Your Business Website and Czech Law

[Part 1] Running a business in the Czech Republic? Here’s an overview of all the legal documents your business website needs in order to comply with Czech law.
Barbora Růžičková • Web Designer •
Barbora Růžičková • Web Design
💬 Share
✏️ 20. 11. 2024 • Updated 20. 11. 2024
✏️ 20. 11. 2024 • Updated 20. 11. 2024
✏️ 20. 11. 2024
Updated 20. 11. 2024
Barbora Růžičková • Web Designer
copywriting
legal
website development

Congratulations on deciding to launch a business in the Czech Republic! As you set up your company website, your web developer might ask for various legal documents, such as a cookie notice and your terms of service. And you can’t help but wonder – what paperwork does your website really need to comply with the law?

Read on to find out. The recommendations outlined in this article concern the websites of businesses registered in the Czech Republic. Personal websites and not-for-profit hobby projects do not need to list any identification data.

Why Should I Bother?

Maybe because you want to avoid a fine?

In the Czech Republic, websites may be checked for legal compliance by two state authorities – the Personal Data Protection Office (PDPO) and the Czech Trade Inspection Authority (CTIA, colloquially referred to as the ‘čojka’).

The PDPO will want to know whether your website is GDPR-compliant and how you handle your users’ personal data (i.e., what happens when someone fills out the contact form on your website). The CTIA focuses mainly on e-commerce sites, checking – for example – if the customer can easily access the seller’s terms of service. The fines are generally intended to ‘motivate and warn’ (at least that’s what the CTIA states on its website) and, in most cases, rarely amount to more than a couple of thousand Czech korunas.

Both authorities state that they mostly focus on websites reported by users (angry customers or a competitor, I imagine). So, the chance of a small brochure site being inspected by either organization is rather low – but I would still advise you to have all your legal documents in order. As you’ll see shortly, it’s not exactly rocket science.

As a rule of thumb, the larger the website, the more legal documents you’ll need. A one-page website is not the same as an e-commerce store. Your company size plays a role as well – a solopreneur or small business will need to provide different information than a large joint-stock corporation.

1. Basic Identification

There are a couple of things every business website has to include, even if it’s ‘only’ a brochure site presenting your services.

  1. Entrepreneur or company name. This means a name and surname for natural persons and a company name for legal entities. The Czech terms are ‘fyzická osoba’ (natural person) and ‘právnická osoba’ (legal entity).
  2. Registered office (for companies) or place of business (for natural persons – this would be the address in your trade license).
  3. ID Number (‘IČO’).
  4. If your company is registered in the Commercial Register (‘Obchodní rejstřík’), include a note of this, including the relevant file number. For example:
    The company is registered in the Commercial Register of the Czech Republic, maintained by the Municipal Court in Prague, Section C, Insert 1234.
  5. If you’re listed in another public register – most commonly the Trade Licensing Register (‘Živnostenský rejstřík’) – include a note of this. For example:
    The entrepreneur is registered in the Trade Licensing Register of the Czech Republic, maintained by the Prague 6 Municipal District Authority.

You don’t have to include your tax ID (‘DIČ’).

Special Cases

If you do business with consumers (‘ordinary’ people or, to put it in legalese, natural persons without an assigned registration ID), your website must include information about who settles potential disputes between you and your clients. Mostly, this will be the CTIA.

A limited liability company may include data such as information on the registered capital. A join-stock company can provide documents from general assemblies. These cases are more complex, though, and outside the scope of this article. For further information, please refer to this article by Czech attorney Monika Bakešová.

I’m Not a Registered Business… But I Offer Services On My Website

Under Czech law, you don’t necessarily have to be a registered entrepreneur to offer services (tread carefully, though). There are occasional earnings (‘příležitostné příjmy’), liberal professions (‘svobodná povolání), or you can get paid through contracts and agreements.

If this is your case and you have a website, I recommend you still list at least your name, surname and the place where you perform the services – just to stay on the safe side.

Do I Have to Put My Phone Number on My Website?

If you have a business website, you must give your clients a way to ‘communicate with you efficiently.’ If you don’t want anyone calling you about your business, you don’t have to include your phone number. An email address will do – but you better answer those emails!

2. Personal Data Processing (GDPR)

Does your website encourage visitors to contact you? Hopefully yes 🙂 . Maybe it’s through a contact form or with inviting copy such as ‘Get in touch!’

Either way, if you’re giving users a chance to providfe their personal data (such as their name, email address or phone), your website should include information on how your company will protect it. This can be covered by a standalone page, a downloadable file, or included in your Terms of Service document (see below).

Privacy Policy (Personal Data Processing Policy)

This document can be found on a standalone page of your website (for instance at yourwebsite.com/privacy-policy/), or in a downloadable PDF file. It should contain the following information:

  1. Who is the personal data controller: Generally, this will be you – the entrepreneur or business operating the website. Don’t forget to provide contact details.
  2. What personal data you collect: Probably the user’s name, surname, email address, phone number etc.
  3. Why you need the user’s personal data and a reference to the law which permits you to process it: Typically, you need the data in order to provide the client with your services. Personal data processing is authorized under the GDPR.
  4. How long you will store the data: Some wording examples: ‘Up to 3 months’, ‘for the duration of our cooperation, but no longer than 10 years following the date of our last communication.’
  5. Who will have access to the data, and whether the data will leave the EU: Maybe you outsource your accounting, use MailerLite, or keep documents on Google Drive. All these external vendors should be listed in your GDPR document.
  6. The user’s rights and where they can lodge complaints: The user’s rights are regulated by the GDPR, and they may file complaints with the Personal Data Protection Office.

It’s good practice to ask the user to confirm they have read your privacy policy and agree with it before contacting you. You can add the following line to your contact forms:

By submitting this form, you confirm you have read and agree to [company name]’s Personal Data Processing Policy.

Ideally, you’ll also include a confirmation checkbox.

(What’s the difference between a Privacy Policy and a Personal Data Processing Policy? Under the GDPR, apparently not so much. On your website, use whichever wording you prefer).

Further Personal Data Processing

A word of warning: If you want to use your clients’ personal data for marketing purposes, they must give you consent for each such specific activity. This could be, for instance, subscribing to your newsletter.

3. Cookies Policy

Cookies are small text files that are stored in your browser during your visit. They contain information about your visit – generally details like which language you prefer and other user preferences. There are three types of cookies: functional cookies, analytical cookies and marketing cookies.

  • Functional (technical) cookies are required to display content correctly. This category also includes security cookies, which help protect the website from cyber attacks.
  • Analytical cookies help you explore and analyze your website traffic. They are used by tools such as Google Analytics or Hotjar, which monitor activity on your website.
  • Marketing cookies allow you to tailor advertising to your visitor or explore the customer journey (i.e., find out how a lead becomes a paying customer). Several external services such as YouTube or Google Maps store marketing cookies by default, even if your own website doesn’t.

If you only use functional cookies on your website, you can simply inform the visitor – you don’t need their consent. Here’s an example:

Our website only uses strictly necessary (functional) cookies.

Analytical and marketing cookies, on the other hand, can only be stored with the user’s express permission. That’s the reason behind all those annoying cookie consent bars! So if you want to know how many people visit your website or use this information for advertising, you will need a cookie consent document. Or you can include this information in your general Terms of Service (see below).

4. Terms of Service

Can visitors buy stuff directly on your site? (This would mostly be the case of e-commerce websites or sites with a sales form.) If yes, you’re giving them an option to conclude a sale and must provide a Terms of Service document. Your customers must be able to read your terms and conditions to make an informed purchase.

Czech law is pretty strict with the information your terms of service should include, particularly if your customers are consumers (‘ordinary people’ rather than businesses). Some examples include:

  • Information on withdrawing from the contract
  • Information regarding an out-of-court dispute resolution
  • Product prices, including additional costs (postage, packaging, etc.)
  • Payment terms
  • Delivery terms
  • Product description

This is by no means an exhaustive list. Moreover, your terms and conditions can’t go against Czech law – for instance, even if your TOS states that the customer can’t withdraw from the contract, they still can, because there is a standard 14-day withdrawal period for consumers guaranteed by the Civil Code. If you have the budget for it, I strongly recommend you draft your terms of service together with an expert.

When shopping online, most people just tick off the checkbox next to your Terms of Service link (we’ve all been there, right?). Hardly anyone will read it at that point. However, as soon as you get into any kind of dispute, every word in your TOS will count.

5. Refunds and Returns Policy

You can have your Refunds and Returns Policy as a separate document or include it in your Terms of Service. This policy is essential if you sell products online (generally through an e-commerce website). It should include all the information the customer needs to know regarding your company’s stance on refunds, returns, warranties, exchanges and complaints of any kind. It must comply with Czech law and is something you should at least consult with an expert to make sure it’s watertight.

In general, the larger the website, the more legal information you’ll need to provide. Here’s a quick overview of what we’re covered so far.

1. Brochure website with business contact details

  • Basic identification data
  • Information on personal data processing (GDPR)

2. Brochure website with Google Analytics (or similar)

  • Basic identification data
  • Information on personal data processing (GDPR)
  • Cookie consent

3. Sales or e-commerce website

  • Basic identification data
  • Information on personal data processing (GDPR)
  • Cookie consent
  • Terms of Service
  • Refunds and Returns Policy

Now you know what type of legal documents you’ll have to get if you want your business website to comply with Czech law. Congratulations!

Check out the second installment in this two-article series, Where Can I Get Legal Documents for My Website?, for practical tips on how to actually get the documents.

Disclaimer: This article does not contain legal advice. While I draw on sources prepared by experts and on my own experience, and the information in this article is, to the best of my knowledge, correct, I remain a web designer. I’m not a lawyer, nor do I have any formal legal training. For an in-depth guide to business websites and Czech law, I recommend Online Business and the Law, a five-part series of posts written by attorney Mária Chvajová Staňková, published at GDPR.cz (Czech only, I’m afraid).

Sources