Privacy Policy

2. Data Controller

Controller within the meaning of the GDPR and other national data protection laws: smartenic s.r.o. Rázusovo nábrežie - HUMA 6 811 02 Bratislava - mestská časť Staré Mesto Slovak Republic IČO: 55886922 DIČ: 2122121683 IČ DPH: SK2122121683 Email: privacy@smartenic.com Phone: +43 800 007 075 For data protection inquiries, please contact: privacy@smartenic.com

3. Collection and Storage of Personal Data

We collect personal data when you: • Visit our website (automatically collected data) • Fill out a contact form • Make an inquiry by email or phone • Enter into a contract with us • Use our services • Subscribe to our newsletter Automatically collected data when visiting the website: • IP address (anonymized) • Date and time of access • Browser type and version • Operating system • Referrer URL (previously visited page) • Hostname of the accessing computer • Pages visited and time spent This data is required to display the website correctly, ensure stability and security, and is automatically deleted.

4. Legal Bases for Processing

We process your personal data on the basis of the following legal grounds pursuant to Art. 6 GDPR: • Art. 6(1)(a) GDPR (Consent): When you have given us express consent to processing, e.g., for newsletters or marketing. • Art. 6(1)(b) GDPR (Contract Performance): When processing is necessary for the performance of a contract with you or for pre-contractual measures. • Art. 6(1)(c) GDPR (Legal Obligation): When processing is necessary to comply with a legal obligation, e.g., tax retention requirements. • Art. 6(1)(f) GDPR (Legitimate Interest): When processing is necessary to protect our legitimate interests and your interests do not override them, e.g., for website analysis and IT security.

5. Purposes of Data Processing

We process your data for the following purposes: • Provision and improvement of our website and services • Responding to inquiries and communicating with you • Processing contracts and orders • Sending quotations and invoices • Providing support and maintenance services • Sending newsletters (only with your consent) • Analysis and improvement of our offerings • Ensuring IT security • Compliance with legal retention obligations • Assertion, exercise, or defense of legal claims

6. Recipients and Data Sharing

Your personal data will only be shared if: • You have given your express consent • This is necessary for contract performance • A legal obligation exists • Sharing is necessary for the assertion of legal claims Categories of recipients: • Processors (Art. 28 GDPR): IT service providers, hosting providers, cloud services • Payment service providers: For payment processing • Tax advisors and auditors: To fulfill tax obligations • Authorities: When legally required • Shipping service providers: For deliveries We have concluded data processing agreements (DPA) in accordance with Art. 28 GDPR with all processors.

7. Retention Period and Deletion

We store your personal data only as long as necessary for the fulfillment of the respective purposes or as required by statutory retention periods. Specific retention periods: • Contract data: 10 years after contract termination (statutory retention obligations) • Invoices and accounting documents: 10 years (tax retention obligation) • Business correspondence: 6 years • Application documents: 6 months after completion of the application process • Newsletter data: Until revocation of consent • Server log files: 7 days • Cookies: Depending on cookie type (see Cookies section) After expiry of the respective period, data is routinely deleted or anonymized.

8. Cookies and Tracking

Our website uses cookies. Cookies are small text files that are stored on your device. We use the following types of cookies: • Technically necessary cookies: These are required for the website to function and cannot be disabled. They do not store personal data. Legal basis: Art. 6(1)(f) GDPR. • Functional cookies: These enable extended functionalities such as language settings. Legal basis: Art. 6(1)(a) GDPR (consent). • Analytics cookies: We do not use analytics or tracking cookies without your express consent. You can configure your browser settings to reject or delete cookies. However, please note that this may limit the functionality of the website.

9. Third-Party Services

On our website, we use the following third-party services: • Hosting: Vercel Inc., San Francisco, USA - Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR • Content Delivery Network (CDN): For optimal loading times worldwide • Contact form: Data processing on EU servers We do not use social media plugins that automatically transfer data to third parties. Links to social media platforms are implemented as simple links. When using services outside the EEA, we ensure an adequate level of data protection through appropriate safeguards (Standard Contractual Clauses, adequacy decisions).

10. Data Transfer to Third Countries

A transfer of personal data to countries outside the EU/EEA (third countries) only occurs: • When an adequacy decision by the EU Commission exists (Art. 45 GDPR) • On the basis of Standard Contractual Clauses (Art. 46(2)(c) GDPR) • With your express consent (Art. 49(1)(a) GDPR) When using US services, data transfer is based on the EU-US Data Privacy Framework or EU Standard Contractual Clauses with additional protective measures. Copies of the Standard Contractual Clauses can be requested at privacy@smartenic.com.

11. Data Security

We implement extensive technical and organizational measures to protect your personal data from unauthorized access, loss, destruction, or alteration: • SSL/TLS encryption (HTTPS) for all data transmissions • Encrypted storage of sensitive data • Access control and permission management • Regular security updates and patches • Firewall and intrusion detection systems • Regular security audits • Employee training in data protection • Physical security of server locations Despite all security measures, no data transmission over the Internet can be guaranteed to be 100% secure.

12. Your Rights as a Data Subject

• Right to Information (Art. 15 GDPR): You have the right to obtain information about your personal data stored by us, including processing purposes, categories, and recipients.
• Right to Rectification (Art. 16 GDPR): You have the right to demand immediate rectification of inaccurate data or completion of incomplete data.
• Right to Erasure (Art. 17 GDPR): You have the right to erasure of your data, unless statutory retention obligations or legitimate interests prevent this.
• Right to Restriction of Processing (Art. 18 GDPR): Under certain conditions, you may request restriction of the processing of your data.
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used, and machine-readable format or to have it transferred to another controller.
• Right to Object (Art. 21 GDPR): You have the right to object to the processing of your data at any time on grounds relating to your particular situation.
• Right to Withdraw Consent (Art. 7(3) GDPR): You may withdraw consent given at any time with effect for the future.

13. Right to Complain to Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR. Competent supervisory authority in Slovakia: Úrad na ochranu osobných údajov Slovenskej republiky Hraničná 12 820 07 Bratislava Slovak Republic Email: statny.dozor@pdp.gov.sk Website: https://dataprotection.gov.sk You may also contact the supervisory authority of your place of residence or habitual abode.

14. Changes to this Privacy Policy

We reserve the right to amend this privacy policy to adapt it to changed legal situations or when there are changes to our services. The current version can always be found on our website. We will notify you of material changes separately where possible. The version published at the time of your visit to this website always applies. We recommend that you review this privacy policy regularly.

15. Contact for Data Protection Inquiries

For questions about data protection, to exercise your rights, or for complaints, please contact: smartenic s.r.o. Data Protection Rázusovo nábrežie - HUMA 6 811 02 Bratislava Slovak Republic Email: privacy@smartenic.com Phone: +43 800 007 075 We will respond to your inquiry as soon as possible, but no later than within one month.