Privacy Policy
1. Controller and General Information
This Privacy Policy (hereinafter referred to as the “Policy”) contains information about the processing of your personal data by the entrepreneur Peter Klas s.r.o., with its registered office at Pri Kalvárii 17, 917 01 Trnava, Slovakia, IČO: 36 279 021 (hereinafter referred to as the “Controller” or as “we” in the corresponding grammatical form), which occurs on the Controller’s website (hereinafter referred to as the “website”).
Information about the processing of personal data that occurs outside the website or the Controller’s social media profiles is documented by the Controller in relevant internal regulations and will be provided to you where applicable.
Through this Policy, the Controller provides you with information on why your personal data is processed, how it is processed, how long the Controller stores it, what your rights are in connection with the processing of your personal data, and other relevant information about the processing of your personal data. Through this Policy, the Controller fulfills the information obligation towards all data subjects both in the case where the Controller obtained personal data directly from you as a data subject and in the case where the personal data was obtained from another source.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation”), relevant Slovak legal regulations, in particular Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts (hereinafter referred to as the “Act”), and other personal data protection regulations.
You can contact the Controller regarding matters of processing and protection of personal data at the address Peter Klas s.r.o., Pri Kalvárii 17, 917 01 Trnava, Slovakia, or by e-mail at the e-mail address klas@nextra.sk. The Controller has not appointed a data protection officer in the field of processing and protection of personal data.
2. Purposes, Legal Bases, Categories of Processed Personal Data, and Retention Period
The Controller processes your personal data only for justified purposes, for a limited period, and using the maximum possible level of security. The Controller processes personal data only if there is a legal basis for their processing (in accordance with the principle of legality). The Controller always processes personal data only to the extent necessary to fulfill the specified purpose of processing. This means that the Controller does not require personal data from you that is not necessary for a specific purpose of processing. The Controller processes personal data about you in the scope of common personal data.
The Controller always stores personal data in accordance with the principle of minimization exclusively for the period during which it is necessary to store the personal data. After this period, the Controller deletes the personal data unless legal regulations provide otherwise.
Processing of Accounting Documents
Purpose: Compliance with legal obligations under Art. 6(1)(c) of the Regulation. Categories: Common personal data required to fulfill legal obligations (name, surname, residence/business address, billing address, contact details – tel. no., email address, bank details). Retention: 10 years following the year to which they relate.
Maintenance of Customer Records and Contact Persons of Customers (Legal Entities)
Purpose: Legitimate interest of the Controller under Art. 6(1)(f) of the Regulation, consisting in the necessity of customer records for internal control, accounting, and enforcement of legal claims. Categories: Common personal data (name, surname, address, affiliation/function in the company, contact details). Retention: During the term of the contractual relationship and until the full settlement of claims (until the expiry of limitation periods).
Fulfillment of Legal Obligations Related to Distance Contracts
Purpose: Compliance with legal obligations (providing information, withdrawal from the contract) under Art. 6(1)(c) of the Regulation. Categories: Common personal data. Retention: During the duration of the distance contract and until the full settlement of claims resulting from the distance contract.
Handling the Exercise of Data Subject Rights
Purpose: Compliance with legal obligations under Art. 6(1)(c) of the Regulation. Categories: Common personal data included in the request. Retention: Until the settlement of the exercised rights.
Record-keeping of Exercised Data Subject Rights
Purpose: Legitimate interest of the Controller under Art. 6(1)(f) of the Regulation, which is recording exercised rights to demonstrate compliance with legal obligations. Categories: Common personal data included in the request. Retention: 5 years from the date of exercising the rights.
Taking and Publishing Photos and Other Data for Presentation Purposes
Purpose: Consent of the data subject under Art. 6(1)(a) of the Regulation. Categories: Photo, name, surname, function, tel. no., and e-mail. Retention: 5 years from the date of granting consent or until its withdrawal, whichever occurs earlier.
Responding to Messages and Handling Inquiries (Contact Forms, Social Media, E-mail)
Purpose: Legitimate interest of the Controller under Art. 6(1)(f) of the Regulation, which is responding to messages for proper business communication. Categories: Name, surname, e-mail, tel. no., other data in the message. Retention: 3 months from the date of delivery or until the inquiry is handled, whichever occurs earlier.
Organizing Online Competitions and Publishing Winners
Purpose: Consent of the data subject under Art. 6(1)(a) of the Regulation. Categories: Name, surname, residence address, contact details. Retention: During the competition, and for winners, 3 years after the end of the competition.
Publishing References and Partners
Purpose: Consent of the data subject under Art. 6(1)(a) of the Regulation. Categories: Name and reference. Retention: 3 years from granting consent or until its withdrawal, whichever occurs earlier.
Direct Marketing to Existing and Former Clients
Purpose: Legitimate interest of the Controller under Art. 6(1)(f) of the Regulation (maintaining the existing clientele). Categories: Name, surname, function, e-mail address. Retention: 3 years from the provision of services or until unsubscribing, whichever occurs earlier.
Website Traffic Measurement and Targeted Advertising (Cookies)
Purpose: Consent of the data subject under Art. 6(1)(a) of the Regulation. Categories: IP address and other activity data on the website. Retention: Depending on the type of cookie, max 2 years or until withdrawal of consent.
3. Source of Personal Data
The Controller obtains your personal data directly from you when you provide it (via contact form, social media, or visiting the website). In some cases, if a company or other entity of which you are a representative or contact person orders a service, the source of your data is that entity.
If you do not provide your personal data, the Controller might not be able to deliver goods, conclude a contract, or fulfill other legal and contractual obligations.
4. Who Does the Controller Provide Your Personal Data To?
In certain cases, the Controller is obliged to provide your data to public authorities (courts, law enforcement agencies, trade inspection, etc.). The Controller also provides data to its processors, such as hosting providers, accounting companies, and marketing agencies. These processors are contractually bound to ensure the security of your data.
Recipients also include Google, LLC and Meta Platforms, Inc. for analytical and marketing services (cookies), and social network operators if you contact us through them or share our content.
5. Transfer to Third Countries
When using cookies or social media, your personal data may be transferred to the USA to companies like Meta Platforms, Inc. and Google, LLC. This transfer is secured via appropriate safeguards, such as Standard Contractual Clauses or adequacy decisions in accordance with GDPR.
6. Profiling and Automated Decision-Making
The Controller does not use profiling or automated individual decision-making that would evaluate your personal aspects.
7. What Are Your Rights?
Right of Access: You have the right to obtain confirmation of whether we process your data and to receive a copy of that data.
Right to Rectification: You have the right to have incorrect or incomplete data corrected without undue delay.
Right to Erasure (Right to be Forgotten): You have the right to have your data deleted if it is no longer necessary or if you withdraw your consent (under certain conditions).
Right to Restriction of Processing: You can request that we restrict the processing of your data in specific cases.
Right to Data Portability: You have the right to receive your data in a structured format and transfer it to another controller.
RIGHT TO WITHDRAW CONSENT: If processing is based on consent, you can withdraw it at any time. This does not affect the legality of processing prior to withdrawal.
RIGHT TO OBJECT: You can object to processing based on legitimate interest or for direct marketing purposes.
Right to Lodge a Complaint: You can contact the Office for Personal Data Protection of the Slovak Republic (dataprotection.gov.sk).
8. Cookies Policy
The Controller uses cookies on the website. Cookies are small text files stored on your device to ensure functionality or record traffic.
Functional (Necessary) Cookies: Used for basic website functionality. These can be used without your consent.
Analytical and Marketing Cookies: Used for measuring traffic and personalizing ads. These are stored only if you grant consent via the cookie bar. You can change or withdraw your consent at any time.
9. Validity
This Policy is valid and effective as of March 31, 2026. The Controller is entitled to update this Policy at any time.