Privacy Policy
Last updated: June 2026
This document explains how Real Blue s.r.o. processes personal data when operating the website and providing related services. Processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR) and related ePrivacy rules.
1. Controller
Real Blue s.r.o.
Address: nám. Republiky 1400, Pardubice 530 02
Company ID (IČO): 01986627
VAT ID (DIČ): CZ01986627
E-mail: info@realblue.cz
Phone: +420 776 242 000
2. What personal data we process and why
Contact form
When you submit a contact or property inquiry form, we process: name, e-mail address, phone number (optional), and your message. This data is stored in our database and an e-mail notification is sent to our team.
- Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — responding to your inquiry.
- Retention: 3 years from the last communication, then deleted.
AI chatbot Sisi
The chatbot Sisi uses the Groq API to generate responses. The content of your conversation (your messages and assistant responses) is sent to Groq's servers for processing. Conversations are not stored in our database — the session ends when you close the chat window.
- Legal basis: legitimate interest (Art. 6(1)(f) GDPR) — providing an interactive information service.
- Retention: not stored on our side; Groq's retention policy applies to data processed on their infrastructure.
3. Cookies and tracking technologies
This website uses only technically necessary and functional cookies. We do not use any analytics, marketing, or third-party tracking cookies.
| Cookie name | Purpose | Category | Duration |
|---|---|---|---|
next-auth.session-token | Admin panel login session | Necessary | 8 hours |
next-auth.csrf-token | Cross-site request forgery protection | Necessary | Session |
next-auth.callback-url | Post-login redirect URL | Necessary | Session |
NEXT_LOCALE | Remembered language preference | Functional | 1 year |
realblue_cookie_consent_v1 | Stores your cookie consent choice | Necessary | Permanent (localStorage) |
| Cloudflare Turnstile | Bot protection on the login page | Necessary | Session |
| Plausible Analytics | Anonymous visitor statistics — no cookies set | None | — |
You can change your cookie preferences at any time via the “Cookie settings” link in the footer.
4. Processors and third-party recipients
We share data only with the following processors, strictly to the extent necessary:
- Brevo (Sendinblue) — e-mail delivery of inquiry notifications and customer confirmations. Headquartered in the EU (France).
- Cloudflare Inc. — bot protection via Turnstile on the admin login page. Data may be transferred to the USA under standard contractual clauses (SCCs).
- Groq Inc.— AI processing of chatbot Sisi conversations. The content of your chat messages is sent to Groq's servers (USA) under SCCs.
- Mapbox Inc. — interactive property maps. Telemetry is disabled. Data may be transferred to the USA under SCCs.
- Netcup GmbH — VPS server hosting. Headquartered in Germany (EU). All data is stored on servers within the EU.
- Plausible Analytics — anonymous visitor statistics. Self-hosted on our own server; no data is shared with third parties. No cookies are used.
- MinIO (self-hosted) — property photo storage. Operated on our own infrastructure; no data leaves our control.
5. Retention periods
- Contact and property inquiries: 3 years from the last communication.
- Chatbot conversations: not stored on our side.
After the applicable retention period, data is deleted or anonymized.
6. Your rights
Under GDPR (Articles 15–21), you have the right to: access your data, rectify inaccurate data, request erasure, restrict processing, data portability, and object to processing. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise your rights, contact us at: info@realblue.cz.
You also have the right to lodge a complaint with the Czech Data Protection Authority: uoou.gov.cz.
7. Security
We protect your data with HTTPS encryption, bcrypt password hashing, access restricted to authorised personnel only, and regular server backups.
8. Automated decision-making
We do not perform automated decision-making or profiling as defined in Article 22 GDPR.
Legal framework: Regulation (EU) 2016/679 (GDPR), Directive 2002/58/EC (ePrivacy), and related Czech legislation (in particular § 89(3) of Act No. 127/2005 Coll. on electronic communications).