PERSONAL DATA PROTECTION

We place great emphasis on the protection of your personal data in our operations. We collect and use only the personal data that is strictly necessary, and we process such data solely for legitimate purposes. This Personal Data Protection Notice applies to all the services we offer and contains information on how personal data is processed. Your personal data is processed in compliance with all applicable and generally binding legal regulations of the Slovak Republic, particularly, but not exclusively, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, and Act No. 18/2018 Coll.

We recommend that you carefully read this Personal Data Protection Notice to familiarize yourself with your rights before entering into any legal relationship with us.

By entering into a legal relationship with us and/or providing us with your personal data, you acknowledge that you understand how your personal data is processed.

1. Who are we?

Your personal data is processed by the controller:

Ecoprogress s.r.o. Beskydská 9, 811 05 Bratislava – Staré Mesto, Company ID (IČO): 50 885 049 Tax ID (DIČ): 2120550850 Contact: ecoprogress@ecoprogress.eu

2. What personal data do we process?

We process only the personal data necessary for providing our services and support, fulfilling our legal obligations, and protecting our legitimate interests.

The personal data we primarily process includes:

· Basic identification data: This data is part of every contract (accounting document) concluded with us. It includes name, surname, academic title. If you operate as a sole trader or legal entity, it also includes Company ID (IČO), Tax ID (DIČ), VAT ID (IČ DPH), and business address/registered office.

· Contact details: Email, phone number, delivery address, and billing address.

· Product and service information (quotation request): This includes information about our products and services necessary for processing and delivering orders.

· Transactional data: Primarily information about payments, such as bank account number or payment card details.

3. For what purposes do we process your personal data?

Your personal data is processed based on the following legal grounds:

a) Performance of a contract We process your personal data for the purpose of fulfilling a pre-contractual relationship and subsequently a contractual relationship under Section 13(1)(b) of the Act, meaning that

personal data specified in the contract or accounting document is processed to fulfill pre-contractual and contractual rights and obligations (e.g., processing and delivering an order).

b) Compliance with legal obligations We process your personal data to fulfill legal obligations imposed by generally binding legal regulations, such as for invoicing and accounting purposes, archival obligations under the Archives and Registries Act, etc.

c) Legitimate interest (See Section 4)

d) Consent-based processing (See Section 5)

e) Marketing purposes We use your email address for marketing purposes only with your explicit consent.

4. What is our legitimate interest?

We process and store your basic personal data (name, surname, title, contact details – address, email, and phone number) based on our legitimate interest, which serves as the legal basis for enforcing legal claims, preventing fraud, protecting against misuse, and processing.

5. How can you provide consent?

Your consent for processing personal data is requested only in specific cases, such as:

· Contact forms

· Registration

· Subscription to newsletters

· Acknowledgment of terms and conditions and data processing policies

Consent can be provided by selecting the relevant checkbox for data processing.

6. How can you withdraw consent?

Consent for personal data processing is voluntary, and you can withdraw it at any time in writing or electronically.

7. Who do we share your data with?

We use the services of trusted and contractually bound business partners for data processing, ensuring adequate protection. In providing our services, we share personal data with:

· External accounting firms

· Marketing service providers

· Law enforcement agencies, state authorities, tax authorities, courts, if necessary

· Company legal representatives in case of debt recovery or legal disputes

Our processors are contractually obligated to comply with strict data protection rules, including confidentiality obligations, ensuring the highest legal protection standards.

8. How long do we retain your personal data?

· Accounting documents: 10 years (as required by law)

· Debt recovery/legal disputes: 10 years

· Records management: Up to 10 years

· Newsletter subscriptions: Until consent is withdrawn or a maximum of 5 years

· Customer registration: 10 years

9. Do we transfer your personal data outside the EU?

No, we do not transfer personal data to third countries outside the European Union.

10. What are your rights under GDPR?

You have the following rights under GDPR:

· Right to access your data

· Right to rectification

· Right to erasure (“right to be forgotten”)

· Right to restrict processing

· Right to data portability

· Right to object to processing

For more details on how to exercise your rights, please contact us.

11. Cookies and IP addresses

We use cookies on our website to enhance user experience and optimize functionality. By visiting our website, you agree to the use of cookies. You can manage your cookie preferences in your browser settings.

For more information, visit: · AboutCookies.org · Wikipedia – HTTP Cookies

12. Handling requests

All requests concerning your personal data will be processed promptly, and we will inform you about the outcome within one month of receipt. If the request is complex, this period may be extended by two additional months. Data subject requests under GDPR are free of charge. However, if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it.

If you believe that we have not handled your request in compliance with GDPR, you have the right to lodge a complaint with the Slovak Data Protection Authority (www.dataprotection.gov.sk).