Privacy Policy
Effective Date: March 03, 2026
GEM7 (“GEM7”, “we”, “us”, “our”) operates https://www.gem7.vc/ and provides U.S. Beachhead Services to European startups.
We form and manage U.S. legal entities, craft go-to-market strategies, and secure paying American customers for seed and Series A founders.
This Privacy Policy explains what personal data we collect, why we process it, how we protect it, and your rights under the EU General Data Protection Regulation (GDPR) and applicable Czech law.
1. Who We Are (Data Controller)
GEM7 is a Prague-based firm dedicated to empowering outlier founders. We enable European startups to establish a secure operational foothold and generate revenue in the United States without the typical high-risk, high-cost missteps of independent expansion.
Data Controller:
GEM7 Prague, Czech Republic
For privacy matters, contact us at:
info@gem7.vc
2. Personal Data We Collect
Directly from you
Contact / Inquiry Data (via “Let’s Talk” form or email):
- Name
- Surname
- Email address
- Phone number
- Company name
- Role
- Message content
- Attached documents or startup details
Service Engagement Data (if you become a client):
- Identification data (e.g., passport/ID copy for entity formation)
- Professional background
- Product details
- Target customer profiles
- Financial or incorporation-related information necessary for U.S. entity setup, GTM execution, and customer acquisition
Event or Call Participation (if applicable):
- Name
- Phone number
- Recordings or call notes
Automatically / Indirectly
Technical / Connection Data:
- IP address
- Browser type
- Device information
- Pages visited
- Referral source
- Session duration
- Cookies (see Section 7)
Analytics Data:
Aggregated website usage metrics via tools such as Google Analytics or similar (anonymized where possible).
We collect only data necessary for the purposes listed below. We do not collect special categories of data (e.g., health, race, religion) unless explicitly required for a specific service and with your consent.
3. Purposes and Legal Bases for Processing
4. Data Sharing and Recipients
We share personal data only when strictly necessary and under written agreements ensuring GDPR-level protection.
Recipients may include:
- Hosting providers
- CRM tools
- Analytics platforms
- U.S. legal and incorporation partners
- Payment processors
- Customer-introduction networks
Data may also be shared with U.S.-based partners for entity formation and customer acquisition, protected by Standard Contractual Clauses or equivalent safeguards.
Additionally, data may be disclosed to:
- Lawyers
- Accountants
- Insurers
- Public authorities (only when legally required)
We do not sell personal data.
All partners receive data under strict confidentiality and on a need-to-know basis.
5. International Transfers
Because we deliver U.S. services, personal data may be transferred to and processed in the United States.
We ensure appropriate safeguards including:
- Standard Contractual Clauses
- Data Processing Agreements
- Transfer Impact Assessments
All transfers comply with GDPR Chapter V.
6. Data Retention
We retain personal data only as long as necessary for its intended purpose.
Personal data will be deleted when:
- Consent is withdrawn (where applicable)
- The data is no longer necessary
- Retention is legally inadmissible
Data required for:
- Billing and accounting
- Legal compliance (tax, AML, statutory limitation periods)
- Defense of legal claims
will be retained as required by applicable law.
After the retention period, data is securely deleted or anonymized.
7. Cookies and Similar Technologies
We use cookies and similar technologies (pixels, scripts) to:
- Enable core website functionality
- Analyze usage
- Improve user experience
- Ensure security
Strictly necessary cookies are used without consent.
Analytical and preference cookies are placed only with your consent. You may manage cookies via our cookie banner or browser settings.
Refusing non-essential cookies may limit certain features but does not restrict access to core website content.
We do not use cross-site advertising tracking cookies.
Third-party services (e.g., analytics tools) may set their own cookies, over which we have no direct control.
For details, refer to our cookie banner and settings.
8. Security
We implement appropriate technical and organizational safeguards, including:
- Encryption (in transit and at rest)
- Access controls
- Regular security reviews
- Staff training
- Secure partner vetting
No system is completely secure. In case of a high-risk breach, we will notify affected individuals and the relevant supervisory authority as required by law.
9. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure (under certain conditions)
- Restrict or object to processing
- Data portability
If processing is based on consent, you may withdraw it at any time.
You also have the right to lodge a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) or your local supervisory authority.
To exercise your rights, contact:
info@gem7.vc
We respond within one month (extendable by two months for complex cases), subject to identity verification.
10. Changes to This Policy
We may update this Privacy Policy to reflect service changes or legal requirements.
The updated version will be published on this page with a revised effective date. Material changes may be communicated via the website or direct notice.
11. Contact
For questions regarding this Privacy Policy or our data practices, contact:
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.