1.1. This document describes the processing of personal data when using the Stage web application and digital service, visiting related websites, administering accounts, operating Events, making payments, using customer support and the partner programme, and engaging in related communications.
1.2. The controller of personal data in the cases described in this document is:
BizWants s.r.o.
IČO: 21783713
DIČ: CZ21783713
with its registered office at Kaprova 42/14, Staré Město, 110 00 Praha 1, Czech Republic
registered in the Commercial Register maintained by the Municipal Court in Prague, Section C, File No. 406467
data box: 36uwf6x
data protection e-mail: stage@bizwants.com
hereinafter referred to as the "Controller" or the "Provider".
1.3. The terms "Customer", "User", "Consumer", "Event", "Plan", "Subscription", "Credit", "Additional Charge" and "Event Content" have the meanings set out in the terms and conditions of the Stage service.
1.4. This document applies together with the terms and conditions, the complaints procedure and any separate data processing agreement. If any provision conflicts with the mandatory rights of a data subject, the applicable law shall prevail.
1.5. This document applies to the personal data of natural persons. Information concerning a legal entity is not personal data in itself, but it may contain personal data relating to its representatives, employees or contact persons.
2.1. BizWants s.r.o. acts as an independent controller particularly when processing data for:
2.2. In relation to Event Content submitted to Stage by the Customer or participants in its Event, the Customer generally determines the purposes and essential means of processing and acts as the controller. To that extent, BizWants s.r.o. generally acts as a processor on the Customer's instructions.
2.3. The Customer is responsible in particular for selecting the legal basis for processing the data of Event participants, complying with information obligations, ensuring the lawfulness of recording or transmitting speech, configuring access, setting retention periods and handling data subject rights in relation to Event Content.
2.4. Even when providing processing services, BizWants s.r.o. may act as an independent controller of a limited range of technical, security, payment and audit data where it independently determines the purpose of processing for infrastructure protection, billing, prevention of misuse, compliance with legal obligations or protection of legal claims.
2.5. If the circumstances of particular processing result in the joint determination of purposes and means, the parties shall regulate their obligations in a separate arrangement. The mere use of the same platform does not, by itself, establish joint controllership.
3.1. Personal data may relate in particular to:
3.2. We obtain data in particular:
3.3. Where we do not obtain personal data directly from the data subject, the source may in particular be the Customer or the Event organiser. In such a case, the person who entered the data into Stage or initiated their processing is responsible for the lawfulness of their disclosure.
3.4. The provision of certain data is a contractual or statutory requirement. Without the necessary identification, contact, security, billing or payment data, it may not be possible to create an account, conclude or perform a contract, activate a paid function, issue a document or provide support.
3.5. Providing optional profile data, marketing consent or optional cookies is not a condition for using the basic functions of Stage unless a particular function cannot technically operate without the relevant data.
4.1. Depending on how Stage is used, we may process in particular:
4.2. The scope of data depends on the Plan, role, Event settings, enabled functions and whether the User acts as a Customer, Event administrator, speaker, production team member or participant.
4.3. Stage does not identify persons by voice or create biometric templates for the purpose of uniquely identifying a person unless such a function is expressly introduced, separately described and supported by an appropriate legal basis.
5.1. We process personal data for the performance of a contract or to take steps prior to entering into a contract pursuant to Article 6(1)(b) GDPR, in particular for:
5.2. We process personal data to comply with legal obligations pursuant to Article 6(1)(c) GDPR, in particular in the areas of accounting, taxation, consumer protection, complaints handling, cooperation with public authorities, cybersecurity and retention of mandatory records.
5.3. On the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, we process data in particular for:
5.4. Where processing is based on legitimate interests, we assess its necessity, the proportionality of its impact and the reasonable expectations of data subjects. A data subject may object to such processing.
5.5. On the basis of consent pursuant to Article 6(1)(a) GDPR, we process data in particular for optional analytics or marketing cookies, subscriptions to marketing communications where no other legal basis may be used, and other expressly designated optional purposes.
5.6. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before its withdrawal.
5.7. Where BizWants s.r.o. acts as a processor of Event Content, the Customer as controller determines the legal basis for processing in relation to participants. The processor does not rely on its own legal basis for carrying out the controller's instructions, except for the independent processing described in Article 2.4.
6.1. Stage may, in real time and to the extent of the enabled functions, receive, transmit, temporarily store, recognise, transcribe, translate, convert into speech, display and route Event Content.
6.2. The Customer must appropriately inform participants in advance that, during an Event, audio may be transmitted, speech may be automatically recognised, transcripts and translations may be created, speech may be synthesised, and questions and operational metadata may be processed.
6.3. The Customer must not intentionally process through Stage special categories of personal data under Article 9 GDPR, data relating to criminal offences, highly confidential information or regulated content unless:
6.4. Stage is not intended as a repository for medical records, court files, classified information, payment card data, access passwords or other data requiring a special regime unless their processing has been expressly agreed in advance.
6.5. We do not use Event Content to sell data, create advertising profiles of third parties or pursue our own unrelated commercial purposes.
6.6. We will not use Event Content to train generally applicable models for our own or third-party purposes unless the content is reliably anonymised so that it is no longer personal data, or the Customer gives a separate, specific and legally valid instruction or consent.
6.7. We may use operational insights and genuinely anonymised or aggregated data for statistics, capacity planning, security and service improvement because GDPR does not apply to anonymous data.
7.1. Where the Customer acts as controller of Event Content and BizWants s.r.o. acts as processor, this Article and Article 8 constitute a data processing arrangement under Article 28 GDPR unless the parties have entered into a separate data processing agreement.
7.2. The subject matter of processing is the technical processing of Event Content and related metadata for the purpose of providing Stage functions. Processing continues for the duration of the relevant Event, the contractual relationship and any subsequent technically or legally necessary retention period.
7.3. The nature of processing may include in particular collection, receipt, transmission, sorting, temporary or agreed storage, speech recognition, transcription, translation, voice synthesis, display, disclosure to authorised persons, support, security, backup, deletion and anonymisation.
7.4. Categories of data subjects may include speakers, participants, listeners, moderators, Customer personnel, production team members, invited persons and persons asking questions.
7.5. Types of personal data may include identification and contact data, voice, audio, text, transcripts, translations, questions, answers, roles, language preferences, participation data and technical metadata. Special categories of data may be processed only under the conditions set out in Article 6.3.
7.6. BizWants s.r.o. processes personal data only on the basis of documented instructions from the Customer arising from the contract, Stage settings, activation of a specific function or subsequent demonstrable communication.
7.7. If BizWants s.r.o. believes that an instruction infringes GDPR or another law, it shall inform the Customer and may suspend implementation of the instruction until its lawfulness has been clarified. This does not affect any obligation to carry out processing required by law.
7.8. Persons authorised to process data are bound by confidentiality or an equivalent statutory obligation and have access only to the extent necessary for their work.
7.9. BizWants s.r.o. implements appropriate technical and organisational measures and, to a reasonable extent, assists the Customer with handling data subject rights, security, personal data breach notifications, data protection impact assessments and consultations with the supervisory authority.
7.10. Upon termination of processing, BizWants s.r.o., at the Customer's choice and in accordance with a technically feasible instruction, shall delete or anonymise the personal data or enable its return, unless further retention is required by law, the protection of legal claims or a security reason.
7.11. BizWants s.r.o. shall provide the Customer with information reasonably necessary to demonstrate compliance with processor obligations. An audit may be conducted no more than once a year, on reasonable prior notice, during business hours, and while preserving confidentiality, security and the rights of other customers.
7.12. The Customer shall bear the reasonable costs of an extraordinary audit or individual assistance unless the audit reveals a material breach of BizWants s.r.o.'s obligations or the law provides otherwise.
7.13. The Customer is responsible for the lawfulness of its instructions, the correctness of settings, the scope of authorised persons and ensuring that it does not request through Stage any processing that is disproportionate, unlawful or incompatible with the nature of the service.
8.1. Personal data may, to the extent necessary, be disclosed in particular to:
8.2. Suppliers receive only the data necessary for the specific service and are bound by contractual or statutory data protection obligations.
8.3. Stripe and other payment providers may act as independent controllers for part of the processing, in particular where they process data for their own statutory obligations, risk management, payment verification or fraud prevention. Their own privacy policies also apply to such processing.
8.4. The Customer grants BizWants s.r.o. general written authorisation to engage subprocessors necessary for the operation of Stage.
8.5. If a change of subprocessor materially affects the processing of Event Content, BizWants s.r.o. shall inform the Customer in an appropriate manner. The Customer may submit a reasoned data protection objection within the specified reasonable period.
8.6. If a reasoned objection cannot be resolved by a reasonable alternative, the Customer may terminate the affected part of the service. An objection does not create a right to require the operation of technically or economically disproportionate individual infrastructure.
9.1. We operate or control the primary databases and permanent storage of the Stage application on server infrastructure located in the EU.
9.2. To provide selected payment, e-mail, security, translation, voice or AI functions, it may be necessary to transfer a limited range of data to a supplier that also processes data outside the EU or EHP.
9.3. A transfer outside the EU or EHP takes place only where an appropriate legal mechanism exists, in particular:
9.4. Where required by the nature of the transfer, we also assess the legal and practical conditions in the destination country and apply supplementary technical or organisational measures.
9.5. Information about the mechanism used and a copy of the relevant safeguards may be requested at stage@bizwants.com. Commercially sensitive or security-related parts may be appropriately redacted.
10.1. We retain personal data only for as long as necessary for the relevant purpose, compliance with legal obligations, security, auditing, handling complaints or protecting legal claims.
10.2. We process active account data for the duration of the account and the contractual relationship.
10.3. Following confirmed self-service deletion of an account, we first deactivate the account. We generally delete or anonymise the account's personal contact data after a 90-day protection period unless longer processing is necessary.
10.4. During the protection period, the account may be recoverable and it may not be possible to create a new account using the same e-mail address or telephone number without further action. This measure protects the account against mistakes, misuse and circumvention of service rules.
10.5. Deletion or anonymisation may be postponed in particular because of:
10.6. We retain accounting, tax, payment and billing records for the period prescribed by applicable law, which may generally be 5 to 10 years depending on the type of record.
10.7. We retain records of support, complaints, contractual changes and legal claims for the duration of their handling and thereafter for the period necessary to document the course of events and protect rights, generally at least for the applicable limitation period.
10.8. We generally retain security, access, audit and technical logs for no longer than 24 months unless longer retention is necessary because of an incident, fraud, a legal obligation or a legal claim.
10.9. The retention period for Event Content depends on settings, the Plan, the Customer's instructions, the type of output and operational needs. The specific available period may be stated in the application, for the relevant function or in an individual agreement.
10.10. Unless long-term storage has been agreed or configured, Event Content may be retained only for the duration of live processing and for a limited technical period necessary to complete the output, diagnostics, recovery and support.
10.11. After deletion from active systems, data may temporarily remain in secure backups until they are routinely overwritten. Data in backups is not ordinarily used, and if a backup is restored, the data will be deleted again in accordance with the applicable retention rules.
10.12. We may retain anonymised statistical data that can no longer be linked to a specific natural person without any time limit.
11.1. Stage uses necessary cookies and similar technologies, including browser local storage, where required for:
11.2. We use necessary technologies without consent to the extent permitted by law because without them sign-in, the speaker console, listening to an Event, administration or security may not function.
11.3. We use analytics, marketing and partner cookies or similar identifiers only on an appropriate legal basis and, where the law requires consent, only after consent has been given.
11.4. We store the selected settings in the browser and may maintain a limited audit record of consent, in particular the version of the text, time, selected category, page or path, and a pseudonymised technical identifier.
11.5. Consent to optional cookies may be changed or withdrawn in the cookie settings. Withdrawal does not affect the lawfulness of prior processing.
11.6. We send marketing communications on the basis of consent or another lawful authorisation, including communications to existing customers concerning our own similar services where permitted by law.
11.7. Every marketing communication provides a simple means of opting out. Opting out does not apply to necessary contractual, security, payment or operational communications.
11.8. We do not sell personal data to advertising intermediaries or provide it to third parties for their own unrelated targeted advertising.
12.1. Subject to the conditions of GDPR, a data subject has the right to:
12.2. Individual rights are not absolute. A request may be refused in whole or in part where GDPR or another law permits further processing, in particular because of a legal obligation, protection of third-party rights, security, billing, a complaint or a legal claim.
12.3. The right to data portability applies only to data processed by automated means on the basis of consent or a contract and must not adversely affect the rights of others.
12.4. If an objection is raised against processing based on legitimate interests, we shall cease processing unless we demonstrate compelling legitimate grounds overriding the data subject's rights or unless the data is needed for the establishment, exercise or defence of legal claims.
12.5. We shall comply with an objection to processing for direct marketing purposes without further assessment.
13.1. Rights may be exercised by e-mail at stage@bizwants.com, through data box 36uwf6x or in writing at the Controller's address.
13.2. To prevent unauthorised disclosure or deletion of data, we may reasonably verify the identity of the applicant. The verification method is selected according to the nature of the request, the risk and the data already available to us.
13.3. We handle requests without undue delay, normally no later than within one month. Taking into account the complexity and number of requests, the period may be extended by a further two months; we shall inform the applicant of the extension and the reasons for it within the original one-month period.
13.4. Requests are handled free of charge. Where a request is manifestly unfounded or excessive, in particular because it is repetitive, we may, to the extent permitted by GDPR, charge a reasonable fee or refuse to act on the request.
13.5. Where BizWants s.r.o. processes the data concerned solely as the Customer's processor, it may forward the request to the relevant Customer as controller and provide reasonable assistance. In such a case, the data subject should primarily contact the Event organiser.
13.6. Before disclosing a copy of data, we may remove or conceal data relating to other persons, trade secrets, security information and parts whose disclosure would adversely affect the rights and freedoms of others.
14.1. Stage uses automated technologies for speech recognition, transcription, translation, voice synthesis, output routing, diagnostics and detection of unusual or risky traffic.
14.2. Automated transcription, translation or voice output in itself is not a decision about a person and is not intended to produce legal or similarly significant effects within the meaning of Article 22 GDPR.
14.3. Security and anti-fraud systems may automatically flag unusual activity, restrict a specific technical request or require additional verification. A significant account restriction based on a disputed assessment may be submitted to customer support for review.
14.4. Stage does not carry out advertising profiling of Event participants or create profiles for third parties without a separate legal basis.
14.5. Stage is intended primarily for businesses, organisations and professional users and is not intended for independent registration by young children.
14.6. If minors participate in an Event, the Customer is responsible for an appropriate legal basis, information, any necessary consent of a legal representative and settings appropriate to the age and risks.
15.1. We use appropriate technical and organisational measures corresponding to the nature of the processing, available technologies, costs, and the likelihood and severity of risks.
15.2. Measures may include in particular:
15.3. We continuously adapt security measures to risks, the development of Stage, GDPR and other applicable European or Czech cybersecurity requirements.
15.4. No system can be regarded as absolutely secure. The Customer and the User are responsible for protecting their sign-in details, devices, networks, roles and access, and for promptly reporting any suspected misuse.
15.5. If we identify a personal data breach, we assess its nature, scope and risks and adopt appropriate remedial measures.
15.6. Where BizWants s.r.o. acts as an independent controller, it shall comply with notification obligations towards ÚOOÚ and affected persons where the statutory conditions are met.
15.7. Where BizWants s.r.o. acts as a processor, it shall notify the relevant Customer of the breach without undue delay after becoming aware of it and provide available information and reasonable assistance.
16.1. The Customer is responsible for having an appropriate legal basis for processing the personal data of Event participants and for ensuring that the use of Stage corresponds to the purpose about which the affected persons were informed.
16.2. The Customer is required in particular to:
16.3. The Customer must not use Stage for covert or unauthorised recording, monitoring of persons, creation of sensitive profiles or other processing contrary to law.
16.4. If the Customer breaches its controller obligations, it is responsible for that breach to the extent provided by law and the contract. BizWants s.r.o. may reasonably restrict or suspend unlawful or high-risk processing.
17.1. A data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement.
17.2. The competent Czech supervisory authority is:
Office for Personal Data Protection
Pplk. Sochora 27
170 00 Praha 7
Czech Republic
e-mail: posta@uoou.gov.cz
data box: qkbaa2n
website: https://uoou.gov.cz
17.3. We recommend first contacting the Controller at stage@bizwants.com so that the matter can be investigated and, where appropriate, remedied. This does not affect the right to lodge a complaint directly with the supervisory authority.
17.4. We may amend this document in particular when laws, Stage functions, suppliers, processing methods, security measures or the business model change.
17.5. We shall communicate a material change that significantly affects Users' rights or reasonable expectations in an appropriate manner, for example in the application, on the website or by e-mail.
17.6. Processing is governed by the version effective at the time of the relevant processing unless the law requires otherwise.
17.7. This document takes effect on 2026-06-13.