M

E

N

U

X

SERVICES

WORK

ABOUT

CONTACT

M

E

N

U

X

SERVICES

WORK

ABOUT

CONTACT

M

E

N

U

X

SERVICES

WORK

ABOUT

CONTACT

M

E

N

U

X

SERVICES

WORK

ABOUT

CONTACT

Privacy Policy

Last updated: 2. 5. 2026

This Privacy Policy explains how MgA. Paweł Ratajczyk, sole trader (OSVČ), trading as SLOWRAT, collects, uses, and protects your personal data when you visit slowrat.design or interact with us through the website.

We take your privacy seriously and process your personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and applicable Czech data protection law.

1. Who we are (Data Controller)

MgA. Paweł Ratajczyk Sole trader (OSVČ), registered in the Czech Republic
IČO: 09099328
DIČ: CZ8901141370
Registered address: Záhřebská 369/3, 120 00, Praha 2 - Vinohrady.
Email: pavel@slowrat.design

2. What data we collect and why

2.1 Contact form submissions

When you contact us through the website's contact form, we collect:

  • Your name

  • Your email address

  • The content of your message and any information you choose to include

  • Date and time of submission

Why: To respond to your inquiry, discuss potential collaboration, and follow up on your request.

Legal basis: Performance of a contract or pre-contractual steps at your request (Art. 6(1)(b) GDPR), and our legitimate interest in responding to inquiries (Art. 6(1)(f) GDPR).

Retention: We keep contact form submissions for up to 24 months from your last interaction with us, unless our exchange leads to a project — in which case the data is retained under the project's contract terms and applicable accounting law (typically 5–10 years for invoicing records under Czech law).

2.2 Newsletter signups

If you subscribe to our newsletter, we collect:

  • Your email address

  • Date of subscription

  • Records of which emails you opened or clicked (engagement data)

Why: To send you occasional updates about our work, articles, or studio news.

Legal basis: Your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by clicking the "unsubscribe" link in any email we send you, or by emailing us directly.

Retention: Until you unsubscribe, or after 24 months of inactivity, whichever comes first.

Processor: Our newsletter is managed through MailerLite, which stores subscriber data on EU servers. See Section 4 for more on processors.

2.3 Analytics

We use Google Analytics to understand how visitors use our website. We collect IP address (anonymized), browser and device information, pages visited, time spent, referrer URL, and a unique cookie-based identifier. Data is processed by Google LLC, which may transfer data outside the EU under Standard Contractual Clauses.

Why: To measure traffic, understand which content is useful, and improve the site.

Legal basis: Your consent (Art. 6(1)(a) GDPR), collected via our cookie banner. Analytics are not loaded until you give consent.

Retention: Up to 14 months in our analytics tool, or as configured by us.

2.4 Marketing cookies and tracking pixels

We use the Meta Pixel (and potentially other marketing tags) to measure the effectiveness of our advertising on platforms like Facebook and Instagram, and to show you relevant ads.

These tools collect:

  • Your IP address

  • Browser and device information

  • Pages you visit on our site and actions you take

  • A pixel-based identifier that Meta uses to match you to your Facebook/Instagram account

Why: To run and measure our advertising campaigns, and to retarget visitors with relevant ads.

Legal basis: Your consent (Art. 6(1)(a) GDPR). Marketing pixels are not activated unless you opt in via the cookie banner.

Joint controllership: For data collected via the Meta Pixel, we and Meta Platforms Ireland Ltd. act as joint controllers for the data collection and transmission stage. Meta's privacy policy is available at https://www.facebook.com/privacy/policy.

Retention: Up to 13 months in Meta's systems, or as configured.

2.5 Server logs

Our hosting provider automatically records standard server logs when you visit the site, including your IP address, browser type, and the pages requested. These are kept briefly for security and debugging.

Legal basis: Our legitimate interest in maintaining a secure, functional website (Art. 6(1)(f) GDPR).

Retention: Typically 30 days.

  1. Cookies

We use cookies and similar technologies. A cookie is a small text file stored on your device when you visit a website.

Category

Purpose

Consent required?

Strictly necessary

Make the site work (e.g. remembering your cookie preferences)

No

Analytics

Help us understand site usage

Yes

Marketing

Meta Pixel and similar tracking for ads

Yes

You can manage your cookie preferences at any time by clicking the "Cookie settings" link in our website footer. You can also delete cookies in your browser settings.

We do not load any non-essential cookies until you give consent.

4. Who we share data with (Processors and recipients)

We do not sell your data. We share it only with service providers who help us operate the website and our business. These processors handle your data on our behalf under data processing agreements.

Processor

Purpose

Location

Framer B.V.

Website hosting and content management

EU / USA (SCCs)

MailerLite

Newsletter delivery

EU

Google LLC

Site analytics

USA (SCCs)

Meta Platforms Ireland Ltd.

Advertising and pixel-based measurement

Ireland / USA (SCCs)

Google Workspace

Business email and contact form receipt

USA (SCCs)

Tax advisor / accountant

Bookkeeping and tax obligations

Czech Republic

Where data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses (SCCs) as a safeguard.

We may also disclose your data when required by law, court order, or to protect our legal rights.

5. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access — get a copy of the data we hold about you

  • Right to rectification — correct inaccurate or incomplete data

  • Right to erasure ("right to be forgotten") — request deletion of your data

  • Right to restriction of processing — limit how we use your data

  • Right to data portability — receive your data in a structured, machine-readable format

  • Right to object — object to processing based on legitimate interests, including direct marketing

  • Right to withdraw consent — at any time, where processing is based on consent

  • Right not to be subject to automated decision-making — we do not make automated decisions that significantly affect you

To exercise any of these rights, email us at pavel@slowrat.design. We'll respond within 30 days.

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Czech data protection authority:

Úřad pro ochranu osobních údajů (ÚOOÚ) Pplk. Sochora 27, 170 00 Praha 7, Czech Republic https://www.uoou.cz

6. How we protect your data

We use reasonable technical and organizational measures to protect your data, including HTTPS encryption, access controls on our accounts, and selecting processors with appropriate security standards. No system is 100% secure, but we work to minimise risk.

7. Children

Our website is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

8. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. For significant changes, we'll provide notice on the website or by email if you're a subscriber.

9. Contact

For any privacy-related questions or requests:

MgA. Paweł Ratajczyk
Email: pavel@slowrat.design
Website: https://slowrat.design