1. Introduction
These policies are governed by the laws of the Czech Republic. Any references to national legislation refer to the applicable laws of the Czech Republic, alongside directly applicable European Union law, in particular Regulation (EU) 2016/679 (GDPR).
This page describes how the website limdem.io (hereinafter referred to as the “website”) processes personal data and uses cookies. The website is operated on its own infrastructure and utilizes selected third-party services, primarily from Google (Google Analytics, Google AdSense) and Seznam.cz (Sklik).
These policies inform you about how we process personal data and use cookies in connection with the operation of this website.. For cookies that are not essential for the website’s operation (e.g., analytical and marketing cookies), your active consent is required via the cookie banner.
The use of cookies is governed by Act No. 127/2005 Coll., on Electronic Communications, as amended, as well as by legal regulations regarding privacy in electronic communications (ePrivacy).
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify the Office for Personal Data Protection without undue delay and, where feasible, no later than 72 hours after having become aware of it. If the breach is likely to result in a high risk, we will also inform the affected data subjects.
2. Data Controller
The data controller is:
Milan Meduna
Company ID: 07811209 (Not registered for VAT)
Registered Address: Pod lipami 2549/58, Žižkov, 13000 Praha 3
E-mail: 📧 [admin(at)limdem.io] (formatted to prevent spam)
The controller acts in accordance with GDPR (EU) 2016/679 and related Czech legislation.
The controller has not appointed a Data Protection Officer (DPO).
3. Data Processing
3.1 User-Entered Data (Comments, Forms)
When adding a comment or submitting a form, the following data may be processed:
- name or nickname,
- email address(it is used exclusively for the technical management of comments, resolving violations of the rules and communicating with the data subject in justified cases),
- comment/message content,
- IP address and user agent for spam and abuse protection purposes – legitimate interest.
Data storage in comments: If you check the option “Save my name and email in this browser for the next time I comment,” cookies containing this data will be stored in your browser. This data is stored solely for your convenience so that you do not have to fill it in again when leaving another comment. These cookies are stored for one year or until you delete them in your browser settings.
Personal data provided in comments is processed for the purpose of operating a discussion forum and preserving the context of public debate. The legal basis for processing is the controller’s legitimate interest in maintaining an open discussion and archiving editorial content (Article 6(1)(f) GDPR). The controller has carried out a proportionality test and concluded that this processing does not disproportionately interfere with the rights and freedoms of data subjects.
This data is stored in the WordPress database on the controller’s own infrastructure and is only made available to the technical infrastructure providers to the extent necessary (see point 11).
3.2 Server Logs
As part of normal server operation, the following may be logged:
- IP address,
- date and time of access,
- requested URL,
- HTTP response code,
- browser and operating system information.
These logs ensure security, error detection, technical optimization and monitoring of server operation, e.g. detect long-term attacks, correlate incidents. They are retained for a limited time necessary for these purposes(12 months). This data is not used for user profiling, but purely for technical security purposes.
Legitimate interest assessment (balancing test):
The controller has carried out a legitimate interest assessment pursuant to Article 6(1)(f) GDPR and reached the following conclusion:
Controller’s legitimate interests:
- Ensuring the security and stability of server infrastructure and protection against cyberattacks (DDoS, brute-force, SQL injection).
- Detection and correlation of long-term security incidents, which may have an incubation period of several months.
- Fulfillment of obligations in the field of cybersecurity and protection of data of other website users.
- Technical diagnostics and performance optimization to ensure content availability.
Interference with data subjects’ rights:
- Only technical data is processed (IP address, timestamp, URL, HTTP codes, user-agent).
- Data is not used for profiling or marketing purposes.
- Retention is limited to 12 months, which is a reasonable period for detecting sophisticated security threats.
- Access to logs is strictly limited to technical personnel only.
Conclusion: The controller has concluded that the legitimate interest in ensuring website security, protecting infrastructure, and fulfilling security obligations outweighs the interference with the rights and freedoms of data subjects, as the processing is minimized to the necessary scope, the data cannot be misused for profiling, and infrastructure protection safeguards the interests of all website users.
3.3 Source and Voluntary Nature of Data Provision
- Source of Data: All personal data is obtained directly from you – by visiting the website, posting a comment under an article, or by sending us an email.
- Voluntary Nature: Providing your data is entirely voluntary. However, for comments, your name and email are necessary for us to technically manage the discussion, protect the site against spam, and ensure the integrity of the discussion forum. Without filling in these fields, a comment cannot be published. If you send us an email, we will process your address solely for the purpose of our communication. Providing consent for analytical and marketing cookies is entirely up to you, and refusing it does not restrict your access to the website’s content in any way.
- Providing personal data is generally not mandatory. In cases where certain data is necessary (e.g. email address for comments), failure to provide such data will prevent the use of the relevant website functionality.
4. Cookies and Similar Technologies
The website uses cookies and similar technologies. We categorize these technologies as follows:
- Necessary (Technical): Essential for ensuring security (e.g., Cloudflare Turnstile), saving your privacy preferences, and basic website functionality. Consent is not required for these cookies under Section 89(3) of the Act on Electronic Communications.
- Analytical and Marketing: These help us understand traffic and fund the operation of the site through advertisements. We store these cookies exclusively based on your active consent.
On the first visit, a cookie banner appears where you can:
- accept all cookies,
- reject non-essential cookies,
- or set preferences (analytical, advertising, etc.).
Consent Mode: We use advanced Google consent mode (Consent Mode v2) to adjust how our services behave based on your preferences: - With Consent: Full analytical and marketing features, including ad personalization (Google, Sklik), are activated.
- Without Consent: Google Analytics and Google AdSense services operate in a limited mode that does not store analytical or marketing cookies on your device and does not use direct user identifiers or other identifiers used for individual tracking or personalization. Even in this mode, limited processing of technical data may occur.
- Even in a limited mode, the necessary technical identifiers for fraud prevention and security (e.g., Cloudflare) may be used, based on our legitimate interest.
- Even in a limited mode, the necessary technical identifiers for fraud prevention and security (e.g., Cloudflare) may be used, based on our legitimate interest.
- Sklik (Seznam.cz): The scripts of this service require full consent to marketing cookies and are completely blocked (do not load) without it.
Voluntary Consent and Choice: Providing consent for analytical and marketing cookies is entirely voluntary. If you choose not to grant consent, your access to the website’s content will remain unrestricted.
Overview of cookies used:
Below is a detailed list of all cookies used by our website, categorized by purpose and type of processing.
STRICTLY NECESSARY (TECHNICAL) COOKIES
| Cookie name | Purpose | Expiration | Issuer | Legal basis |
|---|---|---|---|---|
| pll_language | Storing website language preference (Czech/English) | 1 year | limdem.io (Polylang plugin) | Necessary for service provision (§ 89(3) of Act No. 127/2005 Coll.) |
| moove_gdpr_popup | Storing your cookie consent choices (which categories you allowed/declined) | 1 year | limdem.io (Moove GDPR plugin) | Necessary for legal compliance (GDPR Art. 7(1)) |
| qt3szhet, hlepe782, gf5shmru, r8n8nro3 | Technical cookies for managing discussion forum sessions and securing comments | 1 year | limdem.io (WordPress comments) | Necessary for providing discussion forum functionality |
| _cfuvid | Session identifier for Cloudflare Turnstile – protecting forms from spam and bots | Session (until browser closed) | Cloudflare, Inc. | Legitimate interest – website security (Art. 6(1)(f) GDPR) |
These cookies are stored automatically when you visit the website or use a feature (language change, writing comments) and do not require your consent as they are technically necessary for basic website functionality.
ANALYTICAL COOKIES (active only with consent)
| Cookie name | Purpose | Expiration | Issuer | Legal basis |
|---|---|---|---|---|
| _ga | Distinguishing users for Google Analytics 4 – measuring website traffic | 13 months (400 days) – browser-limited | Google Ireland Limited | Consent (Art. 6(1)(a) GDPR) |
| _ga_{ID} | Storing session state for Google Analytics 4 – tracking interactions during visit | 13 months (400 days) – browser-limited | Google Ireland Limited | Consent (Art. 6(1)(a) GDPR) |
Note: Google Analytics 4 sets cookie expiration to 2 years, but modern browsers (Chrome, Edge, Safari) automatically limit first-party cookie lifespan to a maximum of 400 days (approximately 13 months) for user privacy protection.
Without your consent:
Google Analytics operates in limited mode (Consent Mode V2), which does not store these cookies in your browser and only processes aggregated, anonymized traffic estimates without the ability to identify specific users.
MARKETING COOKIES (active only with consent)
| Cookie name | Purpose | Expiration | Issuer | Legal basis |
|---|---|---|---|---|
| __gads | Registering and analyzing ad interactions – measuring advertising campaign effectiveness | 13 months | Google Ireland Limited | Consent (Art. 6(1)(a) GDPR) |
| __gpi | Storing information about how users use the website and which ads they saw before visiting | 13 months | Google Ireland Limited | Consent (Art. 6(1)(a) GDPR) |
| DSID | Identifying logged-in users on non-Google sites and remembering user preferences for ad personalization | 2 weeks | Google Ireland Limited (.doubleclick.net domain) | Consent (Art. 6(1)(a) GDPR) |
| IDE | Displaying personalized ads based on user interests across websites in Google’s ad network | 13 months (EEA/UK) | Google Ireland Limited (.doubleclick.net domain) | Consent (Art. 6(1)(a) GDPR) |
| sid | User identifier across Seznam.cz services – used for Sklik retargeting campaigns | 30 days | Seznam.cz, a.s. | Consent (Art. 6(1)(a) GDPR) |
| sznIid / sznaiid | Conversion matching and advertising campaign effectiveness measurement | 30 days | Seznam.cz, a.s. | Consent (Art. 6(1)(a) GDPR) |
| euconsent-v2 / intCMPCookie-v2 | Storing user consent for data processing for advertising purposes in accordance with TCF 2.0 standard | 13 months | Seznam.cz, a.s. | Necessary for legal compliance |
Without your consent:
- Google AdSense: Only non-personalized, contextual ads are displayed based on page content, without using your personal data for personalization. Technical identifiers may be used to limit ad frequency and prevent fraud.
- Seznam Sklik: Sklik scripts are not loaded at all and no ads are displayed.
How to manage cookies:
- You can change your preferences at any time using the “Manage cookie preferences” button in the bottom left corner of the website.
- You can also delete or block cookies in your web browser settings. If you block strictly necessary cookies (pll_language, moove_gdpr_popup, comment cookies), some website features may not work properly (language switching, storing consent choices, writing comments).
- After withdrawing consent for analytical and marketing cookies, we will stop collecting new data. You can manually delete existing cookies in your browser settings
Cookie expiration periods:
- Session: Cookie is active only until browser is closed
- Years/months: Cookie remains in your device even after closing browser until expiration or manual deletion
5. Google Analytics
The website uses Google Analytics (Google Ireland Limited) for traffic analysis, content improvement, and technical optimization.
Google Analytics may collect, for example:
- IP address (Google Analytics 4 automatically anonymizes the IP addresses of all users from the EU),
- device and browser information,
- visited pages and visit duration,
- referral source.
If consent is not granted, we use Google Consent Mode v2 to ensure data is processed without storing cookies on your device.
In the limited mode (without consent), data is used exclusively for aggregated statistical modeling (behavioral modeling), which allows for traffic estimation and is not processed with the aim of identifying a specific user.
Google Ireland Limited acts as a processor of personal data within the Google Analytics service and as a independent controller for its own purposes, which are beyond the control of the website operator, in accordance with its privacy policy.
More information:
Google Privacy Policy: https://policies.google.com/privacy
Google Analytics opt-out add-on: https://tools.google.com/dlpage/gaoptout
6. Google AdSense
The website uses Google AdSense (Google Ireland Limited) for displaying ad spaces.
- Ads may be personalized based on your previous website visits (cookies, advertising identifiers).
- Personalized ads are displayed only based on your consent. Without consent, non-personalized ads are shown, utilizing only contextual page information rather than your personal data for advertising personalization purposes.
- Even if marketing consent is not granted, technical identifiers necessary for frequency capping and fraud prevention may still be processed. This data is not used for user profiling.
More information on how Google uses data from partner sites:
https://policies.google.com/technologies/partner-sites
Manage personalized ads in your Google account here:
https://adssettings.google.com
7. Seznam Sklik
The website uses the Sklik advertising system operated by Seznam.cz, a.s. This service allows us to display advertisements to visitors who have previously shown interest in our site or products (retargeting).
- Data Processing: Sklik uses cookies and other technologies to personalize advertisements and measure their effectiveness.
- Legal Basis: As with other advertising systems, processing takes place exclusively based on your voluntary consent given via the cookie banner. If consent is not granted, Sklik scripts will not be loaded.
- More Information: For more details on how Seznam processes personal data and how to manage personalized advertising, please visit:
- Data Protection – Seznam.cz(Czech Language)
- Seznam Ad Personalization Settings(Czech Language)
8. Cloudflare Turnstile
To protect our forms and ensure the security of our website against automated attacks and spam, we use the Cloudflare Turnstile service (provided by Cloudflare, Inc.). This technology is essential for the security and functionality of the site and allows us to verify that a visitor is a real person without invasive user tracking.
- Scope of Processing: Turnstile analyzes technical browser parameters, device identifiers and interaction with the widget (e.g., telemetry data), but unlike other solutions, it does not use cookies for advertising purposes and does not track you across different websites.
- Legal Basis: Processing is based on our legitimate interest in ensuring website security and fraud prevention.
Legitimate interest assessment (balancing test):
The controller has carried out a legitimate interest assessment pursuant to Article 6(1)(f) GDPR and concluded that the interest in protecting the website, its technical infrastructure and users against automated attacks, spam and abuse outweighs any potential interference with the rights and freedoms of data subjects. The chosen solution (Cloudflare Turnstile) was selected in accordance with the principle of data minimization, as it does not use advertising cookies nor does it enable cross-site marketing tracking. The processing is limited to the necessary scope of technical data and is carried out solely for the purpose of ensuring the security and proper functioning of the website.
For more information, please refer to the Cloudflare Privacy Policy.
9. Legal Basis for Processing
Personal data is processed based on:
- consent (e.g., analytical and advertising cookies, newsletter(if implemented)),
- legitimate interest (website security, server logs against abuse),
- fulfillment of legal obligations (accounting, tax documents for paid services).
The specific legal basis for processing is always stated for each type of processing in these policies.
How to withdraw consent: In addition to deleting cookies in your browser, you can change your preferences at any time directly on this website using the “Manage cookie preferences” button located in the bottom left corner of the page. Withdrawing consent is as easy as giving it and has no negative impact on access to the website’s content.
Storage of cookies: In accordance with Section 89(3) of Act No. 127/2005 Coll., on Electronic Communications, we process cookies (except for strictly necessary technical cookies) exclusively on the basis of your free and informed consent. You grant this consent via the cookie banner during your first visit or at any time later by changing your settings. Technical cookies, which are essential for ensuring the basic functionality and security of the website, are stored without your consent based on a legal exemption for the purpose of carrying out the transmission of a communication or providing a service explicitly requested by you.
Newsletter and Email Communication
In the future, the controller may offer the option to subscribe to email updates (a newsletter) containing information about new content, website updates, or related topics.
Email addresses will be processed for this purpose exclusively based on the data subject’s voluntary consent pursuant to Article 6(1)(a) GDPR. Granting consent is entirely optional and is not a condition for accessing the website’s content.
Consent to receive the newsletter may be withdrawn at any time via the unsubscribe link included in each email or by contacting the controller. The withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
The controller does not send unsolicited commercial communications, and email addresses are not shared with third parties for marketing purposes without consent.
The newsletter is not active at the time of the last update of this policy.
10. Data Retention Period
- Comments: Comments are retained as part of the website’s editorial and discussion archive for the duration of the related article or content, even after the discussion is closed. This retention is necessary to preserve the historical context of public debate, the continuity of the discussion forum, and the integrity of editorial content.
Upon request from the data subject, comments may be anonymized (name changed to “Anonymous user” while preserving the comment content) or completely deleted, unless overriding legitimate grounds for their continued retention exist, such as:- public interest in preserving authentic historical debate on significant social topics,
- protection of third-party rights (if deletion would disrupt the context of the discussion),
- legal obligation to archive (e.g., for evidentiary purposes in legal proceedings).
- When assessing requests for erasure or anonymization, we always balance your rights against legitimate interests in preserving the integrity of public discussion in accordance with Article 17(3)(a) GDPR (exercise of the right to freedom of expression and information).
- When assessing requests for erasure or anonymization, we always balance your rights against legitimate interests in preserving the integrity of public discussion in accordance with Article 17(3)(a) GDPR (exercise of the right to freedom of expression and information).
- Server logs: 12 months. This data is retained based on our legitimate interest to ensure website security and prevent cyberattacks.
- Analytical data (GA4): 14 months (Google server-side data).
- Cookies:
- Necessary: For the duration of the session or up to 12 months (to store consent and functionality).
- Analytical and Marketing: Up to 14 months (or until consent is withdrawn).
- You can delete cookies at any time in your browser settings.
11. Sharing Data with Third Parties
Data may be disclosed to the following processors:
Server Infrastructure:
- Webglobe, s.r.o., Company ID: 26159708, registered address: Pobřežní 620/3, Praha 8 – Karlín, 186 00, Czech Republic
(server housing provider – physical server location, connectivity) - Rica Web Services (trading as ServaRica), registered address: 350 Rue de Louvain O Suite 203C, Montreal QC H2N 2E8, Canada
(encrypted data backups)
Website Security:
- Cloudflare, Inc., registered address: 101 Townsend Street, San Francisco, CA 94107, USA
(DDoS protection, Cloudflare Turnstile for form security)
Analytics and Advertising:
- Google Ireland Limited, registered address: Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland
(Google Analytics 4, Google AdSense) - Seznam.cz, a.s., Company ID: 26168685, registered address: Radlická 3294/10, 150 00 Praha – Smíchov, Czech Republic
(Sklik advertising system)
We have entered into the relevant data processing agreements with all processors pursuant to Article 28 GDPR.
Google Ireland Limited and Seznam.cz, a.s. act as processors, joint controllers or separate controllers within the framework of individual services in accordance with their terms and conditions for the operation of advertising systems (AdSense, Sklik) and advanced analytics.
The website is operated on our own hardware via a server housing (colocation) service. The infrastructure provider ensures only connectivity and physical server location and has limited access to data only for the purposes of technical infrastructure management.
We protect personal data through appropriate technical and organizational measures, in particular by securing server infrastructure in a restricted-access data center, encrypting stored data, and strictly limiting system access exclusively to authorized individuals.
Data may be transferred to third countries like Canada (based on the European Commission’s adequacy decision for commercial organizations) and USA.
Google and Cloudflare are certified under the EU-US Data Privacy Framework, which are considered mechanisms that ensure an adequate level of protection under the current EU legal framework.
To ensure maximum legal certainty, we also utilize Standard Contractual Clauses (SCCs) approved by the European Commission within our relationships with these providers. These serve as an additional protection mechanism in the event of changes to the legal framework.
We also take into account the Transfer Impact Assessments (TIA) prepared by these providers to ensure an adequate level of security. We regularly check the current status of providers’ certification within the Data Privacy Framework.
Google and Seznam.cz, a.s. determines its own purposes and means of processing personal data within its services and acts as a processor, joint controller or separate controller in accordance with their terms and conditions. The website administrator has no influence on the further processing of this data by these companies. We have entered into the relevant data processing agreements with all our partners.
Joint Controllership (Article 26 GDPR):
To the extent that analytical and advertising data is collected through measurement codes (Google Analytics, Google AdSense, Sklik), the website controller and the service provider act as joint controllers pursuant to Article 26 GDPR. The joint controllership relationship is limited to the phase of data collection and transfer using measurement codes.
Division of responsibilities:
- Website controller (limdem.io) is responsible for: ensuring and managing user consent through the cookie banner, implementing Google Consent Mode V2, informing data subjects about processing in this privacy policy, providing the option to withdraw consent.
- Google Ireland Limited is responsible for: technical processing of data within Google Analytics 4 and Google AdSense services, securing data on Google servers, ensuring compliance with data transfer mechanisms to third countries.
- Seznam.cz, a.s. is responsible for: technical processing of data within the Sklik service, retargeting, securing data on Seznam.cz servers.
To exercise your data subject rights, you may contact the website controller at admin(at)limdem.io or directly contact the relevant joint controller through their privacy policies.
For further processing by these entities for their own purposes (e.g., algorithm improvement, aggregated analytics), these entities are responsible as separate controllers in accordance with their privacy policies.
More informations here:
- Google – Controller-Controller Data Protection Terms
- Seznam.cz, a.s. – Smluvní podmínky pro inzerenty(Czech Language)
12. Data Subject Rights
You have the right to:
- access to personal data,
- rectification of inaccurate data,
- erasure (“right to be forgotten”),
- restriction of processing,
- object to processing (especially in cases where we process data based on legitimate interest; in the case of an impact on the security of the website, the objection may be denied if our legitimate grounds outweigh your interests),
- data portability (if applicable),
- lodge a complaint with the supervisory authority (Office for Personal Data Protection(Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7, Czech Republic, www.uoou.cz).
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, contact us at 📧 [admin(at)limdem.io] (formatted to prevent spam)
We will process your request without undue delay, but no later than within 30 days.
You can object to processing for direct marketing purposes at any time, and in such case the data will no longer be processed for these purposes.
Processing of personal data for journalistic and literary purposes:
The content of our website may involve the processing of personal data of public figures, authors, researchers, and other relevant subjects within the scope of articles, analyses, and commentaries related to our published topics. This processing is carried out for journalistic and literary purposes in accordance with the right to freedom of expression and information.
In accordance with Article 85 GDPR and Section 17 of Act No. 110/2019 Coll., on the Processing of Personal Data (Czech law), certain rights of data subjects are limited when processing personal data for journalistic and literary purposes in order to reconcile them with the right to freedom of expression and information:
Right to erasure and rectification of articles:
We follow Section 82 of Act No. 89/2012 Coll., the Civil Code (right to protection of personality). Requests for erasure or modification of published content are assessed individually, taking into account the balance between:
- Your right to privacy and protection of personal data,
- Public interest in access to information and content archiving,
- Accuracy and factual correctness of information,
- The context in which personal data was published.
Right of access to unpublished data:
In the case of personal data that we have obtained in the course of content preparation but that has not yet been published, the right of access may be restricted in order to protect editorial processes and sources of information.
Right to object:
You may object to the processing of your personal data in published content. We will consider your objection and assess whether your legitimate interest in protecting your rights outweighs the public interest in freedom of expression and access to information. If we find that the content contains factual inaccuracies or disproportionately interferes with your rights, we will take corrective action (correction, supplementation, anonymization or deletion).
Transparency of processing:
Even in the case of processing for journalistic purposes, we observe the principles of accuracy, fairness and transparency. If you believe that the processing of your personal data in our content is inaccurate, unfair or disproportionate, please contact us at admin(at)limdem.io and we will consider your request without undue delay.
AI and Automated Decision-Making: Although the content of this website is co-created with the assistance of artificial intelligence (AI), there is no automated decision-making or profiling of users that would have legal effects on you or significantly affect you. Artificial intelligence is used exclusively as a tool for generating and optimizing editorial content. Personal data of users (e.g., from comments or forms) is not shared with AI model providers for training purposes, nor is it stored by these models for future use.
13. Changes to Policies
These policies may be updated from time to time, e.g., due to legislative changes or changes in used services. The updated version will always be available on this page with the date of the last change.
Last update: 05.02.2026