EN CZ

Privacy Policy

of the selinapp.com service

Effective 24 April 2026

PRIVACY POLICY

of the selinapp.com service

This Privacy Policy (hereinafter the "Policy") describes how Wecker MP s.r.o. processes personal data in connection with operating the selinapp.com software service (hereinafter the "Service") and informs data subjects of their rights under Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (hereinafter the "GDPR"), and Act No. 110/2019 Coll., on the Processing of Personal Data.

1. Data controller

The controller of personal data is:

  • Wecker MP s.r.o.
  • Company ID: 14222493
  • Registered office: Husitská 107/3, Žižkov, 130 00 Prague 3, Czech Republic
  • Registered in the Commercial Register kept by the Municipal Court in Prague
  • Contact e-mail: available on selinapp.com

(hereinafter the "Controller" or "we")

The Controller has not appointed a Data Protection Officer as it is not subject to that obligation.

2. Who this Policy applies to

This Policy applies to the processing of personal data of the following categories of data subjects:

  • visitors to the website selinapp.com,
  • prospects for the Service (enquiries, registrations, trial periods),
  • users of the Service who are self-employed individuals, and individuals acting on behalf of a corporate user (representatives, contact persons, employees of users),
  • persons communicating with the Controller (e-mail, support).

3. Controller vs. processor position

  1. With regard to personal data of users of the Service and of persons acting on their behalf, the Controller acts as an independent data controller.
  2. With regard to data processed by the Service on the user's instructions – in particular data retrieved from the user's Amazon account (data about the user's end customers, orders, payments, etc.) – the Controller acts as a processor within the meaning of Article 4(8) and Article 28 GDPR. This relationship is governed by a separate Data Processing Agreement (DPA), which the Controller will conclude with the user upon request.
  3. The user of the Service, as the controller of such data, is responsible for the lawfulness of the processing of personal data contained in data retrieved from its Amazon account (i.e. for having a valid legal basis for processing).

4. What personal data we process

As an independent controller we process, in particular, the following categories of personal data:

  • Identification data: name, surname, title, company name, Company ID, VAT ID.
  • Contact data: e-mail address, telephone number, billing and registered address.
  • Access and user data: login name, password in encrypted form, account settings, language, selected plan.
  • Billing and payment data: information about the selected plan, payment history, tax documents. Payment card data itself is processed solely by the Stripe payment gateway; the Controller has no access to it.
  • Operational and technical data: IP address, browser type and version, operating system, device identifiers, access logs, login times, activity within the Service.
  • Cookies and similar identifiers: as described in a separate Cookies Policy.
  • Content of communication: e-mails, support messages and their attachments.

5. Purposes, legal bases and retention periods

We process personal data for the purposes, on the legal bases and for the retention periods set out below:

Purpose of processing

Categories of data

Legal basis

Retention period

Conclusion and performance of the agreement, providing the Service

Identification, contact, billing, access and user data

Performance of a contract (Art. 6(1)(b) GDPR)

For the duration of the agreement

Accounting and compliance with tax obligations

Billing data, data from tax documents

Legal obligation (Art. 6(1)(c) GDPR)

10 years under VAT and Accounting Acts

Security of the Service, prevention of fraud and abuse

Operational data, IP addresses, logs

Legitimate interest (Art. 6(1)(f) GDPR)

Typically 12 months

Analysis of website use and Service improvement

Cookies, device identifiers, behavioural data

Consent (Art. 6(1)(a) GDPR)

As per cookie settings (max. 14 months)

Communication with users, customer support

Contact data, content of communication

Performance of contract / legitimate interest

3 years from last communication

Establishment and defence of legal claims

All data relevant to the claim

Legitimate interest (Art. 6(1)(f) GDPR)

Duration of statutory limitation periods (max. 10 years)

After the retention periods expire, the personal data are deleted or anonymised, unless applicable law requires otherwise.

6. Recipients of personal data

We disclose personal data, only to the necessary extent, to the following categories of recipients:

Recipient category

Example of service

Purpose of transfer

Location

Cloud hosting

Amazon Web Services, Google Cloud Platform, Microsoft Azure

Operation of servers and data storage for the Service

Primarily EU, possibly outside the EU

Payment gateway

Stripe Payments Europe, Ltd.

Processing of subscription payments

EU / USA

Analytics tools

Google Analytics 4 (Google Ireland Ltd.)

Analysis of website traffic and use

EU / USA

E-mail services

Providers of SMTP and transactional e-mail

Delivery of transactional and operational e-mails

EU / USA

Amazon API

Amazon Services LLC / Amazon.com, Inc.

Retrieval of data from the user's Amazon account (based on the user's authorisation)

USA / EU

Accounting and tax advisors

External accounting firm

Bookkeeping and compliance with statutory obligations

Czech Republic / EU

Public authorities

Courts, administrative authorities, tax office

Compliance with statutory obligations

Czech Republic

The Controller does not sell personal data to third parties and does not use it for the marketing purposes of third parties.

7. Transfers of personal data outside the EU / EEA

  1. We primarily process personal data within the European Union or the European Economic Area (EEA). However, due to the use of cloud services (Amazon Web Services, Google Cloud Platform, Microsoft Azure) and other tools (Google Analytics, Stripe, Amazon API), in some cases personal data may be transferred to third countries, in particular to the United States.
  2. Transfers of personal data outside the EU/EEA take place in accordance with Chapter V of the GDPR, based on one of the following instruments:
  • an adequacy decision of the European Commission (in particular the EU–U.S. Data Privacy Framework, where the recipient is certified),
  • Standard Contractual Clauses adopted by the European Commission,
  • supplementary technical and organisational measures (encryption, pseudonymisation, minimisation).
  1. More detailed information about the mechanism used for a particular transfer will be provided on request to the contact e-mail.

8. Cookies and analytics tools

  1. The website selinapp.com uses cookies and similar technologies in order to ensure its functionality, security and to improve the Service.
  2. We distinguish the following categories of cookies:
  • Strictly necessary cookies – processed on the basis of legitimate interest, without which the website could not function properly (login, security, preferences).
  • Analytics cookies – in particular Google Analytics 4 (provided by Google Ireland Limited), processed only on the basis of the user's consent.
  1. Consent to analytics cookies is given by the user via the cookie banner upon visiting the website. Consent may be withdrawn at any time via the cookie settings on the website or through the browser.
  2. Within Google Analytics 4, IP anonymisation is enabled and data retention is limited.

9. Transactional e-mails

  1. The Controller sends users exclusively transactional and operational e-mails, i.e. e-mails related to the performance of the agreement and the provision of the Service (registration confirmations, account activation, payment information, changes to the Service, trial expiration notices, security notifications, etc.).
  2. Such e-mails do not constitute commercial communications within the meaning of Act No. 480/2004 Coll., on Certain Information Society Services, and their delivery is necessary for the performance of the agreement.
  3. The Controller does not currently send marketing newsletters. Should this change in the future, marketing communications will only be sent on the basis of the user's consent or on the basis of legitimate interest, with the option to unsubscribe at any time.

10. Security of personal data

  1. The Controller has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure.
  2. These measures include, in particular:
  • encryption of data transmission using TLS/HTTPS,
  • encryption of passwords using cryptographic functions and storage only of their hashes,
  • role-based access control and least-privilege principle,
  • regular data backups,
  • use of secure cloud infrastructure from certified providers,
  • monitoring and logging of access, prevention and detection of security incidents,
  • contractual obligations of processors to maintain an adequate level of security.

11. Rights of the data subject

In connection with the processing of personal data, the data subject has the following rights under the GDPR:

  • Right of access (Art. 15 GDPR) – to obtain confirmation as to whether we process their personal data and to receive a copy thereof.
  • Right to rectification (Art. 16 GDPR) – to have inaccurate data corrected or incomplete data completed.
  • Right to erasure (Art. 17 GDPR) – to have personal data erased where there are no lawful grounds for further processing.
  • Right to restriction of processing (Art. 18 GDPR) – to have processing restricted in specified cases.
  • Right to data portability (Art. 20 GDPR) – to receive personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.
  • Right to object (Art. 21 GDPR) – to processing based on legitimate interest.
  • Right to withdraw consent – where consent is the legal basis, at any time with effect for the future.
  • Right to lodge a complaint with a supervisory authority – the Office for Personal Data Protection of the Czech Republic, Pplk. Sochora 27, 170 00 Prague 7, www.uoou.cz.
  1. The data subject may exercise its rights via the contact e-mail listed on selinapp.com.
  2. The Controller shall respond to the request without undue delay, and no later than within one month of its receipt. In particularly complex cases, this period may be extended by a further two months, of which the data subject shall be informed.
  3. The Controller reserves the right to verify the identity of the requesting person where there are reasonable doubts as to their identity.

12. Automated decision-making and profiling

In providing the Service, the Controller does not carry out automated decision-making that would produce legal effects for the data subject or similarly significantly affect them within the meaning of Article 22 GDPR.

13. Obligation to provide personal data

Provision of personal data is voluntary. Without the data required for conclusion and performance of the agreement (in particular identification, contact and billing data), however, it is not possible to conclude the agreement and to provide the Service. Without the data required by law (in particular tax law), the Controller cannot comply with its statutory obligations.

14. Changes to the Policy

  1. The Controller is entitled to update this Policy to a reasonable extent, in particular in connection with changes to applicable law, the Service or the tools used.
  2. The current version of the Policy is always available on selinapp.com. The Controller shall inform users of material changes by e-mail or by notice within the Service.
  3. This Policy becomes effective on 24 April 2026.

Wecker MP s.r.o.

Husitská 107/3, Žižkov, 130 00 Prague 3, Czech Republic

Company ID: 14222493