Privacy policy

I. Basic Provisions

1. The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation, hereinafter referred to as the “GDPR”, is:
   [Company name]
   Registered office: [registered office]
   Company ID No. / IČO: [company ID]
   Registered in: [Commercial Register / other register]
   File No.: [file number]
   hereinafter referred to as the “Company” or the “Controller”.
2. Contact details of the Controller:
   Registered office: [registered office]
   E-mail: [e-mail address]
   Phone: [phone number]
3. Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

II. Sources and Categories of Personal Data Processed

1. The Controller processes personal data provided by the data subject, or personal data obtained by the Controller in connection with the performance of an order, contract or contact request.

The processed personal data may include in particular:

• first name and surname,
• e-mail address,
• phone number,
• name of the organisation,
• website address,
• content of the message.

2. The Controller processes identification and contact data, as well as data necessary for the performance of a contract, handling of an order, or communication with the data subject.

III. Legal Basis and Purpose of Personal Data Processing

1. The legal basis for the processing of personal data is:

• performance of a contract pursuant to Article 6(1)(b) GDPR,
• compliance with the legal obligations of the Controller pursuant to Article 6(1)(c) GDPR,
• legitimate interest of the Controller, particularly for direct marketing purposes, pursuant to Article 6(1)(f) GDPR,
• consent of the data subject for direct marketing purposes, particularly where no order of goods or services has been placed, pursuant to Article 6(1)(a) GDPR.

2. The purpose of personal data processing is:

• processing and fulfilment of orders, enquiries and contractual obligations,
• exercising the rights and obligations arising from a contractual relationship,
• compliance with legal obligations,
• sending commercial offers, newsletters and carrying out other marketing activities,
• operation of the website and related online services.

3. The provision of personal data may be necessary for the conclusion and performance of a contract. Without providing the required personal data, the Controller may not be able to conclude or perform the contract, process the order, or respond to the enquiry.
4. The Controller does not carry out automated individual decision-making within the meaning of Article 22 GDPR.

IV. Retention Period of Personal Data

1. The Controller stores personal data for the period necessary to exercise the rights and obligations arising from the contractual relationship between the data subject and the Controller, and for the period necessary to assert or defend legal claims arising from such contractual relationship.
2. Personal data may be stored for a period of 15 years after the termination of the contractual relationship, particularly for the purpose of fulfilling legal obligations and asserting legal claims.
3. After the expiry of the retention period, the Controller shall delete the personal data.

V. Recipients of Personal Data

1. Recipients of personal data may include persons and entities:

• involved in the delivery of services or fulfilment of the contract,
• providing website operation, hosting, technical maintenance or related services,
• providing services connected with campaign management,
• providing marketing services,
• providing accounting, legal or administrative services, where necessary.

2. Personal data shall only be disclosed to recipients to the extent necessary for the relevant purpose of processing.

VI. Processors of Personal Data

1. The processing of personal data is carried out by the Controller. However, personal data may also be processed on behalf of the Controller by selected processors.
2. Such processors may include in particular:

• providers of Google Ads and Google Analytics services,
• providers of website, hosting, technical and marketing tools,
• other providers of processing software or applications used by the Controller.

3. The Controller shall ensure that processors process personal data only on the basis of the Controller’s instructions and in accordance with applicable data protection legislation.

VII. Rights of the Data Subject

1. Under the conditions set out in the GDPR, the data subject has the following rights:

• the right of access to personal data pursuant to Article 15 GDPR,
• the right to rectification of personal data pursuant to Article 16 GDPR,
• the right to erasure of personal data pursuant to Article 17 GDPR,
• the right to restriction of processing pursuant to Article 18 GDPR,
• the right to object to processing pursuant to Article 21 GDPR,
• the right to data portability pursuant to Article 20 GDPR,
• the right to withdraw consent to the processing of personal data at any time, where the processing is based on consent.

2. The data subject may exercise these rights in writing or electronically using the contact details of the Controller specified in Article I of this Privacy Policy.
3. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4. If the data subject believes that their personal data protection rights have been violated, they have the right to lodge a complaint with the supervisory authority:
   Office for Personal Data Protection of the Slovak Republic
   Úrad na ochranu osobných údajov Slovenskej republiky
   The data subject may also seek judicial protection before the competent court.

VIII. Security of Personal Data

1. The Controller declares that it has adopted appropriate technical and organisational measures to protect personal data.
2. The Controller has implemented measures to secure data storage, systems and access to personal data.
3. Access to personal data is granted only to persons authorised by the Controller.
4. The Controller takes reasonable steps to prevent unauthorised access, alteration, disclosure, loss or destruction of personal data.

IX. Use of Cookies

1. Cookies are small text files that are stored on the user’s device when visiting the website. Cookies help ensure the proper functioning of the website, improve the user experience and may also be used for analytics and advertising purposes.
2. The website may use the following types of cookies:

• Essential cookies: these cookies are necessary for the basic functioning of the website. Without them, the website may not function properly. These cookies do not store personally identifiable information.
• Functional cookies: these cookies help provide enhanced functionality and personalisation, such as remembering user preferences or enabling certain third-party features.
• Analytical / statistical cookies: these cookies are used to understand how visitors interact with the website. They may collect information such as the number of visitors, bounce rate, traffic source and user behaviour on the website. These cookies help improve the website and its performance.
• Advertising cookies: these cookies are used to display personalised advertising and to measure the effectiveness of advertising campaigns. They may be used by third-party advertising providers.

3. Third parties, including external service providers, may also use cookies or access data collected through cookies on the website.
4. Consent to the use of non-essential cookies may be given through the cookie banner displayed on the website.
5. The user may refuse or modify the use of cookies at any time through the cookie banner, if available, or in the settings of their internet browser.
6. Further information on managing cookies can usually be found in the help section of the relevant browser:

• Internet Explorer
• Google Chrome
• Firefox
• Safari
• Opera
• Microsoft Edge

X. Final Provisions

1. By submitting an online form, order form or contact form, the data subject confirms that they have read this Privacy Policy.
2. Where consent is required, the data subject gives consent by actively ticking the relevant checkbox or by another clear affirmative action.
3. The Controller is entitled to amend this Privacy Policy. The new version of the Privacy Policy will be published on the Controller’s website.
4. This Privacy Policy becomes effective on 1 June 2026.