Privacy policy

Nováček & Partners s.r.o. (“Nováček & Partners” or “we”) is the operator of the website www.novacekpartners.com (the “Website”) and provides services in the field of executive search, headhunting, and HR consulting (collectively referred to as the “Services”).

As a boutique headhunting firm, we pay due attention to the protection of personal data and process all personal data in accordance with applicable legal regulations, in particular Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”).

These Personal Data Processing Principles (the “Principles”) describe in Section 2 below how we process personal data of our candidates (2.1), reference contacts (2.2 and 2.3), clients, suppliers and business partners (2.4), recipients of commercial communications (2.5), visitors to the Website and persons who contact us by phone or email (2.6). For each category of individuals, you will find details of what personal data we process, for what purpose, for how long, and on what legal basis. If you are looking for information about cookies, you will find it in Section 3. In Section 4, we inform you to whom we may transfer personal data, and in Section 6, you will find important information about your rights as a data subject in relation to your personal data and how to exercise them.

1. CONTROLLER OF YOUR PERSONAL DATA

The controller of your personal data within the meaning of Article 4(7) of the GDPR is Nováček & Partners s.r.o. We are a limited liability company established under the laws of the Czech Republic with its registered office in Prague.

Contact details:
E-mail: info@novacekpartners.com
Postal address: ImpactHub Praha, Drtinova 557/10, 150 00 Prague 5, Czech Republic

2. DESCRIPTION OF PERSONAL DATA PROCESSING BY CATEGORY OF DATA SUBJECTS

In the course of providing executive search, headhunting, and HR consulting services, we process personal data of candidates who are (i) approached based on publicly available professional information, or (ii) who voluntarily provide us with their personal data.

2.1 PERSONAL DATA OF CANDIDATES

Processed personal data

We process the following personal data of candidates:

  • first name and last name,
  • information about education,
  • content of our communication,
  • professional experience and current or previous job positions,
  • publicly available information published by the candidate or published with the candidate’s cooperation (if relevant to the purpose of processing),
  • reference information (we never obtain references from a candidate’s current employer without the candidate’s consent),
  • any other information voluntarily provided by the candidate,
  • contact details (postal address, email address and/or phone number),
  • data contained in a professional social network profile (e.g. LinkedIn),
  • data contained in a CV.

We process special categories of personal data only exceptionally, and only where such data are clearly and voluntarily provided by the candidate.

Purpose and legal basis of processing

We process personal data for the purpose of providing the Services, which includes in particular:

Searching for candidates and market mapping
The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in providing our Services.

Assessing the suitability of candidates for current career opportunities (pre-selection)

  • For candidates who actively provide us with their data, the legal basis is taking steps prior to entering into a contract at the request of the data subject pursuant to Article 6(1)(b) GDPR.
  • For candidates whom we actively approach, the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in ensuring the provision of our Services.

Contacting candidates regarding specific job opportunities

  • For candidates who actively provide us with their data, the legal basis is taking steps prior to entering into a contract at the request of the data subject pursuant to Article 6(1)(b) GDPR.
  • For candidates whom we actively approach, the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in ensuring the provision of our Services.

Recording personal (including online) interviews

  • In the case of written records, the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in increasing the efficiency of providing our Services.
  • In the case of audio or video recordings, the legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR.

Verification of references
Depending on who is contacted and what type of information is verified, the legal basis is either:

  • the consent of the data subject pursuant to Article 6(1)(a) GDPR, or
  • our legitimate interest pursuant to Article 6(1)(f) GDPR in reducing the risk of selecting an unsuitable candidate.

Submitting a candidate profile to our clients
The legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR.

Including the candidate in our database (talent pool) for future career opportunities

  • For candidates who actively provide us with their data without relation to a specific job opportunity, the legal basis is taking steps prior to entering into a contract at the request of the data subject pursuant to Article 6(1)(b) GDPR.
  • For other candidates, the legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR.

Maintaining records of data subject rights exercised under GDPR
The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in demonstrating compliance with our legal obligations. For this purpose, we process only basic identification data (first name, last name, email and/or phone number), the content of the request, and our response.

Maintaining a list of candidates who must not be contacted
This list is maintained where, in the course of previous cooperation, we have recorded unethical and/or fraudulent behavior by the candidate or where the candidate has otherwise caused us harm. The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in protecting our business and preventing losses. For this purpose, we process only basic identification data (first name, last name, email and/or phone number) and a record of the problematic conduct.

Handling your inquiries, comments, and suggestions
The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in properly addressing your inquiry, comment, or suggestion.

The above scope of activities represents the maximum extent of processing. We assure you that we always carry out only those personal data processing activities for which we have an appropriate legal basis.

Where processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR, we always maintain risk management documentation (a proportionality assessment) and carry out such processing only where it is proportionate and does not interfere with your privacy beyond what is permissible.

Sources of personal data

We obtain personal data from the following sources:

The candidate: CV, cover letter, website forms, email communication, phone calls and SMS messages, video calls, interview notes, documents provided by the candidate (certificates, portfolio, LinkedIn PDF, etc.).

Public online sources: professional social networks (e.g. LinkedIn), personal websites/portfolios (e.g. GitHub, personal domains), company websites (team pages, “about” sections, press releases), publicly available media outputs (interviews, articles, conferences – video/recordings).

Job portals and databases where the candidate publishes their profile.

Referrals and networking: referrals from other candidates, referrals from our clients, managers, HR specialists, and contacts obtained through networking events.

Our clients (employers and/or recruitment agencies): lists of candidates to be approached, internal employee referrals, feedback regarding candidates.

Subcontractors and recruitment partners, for example in the area of qualification verification.

Retention period

We retain personal data only for the period necessary to fulfil the purposes described above.

Where personal data are processed on the basis of our legitimate interest or for the performance of a contract, we process the data for no longer than 3 years from our last contact.

Where personal data are processed on the basis of your consent, we process the data for the period for which the consent was granted or until the consent is withdrawn (whichever occurs first). You may withdraw your consent at any time using the contact details provided in Section 1 above.

2.2 PERSONAL DATA OF PERSONS PROVIDING CANDIDATE REFERENCES

Processed personal data

We process the following personal data:

  • first name and last name,
  • job position,
  • contact details (phone number and/or email address),
  • information about the source of the personal data,
  • information obtained during our communication (content of the reference).

Purpose of processing personal data

  • Verification of the candidate’s professional background and experience, including confirmation of their role within a team, job responsibilities, level of seniority, scope of responsibility, and verification of key skills;
  • Assessment of the candidate’s competencies in relation to a specific position, including additional insight into working style, cooperation, and leadership abilities (where relevant);
  • Supporting decision-making in the recruitment process, including providing a basis for the final decision and setting the offer (e.g. level of seniority).

Legal basis and retention period

The legal basis for processing is the consent of the data subject pursuant to Article 6(1)(a) GDPR. Responsibility for obtaining such consent usually lies with the candidate who provides us with the contact details of the reference person. We process personal data for the period for which the consent was granted or until the consent is withdrawn (whichever occurs first). You may withdraw your consent at any time using the contact details provided in Section 1 above.

In the case of an initial contact (i.e. use of contact details) for the purpose of verifying basic information only, our legitimate interest pursuant to Article 6(1)(f) GDPR in reducing the risk of selecting an unsuitable candidate may, in certain cases, serve as the legal basis for processing. Where processing is based on our legitimate interest, we always maintain risk management documentation (a proportionality assessment) and carry out such processing only where it is proportionate and does not interfere with your privacy beyond what is permissible.

Sources of personal data

  • The candidate, if they provide us with the data;
  • Public sources, such as professional social networks (e.g. LinkedIn) and company websites;
  • Our clients (employers and/or recruitment agencies).

2.3 PERSONAL DATA OF PERSONS PROVIDING REFERENCES ABOUT OUR COMPANY

In the case of individuals who provide references about our company (typically for the purpose of publication on our website or in our presentations), we process the following personal data:

  • first name and last name,
  • job position,
  • content of the reference.

The purpose of processing is to support our business activities.

The legal basis for processing is the consent of the data subject pursuant to Article 6(1)(a) GDPR. We process personal data for the period for which the consent was granted or until the consent is withdrawn (whichever occurs first). You may withdraw your consent at any time using the contact details provided in Section 1 above.

Further circumstances of the processing are described in the text of the respective consent.

2.4 PERSONAL DATA OF OUR CLIENTS, SUPPLIERS, AND BUSINESS PARTNERS

Processed personal data

We process the following personal data:

  • first name and last name of the contact person, company name, job position,
  • email address, phone number, registered office address or billing address,
  • identification data (Company ID No., VAT ID No.),
  • contractual and payment details,
  • records of our mutual communication.

Purpose and legal basis of processing

Entering into and performing contracts
The legal basis is the performance of a contract pursuant to Article 6(1)(b) GDPR.

Maintaining and developing business relationships
The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR in ensuring effective communication and supporting our business activities.

Compliance with legal obligations (e.g. accounting, invoicing)
The legal basis is compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.

Sources of personal data

  • The client, supplier, or business partner;
  • Public registers, such as the Commercial Register, Trade Register, VAT Register, etc. (typically concerning company executives or self-employed individuals).

Retention period

We retain personal data for the duration of the contractual relationship and thereafter for the period required by applicable legal regulations, usually for no longer than 10 years after the termination of the contractual relationship, unless a longer period is required by law.

2.5 PERSONAL DATA OF RECIPIENTS OF OUR COMMERCIAL COMMUNICATIONS

If you actively subscribe to receive our commercial communications (including newsletters), or if you are our client, we may use your email address to send you information about our Services, industry news, and professional articles.

Legal basis and retention period

If you are our client and you have not opted out of receiving commercial communications, we are entitled to send you our commercial communications, including newsletters, on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in promoting our business, in combination with Section 7(3) of Act No. 480/2004 Coll., on Certain Information Society Services (the so-called “customer exemption”).
For this purpose, we process your email address for the duration of our legitimate interest, i.e. 24 months from our last contact, or until you opt out.

For other recipients of our commercial communications, the legal basis is the consent of the data subject pursuant to Article 6(1)(a) GDPR. We process the email address for the purpose of sending commercial communications for the period for which the consent was granted or until it is withdrawn (whichever occurs first). You may withdraw your consent at any time using the contact details provided in Section 1 above.

2.6 PERSONAL DATA OF WEBSITE VISITORS AND PERSONS WHO CONTACT US BY EMAIL OR PHONE

When you visit our website and/or contact us via a form on the website, by email, or by phone, we may process your personal data as follows.

Personal data processed

  • First and last name,
  • Email address,
  • Phone number,
  • Any other information you provide to us,
  • IP address and browser information (for the purpose of website security and, where applicable, analytics if you grant us consent).

Purpose and legal basis of processing

Handling your inquiry: the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR, consisting in ensuring effective communication (without processing personal data, it is not possible to respond to your inquiry) and supporting our business.

Ensuring website functionality and optimization: the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR, consisting in supporting our business.

Improving our Services: the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR, consisting in supporting our business. Where data is used for website analytics, the legal basis is the consent of the data subject (granted via the cookie banner) pursuant to Article 6(1)(a) GDPR.

Website security: the legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR, consisting in protection against fraud.

Retention period

We retain personal data only for the period necessary to fulfill the above purposes, usually for 6 months. A longer retention period may be applied only where necessary in connection with specific cases.

3. INFORMATION ABOUT COOKIES

When you visit our website https://www.novacekpartners.com, cookies or similar technologies (hereinafter “cookies”) may be stored on your device.

Basic information about cookies

Cookies are small “notes” that a website stores in your browser so that certain information can be remembered even after you close the website. They allow the website, for example, to remember your preferred language or your consent settings for cookies. Cookies also help optimize website functionality, measure website traffic, or display more relevant advertising.

Overview of cookie types and legal basis for activation

  • Necessary cookies – ensure the basic functionality of the website. The legal basis for their activation is our legitimate interest pursuant to Article 6(1)(f) GDPR, consisting in ensuring the operation of the website.
  • Functional cookies – remember your settings (e.g., language preference). The legal basis for their activation is the consent of the data subject pursuant to Article 6(1)(a) GDPR.
  • Performance cookies – used to analyze website traffic (e.g., Google Analytics). The legal basis for their activation is the consent of the data subject pursuant to Article 6(1)(a) GDPR.
  • Marketing cookies (optional) – mostly used for targeted advertising. The legal basis for their activation is the consent of the data subject pursuant to Article 6(1)(a) GDPR.

The above overview of cookie categories represents the maximum scope. We assure you that we only activate cookies for which we have an appropriate legal basis.

Cookie settings and management

To allow you to make choices, we display a cookie banner on your first visit to the website, where you can give your consent to the activation of the relevant cookies.

You can change your cookie settings at any time via the “Cookie Settings” link, which is permanently placed in the website footer.

General cookie settings can also be managed through your browser. More information: http://www.allaboutcookies.org/manage-cookies/

Third-party tools – Google Analytics

If you consent, we use Google Analytics to improve the user experience. You can generally disable Google Analytics cookies here: https://tools.google.com/dlpage/gaoptout.
Privacy Policy and data processing information from Google: https://policies.google.com/privacy

Data transfer to third countries

Google and, where applicable, other online service providers may transfer data to third countries (i.e., outside the EU/EEA). Their services are used only after adopting appropriate safeguards pursuant to Article 44 GDPR, usually by means of the European Commission’s standard contractual clauses in their current version.

Overview of cookies currently used

Links to Social Networks and Other Websites

If buttons linking to social networks or other websites are placed on our website, this is done primarily to make the website more engaging for you. A connection to the respective social network or website will occur only if you actively click the corresponding button or link. In this case, your web browser initiates a connection to the servers of the respective social network or website. We do not assume any responsibility for the data protection settings of these social networks or websites, as they have their own privacy policies, which we recommend you review.

4. RECIPIENTS OF PERSONAL DATA AND TRANSFERS TO THIRD COUNTRIES

We only make your personal data accessible to:

  • our authorized employees and cooperating persons,
  • our clients (only if relevant and with your prior consent),
  • contractually appointed processors, or other data controllers,

always only to the extent necessary to fulfill the specific purposes and on the basis of an appropriate legal ground. Examples include law firms, companies providing consulting, server, web, cloud, or IT services. In some cases, we are entitled or legally obliged to provide your personal data to competent public authorities.

Please note that if our client (or its parent company) is located in a third country (i.e., outside the EU/EEA), your personal data may also be transferred to such third countries — the registered office of our client (or its parent company). We will always inform you in advance of such transfers, and transfers to third countries are carried out only after adopting appropriate safeguards pursuant to Article 44 GDPR.

5. AUTOMATED PROCESSING

We do not use profiling or automated decision-making with legal or similarly significant effects.

6. YOUR RIGHTS

In accordance with the GDPR, as a data subject you have the following rights:

  • Right of access to personal data: You may request confirmation from us at any time whether personal data concerning you is being processed, and if so, for what purposes, in what scope, to whom it is disclosed, how long it will be processed, whether you have the right to rectification, erasure, restriction of processing, or objection, where we obtained the personal data, and whether your data is subject to automated decision-making, including profiling. You also have the right to obtain a copy of your personal data; the first provision is free, but for additional copies we may request a reasonable administrative fee.
  • Right to rectification: If you believe that we process inaccurate or incomplete personal data about you, you have the right to request correction or completion. We will carry out the rectification or completion without undue delay, taking into account our technical capabilities.
  • Right to erasure (“right to be forgotten”): If you request erasure, we will delete your personal data if:
    (i) it is no longer necessary for the purposes for which it was processed,
    (ii) the processing is unlawful,
    (iii) you object to the processing and there are no overriding legitimate grounds for processing your data, or
    (iv) the legal obligation to process your data no longer applies.
  • Right to restriction of processing: If you request restriction, we must limit the processing of your personal data so that it may only be stored and used for the establishment, exercise, or defense of legal claims (we may not delete, change, or otherwise process it).
  • Right to data portability: If you wish us to transfer personal data that we process about you in electronic form on the basis of a contract or consent, you may exercise your right to data portability. Please note that if fulfilling this right would adversely affect the rights and freedoms of others, we will not be able to comply with your request.
  • Right to withdraw consent: If you withdraw your consent to processing, we will immediately cease processing personal data based on your consent.
  • Right to object: You may object to the processing of personal data processed for the purposes of protecting our legitimate interests. If we cannot demonstrate that there is a compelling legitimate reason for processing that overrides your interests or rights and freedoms, we will immediately cease processing based on the objection.
  • Right to lodge a complaint with a supervisory authority: If you believe your personal data is processed incorrectly, you may lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů), address: Pplk. Sochora 27, 170 00 Prague 7, website: www.uoou-gov.cz.

To exercise your rights, contact us at info@novacekpartners.com or at the address of our company headquarters.

We will respond to your request within the statutory period of 30 days. If necessary, we are entitled to extend this period, and we will inform you in advance of the extension, including the reasons for it.

7. CHANGES TO THESE POLICIES

These Personal Data Processing Policies may be updated from time to time. The current version will always be published on the website with the date of the last update.

  • Effective date of the Policies: January 2025
  • Date of last update: January 2026

Newsletter

Join to gain insider insights, newsletters and special invitations.

Subscribe
Get in Touch
info@novacekandpartners.com+420 739 685 356Impact Hub Praha
Drtinova 557/10, 150 00, CZ
AboutSeeking talentSeeking changeReferencesInsightsContact
Privacy PolicyTerms of UseCookies settings
LinkedIn
Copyright ©  Nováček & Partners, s.r.o. 2026.
All rights reserved. IČO 05730074, DIČ CZ05730074, Drtinova 557/10, Smíchov, 150 00 Praha 5
Zapsaná v obchodním rejstříku vedeném u rejstříkového soudu v Praze, oddíl C, vložka 316123.

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.