How Logio protects your data

Privacy Policy

Effective date: 23 November 2025

This Privacy Policy explains how Logio s.r.o. (“Logio”, “we”, “us”) processes personal data in connection with:

• visits to our websites (the “Website”),
• enquiries and contact made via our lead and contact forms,
• job applications submitted via our career forms,
• registration and participation in the Logio Supply Chain Masters (SCMasters) community,
• and other related online interactions with our company.

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Czech data protection laws.

1. Controller

The controller of your personal data is:

Logio s.r.o.
Company ID (IČO): 27161871
Registered office: Evropská 2588/33a, 160 00 Prague 6, Czech Republic

For any privacy‑related questions or to exercise your rights, you can contact us at:
📧 [email protected]

2. Scope – who this Policy applies to

This Privacy Policy applies in particular to:

• Website visitors,
• business contacts and prospects who submit enquiries or fill in lead/contact forms,
• job applicants using our career forms,
• SCMasters community members (students and professionals who register for the programme).

It does not govern the processing of personal data for users of any separate SaaS / software products (such as specific supply chain tools), which may be subject to a separate privacy notice.

3. Personal data we process

3.1 Website visitors

When you visit our Website, we may process:

• Technical and usage data
• IP address, device identifiers, browser type and version, language, operating system,
• date and time of access, URLs visited, referrer URL, interaction with the Website (clicks, scrolls, etc.).
• Cookies and similar technologies
• See section 7 and our separate Cookie Policy for details.

We typically process this data in a way that does not allow us to directly identify you, unless you later provide your contact details (e.g. via a form).

3.2 Business contacts and prospects (lead / contact forms)

If you contact us via our contact or lead forms, or otherwise communicate with us in a business context, we process:

• Identification data
• first name, last name, job title/role,
• Contact data
• e‑mail address, phone number, company name, company address (if you provide it),
• Information about your enquiry
• content of your message, area of interest, information about your company or project,
• Communication history
• our notes from calls or meetings, e‑mail correspondence, follow‑up information.

3.3 Job applicants (career forms)

If you apply for a job, internship or other role at Logio, we process:

• Identification and contact data
• first name, last name, title, e‑mail, phone number, address (if provided),
• Professional data
• CV, education, work experience, skills, certifications, references,
• Additional data you voluntarily share
• cover letter, portfolio, links to LinkedIn or other profiles,
• Recruitment process data
• notes from interviews, internal evaluations, communication related to the recruitment.

3.4 SCMasters community members

If you register for Supply Chain Masters (SCMasters), we process:

• Identification data
• first name, last name, title (if applicable),
• Contact and affiliation data
• e‑mail address, phone number, name of your university or company, your role/position,
• Membership data
• date of registration, participation in events, workshops and activities, your feedback,
• Preferences and interests
• topics and types of events or content you are interested in (if provided).

If a partner company wishes to contact a specific SCMasters member, we may share that member’s contact details with the partner.

3.5 Other categories of data

In justified cases, we may also process:

• Billing and accounting data
• where you or your company become our customer or supplier,
• Records of communication and contracts
• where necessary to document our business relationship,
• Data necessary for legal claims
• e.g. contracts, correspondence and relevant documentation in case of disputes.

4. Purposes, legal bases and retention periods

We always process personal data based on at least one of the legal bases under Article 6 GDPR (contract, legal obligation, legitimate interest, consent).

4.1 Operation, security and improvement of the Website

• Purpose:
  To ensure the proper functioning, security and performance of the Website, troubleshoot issues, prevent abuse and perform basic analytics (e.g. aggregate traffic statistics).
• Legal basis:
  Our legitimate interest in operating a secure and reliable Website (Article 6(1)(f) GDPR).
• Retention:
  Technical logs and related data are kept for the period necessary to achieve the above purposes, typically from several weeks up to one year, depending on the specific system and security needs.

4.2 Handling enquiries and business communication (lead / contact forms)

• Purpose:
  To respond to your enquiries, prepare proposals, discuss potential cooperation and manage our relationship with existing and prospective customers and partners.
• Legal basis:
• Performance of a contract or steps taken prior to entering into a contract (Article 6(1)(b) GDPR), where we are in active negotiations or performing services, and
• Our legitimate interest in developing and managing B2B relationships and providing our services to companies (Article 6(1)(f) GDPR).
• Retention:
  We store data related to business enquiries and contacts for as long as necessary for our communication and relationship, typically up to 3 years from the last meaningful contact, unless a business relationship is established and the data become part of contractual documentation or legal records.

4.3 Direct B2B marketing and newsletters

• Purpose:
  To send you information about our services, events, content and news in supply chain and related fields that may be relevant to your professional role.
• Legal basis:
  Our legitimate interest in B2B direct marketing to our existing customers and professional contacts (Article 6(1)(f) GDPR and applicable Czech e‑privacy rules).
  Where the law requires consent for specific types of communication or recipients, we may also rely on your consent.
• Retention:
  We process your contact details for marketing purposes as long as:
• our business relationship or professional contact with you or your company exists, and/or
• you have not objected to such processing or unsubscribed.

You can unsubscribe at any time using the link in our e‑mails or by contacting us at [email protected]. If you object to direct marketing, we will stop processing your data for this purpose.

4.4 Recruitment and job applications

• Purpose:
  To assess your application, manage the recruitment process and communicate with you regarding job opportunities.
• Legal basis:
• Steps prior to entering into a contract (recruitment process) (Article 6(1)(b) GDPR),
• Our legitimate interest in running an efficient recruitment process and protecting ourselves against potential legal claims (Article 6(1)(f) GDPR).
• Retention:
  We keep personal data of unsuccessful applicants for the duration of the specific recruitment process and then typically for up to 6 months after the process has ended, unless a longer period is required by law or necessary for legal claims.

4.5 SCMasters community membership

• Purpose:
  To manage your SCMasters membership, provide access to events and activities, communication within the community, and to inform you about relevant opportunities and content.
• Legal basis:
• Performance of a contract – provision of the SCMasters community services (Article 6(1)(b) GDPR),
• Our legitimate interest in building and developing a professional supply chain community (Article 6(1)(f) GDPR),
• Where we share your contact details with a specific partner company for a particular opportunity, we do so only with your explicit agreement (case‑by‑case consent).
• Retention:
  We process your personal data for as long as your SCMasters membership is active.
  When you terminate your membership or request deletion, we delete your personal account data without undue delay (usually within 30 days), except for minimal data that we may need to retain:
• to document past participation in events (where necessary), or
• to comply with legal obligations and limitation periods.

4.6 Compliance with legal obligations

• Purpose:
  To comply with our legal obligations in areas such as accounting, tax, employment, personal data protection and other regulatory requirements.
• Legal basis:
  Performance of a legal obligation (Article 6(1)(c) GDPR).
• Retention:
  According to the relevant legal requirements, typically 5–10 years (e.g. accounting documentation).

4.7 Protection of Logio’s rights and legal claims

• Purpose:
  To establish, exercise or defend our legal claims and to cooperate with authorities where necessary.
• Legal basis:
  Our legitimate interest in protecting our rights, property and interests (Article 6(1)(f) GDPR).
• Retention:
  For the duration of the relevant dispute or proceedings and for the applicable statutory limitation periods.

5. Recipients and processors of personal data

We only share personal data with third parties where necessary for the purposes described above, on a need‑to‑know basis and with appropriate safeguards.

5.1 Categories of recipients

Recipients may include:

• IT and hosting providers
  Providers of web hosting, server infrastructure, cloud services and technical support.
• Analytics and marketing platforms
  For example:
• Google Analytics 4 (GA4) – web analytics,
• Mailchimp – newsletter and campaign management,
• Leady.com – B2B lead tracking and enrichment,
• Advertising and tracking tools such as Google, Meta (Facebook), LinkedIn pixels (subject to your cookie preferences).
• CRM and business tools
• In particular HubSpot or similar systems for managing contacts, leads and sales processes.
• HR and recruitment systems
• Recruitis or similar tools for managing recruitment processes and job applications.
• SCMasters partner companies
• Only where you as an SCMasters member explicitly agree that we may share your contact details with a specific partner for a specific opportunity.
• Professional advisors
• Lawyers, tax advisors, auditors, where necessary to provide their services.
• Public authorities and regulators
• Where required by law or in connection with legal proceedings.

Where these third parties process personal data on our behalf, they act as processors. In such cases, we conclude written data processing agreements with them in line with Article 28 GDPR.

6. Transfers to third countries

Some of our service providers may be located or may store data in countries outside the European Economic Area (EEA), particularly the United States (e.g. Google, Meta, LinkedIn, Mailchimp, HubSpot).

Where this involves the transfer of personal data outside the EEA, we ensure that an appropriate level of protection is provided by:

• use of an adequacy decision of the European Commission (e.g. EU–US Data Privacy Framework, where applicable), or
• entering into Standard Contractual Clauses (SCCs) adopted by the European Commission with the relevant provider, and, where necessary, implementing additional safeguards.

Specific information about the third‑country transfers related to particular tools can be provided upon request.

7. Cookies and similar technologies

Our Website uses cookies and similar technologies to:

• ensure the basic functioning of the Website (e.g. saving your choices, security, forms),
• analyse traffic and user behaviour,
• and, where applicable, for marketing and remarketing purposes.

On your first visit, you will see a cookie banner (provided via Cookiebot or a similar tool), which allows you to:

• accept or reject non‑essential cookies (e.g. analytics, marketing),
• find detailed information about each cookie category, provider, purpose and retention period.

Technologies we may use include in particular:

• Google Analytics 4 (analytics),
• advertising pixels and tags of Google, Meta (Facebook), LinkedIn and, HubSpot.

You can change your cookie preferences at any time through the cookie banner settings in your browser or via the link provided in our Cookie Policy.

For more detailed information, please refer to our separate Cookie Policy, which forms an integral part of this Privacy Policy.

8. Data security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse or alteration, including:

• access controls and role‑based permissions,
• contractual confidentiality obligations for employees and processors,
• secure network and system configuration (e.g. firewalls, encryption where appropriate),
• regular system updates and security monitoring,
• staff awareness and training in data protection and information security.

While no system can be guaranteed 100% secure, we strive to keep our security at a level appropriate to the risk.

9. Your rights as a data subject

Under GDPR, you have the following rights in relation to your personal data:

1. Right of access
   You can ask us whether we process your personal data and, if so, obtain information about the processing and a copy of the data.
2. Right to rectification
   If you believe your personal data are inaccurate or incomplete, you can request that we correct or complete them.
3. Right to erasure (“right to be forgotten”)
   You may request that we erase your personal data in certain situations, for example if they are no longer necessary for the purposes for which they were collected, or if you withdraw your consent (where consent was the legal basis).
4. Right to restriction of processing
   You can request that we restrict processing of your data, for example while we verify their accuracy or the grounds for processing.
5. Right to data portability
   Where processing is based on your consent or a contract and carried out by automated means, you may request that we provide you with your personal data in a structured, commonly used and machine‑readable format or transmit them to another controller.
6. Right to object
   You have the right to object at any time, for reasons relating to your particular situation, to processing based on our legitimate interests.
   If you object to processing for direct marketing, we will stop processing your personal data for that purpose.
7. Right to withdraw consent
   Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to lodge a complaint
   If you believe your data protection rights have been violated, you may lodge a complaint with the competent supervisory authority:

Úřad pro ochranu osobních údajů (Office for Personal Data Protection)
Pplk. Sochora 27, 170 00 Prague 7, Czech Republic
Website: www.uoou.cz

You may also contact your local supervisory authority within the EU, in particular in the member state of your habitual residence or place of work.

10. How to exercise your rights

You can exercise your rights or make any privacy‑related request by contacting us at:

📧 [email protected]

or by sending a written request to:

Logio s.r.o.
Evropská 2588/33a
160 00 Prague 6
Czech Republic

We will respond to your request without undue delay, and in any case within one month of receipt. In justified cases (e.g. complex or multiple requests), we may extend this period by up to two additional months, in which case we will inform you of the extension and the reasons for it.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time, for example if:

• we change the way we process personal data,
• we start using new tools or technologies,
• legal requirements or guidance from supervisory authorities change.

We will always publish the current version of this Privacy Policy on our Website with the effective date at the top. For material changes, we may also inform you via e‑mail or a notice on the Website.