Limestone Digital s.r.o.
Last updated: April 2026
This Privacy Policy explains how Limestone Digital s.r.o. ("Limestone", "we", "us" or "our") collects, uses, shares and protects personal data. It also describes the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Czech data protection law.
We are committed to protecting personal data and processing it lawfully, fairly and transparently. Information security at Limestone is governed by an Information Security Management System certified to ISO/IEC 27001:2022.
For the processing described in this policy, the data controller is:
Limestone Digital s.r.o. Pernerova 697/35, 186 00 Praha 8 (Karlin), Czech Republic Company ID (ICO): 06552706 Email: privacy@limestonedigital.com
If you have any question about this policy or how we handle your personal data, please contact us at the email address above.
This policy applies to personal data we process as a controller, including data from visitors to our websites, prospective and existing clients and business partners, newsletter subscribers, and job applicants.
When we develop or operate software and process data on behalf of a client, we act as a data processor. In that case the client is the controller, and our processing is governed by the agreement and the Data Processing Agreement (DPA) in place with that client rather than by this policy.
Depending on how you interact with us, we may process the following categories of personal data.
Website visitors. Device and browser information, IP address, time zone, cookie identifiers, the pages you view, the website or search terms that referred you, and how you interact with our website.
Prospective clients and contacts. Information you submit through contact or booking forms, such as your name, business email, company, role and the content of your message.
Clients and business partners. Contact and contractual details of the individuals we work with at client and partner organisations, including names, business contact details and information needed to manage the engagement and billing.
Newsletter subscribers. Your email address and subscription preferences.
Job applicants. The information contained in your CV and application, including contact details, work history and any information you choose to share with us during recruitment.
We do not intentionally collect special categories of personal data through our website. Please do not submit sensitive personal data to us unless we specifically request it for a lawful purpose.
We process personal data for the following purposes, relying on the legal bases set out below.
To respond to enquiries and provide quotes. Legal basis: steps taken at your request prior to entering into a contract, and our legitimate interest in responding to business enquiries.
To deliver our services and manage client relationships. Legal basis: performance of a contract, and our legitimate interest in administering the engagement.
To operate, secure and improve our website. Legal basis: our legitimate interest in running a secure and effective website, and your consent for non-essential cookies.
To send marketing communications and our newsletter. Legal basis: your consent, or our legitimate interest in marketing to existing business contacts, in each case with the ability to opt out at any time.
To manage recruitment. Legal basis: steps taken at your request prior to a possible employment relationship, and our legitimate interest in assessing candidates.
To comply with legal obligations. Legal basis: compliance with accounting, tax and other legal requirements.
Where we rely on consent, you may withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
Our website uses cookies and similar technologies to operate the site, remember your preferences, and understand how the site is used. We use third-party tools such as Google Tag Manager and analytics services for these purposes. Non-essential cookies are set only with your consent, which you can manage or withdraw through our cookie settings. For more detail, please see our Cookie Notice.
We do not sell, rent or trade personal data.
We share personal data only where necessary, with the following categories of recipients.
Service providers (processors) that support our business, for example website hosting (Webflow), analytics (Google), customer relationship and meeting tools (HubSpot), and email and communication providers. These providers may process personal data only on our instructions and under appropriate contractual safeguards.
Professional advisers and authorities where required to comply with a legal obligation, exercise or defend legal claims, or protect our rights.
In connection with a corporate transaction such as a merger, acquisition or reorganisation, subject to appropriate confidentiality protections.
A current list of key sub-processors is available on request.
We are based in the European Union. Where personal data is transferred to a recipient outside the European Economic Area, we put in place appropriate safeguards required by the GDPR, such as the European Commission's Standard Contractual Clauses, together with additional measures where needed. You may request more information about these safeguards using the contact details in Section 2.
We keep personal data only for as long as necessary for the purpose for which it was collected, after which it is deleted or anonymised. Our standard retention periods include the following.
Limestone operates an Information Security Management System certified to ISO/IEC 27001:2022. We apply technical and organisational measures appropriate to the risk, including access control on a least-privilege basis, encryption of data at rest and in transit, network protection, logging and monitoring, secure software development practices, supplier security requirements, and a documented incident response process.
Subject to the conditions in the GDPR, you have the right to:
To exercise any of these rights, please contact us at privacy@limestonedigital.com. We will respond within the time limits set by the GDPR.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Czech supervisory authority, the Office for Personal Data Protection (Urad pro ochranu osobnich udaju, www.uoou.gov.cz), or with the supervisory authority in your country of residence.
Our website and services are directed at businesses and are not intended for children. We do not knowingly collect personal data from children.
We may update this policy from time to time to reflect changes in our practices or legal requirements. The current version, with its effective date, is always published on our website. Material changes will be communicated through appropriate channels.
For any privacy question or request, contact us at:
Limestone Digital s.r.o. Email: privacy@limestonedigital.com Pernerova 697/35, 186 00 Praha 8 (Karlin), Czech Republic
