1. Who we are (Data Controller)
The data controller responsible for processing your personal data is:
Systemintegra s.r.o.
Bratislava, Slovak Republic · EU
Company ID (IČO): registered in the Slovak Commercial Register
For any privacy-related question, request, or complaint, write to the address above. We respond within 30 days, as required by Article 12(3) GDPR.
2. What data we collect
2.1 Data you provide directly
- Contact form & email: name, company, email address, phone number (optional), and the content of your message.
- Service contracts: billing details (company name, VAT ID, registered address), banking details for invoicing.
- Technical onboarding: server credentials, infrastructure inventory, access tokens — handled under separate NDA and stored encrypted.
2.2 Data collected automatically
- Server logs: IP address, browser user-agent, requested URL, timestamp, referrer. Retained for 30 days for security and abuse prevention.
- Cookies & similar technologies: see Section 6 below.
3. Why we process it (Legal basis)
We only process personal data where we have a lawful basis under Article 6 GDPR:
- Contract performance (Art. 6(1)(b)) — to deliver the services you signed up for.
- Legitimate interest (Art. 6(1)(f)) — to secure our infrastructure, prevent fraud, and respond to your inquiries.
- Legal obligation (Art. 6(1)(c)) — accounting, tax, and AML/KYC requirements under Slovak and EU law.
- Consent (Art. 6(1)(a)) — for non-essential cookies and any optional marketing communications. You can withdraw consent at any time.
4. How long we keep it
- Inquiry emails & contact form submissions: 24 months after last contact, then deleted.
- Service-related operational data: for the duration of the contract plus 12 months.
- Invoices & accounting records: 10 years (Slovak Accounting Act, mandatory).
- Server access logs: 30 days.
- Marketing consent records: until you withdraw consent.
5. Who we share it with
We do not sell your personal data. We only share it with:
- Sub-processors strictly necessary for service delivery — listed on request, all bound by Data Processing Agreements (DPA) under Art. 28 GDPR.
- Banks & payment processors for invoicing.
- Public authorities only when legally required (court order, tax audit).
All sub-processors are located within the European Economic Area (EEA). We do not transfer personal data outside the EEA without Standard Contractual Clauses or an adequacy decision in place.
6. Cookies
This website uses cookies and similar local-storage technologies. We classify them into three categories. Only the strictly necessary category is set without your consent.
session · 1 year13 months13 monthsYou can review and change your cookie preferences at any time using the Cookie preferences link in the footer of every page.
7. Your rights under GDPR
As a data subject, you have the following rights regarding your personal data:
- Right of access (Art. 15) — request a copy of the data we hold about you.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17) — request deletion, subject to legal retention obligations.
- Right to restriction (Art. 18) — pause processing while a dispute is resolved.
- Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7(3)) — at any time, without affecting the lawfulness of prior processing.
- Right to lodge a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov SR, dataprotection.gov.sk) or your local EU supervisory authority.
To exercise any of these rights, email privacy@systemintegra.eu. We do not charge a fee and we respond within 30 days.
8. Security
We apply technical and organisational measures appropriate to the risk: TLS 1.3 in transit, AES-256 at rest for sensitive secrets, role-based access control, mandatory MFA for engineers, signed audit logs, and quarterly security reviews. In the event of a personal data breach, we notify the supervisory authority within 72 hours as required by Art. 33 GDPR, and affected individuals without undue delay where the breach is likely to result in high risk.
9. Children
Our services are intended for businesses. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it.
10. Changes to this notice
We may update this Privacy Policy. The version and effective date at the top of this page reflect the latest revision. Material changes are announced via email to active customers and via a notice on the homepage at least 30 days before they take effect.
11. Contact & complaints
Úrad na ochranu osobných údajov Slovenskej republiky · dataprotection.gov.sk