Privacy policy

idea machine s.r.o., Rázusová 13, 977 01 Brezno, Slovak Republic Company ID: 52322998 VAT ID: 2121002180 Email: info@ideamachine.sk Phone: +421 907 129 715 The controller determines the purposes and means of processing your personal data and is responsible for its protection.

• Contact form data: name, email, phone (if provided), company name, message content. • Technical data on form submit: a pseudonymised IP fingerprint (HMAC-SHA-256, first 16 chars) — used solely for anti-spam and rate limiting. We do not store the raw IP. • Analytics data: browser type, OS, time of visit, pages viewed — only if you consent to analytics cookies. IP is anonymised in Google Analytics. • Communication data: contents of emails and calls you send us.

• Responding to your enquiry and preparing a quote — legal basis: pre-contractual relations (Art. 6(1)(b) GDPR). • Performing the contract and invoicing — legal basis: contract and legal obligations (Art. 6(1)(b) and (c) GDPR). • Website analytics (Google Analytics) — legal basis: your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time. • Marketing communications — only on the basis of explicit consent.

• Contact form data: 12 months from the last communication, if no contract is entered into. • Accounting documents: 10 years per the Slovak Accounting Act. • Analytics cookies (Google Analytics): 14 months max. • After that, we securely delete or anonymise the data.

We may share your data with: • WebSupport, s. r. o., Karadžičova 12, 821 08 Bratislava, Slovakia (ID 36 421 928) — web hosting and email infrastructure provider (servers in the EU). • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland — Google Analytics (consent only). • External accounting firm — invoicing data (only with a contractual relationship). • Public authorities — on the basis of legal obligations. We never sell your data to third parties for marketing.

Google Analytics may transfer data to the USA. The transfer is covered by EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework. IP addresses are anonymised prior to transfer.

Under GDPR you have the right to: • Access your data and obtain a copy. • Rectify inaccurate data. • Erase data ("right to be forgotten") where no legal basis for keeping it exists. • Restrict processing. • Data portability to another controller. • Object to processing based on legitimate interest. • Withdraw consent at any time (withdrawal does not affect lawfulness of prior processing). • Lodge a complaint with the Slovak Data Protection Authority (www.dataprotection.gov.sk). Exercise your rights by email at info@ideamachine.sk. We reply within 30 days.

We protect your data with technical and organisational measures — encrypted connection (HTTPS with HSTS), CSP and Permissions-Policy security headers, anti-spam and CSRF protection on the contact form, access only by authorised persons, regular backups and updates. No measure is 100% safe — should a high-risk incident occur we will notify you within 72 hours.

We do not use any automated decision-making that produces legal effects or similarly significantly affects you. We do not perform profiling within the meaning of Art. 22 GDPR.

Given the scale and nature of our processing, we are not required to appoint a Data Protection Officer (DPO). For any questions regarding personal data protection please contact the controller directly: info@ideamachine.sk.

We may update this policy from time to time (e.g. when laws change or we add new services). The current version is always available on this page with the date of last update.