COOKIES & GDPR CONSENT NOTICE
Visionary Hub
Effective Date: February 19, 2026
Last Updated: February 19, 2026
DOCUMENT INFORMATION
| Detail | Information |
|---|---|
| Company Name | Visionary Studio s.r.o. |
| Trading as | Visionary Hub |
| Registration Number (IČO) | 21641862 |
| Tax ID (DIČ) | CZ21641862 |
| Registered Address | V Zahrádkách 742, 273 06 Libušín, Czech Republic |
| Court Registration | C 404416, Městský soud v Praze (Municipal Court in Prague) |
| Contact Email | [email protected] |
| Privacy Inquiries | [email protected] |
| Effective Date | February 19, 2026 |
| Last Updated | February 19, 2026 |
TABLE OF CONTENTS
- Introduction
- Our Privacy-First Approach
- Cookie Categories
- What is a Cookie?
- Legal Basis for Cookie Use
- Cookie Consent Mechanism
- Your Rights and Cookie Management
- Third-Party Services and Data Sharing
- International Data Transfers
- Data Retention
- Proprietary Tools
- Security Measures
- Contact and Data Protection
- Changes to This Notice
- Summary
- Language
1. INTRODUCTION
This Cookies & GDPR Consent Notice ("Notice") explains how Visionary Studio s.r.o., trading as Visionary Hub ("we," "us," "our," or "Company"), uses cookies and similar technologies on our website and digital properties (collectively, the "Website").
We are committed to protecting your privacy and operating transparently. This Notice details what cookies and tracking technologies we use (or do not use), why we use them, how we obtain your consent where required, and how you can manage your cookie preferences.
This Notice applies to all visitors, users, and customers who access or interact with our Website, regardless of location. It is designed to comply with:
- General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
- ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC)
- Czech Act on Personal Data Protection (zákon č. 110/2019 Sb., o zpracování osobních údajů)
- Czech Consumer Protection Act (zákon č. 634/1992 Sb., o ochraně spotřebitele)
- Digital Services Act (Regulation (EU) 2022/2065) — to the extent applicable to cookie and tracking disclosures
- International best practices for data privacy and user consent
This Notice is supplementary to and should be read in conjunction with our Privacy Policy (available on our website), which provides comprehensive details about personal data processing, your data protection rights, data security measures, and how to contact us regarding privacy matters.
2. OUR PRIVACY-FIRST APPROACH
2.1 No Invasive Tracking
We recognize that your privacy is paramount. Unlike many websites, Visionary Hub does NOT use:
- Google Analytics or other analytics cookies
- Facebook Pixel or social media tracking pixels
- Advertising cookies or retargeting trackers
- Third-party data brokers or tracking networks
- Cross-site tracking technologies
- Device fingerprinting techniques
2.2 Plausible Analytics: Our Privacy-Friendly Choice
To understand how visitors interact with our Website while respecting your privacy, we use Plausible Analytics.
Plausible Analytics is a privacy-focused analytics platform that:
- Is cookieless — Plausible does not use cookies to track users or collect personal data
- Does not use fingerprinting — We do not identify you through device fingerprinting
- Does not require consent — Because Plausible is truly anonymous and does not track individuals, it does not require GDPR consent or a cookie banner
- Does not collect personal data — Plausible collects only aggregated, non-identifiable statistics (e.g., number of page views, general traffic patterns, device type)
- Is GDPR compliant — Plausible Analytics complies fully with the GDPR
- Is EU-based — Plausible is hosted and operated within the European Union (Estonia/Finland)
- Does not share data — Your data is never shared with advertising networks, data brokers, or other third parties for profiling or targeting
Since Plausible does not set cookies or collect personal data, there is no requirement to obtain your consent for Plausible Analytics. This is consistent with guidance from European Data Protection Authorities and the exemption under Article 5(3) of the ePrivacy Directive for technologies that are strictly necessary for providing a service explicitly requested by the user.
3. COOKIE CATEGORIES
3.1 Strictly Necessary Cookies (Essential Cookies)
Status: Used for Authentication and Session Management
Visionary Hub uses strictly necessary cookies to provide core platform functionality, including user authentication, session management, and security features. These cookies:
- Are essential for operating the platform and cannot be disabled without losing core functionality
- Are used exclusively for authentication, session persistence, and security (e.g., CSRF protection)
- Are NOT used for tracking, profiling, or advertising purposes
- Are limited to the duration of your session or as needed for security and authentication persistence
- Do NOT require your explicit consent under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC), as they are strictly necessary for providing the service you have requested
- Are first-party cookies set by Visionary Hub
Essential cookies we may use:
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| Session ID | Maintains your login session | Session / up to 30 days | First-party |
| CSRF Token | Protects against cross-site request forgery | Session | First-party |
| Auth Token | Authenticates your account | Up to 30 days | First-party |
| Preferences | Stores your language and display preferences | Up to 12 months | First-party |
3.2 Functional Cookies (Stripe Payment Processing)
Status: Used When Payment Processing Occurs
When you make a purchase or complete a payment transaction on Visionary Hub, your payment is processed through Stripe, a third-party payment processor.
Stripe may set functional cookies for:
- Session management during payment transactions
- Fraud prevention and security
- Payment processing and transaction completion
- PCI DSS (Payment Card Industry Data Security Standard) compliance
Important Details:
- Stripe cookies are functional (not tracking or marketing)
- Stripe is GDPR and ePrivacy Directive compliant
- Stripe cookies are used only for the duration necessary to complete your payment and for fraud prevention
- You may review Stripe's privacy policy at: https://stripe.com/privacy
- Stripe is SOC 2 Type II certified and maintains EU data protection standards
- Stripe processes payments in accordance with EU Standard Contractual Clauses (SCCs) and supplementary measures
Your Consent: By proceeding to make a payment through Stripe, you consent to Stripe setting necessary functional cookies for secure payment processing. You can abandon a transaction at any time before completing payment.
3.3 Analytics Cookies
Status: Not Used
As explained in Section 2.2, Visionary Hub uses Plausible Analytics, which is cookieless. Therefore, no analytics cookies are set on your device.
Plausible does not use cookies, pixels, or other persistent tracking technologies. It does not track you across websites or create user profiles. It collects only aggregated statistics that cannot be attributed to you personally.
3.4 Marketing and Advertising Cookies
Status: Not Used
Visionary Hub does NOT use any marketing, advertising, or retargeting cookies. We do not:
- Participate in retargeting campaigns
- Use Facebook Pixel or similar advertising trackers
- Share user data with advertising networks
- Track you across the internet for targeted advertising
We may use ethical marketing methods (such as email marketing, with your explicit consent) but never through invasive tracking technologies.
4. WHAT IS A COOKIE?
A "cookie" is a small text file that a website stores on your device (computer, tablet, or smartphone) and retrieves later when you visit the website again.
Types of cookies by duration:
- Session Cookies: Deleted when you close your browser
- Persistent Cookies: Remain on your device for a specified period
Types of cookies by origin:
- First-party Cookies: Set by the website you are visiting (e.g., Visionary Hub)
- Third-party Cookies: Set by external services embedded on the website (e.g., Stripe payment processor)
Similar technologies: In addition to cookies, websites may use similar technologies such as local storage, session storage, pixels, and web beacons. This Notice covers all such technologies. Visionary Hub does not use pixels, web beacons, or tracking technologies other than the essential cookies and Stripe functional cookies described above.
5. LEGAL BASIS FOR COOKIE USE
5.1 GDPR Legal Basis
Under the GDPR, we process personal data (where applicable) based on:
- Contract Performance (Article 6(1)(b)) — To maintain your account session and process your payment through Stripe
- Legitimate Interest (Article 6(1)(f)) — To maintain and improve our Website, including security monitoring
- Your Consent (Article 6(1)(a)) — For any optional features or non-essential cookies you agree to (currently none deployed)
5.2 ePrivacy Directive Compliance
Under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC):
- Strictly necessary cookies are exempt from consent requirements — this includes our authentication, session, and security cookies, as they are strictly necessary for providing the service you have explicitly requested
- Functional cookies for payment processing (Stripe) are treated as necessary for contract performance when you initiate a payment
- All other cookies (analytics, marketing, advertising) require your prior informed consent before being placed on your device — Visionary Hub does NOT deploy any such cookies
- Plausible Analytics does not set cookies and therefore falls outside the scope of Article 5(3) entirely
5.3 Czech Law Compliance
Under Czech law, including zákon č. 110/2019 Sb. (Act on Personal Data Protection) and zákon č. 127/2005 Sb. (Act on Electronic Communications), our cookie practices comply with all applicable requirements for cookie consent and electronic communications privacy.
6. COOKIE CONSENT MECHANISM
6.1 How Consent Works at Visionary Hub
Given the privacy-first nature of our Website:
- No pop-up cookie banner is currently required — Because we use only strictly necessary cookies (authentication, session, security) that are exempt from consent under Article 5(3) of the ePrivacy Directive, and Plausible Analytics is cookieless
- Payment consent through action — By proceeding to make a payment, you consent to Stripe setting necessary functional cookies for secure payment processing
- Transparent disclosure — This Notice provides full disclosure of our cookie practices
- No consent fatigue — We do not burden you with unnecessary consent requests for cookies we do not use
6.2 If Additional Cookies Are Introduced
Should we introduce additional technologies or features that require consent in the future:
- A cookie consent banner will be displayed before setting any such cookies
- You will be asked to explicitly consent to or reject each category of cookies
- Your preferences will be stored and respected during your visit and in future sessions
- You will have the ability to withdraw consent at any time
- This Notice will be updated accordingly before any new cookies are deployed
- We will never set non-essential cookies without your prior informed consent
7. YOUR RIGHTS AND COOKIE MANAGEMENT
7.1 Your GDPR Rights
Under the GDPR, you have the following rights regarding personal data processed through cookies and similar technologies:
- Right of Access (Article 15) — You can request to know what personal data we hold about you
- Right to Rectification (Article 16) — You can request correction of inaccurate data
- Right to Erasure (Article 17) — You can request deletion of your personal data (subject to legal limitations)
- Right to Restrict Processing (Article 18) — You can request restriction of processing in certain circumstances
- Right to Data Portability (Article 20) — You can request your data in a portable, machine-readable format
- Right to Object (Article 21) — You can object to processing based on legitimate interest
- Rights Related to Automated Decision-Making (Article 22) — You have protections against decisions based solely on automated processing
For full details on exercising these rights, please see Section 6 of our Privacy Policy. To exercise these rights, contact us at: [email protected]
7.2 Browser Cookie Management
You have full control over cookies stored on your device. Most web browsers allow you to:
- View stored cookies — See what cookies are stored on your device
- Delete cookies — Remove specific or all cookies from your device
- Block cookies — Prevent websites from setting cookies
- Manage third-party cookies — Control cookies from external services separately
How to manage cookies in popular browsers:
| Browser | Instructions |
|---|---|
| Google Chrome | Settings → Privacy and Security → Cookies and other site data → Manage |
| Mozilla Firefox | Preferences → Privacy & Security → Cookies and Site Data → Manage |
| Microsoft Edge | Settings → Privacy, search, and services → Cookies → Manage |
| Apple Safari | Preferences → Privacy → Cookies and website data → Manage |
| Opera | Settings → Advanced → Cookies → Manage cookies |
Important Note: Blocking all cookies may affect the functionality of Visionary Hub, including your ability to log in and use the platform. Strictly necessary cookies for authentication and session management should remain enabled for the platform to function correctly.
7.3 Do Not Track (DNT)
Some browsers include a "Do Not Track" (DNT) signal. Visionary Hub respects DNT signals where applicable. However, since we do not use tracking cookies and Plausible Analytics does not track users regardless of DNT status, the DNT signal has no practical effect on our data collection.
7.4 Withdrawing Consent
If you have consented to any optional cookies or features:
- You may withdraw your consent at any time
- Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal
- To withdraw consent, clear your browser cookies or contact us at [email protected]
- We will process your withdrawal request without undue delay
8. THIRD-PARTY SERVICES AND DATA SHARING
8.1 Third-Party Services Used
| Service | Purpose | Type | Cookies? | Location | More Info |
|---|---|---|---|---|---|
| Plausible Analytics | Website analytics | Privacy-focused, cookieless analytics | No | EU (Estonia/Finland) | https://plausible.io/privacy |
| Google Cloud | Website hosting and infrastructure | Cloud hosting | None set by us | EU (Frankfurt/Ireland/Belgium) | https://cloud.google.com/privacy |
| Stripe | Payment processing | Payment processor | Yes (functional) | USA (with EU capabilities) | https://stripe.com/privacy |
| Google Workspace | Email and internal collaboration | Communication platform | None set on Website | USA (with EU capabilities) | https://workspace.google.com/privacy |
8.2 Data Sharing Policy
Visionary Hub does NOT:
- Sell your personal data to any third party
- Share your data for advertising or marketing purposes
- Share your data with data brokers or advertising networks
- Share your browsing history with third parties
- Use your data for cross-site tracking or profiling
We ONLY share data:
- With service providers (as listed in Section 8.1) as necessary to provide services you request
- When required by law, court order, or government request
- With your explicit consent
For full details on data sharing, please see Section 7 of our Privacy Policy.
9. INTERNATIONAL DATA TRANSFERS
Our primary services are based in or operate within the European Union:
- Plausible Analytics — EU-based, EU data centers (Estonia/Finland)
- Google Cloud — EU region (Frankfurt, Ireland, or Belgium)
Services with US presence:
- Stripe — USA (with EU data processing capabilities); transfers governed by EU Standard Contractual Clauses (SCCs) and supplementary measures in accordance with the CJEU's Schrems II decision (C-311/18)
- Google Workspace — USA (with EU data processing capabilities); transfers governed by SCCs and supplementary measures
We do not transfer personal data outside the EU/EEA without appropriate safeguards. For full details on international data transfers, see Section 8 of our Privacy Policy.
10. DATA RETENTION
10.1 Plausible Analytics Data
- Plausible retains aggregated analytics data for 90 days (configurable)
- After the retention period, old data is automatically deleted
- This data is never connected to individual users and cannot be used to identify you
10.2 Session and Authentication Cookies
- Session cookies are deleted when you close your browser
- Persistent authentication cookies expire after a maximum of 30 days
- Preference cookies expire after a maximum of 12 months
10.3 Stripe Payment Data
- Stripe retains payment information as required by law for fraud prevention, chargebacks, and regulatory compliance
- Transaction records are retained for 10 years per Czech accounting laws (zákon č. 563/1991 Sb., o účetnictví) and EU tax requirements
- You should review Stripe's privacy policy at https://stripe.com/privacy for full details
10.4 Your Personal Data
For full details on data retention periods across all data categories, please refer to Section 5 of our Privacy Policy.
11. PROPRIETARY TOOLS
Visionary Hub may develop, operate, and offer its own interactive utilities and micro-applications ("Proprietary Tools"), as described in Section 3.3 of our Terms of Service.
Cookie usage by Proprietary Tools:
- Proprietary Tools may use strictly necessary session cookies to function correctly
- Any such cookies are first-party, essential, and exempt from consent requirements under Article 5(3) of the ePrivacy Directive
- Proprietary Tools do NOT set tracking, analytics, or marketing cookies
- Input data processed by Proprietary Tools is handled in real-time and is not stored beyond the active session unless explicitly stated on the relevant tool page
- No Proprietary Tool data is used for AI training purposes
If a specific Proprietary Tool requires additional cookies or tracking technologies, this will be disclosed on the tool's page and your consent will be obtained before any non-essential cookies are deployed.
12. SECURITY MEASURES
We implement technical and organizational measures to protect data processed through cookies and similar technologies:
- TLS 1.3 encryption — All communications with our Website are encrypted using TLS 1.3
- Secure cookie attributes — Essential cookies use the Secure flag (HTTPS only), HttpOnly flag (not accessible via JavaScript), and SameSite attribute (cross-site request protection)
- Secure payment processing — Payments are processed through PCI DSS-compliant Stripe
- Access controls — Only authorized personnel can access systems containing personal data
- Monitoring — We monitor for unauthorized access attempts and security incidents
- Regular updates — We maintain and update our security infrastructure
For comprehensive details on our security measures, see Section 10 of our Privacy Policy.
13. CONTACT AND DATA PROTECTION
13.1 Data Controller Information
Visionary Studio s.r.o. is the Data Controller responsible for this Website.
- Company Name: Visionary Studio s.r.o.
- IČO: 21641862
- DIČ: CZ21641862
- Address: V Zahrádkách 742, 273 06 Libušín, Czech Republic
- Court Registration: C 404416, Městský soud v Praze
13.2 Contact for Privacy and Cookie Matters
- Privacy Inquiries: [email protected]
- General Support: [email protected]
- Legal Inquiries: [email protected]
- Security Reports: [email protected]
13.3 Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with the supervisory authority:
- ÚOOÚ (Úřad pro ochranu osobních údajů — Czech Data Protection Office)
- Website: https://www.uoou.cz
- Email: [email protected]
- Address: Poupětova 1, 130 00 Praha 3, Czech Republic
You may also file complaints with data protection authorities in the EU member state of your residence or place of work.
14. CHANGES TO THIS NOTICE
We may update this Cookies & GDPR Consent Notice periodically to reflect:
- Changes to our cookie practices or introduction of new cookie categories
- Introduction of new services, technologies, or Proprietary Tools
- Legal or regulatory requirements
- Updates to third-party services
Material changes will be:
- Posted on our Website
- Notified via email to registered users (for significant changes)
- Effective 30 days after notice (or as legally required)
If changes introduce new non-essential cookies, we will obtain your consent before deploying them.
15. SUMMARY
The Bottom Line:
- We don't track you — Visionary Hub uses only privacy-friendly, cookieless analytics (Plausible Analytics, EU-hosted)
- Minimal cookies — We use only strictly necessary cookies for authentication, session management, and security; plus Stripe functional cookies for payments
- No invasive cookies — We do not use Google Analytics, Facebook Pixel, advertising trackers, or any marketing cookies
- Your data is safe — We encrypt all communications with TLS 1.3, secure payments through PCI DSS-compliant Stripe, and never sell your data
- You are in control — You can manage cookies in your browser and withdraw consent anytime
- We are compliant — We comply with the GDPR, the ePrivacy Directive, Czech privacy laws, and the Digital Services Act
- Transparency — This Notice explains exactly how we operate; our full Privacy Policy provides additional details
16. LANGUAGE
This Cookies & GDPR Consent Notice is published in English and may be translated into other languages for convenience. In the event of any conflict or inconsistency between the English version and any translated version, the English version shall prevail and be considered the authoritative text for all legal purposes.
APPENDIX: GDPR AND COOKIE COMPLIANCE OVERVIEW
| Requirement | Status | Details |
|---|---|---|
| Data Protection Impact Assessment (DPIA) | ✓ Completed | No high-risk processing; privacy-first approach |
| Data Processing Agreement (DPA) with Stripe | ✓ In place | Stripe provides DPA; GDPR compliant with SCCs |
| Data Processing Agreement (DPA) with Google Cloud | ✓ In place | Google Cloud DPA; EU data residency |
| Data Processing Agreement (DPA) with Plausible | ✓ In place | EU-based; cookieless; no personal data processed |
| Right of Access | ✓ Implemented | Via [email protected] |
| Right to Erasure | ✓ Implemented | Via [email protected] or account settings |
| Right to Data Portability | ✓ Implemented | CSV, JSON, or XML format available |
| Right to Object | ✓ Implemented | Via [email protected] |
| Privacy by Design | ✓ Implemented | Cookieless analytics, minimal data collection, secure cookie attributes |
| Consent Mechanism | ✓ Implemented | Transparent; consent required only if non-essential cookies introduced |
| Lawful Basis Documented | ✓ Documented | Contract performance, legitimate interest, consent (where applicable) |
| Third-Party Data Sharing | ✓ Restricted | Only with service providers; never sold |
| Data Retention Policies | ✓ Documented | Minimal retention; aligned with Privacy Policy |
| Data Security Measures | ✓ Implemented | TLS 1.3, AES-256, secure cookie flags, access controls, monitoring |
| Incident Response Plan | ✓ In place | 72-hour notification to ÚOOÚ per Article 33 GDPR |
| International Transfer Safeguards | ✓ In place | SCCs and supplementary measures per Schrems II |
DOCUMENT INFORMATION
Document Title: Cookies & GDPR Consent Notice — Visionary Hub
Effective Date: February 19, 2026
Version: 2.0
Language: English (authoritative version)
Jurisdiction: Czech Republic (Primary), European Union
Company: Visionary Studio s.r.o.
IČO: 21641862
Court Registration: C 404416, Městský soud v Praze
Next Review Date: February 19, 2027
END OF COOKIES & GDPR CONSENT NOTICE
This document is part of the binding agreement between users and Visionary Studio s.r.o. together with the Terms of Service, Privacy Policy, Acceptable Use Policy, Intellectual Property Notice, and Content Disclaimer.