Privacy & Personal Data Protection Policy (GDPR-compliant)
(in accordance with Regulation (EU) 2016/679 – GDPR)
Data Controller
Company name: SystemThinking, spol. s r.o.
Registered address: Gronárska 8, 841 10 Bratislava – Devín
Company ID (IČO): 50415174
Legal representative: Ing. Roman Kazička, CSc.
Phone: +421 918 901 732
Email:
(hereinafter referred to as the “Controller”)
What is Personal Data?
Personal data refers to any information relating to an identified or identifiable natural person. An identifiable person is one who can be directly or indirectly identified by means of an identifier (such as name, ID number, location data, online identifier) or through characteristics linked to physical, genetic, mental, economic, cultural, or social identity.
What is Processing of Personal Data?
Processing includes any operation performed on personal data – such as collection, recording, organization, structuring, storage, alteration, retrieval, use, transfer, restriction, erasure – whether automated or manual.
The controller is not required to appoint a Data Protection Officer.
Sources and Categories of Personal Data
We obtain personal data:
-
Directly from you – e.g. during ordering or communication;
-
By tracking your behavior – e.g. browsing history, location data, wearable device data;
-
From third parties – such as public registries, business partners, marketing agencies, social networks, payment providers, or government authorities.
Legal Basis for Processing
We process your personal data based on:
-
Consent – for direct marketing (Article 6(1)(a) GDPR);
-
Contractual necessity – to fulfill agreements with you (Article 6(1)(b));
-
Legal obligation – compliance with applicable law (Article 6(1)(c)).
Purpose of Processing
We process personal data to:
-
Fulfill orders, process payments, provide services, and manage complaints;
-
Communicate with customers via social media (Facebook, Instagram);
-
Improve user experience and analyze website traffic (see Cookie Policy);
-
Ensure transparency and data accuracy (correct or delete invalid data when identified).
We do not perform automated decision-making or profiling as defined in Article 22 of the GDPR.
Social Media
-
Data published on our profiles (likes, comments, photos) is processed solely via the respective platforms.
-
Joint controllers: We may act as joint controllers with social media providers (Article 26(4) GDPR).
-
Please review the privacy policies of:
Data Retention
We retain personal data only for the duration required to fulfill legal or contractual obligations. After that, data is securely deleted in accordance with Slovak law no. 395/2002 on Archives and Registries.
Recipients of Personal Data
Recipients may include:
-
Third parties assisting with service delivery and payment processing;
-
Public authorities (where required by law).
We do not transfer personal data outside the EU or to third countries.
Data Security
We implement appropriate technical, organizational, and personnel measures to protect personal data. Only authorized persons have access to personal data.
Your Rights (under GDPR)
You have the right to:
-
Access your personal data (Article 15)
-
Rectification (Article 16)
-
Erasure – the “right to be forgotten” (Article 17)
-
Restriction of processing (Article 18)
-
Data portability (Article 20)
-
Object to processing (Article 21)
-
Withdraw consent at any time (Article 7)
-
File a complaint with the Data Protection Authority (Article 77)
How to Exercise Your Rights
You can contact us by:
-
Email:
This email address is being protected from spambots. You need JavaScript enabled to view it. ,This email address is being protected from spambots. You need JavaScript enabled to view it. -
Phone: +421 918 901 732
-
Mail: Gronárska 8, 841 10 Bratislava – Devín, Slovakia
You can also file a complaint to the Slovak Data Protection Authority:
Address: Nám. 1. mája 18, 811 06 Bratislava
Phone: +421 2 3231 3214
Email:
Validity
This Privacy Policy becomes effective upon its publication on our website.