COOKIES & GDPR CONSENT NOTICE

Created At: 2026-02-19

Last Updated: 2026-02-20

COOKIES & GDPR CONSENT NOTICE

Visionary Hub

Effective Date: February 19, 2026

Last Updated: February 19, 2026


DOCUMENT INFORMATION

Detail Information
Company Name Visionary Studio s.r.o.
Trading as Visionary Hub
Registration Number (IČO) 21641862
Tax ID (DIČ) CZ21641862
Registered Address V Zahrádkách 742, 273 06 Libušín, Czech Republic
Court Registration C 404416, Městský soud v Praze (Municipal Court in Prague)
Contact Email [email protected]
Privacy Inquiries [email protected]
Effective Date February 19, 2026
Last Updated February 19, 2026

TABLE OF CONTENTS

  1. Introduction
  2. Our Privacy-First Approach
  3. Cookie Categories
  4. What is a Cookie?
  5. Legal Basis for Cookie Use
  6. Cookie Consent Mechanism
  7. Your Rights and Cookie Management
  8. Third-Party Services and Data Sharing
  9. International Data Transfers
  10. Data Retention
  11. Proprietary Tools
  12. Security Measures
  13. Contact and Data Protection
  14. Changes to This Notice
  15. Summary
  16. Language

1. INTRODUCTION

This Cookies & GDPR Consent Notice ("Notice") explains how Visionary Studio s.r.o., trading as Visionary Hub ("we," "us," "our," or "Company"), uses cookies and similar technologies on our website and digital properties (collectively, the "Website").

We are committed to protecting your privacy and operating transparently. This Notice details what cookies and tracking technologies we use (or do not use), why we use them, how we obtain your consent where required, and how you can manage your cookie preferences.

This Notice applies to all visitors, users, and customers who access or interact with our Website, regardless of location. It is designed to comply with:

  • General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
  • ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC)
  • Czech Act on Personal Data Protection (zákon č. 110/2019 Sb., o zpracování osobních údajů)
  • Czech Consumer Protection Act (zákon č. 634/1992 Sb., o ochraně spotřebitele)
  • Digital Services Act (Regulation (EU) 2022/2065) — to the extent applicable to cookie and tracking disclosures
  • International best practices for data privacy and user consent

This Notice is supplementary to and should be read in conjunction with our Privacy Policy (available on our website), which provides comprehensive details about personal data processing, your data protection rights, data security measures, and how to contact us regarding privacy matters.


2. OUR PRIVACY-FIRST APPROACH

2.1 No Invasive Tracking

We recognize that your privacy is paramount. Unlike many websites, Visionary Hub does NOT use:

  • Google Analytics or other analytics cookies
  • Facebook Pixel or social media tracking pixels
  • Advertising cookies or retargeting trackers
  • Third-party data brokers or tracking networks
  • Cross-site tracking technologies
  • Device fingerprinting techniques

2.2 Plausible Analytics: Our Privacy-Friendly Choice

To understand how visitors interact with our Website while respecting your privacy, we use Plausible Analytics.

Plausible Analytics is a privacy-focused analytics platform that:

  • Is cookieless — Plausible does not use cookies to track users or collect personal data
  • Does not use fingerprinting — We do not identify you through device fingerprinting
  • Does not require consent — Because Plausible is truly anonymous and does not track individuals, it does not require GDPR consent or a cookie banner
  • Does not collect personal data — Plausible collects only aggregated, non-identifiable statistics (e.g., number of page views, general traffic patterns, device type)
  • Is GDPR compliant — Plausible Analytics complies fully with the GDPR
  • Is EU-based — Plausible is hosted and operated within the European Union (Estonia/Finland)
  • Does not share data — Your data is never shared with advertising networks, data brokers, or other third parties for profiling or targeting

Since Plausible does not set cookies or collect personal data, there is no requirement to obtain your consent for Plausible Analytics. This is consistent with guidance from European Data Protection Authorities and the exemption under Article 5(3) of the ePrivacy Directive for technologies that are strictly necessary for providing a service explicitly requested by the user.


3. COOKIE CATEGORIES

3.1 Strictly Necessary Cookies (Essential Cookies)

Status: Used for Authentication and Session Management

Visionary Hub uses strictly necessary cookies to provide core platform functionality, including user authentication, session management, and security features. These cookies:

  • Are essential for operating the platform and cannot be disabled without losing core functionality
  • Are used exclusively for authentication, session persistence, and security (e.g., CSRF protection)
  • Are NOT used for tracking, profiling, or advertising purposes
  • Are limited to the duration of your session or as needed for security and authentication persistence
  • Do NOT require your explicit consent under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC), as they are strictly necessary for providing the service you have requested
  • Are first-party cookies set by Visionary Hub

Essential cookies we may use:

Cookie Name Purpose Duration Type
Session ID Maintains your login session Session / up to 30 days First-party
CSRF Token Protects against cross-site request forgery Session First-party
Auth Token Authenticates your account Up to 30 days First-party
Preferences Stores your language and display preferences Up to 12 months First-party

3.2 Functional Cookies (Stripe Payment Processing)

Status: Used When Payment Processing Occurs

When you make a purchase or complete a payment transaction on Visionary Hub, your payment is processed through Stripe, a third-party payment processor.

Stripe may set functional cookies for:

  • Session management during payment transactions
  • Fraud prevention and security
  • Payment processing and transaction completion
  • PCI DSS (Payment Card Industry Data Security Standard) compliance

Important Details:

  • Stripe cookies are functional (not tracking or marketing)
  • Stripe is GDPR and ePrivacy Directive compliant
  • Stripe cookies are used only for the duration necessary to complete your payment and for fraud prevention
  • You may review Stripe's privacy policy at: https://stripe.com/privacy
  • Stripe is SOC 2 Type II certified and maintains EU data protection standards
  • Stripe processes payments in accordance with EU Standard Contractual Clauses (SCCs) and supplementary measures

Your Consent: By proceeding to make a payment through Stripe, you consent to Stripe setting necessary functional cookies for secure payment processing. You can abandon a transaction at any time before completing payment.

3.3 Analytics Cookies

Status: Not Used

As explained in Section 2.2, Visionary Hub uses Plausible Analytics, which is cookieless. Therefore, no analytics cookies are set on your device.

Plausible does not use cookies, pixels, or other persistent tracking technologies. It does not track you across websites or create user profiles. It collects only aggregated statistics that cannot be attributed to you personally.

3.4 Marketing and Advertising Cookies

Status: Not Used

Visionary Hub does NOT use any marketing, advertising, or retargeting cookies. We do not:

  • Participate in retargeting campaigns
  • Use Facebook Pixel or similar advertising trackers
  • Share user data with advertising networks
  • Track you across the internet for targeted advertising

We may use ethical marketing methods (such as email marketing, with your explicit consent) but never through invasive tracking technologies.


4. WHAT IS A COOKIE?

A "cookie" is a small text file that a website stores on your device (computer, tablet, or smartphone) and retrieves later when you visit the website again.

Types of cookies by duration:

  • Session Cookies: Deleted when you close your browser
  • Persistent Cookies: Remain on your device for a specified period

Types of cookies by origin:

  • First-party Cookies: Set by the website you are visiting (e.g., Visionary Hub)
  • Third-party Cookies: Set by external services embedded on the website (e.g., Stripe payment processor)

Similar technologies: In addition to cookies, websites may use similar technologies such as local storage, session storage, pixels, and web beacons. This Notice covers all such technologies. Visionary Hub does not use pixels, web beacons, or tracking technologies other than the essential cookies and Stripe functional cookies described above.


5. LEGAL BASIS FOR COOKIE USE

5.1 GDPR Legal Basis

Under the GDPR, we process personal data (where applicable) based on:

  • Contract Performance (Article 6(1)(b)) — To maintain your account session and process your payment through Stripe
  • Legitimate Interest (Article 6(1)(f)) — To maintain and improve our Website, including security monitoring
  • Your Consent (Article 6(1)(a)) — For any optional features or non-essential cookies you agree to (currently none deployed)

5.2 ePrivacy Directive Compliance

Under Article 5(3) of the ePrivacy Directive (Directive 2002/58/EC):

  • Strictly necessary cookies are exempt from consent requirements — this includes our authentication, session, and security cookies, as they are strictly necessary for providing the service you have explicitly requested
  • Functional cookies for payment processing (Stripe) are treated as necessary for contract performance when you initiate a payment
  • All other cookies (analytics, marketing, advertising) require your prior informed consent before being placed on your device — Visionary Hub does NOT deploy any such cookies
  • Plausible Analytics does not set cookies and therefore falls outside the scope of Article 5(3) entirely

5.3 Czech Law Compliance

Under Czech law, including zákon č. 110/2019 Sb. (Act on Personal Data Protection) and zákon č. 127/2005 Sb. (Act on Electronic Communications), our cookie practices comply with all applicable requirements for cookie consent and electronic communications privacy.


6. COOKIE CONSENT MECHANISM

6.1 How Consent Works at Visionary Hub

Given the privacy-first nature of our Website:

  • No pop-up cookie banner is currently required — Because we use only strictly necessary cookies (authentication, session, security) that are exempt from consent under Article 5(3) of the ePrivacy Directive, and Plausible Analytics is cookieless
  • Payment consent through action — By proceeding to make a payment, you consent to Stripe setting necessary functional cookies for secure payment processing
  • Transparent disclosure — This Notice provides full disclosure of our cookie practices
  • No consent fatigue — We do not burden you with unnecessary consent requests for cookies we do not use

6.2 If Additional Cookies Are Introduced

Should we introduce additional technologies or features that require consent in the future:

  • A cookie consent banner will be displayed before setting any such cookies
  • You will be asked to explicitly consent to or reject each category of cookies
  • Your preferences will be stored and respected during your visit and in future sessions
  • You will have the ability to withdraw consent at any time
  • This Notice will be updated accordingly before any new cookies are deployed
  • We will never set non-essential cookies without your prior informed consent

7. YOUR RIGHTS AND COOKIE MANAGEMENT

7.1 Your GDPR Rights

Under the GDPR, you have the following rights regarding personal data processed through cookies and similar technologies:

  • Right of Access (Article 15) — You can request to know what personal data we hold about you
  • Right to Rectification (Article 16) — You can request correction of inaccurate data
  • Right to Erasure (Article 17) — You can request deletion of your personal data (subject to legal limitations)
  • Right to Restrict Processing (Article 18) — You can request restriction of processing in certain circumstances
  • Right to Data Portability (Article 20) — You can request your data in a portable, machine-readable format
  • Right to Object (Article 21) — You can object to processing based on legitimate interest
  • Rights Related to Automated Decision-Making (Article 22) — You have protections against decisions based solely on automated processing

For full details on exercising these rights, please see Section 6 of our Privacy Policy. To exercise these rights, contact us at: [email protected]

7.2 Browser Cookie Management

You have full control over cookies stored on your device. Most web browsers allow you to:

  • View stored cookies — See what cookies are stored on your device
  • Delete cookies — Remove specific or all cookies from your device
  • Block cookies — Prevent websites from setting cookies
  • Manage third-party cookies — Control cookies from external services separately

How to manage cookies in popular browsers:

Browser Instructions
Google Chrome Settings → Privacy and Security → Cookies and other site data → Manage
Mozilla Firefox Preferences → Privacy & Security → Cookies and Site Data → Manage
Microsoft Edge Settings → Privacy, search, and services → Cookies → Manage
Apple Safari Preferences → Privacy → Cookies and website data → Manage
Opera Settings → Advanced → Cookies → Manage cookies

Important Note: Blocking all cookies may affect the functionality of Visionary Hub, including your ability to log in and use the platform. Strictly necessary cookies for authentication and session management should remain enabled for the platform to function correctly.

7.3 Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) signal. Visionary Hub respects DNT signals where applicable. However, since we do not use tracking cookies and Plausible Analytics does not track users regardless of DNT status, the DNT signal has no practical effect on our data collection.

7.4 Withdrawing Consent

If you have consented to any optional cookies or features:

  • You may withdraw your consent at any time
  • Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal
  • To withdraw consent, clear your browser cookies or contact us at [email protected]
  • We will process your withdrawal request without undue delay

8. THIRD-PARTY SERVICES AND DATA SHARING

8.1 Third-Party Services Used

Service Purpose Type Cookies? Location More Info
Plausible Analytics Website analytics Privacy-focused, cookieless analytics No EU (Estonia/Finland) https://plausible.io/privacy
Google Cloud Website hosting and infrastructure Cloud hosting None set by us EU (Frankfurt/Ireland/Belgium) https://cloud.google.com/privacy
Stripe Payment processing Payment processor Yes (functional) USA (with EU capabilities) https://stripe.com/privacy
Google Workspace Email and internal collaboration Communication platform None set on Website USA (with EU capabilities) https://workspace.google.com/privacy

8.2 Data Sharing Policy

Visionary Hub does NOT:

  • Sell your personal data to any third party
  • Share your data for advertising or marketing purposes
  • Share your data with data brokers or advertising networks
  • Share your browsing history with third parties
  • Use your data for cross-site tracking or profiling

We ONLY share data:

  • With service providers (as listed in Section 8.1) as necessary to provide services you request
  • When required by law, court order, or government request
  • With your explicit consent

For full details on data sharing, please see Section 7 of our Privacy Policy.


9. INTERNATIONAL DATA TRANSFERS

Our primary services are based in or operate within the European Union:

  • Plausible Analytics — EU-based, EU data centers (Estonia/Finland)
  • Google Cloud — EU region (Frankfurt, Ireland, or Belgium)

Services with US presence:

  • Stripe — USA (with EU data processing capabilities); transfers governed by EU Standard Contractual Clauses (SCCs) and supplementary measures in accordance with the CJEU's Schrems II decision (C-311/18)
  • Google Workspace — USA (with EU data processing capabilities); transfers governed by SCCs and supplementary measures

We do not transfer personal data outside the EU/EEA without appropriate safeguards. For full details on international data transfers, see Section 8 of our Privacy Policy.


10. DATA RETENTION

10.1 Plausible Analytics Data

  • Plausible retains aggregated analytics data for 90 days (configurable)
  • After the retention period, old data is automatically deleted
  • This data is never connected to individual users and cannot be used to identify you

10.2 Session and Authentication Cookies

  • Session cookies are deleted when you close your browser
  • Persistent authentication cookies expire after a maximum of 30 days
  • Preference cookies expire after a maximum of 12 months

10.3 Stripe Payment Data

  • Stripe retains payment information as required by law for fraud prevention, chargebacks, and regulatory compliance
  • Transaction records are retained for 10 years per Czech accounting laws (zákon č. 563/1991 Sb., o účetnictví) and EU tax requirements
  • You should review Stripe's privacy policy at https://stripe.com/privacy for full details

10.4 Your Personal Data

For full details on data retention periods across all data categories, please refer to Section 5 of our Privacy Policy.


11. PROPRIETARY TOOLS

Visionary Hub may develop, operate, and offer its own interactive utilities and micro-applications ("Proprietary Tools"), as described in Section 3.3 of our Terms of Service.

Cookie usage by Proprietary Tools:

  • Proprietary Tools may use strictly necessary session cookies to function correctly
  • Any such cookies are first-party, essential, and exempt from consent requirements under Article 5(3) of the ePrivacy Directive
  • Proprietary Tools do NOT set tracking, analytics, or marketing cookies
  • Input data processed by Proprietary Tools is handled in real-time and is not stored beyond the active session unless explicitly stated on the relevant tool page
  • No Proprietary Tool data is used for AI training purposes

If a specific Proprietary Tool requires additional cookies or tracking technologies, this will be disclosed on the tool's page and your consent will be obtained before any non-essential cookies are deployed.


12. SECURITY MEASURES

We implement technical and organizational measures to protect data processed through cookies and similar technologies:

  • TLS 1.3 encryption — All communications with our Website are encrypted using TLS 1.3
  • Secure cookie attributes — Essential cookies use the Secure flag (HTTPS only), HttpOnly flag (not accessible via JavaScript), and SameSite attribute (cross-site request protection)
  • Secure payment processing — Payments are processed through PCI DSS-compliant Stripe
  • Access controls — Only authorized personnel can access systems containing personal data
  • Monitoring — We monitor for unauthorized access attempts and security incidents
  • Regular updates — We maintain and update our security infrastructure

For comprehensive details on our security measures, see Section 10 of our Privacy Policy.


13. CONTACT AND DATA PROTECTION

13.1 Data Controller Information

Visionary Studio s.r.o. is the Data Controller responsible for this Website.

  • Company Name: Visionary Studio s.r.o.
  • IČO: 21641862
  • DIČ: CZ21641862
  • Address: V Zahrádkách 742, 273 06 Libušín, Czech Republic
  • Court Registration: C 404416, Městský soud v Praze

13.2 Contact for Privacy and Cookie Matters

13.3 Supervisory Authority

If you believe your rights have been violated, you have the right to lodge a complaint with the supervisory authority:

  • ÚOOÚ (Úřad pro ochranu osobních údajů — Czech Data Protection Office)
  • Website: https://www.uoou.cz
  • Email: [email protected]
  • Address: Poupětova 1, 130 00 Praha 3, Czech Republic

You may also file complaints with data protection authorities in the EU member state of your residence or place of work.


14. CHANGES TO THIS NOTICE

We may update this Cookies & GDPR Consent Notice periodically to reflect:

  • Changes to our cookie practices or introduction of new cookie categories
  • Introduction of new services, technologies, or Proprietary Tools
  • Legal or regulatory requirements
  • Updates to third-party services

Material changes will be:

  • Posted on our Website
  • Notified via email to registered users (for significant changes)
  • Effective 30 days after notice (or as legally required)

If changes introduce new non-essential cookies, we will obtain your consent before deploying them.


15. SUMMARY

The Bottom Line:

  1. We don't track you — Visionary Hub uses only privacy-friendly, cookieless analytics (Plausible Analytics, EU-hosted)
  2. Minimal cookies — We use only strictly necessary cookies for authentication, session management, and security; plus Stripe functional cookies for payments
  3. No invasive cookies — We do not use Google Analytics, Facebook Pixel, advertising trackers, or any marketing cookies
  4. Your data is safe — We encrypt all communications with TLS 1.3, secure payments through PCI DSS-compliant Stripe, and never sell your data
  5. You are in control — You can manage cookies in your browser and withdraw consent anytime
  6. We are compliant — We comply with the GDPR, the ePrivacy Directive, Czech privacy laws, and the Digital Services Act
  7. Transparency — This Notice explains exactly how we operate; our full Privacy Policy provides additional details

16. LANGUAGE

This Cookies & GDPR Consent Notice is published in English and may be translated into other languages for convenience. In the event of any conflict or inconsistency between the English version and any translated version, the English version shall prevail and be considered the authoritative text for all legal purposes.


APPENDIX: GDPR AND COOKIE COMPLIANCE OVERVIEW

Requirement Status Details
Data Protection Impact Assessment (DPIA) ✓ Completed No high-risk processing; privacy-first approach
Data Processing Agreement (DPA) with Stripe ✓ In place Stripe provides DPA; GDPR compliant with SCCs
Data Processing Agreement (DPA) with Google Cloud ✓ In place Google Cloud DPA; EU data residency
Data Processing Agreement (DPA) with Plausible ✓ In place EU-based; cookieless; no personal data processed
Right of Access ✓ Implemented Via [email protected]
Right to Erasure ✓ Implemented Via [email protected] or account settings
Right to Data Portability ✓ Implemented CSV, JSON, or XML format available
Right to Object ✓ Implemented Via [email protected]
Privacy by Design ✓ Implemented Cookieless analytics, minimal data collection, secure cookie attributes
Consent Mechanism ✓ Implemented Transparent; consent required only if non-essential cookies introduced
Lawful Basis Documented ✓ Documented Contract performance, legitimate interest, consent (where applicable)
Third-Party Data Sharing ✓ Restricted Only with service providers; never sold
Data Retention Policies ✓ Documented Minimal retention; aligned with Privacy Policy
Data Security Measures ✓ Implemented TLS 1.3, AES-256, secure cookie flags, access controls, monitoring
Incident Response Plan ✓ In place 72-hour notification to ÚOOÚ per Article 33 GDPR
International Transfer Safeguards ✓ In place SCCs and supplementary measures per Schrems II

DOCUMENT INFORMATION

Document Title: Cookies & GDPR Consent Notice — Visionary Hub

Effective Date: February 19, 2026

Version: 2.0

Language: English (authoritative version)

Jurisdiction: Czech Republic (Primary), European Union

Company: Visionary Studio s.r.o.

IČO: 21641862

Court Registration: C 404416, Městský soud v Praze

Next Review Date: February 19, 2027


END OF COOKIES & GDPR CONSENT NOTICE

This document is part of the binding agreement between users and Visionary Studio s.r.o. together with the Terms of Service, Privacy Policy, Acceptable Use Policy, Intellectual Property Notice, and Content Disclaimer.