Privacy Policy
Personal data processing policy under GDPR
Table of Contents
1. Data Controller
The data controller is Zela-Servis, s.r.o., Company ID: 10928065, VAT ID: CZ10928065, registered at Svetova 523/1, Liben, 180 00 Prague 8, Czech Republic, registered with the Municipal Court in Prague, Section C, File 350829.
Contact: info@zela-servis.cz, phone: +420 799 797 633.
2. What Personal Data We Process
Within the Siton Monitor platform, we process the following categories of data:
- Identification data — first name, last name
- Contact data — email address, phone (optional)
- Login data — password (stored in hashed form)
- Technical data — IP address, browser type, access time
- Device data — telemetry data from solar inverters (voltage, current, power, temperature, status), ESP8266 MAC address
- Location data — inverter location (if provided by user)
3. Purpose of Personal Data Processing
| Purpose | Legal Basis |
|---|---|
| Creation and management of user account | Contract performance |
| Display of inverter telemetry data | Contract performance |
| Sending verification and system emails | Contract performance |
| Platform security and abuse prevention | Legitimate interest |
| Technical support and troubleshooting | Legitimate interest |
| Display of public inverters in gallery and map | User consent |
4. Data Retention Period
| Data Type | Retention Period |
|---|---|
| User account data | Duration of account + 30 days after deletion |
| Inverter telemetry data | Per retention setting (default 90 days for raw data) |
| Access logs (IP, browser) | 90 days |
| Email communication | 1 year from last contact |
5. Data Sharing with Third Parties
We do not sell or share personal data with third parties for marketing purposes. Data may be shared with:
- Hosting provider — for operating platform servers
- Email service provider — for sending system emails
- Public authorities — if required by law
6. Your Rights
As a data subject, you have the following rights:
- Right of access — obtain information about what data we process about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restriction — request temporary restriction of processing
- Right to portability — obtain your data in a machine-readable format
- Right to object — against processing based on legitimate interest
7. How to Exercise Your Rights
You can exercise your rights:
- By email at info@zela-servis.cz
- In writing to the company address
- Through profile settings on the platform (change/delete data)
8. Data Security
To protect your data, we use:
- Encrypted connection (HTTPS/TLS) for all communication
- Password hashing with bcrypt algorithm
- API keys for device authentication (ESP8266)
- Login attempt rate limiting
- Regular data backups
- CSRF protection for forms
9. Right to File a Complaint
If you believe that the processing of your personal data violates your rights, you have the right to file a complaint with the supervisory authority:
Office for Personal Data Protection (UOOU)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
Web: www.uoou.cz
Email: posta@uoou.cz
10. Changes to This Policy
This policy may be updated in connection with changes in legislation or platform features. Registered users will be notified of significant changes via email. The current version is always available on this page.
Last updated: May 14, 2026
11. Processing of Personal Data within the E-Shop
11.1 What data we process in the e-shop
In connection with the operation of the community marketplace, we process the following personal data:
| Data category | Specific data | Data subject |
|---|---|---|
| Order data | Name, email, phone number, shipping address | Buyer |
| Shop data | Shop name, contact email and phone, bank account number | Seller |
| Transaction data | Order number, items, price, payment and delivery status | Buyer and seller |
| Reviews | Reviewer name, rating, review text | Buyer |
11.2 Purpose of processing
- Performance of a contract (Art. 6(1)(b) GDPR) — processing orders, communication between buyer and seller, delivery of goods
- Legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention, dispute resolution, seller statistics
- Legal obligation (Art. 6(1)(c) GDPR) — retention of accounting and tax records
11.3 Sharing of data between buyer and seller
As part of an order, the seller is provided with the buyer's contact and shipping details necessary for order fulfillment. The seller is obligated to use this data solely for the purpose of fulfilling the order and must not share it with third parties or use it for marketing purposes.
11.4 Retention period
| Data type | Retention period | Reason |
|---|---|---|
| Orders and transactions | 5 years from creation | Czech Accounting Act No. 563/1991 Coll. |
| Shop data (seller) | Duration of active shop + 3 years | Legitimate interest, dispute resolution |
| Reviews | Duration of product existence | Legitimate interest |
11.5 Your rights in the context of the e-shop
As a data subject, you have the same rights in relation to the e-shop as stated in section 6 of this policy. If you are a buyer, you may request deletion of your order data after the statutory retention period has expired. If you are a seller, deletion of shop data is possible after all active orders have been completed and statutory deadlines have passed.