with the necessary information on how we, the company Kompenzo s.r.o., registered office at Hybernská 1033/7, Nové Město, 11000 Praha 1, Czech Republic, company ID 21488941, and Kompenzo International s.r.o. registered office at Korunní 2569/108, Vinohrady, 101 00 Praha, Czech Republic, company ID 24083500 (hereinafter collectively as “We” or “Joint controllers”) process your personal data as the data controller (Joint controllers) pursuant to Article 4, point 7 and Article 26, point 1 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data (“GDPR”).
2. Our contract details are:
  Kompenzo s.r.o.
  Hybernská 1033/7, Nové Město, 110 00 Prague 1
  ID: 21488941
  e-mail: info@kompenzo.com
  
  Kompenzo International s.r.o.
  Korunní 2569/108, Vinohrady, 101 00 Prague
  ID: 24083500
  e-mail: info@kompenzo.com
  
  Kompenzo s.r.o. and Kompenzo International s.r.o. act as Joint Controllers. We have entered into an agreement governing our respective responsibilities for compliance with the obligations under the GDPR.
  
  The essence of this arrangement is as follows:
3. 1. Both companies share a unified IT infrastructure, marketing channels, and administrative personnel to process your claim efficiently.
  2. Both companies are jointly responsible for ensuring the security of your personal data and for handling your requests regarding data subject rights (such as access or erasure).
  3. You may exercise your rights under the GDPR in respect of and against either of the controllers. For administrative efficiency, we have designated a single contact point for all privacy-related queries: info@kompenzo.com.
4. We have not appointed a Data Protection Officer pursuant to Article 13(1)(b). [We have appointed a Data Protection Officer pursuant to Article 13(1)(b) who can be contacted at: gdpr@kompenzo.com]
5. This Privacy Statement also describes any processing of personal data conducted by us and our partners representing you in these claims (“jotners”). The Claim partners are bound to process your personal data according to this Privacy Statement and for other purposes stated in the privacy statement of the specific Claim Partner. We are, however, not responsible for any data processing or actions conducted by these Claim partners. We do not act as joint data controllers with Claim partners and we are not liable for any damage caused by the Claim partners.
6. Identification and contact details of any Claim partners who receive your personal data will be made available to you through our website or by e-mail. Use these contact details to exercise your rights related to processing of your personal data by this Claim partner.
7. Unless specified otherwise, such as in Article IV of this Privacy Statement, any information about processing of personal data by us apply also to processing of personal data by Claim partners.
8. We are committed to protecting and preserving your privacy. This Privacy Statement sets out the basis on which any data we collect from you, or that you provide to us, will be processed by us. Please read this Privacy Statement carefully to fully understand how we process, use, disclose and secure information that you provide to us when you use our website.
9. We reserve the right to change this Privacy Statement at any given time, if you want to make sure that you are up to date with the latest changes, we advise you to view this Privacy Statement regularly. If we materially change our Privacy Statement, we will notify you of such changes by posting a notice on our website and/or contacting you at the e-mail address provided to us. Your continued use of the website will be deemed your agreement that your information may be used in accordance with the new statement. If you do not agree with the changes, please stop using our website, and notify us that you do not want your personal data to be used in accordance with the changes.
10. By accessing or using our website, you acknowledge that you have read and understood this Privacy Statement. Where we require your consent for specific processing activities (such as marketing cookies or specific sensitive data), we will ask for it separately (e.g., via a cookie banner or a tick box).
Principles of personal data protection
1. We are bound by the following principles when processing personal data:
2. 1. Personal data must be processed fairly and in a lawful and transparent manner;
  2. Personal data may only be collected for specific, explicit and legitimate purposes and may not be further processed in a way that is incompatible with those purposes;
  3. Personal data may be processed only to the extent necessary in relation to the purpose in question;
  4. The processing of personal data must take into account its accuracy;
  5. Personal data may be kept only for the necessary period; and
  6. Personal data must be processed under appropriate security.
Sources and scope of the processed data
1. We receive your personal data from various sources, which are in particular:
2. 1. when you fill in forms or questionnaires on our website or through third-party form tools integrated into our website (such as Typeform)
  2. when you provide information about the specific claim; and
  3. when you communicate with us or the Claim partner.
3. We use the following categories of personal data:
4. 1. Identification data, such as name, surname, date of birth;
  2. Contact data, such as e-mail, telephone, postal address;
  3. Financial data, such as bank connection and any sums paid;
  4. Communication data, such as history of previous contacts and data regarding your enquiry that you provided us with;
  5. Claim data, such as your previous use of any goods or services, contacts with third parties, damage incurred, contracts concluded; these data may also include data about your health, racial or ethnic origin or other special categories of data under Article 9 GDPR (“Sensitive data”) which you have provided to us.
5. We also process Cookies data, i.e. personal data regarding your usage of our website collected by cookies and other tracking techniques. We would like to remind you that your personal data might be automatically collected through your use of our website by cookies and other technologies. The personal data may include device information (hardware model, information about the operating system and its version, unique device identifiers, mobile network information, device storage information), location information (IP address, time zone, information about your mobile service provider), usage data (including, among others: frequency of use, areas and features of our website you visit, your use patterns generally, engagement with particular features). We may use this information to better understand, customize, and improve the user experience of our website and services. See section below "Cookies” to learn more.
6. In case Sensitive data (special categories of personal data) are provided, we process them primarily on the basis that processing is necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f) GDPR) and/or based on your explicit consent where no other legal basis applies.
Purposes, legal basis and duration of the processing
1. We process personal data on the basis of the following purposes:
2. 1. Provision of services. If you apply with a specific claim, we process the Identification data, Contact data, Financial data, Communication data, Claim data, and Cookies data for the purpose of the provision of services to you, which consist of initial evaluation of the claim and administering your claim. We process these personal data for the duration of the contractual relationship we have with you. For this purpose, the legal title for processing is a necessity for the performance of the contract. In case the Sensitive data are also provided, these are processed for the establishment, exercise or defence of legal claims.
  2. Transfer of data to Claim partners. If you apply with a specific claim and subsequently approve the transfer to a Claim partner, we transfer your Identification data, Contact data, Financial data and Claim data to this partner, enabling the partner to represent you in such claim and administer it. We process these personal data until the end of a transfer of data to the specific Claim partner. For this purpose, the legal title for processing is a necessity for the performance of the contract. In case the Sensitive data are also provided, these are processed with your explicit consent.
  3. Protection of our rights and legitimate interests. Further, we process your Identification data, Contact data, Financial data, Communication data, Claim data and Cookies data on the basis of the legitimate interest consisting of recovery of our claims against you and/or to protect and enforce our claims. For this purpose, we process your personal data for the period of time corresponding to the statutory limitation period, generally limited to 15 years. In case the Sensitive data are also provided, these are processed for the establishment, exercise or defence of legal claims.
  4. Performance of general legal duties. We also process your Identification data, Contact data, Financial data and Claim data in accordance with the relevant advocacy acts, accounting acts or value-added tax act, as we are obliged to store those documents for a certain time period (this specific time period may differ according to applicable law in each country). If there is such a legal obligation, we store the concerned documents together with your personal data for the time period as stated by the applicable law.
  5. Promotion of our website and services. If you use the website, we also use your Identification data, Contact data, Claim data and Cookies data to promote our services and the possibility to file your claim, including sending promotional communications. The legal basis for this processing is our legitimate interest in the promotion of our activities and we process your personal data for the duration of the contractual relationship and 2 years after or for 2 years after visit of our website if you are not our customer.
  6. Operation of our website and their security (Essential Cookies). We process your Cookies data, which are necessary for the operation of the website, including presentation, their functionality and ensuring your safety. Within this purpose, we identify you as a visitor during the browsing or during repeated logins on the website. The legal basis for such processing is our legitimate interest in due functionality and operation of our website. We generally retain your personal data for up to 2 years after your visit to our website.
  7. Promotion and marketing on our website (Marketing Cookies). We process your Cookies data, which are necessary for targeting and showing our advertisements (marketing cookies), while your data may also be transferred to third parties. Within this purpose, we promote and market products and services on the website and show you marketing communication related to products and services you expressed your interest in and promote our brand through online promotion, while your data may also be transferred to third parties. The legal basis for processing here is therefore your consent, given through the Cookies Sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
  8. Customization of website (Functional Cookies). We process your Cookies data, which are necessary for the customization of the website (functional cookies). We can then simplify browsing the website for you. For this purpose, we customize the website – location, language choices and your device to your preferences, while your data may also be transferred to third parties. The legal basis for processing here is therefore your consent, given through the Cookies sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
  9. Analysis of visits of website (Analytics Cookies). We also process your Cookies data, which is necessary for analysis of visits to our website (analytics cookies). For this purpose, we monitor traffic on our website, optimize our website, ensure the security of your data and make it more seamless and user-friendly, while your data may also be transferred to third parties. We process your data based on your consent, which you gave to us through the Cookies Sidebar. We retain your data for the duration of your consent but in any case, no longer than 2 years from receiving your consent.
3. If we transfer your case to a Claim partner (e.g., an attorney or a litigation funding company) based on your instruction or contract, please note that upon transfer, the Claim partner becomes an independent data controller of your personal data.
  
  While we carefully select our partners, we are not responsible for their internal data processing policies. The Claim partner will process your data for the purpose of legal representation and claim administration in accordance with their own professional obligations (e.g., attorney-client confidentiality) and their own privacy policies. We strongly advise you to review the privacy notice provided by the specific Claim partner assigned to your case.
4. There is no automated individual decision-making by us or the Claim partners that would have legal or similarly significant effects on you within the meaning of Article 22 GDPR.
Disclosing of personal data
1. Where applicable, we may disclose your personal data to verified and contractually obligated external business third parties, acting as our data processors, for the above-mentioned purposes, such as our hosting providers, call centre operators and providers of marketing services. This also includes our legal advisors evaluating the claim, who act as our data processors.
2. We may also provide your data, based on your instruction, to a specific Claim partner.
3. We cooperate with Unicorn Army s.r.o., a limited liability company having its registered seat at Příčná 1892/4, Nové Město, 110 00 Prague, Czech Republic, registered in the Czech Commercial Register maintained by the Municipal Court in Prague, File No. C 353356, Company ID No. 11715707, and napřímo digital, s.r.o., a limited liability company having its registered seat at Příčná 1892/4, Nové Město, 110 00 Prague, Czech Republic, registered in the Czech Commercial Register maintained by the Municipal Court in Prague, File No. C 403309, Company ID No. 21604231 (together the “Marketing Partners”). These Marketing Partners act as our data processors and provide us with marketing and performance advertising services.
  
  In order to perform these services, the Marketing Partners may further cooperate with third-party platforms such as Google, which is used for website analytics, advertising and optimisation. Google acts as a processor for certain processing activities and as an independent data controller for other processing operations. In addition, we use Meta platforms to display relevant advertisements. In this context, Meta acts as an independent or joint data controller, depending on the specific processing activity.
4. We also use performance-based marketing. In performance-based marketing the advertiser is remunerated only for actual and measurable results. To make use of this service, we submit anonymous transaction data to an affiliate network. This data includes; product descriptions, sales value, and demographic and geographical characteristics. These cannot be traced back to an individual and are only used and shared for statistical purposes. In addition to anonymous transaction data, we also provide pseudonymised transaction IDs and IP addresses. We process this data based on our legitimate interest in verifying the effectiveness of our advertising campaigns and preventing fraud within the affiliate network (Article 6(1)(f) GDPR). Where required by e-privacy laws (e.g., for tracking cookies associated with this service), we rely on your consent.
5. In addition, the personal data may be provided to:
6. 1. the courts, other public authorities and other public bodies, where necessary for the exercise of the controller’s rights vis-à-vis the data subject or for the fulfilment of our legal obligation;
  2. law enforcement authorities, where necessary for the exercise of our rights vis-à-vis the data subject or for the fulfilment of our legal obligation;
  3. our new owners and legal advisors in the case of sale of our company or other similar transaction.
7. We primarily process personal data within the European Union (“EU”) and the European Economic Area (EEA). However, when using services of some partners, data may be transferred to the United States of America (“USA”).
  
  Transfers to the USA are carried out on the basis of the EU-U.S. Data Privacy Framework (“DPF”) for entities that are certified under this framework (e.g., Google, Meta). The European Commission has determined that these certified entities provide an adequate level of data protection. For transfers to entities or countries without an adequacy decision, we utilize Standard Contractual Clauses (“SCCs”) approved by the European Commission, supplemented by additional security measures where necessary.
8. In this case, the data controller will adopt adequate guarantees of the protection of personal data within the meaning of Article 44 et seq. of the GDPR. Where we disclose personal information for a purpose set forth herein, we will base such transfer on the contract concluded with the data subject, we will enter a contract with the third party that describes the purpose and requires the third-party recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The data controller is not liable towards the users for any violations of the GDPR made by this third party.
9. If such activity is presumed by the contract we entered into with you, we also may provide your personal data to the 3rd parties who meet the definitions of such contract.
Rights of the data subject
1. Under the conditions set out in the GDPR, you, as the data subject, shall have:
2. 1. the right of access to your personal data pursuant to Article 15 of the GDPR;
    When exercising the right of access to personal data, we will provide you with confirmation of which of your personal data we process, for which purpose, to whom the personal data has been or will be disclosed, for how long the personal data will be processed, information about your rights regarding personal data, information about the source of the personal data and information about whether automated decision-making, including profiling, takes place regarding your personal data. You can also request a copy of personal data which we process about you.
  2. the right to rectification of personal data pursuant to Article 16 GDPR;
    
    When exercising the right to rectification, you can request that we correct incorrect personal data we process about you.
  3. the right to erasure of personal data pursuant to Article 17 GDPR;
    
    If you believe that we are processing your personal data unlawfully, you have the right to ask us to delete it. We are only obliged to comply with this request in certain cases and the request will always be considered individually in relation to the category of personal data concerned and the purpose for which it is processed.
  4. the right to restriction of processing personal data pursuant to Article 18 GDPR;
    
    If you contest the accuracy of the personal data, we will restrict the processing of your personal data until a decision is made as to whether it is correct, we would be processing your personal data without sufficient legal basis, but you will request a restriction on processing instead of erasure of the data, we no longer need your personal data for the processing purposes set out above in this notice, but you require it for the establishment, exercise, or defense of legal claims; or
    
    you object to the processing of the personal data, in which case we are obliged to restrict the processing of the personal data in question while we evaluate the validity of the objection;
    
    You have the right to ask us to temporarily restrict the processing of that personal data. In this case, the personal data will not be erased, however, the processing will not take place.
  5. the right to object to processing pursuant to Article 21 GDPR (in particular in the case of processing for direct marketing purposes);
    
    If the processing of your data is based on a legitimate interest, you may object to such processing on grounds relating to your particular situation. We will then assess your request and unless we can demonstrate that we have compelling legitimate grounds for the processing which override your interests or rights and freedoms or that we need the personal data to establish, exercise or defend legal claims, we will not continue to process your personal data for that purpose.
    
    If we process your personal data for direct marketing purposes and you object to such processing, we are obliged to comply with the objection.
    
    An objection shall also be deemed to be an objection to processing by automated means or an objection to processing for direct marketing purposes.
  6. the right to data portability pursuant to Article 20 GDPR;
    
    When exercising the right to portability of personal data that we process on the basis of the performance of a contract or your consent, you can ask us to transfer the personal data in question. In such a case, we will provide your personal data in a structured, commonly used and machine-readable format to the entity designated by you.
  7. the right to withdraw consent to the processing of personal data at any time in writing or electronically to our address or email specified in this Privacy Statement.
    
    If we process your personal data on the basis of your consent, you are entitled to withdraw this consent at any time.
    
    However, please note that withdrawal of consent only applies to personal data processed on this basis and does not apply to personal data that we may process on another legal basis (e.g. for the performance of a contract).
3. If you exercise a right in accordance with this Article or in accordance with other applicable legal provisions, we will inform you about the adopted measure about your personal data to every recipient who is processing such data, if the communication to the recipient is possible and/or does not require unreasonable effort.
4. If you wish to exercise your rights or to receive the relevant information, contact us via one of our contact details. When you contact us, we have to ask you to provide us with your identification information or other personal data which you have provided us earlier. The provision of such information is necessary for the verification if it is you who has actually sent the request. We will provide you with the answer no later than one month after receiving such a request, whereby we retain the right to extend this time period by two months.
5. In addition, you have the right to lodge a complaint with the competent Data Protection Authority, in particular in the Member State of your habitual residence, place of employment or place of alleged infringement, if you consider that your right to data protection has been infringed (e.g. in Czechia, you may contact the Czech Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, Czechia, website: https://www.uoou.cz/.)
Voluntary provision of personal data
1. The provision of personal data shall be voluntary, but non-provision of the necessary personal data shall be incompatible with the establishment of the relevant legal relationship and the fulfilment of the rights and obligations arising therefrom.
Conditions for the security of personal data
1. We declare that we have taken all appropriate technical and organizational measures to ensure the security of personal data and the security of data storage devices and documents containing personal data.
  
  For the purpose of secure storage and internal administration, personal data may be stored and processed using cloud-based tools provided by Google, in particular Google Workspace, which complies with applicable data protection and security standards.
2. We declare that access to personal data is granted exclusively to duly authorized persons who are bound by statutory or contractual confidentiality obligations and who require access to such personal data solely for the performance of their duties.
3. We would like to inform you that transmitting information over the internet is never completely secure. While we take appropriate measures to protect your personal data, we cannot guarantee absolute security of data transmitted to us electronically via the website, and such transmission is therefore at your own risk.
Cookies
1. While using our website we may process your personal data (Cookies data) via cookies and other tracking technologies. Cookies are small text files that are stored in your web browser that allow us or a third party to recognize you. Cookies can be used to collect, store and share bits of information about your activities across websites, including our website. This also applies to other similar technologies used for this purpose.
2. We use the following cookies:
3. 1. Technical cookies are necessary to ensure the correct function of the website;
  2. Third-party cookies, like tracking analytical, and targeting cookies are used only with your previous explicit consent.
  3. You may adjust the authorization or the refusal of all of the cookies or only some of the cookies. The refusal of the cookie files may have a negative influence on the functionality of the websites, including the website. You may adjust your choice regarding the cookies anytime or you may erase them from your electronic device at any time. Detailed information regarding the cookies is provided on the website of the appropriate website browser provider. Read more about the Cookies policy.
Links to Third party websites
1. Our website may contain links to other websites. If you visit one of these linked sites, we would like to remind you that you should review their privacy and other policies. We have no control over and are not responsible for the privacy policies or practices of such sites.
Final provisions
1. Our services are not intended for persons under the age of 16. We do not knowingly collect or solicit personal data from anyone under the age of 16. If you are under 16, please do not attempt to register for our services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible.
2. By confirming acknowledgement of this Privacy Statement or signing the agreement linking to this Privacy Statement, you confirm that you have read the Privacy Statement and accept it in its entirety.
3. This Privacy Statement is current as of January 22, 2026. We are entitled to change the Privacy Statement. We will publish the new version of the Privacy Statement on our website or, where applicable, send the new version of the Privacy Statement to you at the email address provided to us.