Contents
- Data Controller
- Data We Collect
- Hosting
- Ghost Members & Newsletter
- Email Delivery (Mailgun)
- Payment Processing (Stripe)
- Cookies and Sessions
- Google Fonts
- External Platforms
- Social Networks
- Contact by Email
- Legal Bases for Processing
- Your Rights
- Data Security
- Updates to This Policy
01 — Data Controller
The controller responsible for the processing of personal data on this website within the meaning of the General Data Protection Regulation (GDPR) is:
High Five Group, s.r.o.Naskové 1189/1
150 00 Prague
Czech Republic
VAT ID: CZ17106702
Tax ID: 17106702
Email:
02 — Data We Collect
This website is operated using Ghost, a publishing platform. Data is collected in the following ways:
- Server log data — IP address, date and time of access, browser type, and referring URL, recorded automatically by the hosting infrastructure
- Email address — when you subscribe to The Dispatch newsletter or create a member account
- Payment data — if you take out a paid subscription, your payment details are processed by Stripe (see Section 06)
We do not use tracking pixels, ad networks, or analytics tools that build individual user profiles.
03 — Hosting
This website is hosted on a dedicated server operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. When you visit this site, Hetzner automatically processes technical connection data including your IP address as part of operating the infrastructure.
Hetzner Online GmbH is an EU-based company subject to GDPR. For more information, see https://www.hetzner.com/legal/privacy-policy/.
The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in the secure and efficient operation of the website).
04 — Ghost Members & Newsletter
This website uses Ghost Members, a subscription and membership feature built into the Ghost publishing platform. When you subscribe to The Dispatch newsletter or create a member account:
- Your email address is stored in our Ghost database on the server described in Section 03
- Ghost authenticates you via a magic link sent to your email — no password is stored
- A session cookie is set to keep you signed in (see Section 07)
- Your subscription status and newsletter preferences are stored to manage delivery
Legal basis: Art. 6(1)(a) GDPR (consent, given at the point of subscription) for newsletter communications; Art. 6(1)(b) GDPR where a paid subscription is involved.
You may unsubscribe at any time via the unsubscribe link in any newsletter email. To request full deletion of your member account and associated data, contact us at the address in Section 01.
05 — Email Delivery (Mailgun)
Transactional and newsletter emails are delivered via Mailgun, a service of Sinch Sweden AB, Lindhagensgatan 74, 112 18 Stockholm, Sweden.
When an email is sent to you, Mailgun processes your email address and the email content on our behalf as a data processor. Mailgun may also record delivery events (sent, delivered, bounced) for operational reliability.
Sinch AB is subject to GDPR and a Data Processing Agreement is in place. For more information, see https://www.mailgun.com/legal/privacy-policy/.
Legal basis: Art. 6(1)(a) GDPR (consent) for newsletter emails; Art. 6(1)(b) GDPR for transactional emails related to your account.
06 — Payment Processing (Stripe)
Paid subscriptions are processed by Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
When you take out a paid subscription, Stripe collects and processes your payment card details, billing address, and transaction data directly. We do not store full payment card details on our systems.
Stripe is certified under the EU–US Data Privacy Framework and is PCI-DSS compliant. For more information, see https://stripe.com/privacy.
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
07 — Cookies and Sessions
This website uses a single functional cookie set by Ghost when you sign in as a member (ghost-members-ssr). This cookie is strictly necessary to keep you authenticated and is not used for tracking or advertising.
No analytics, tracking, or advertising cookies are set by this site. No user profiling takes place.
External services linked to from this site may set their own cookies when you visit them directly. This is governed by each platform's own privacy policy.
08 — Google Fonts
This website loads the typeface IBM Plex Mono from Google Fonts (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When the page loads, your IP address is transmitted to Google's servers.
Google LLC is certified under the EU–US Data Privacy Framework. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in consistent typographic rendering). For more information, see https://policies.google.com/privacy.
09 — External Platforms
This website contains links to external streaming and podcast platforms. These are plain links only — no content is embedded. Clicking a link takes you away from this site to the respective platform.
YouTube (Google LLC)
Operator: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy
Spotify
Operator: Spotify AB, Regeringsgatan 19, SE-111 53 Stockholm, Sweden. Privacy policy: https://www.spotify.com/legal/privacy-policy/
Apple Podcasts
Operator: Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Privacy policy: https://www.apple.com/legal/privacy/
10 — Social Networks
This website contains links to social networks. These are plain links only — no tracking pixels or social plugins are embedded. You only leave this site by actively clicking a link.
Operator: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Privacy policy: https://privacycenter.instagram.com/policy
TikTok
Operator: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy
11 — Contact by Email
If you contact us by email, the data you provide (name, email address, message content) will be processed and stored for the purpose of handling your enquiry. We will not share this data with third parties without your consent.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries), or Art. 6(1)(b) GDPR where the enquiry relates to a contract. Data is deleted once the purpose for storage no longer applies and no statutory retention obligations prevent deletion.
12 — Legal Bases for Processing
We process personal data on the following legal bases:
- Art. 6(1)(a) GDPR — Consent (newsletter subscription, marketing emails)
- Art. 6(1)(b) GDPR — Performance of a contract (paid subscriptions, transactional account emails)
- Art. 6(1)(f) GDPR — Legitimate interests (secure operation of the website, responding to enquiries, Google Fonts)
13 — Your Rights
Under GDPR, you have the following rights with respect to your personal data:
- Right of access — Art. 15 GDPR
- Right to rectification — Art. 16 GDPR
- Right to erasure — Art. 17 GDPR
- Right to restriction of processing — Art. 18 GDPR
- Right to data portability — Art. 20 GDPR
- Right to object — Art. 21 GDPR
- Right to withdraw consent — at any time, without affecting the lawfulness of prior processing
- Right to lodge a complaint with the Office for Personal Data Protection (ÚOOÚ), Czech Republic: https://www.uoou.cz
To exercise your rights, please contact the data controller listed in Section 01.
14 — Data Security
This website uses SSL/TLS encryption to protect the transmission of data. You can identify an encrypted connection by the "https://" prefix in the browser address bar.
We implement appropriate technical and organisational measures to protect your personal data against accidental or deliberate manipulation, loss, destruction, or unauthorised access by third parties.
15 — Updates to This Policy
This privacy policy is current as of May 2026. As our website evolves or legal requirements change, we may need to update this policy. The current version is always available at this URL.