Privacy policy
Last updated: 22 April 2026
1. Controller
The controller of personal data within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”) is:
Sarnecky & Co. s.r.o.
Registered office: Karpatské námestie 7770/10A, 831 06 Bratislava - Rača
Company ID (IČO): 53838955
Tax ID (DIČ): 2121509412
E-mail: hello@sarneckyco.com
(hereinafter the “Controller”)
2. What personal data we process
2.1. Data provided through forms
When you register interest, use a contact form, or subscribe to a newsletter, we process:
- name and surname,
- email address,
- company name (if provided),
- message content (if provided).
2.2. Data collected automatically
When you visit the website, we automatically collect:
- IP address (anonymised),
- browser and operating system type,
- date and time of access,
- pages visited and interactions on the site,
- referral source (referring page).
2.3. Cookies
- Information on the use of cookies is set out in section 8 of this document.
3. Purposes and legal bases for processing
| Purpose of processing | Legal basis (GDPR) | Retention period |
|---|---|---|
| Responding to an enquiry / contact form | Art. 6(1)(b) – performance of a contract or pre-contractual measures | 12 months from the last communication |
| Registration of interest in services | Art. 6(1)(a) – consent | Until consent is withdrawn, max. 24 months from registration |
| Sending newsletters and marketing materials | Art. 6(1)(a) – consent | Until consent is withdrawn |
| Website traffic analysis (Google Analytics 4) | Art. 6(1)(f) – legitimate interests | 14 months |
| Compliance with legal obligations (accounting, tax) | Art. 6(1)(c) – legal obligation | As required by the applicable law (typically 10 years) |
4. Legitimate interest
The Controller processes some data on the basis of legitimate interest (Art. 6(1)(f) GDPR). The legitimate interest consists of:
- analysing traffic to improve the website and services,
- ensuring technical security and preventing misuse of the website.
The data subject has the right to object at any time to processing based on legitimate interest (see section 6).
5. Recipients of personal data
Personal data may be disclosed to the following categories of recipients only to the extent necessary to achieve the processing purposes:
| Recipient category | Service provider | Location / data transfer |
|---|---|---|
| Hosting and infrastructure | DigitalOcean, LLC | USA – transfer on the basis of standard contractual clauses (SCCs) |
| Email communication | Resend, Inc. | USA – transfer on the basis of SCCs |
| Analytics | Google LLC (Google Analytics 4) | USA – transfer on the basis of SCCs; IP anonymisation enabled |
| Meeting scheduling | Calendly, LLC | USA – transfer on the basis of SCCs |
The Controller does not sell personal data to third parties. Personal data is not subject to automated individual decision-making, including profiling within the meaning of Art. 22 GDPR.
6. Rights of the data subject
Under the GDPR, you as a data subject have the following rights:
a) Right of access (Art. 15 GDPR) — you have the right to obtain confirmation as to whether your personal data is being processed, and, if so, to access that data.
b) Right to rectification (Art. 16 GDPR) — you have the right to request the correction of inaccurate personal data or the completion of incomplete data.
c) Right to erasure (Art. 17 GDPR) — you have the right to request the erasure of your personal data where the purpose has ceased, consent was withdrawn, or a successful objection was made.
d) Right to restriction of processing (Art. 18 GDPR) — you have the right to request restriction of processing under the conditions set out in the GDPR.
e) Right to data portability (Art. 20 GDPR) — you have the right to receive your personal data in a structured, commonly used and machine-readable format.
f) Right to object (Art. 21 GDPR) — you have the right to object at any time to processing of personal data carried out on the basis of legitimate interests.
g) Right to withdraw consent — where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing.
h) Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority, which is:
The Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava
Web: https://dataprotection.gov.sk
Email: statny.dozor@pdp.gov.sk
You may exercise your rights by sending a request to: hello@sarneckyco.com
We will respond to your request without undue delay, within 30 days of receipt at the latest.
7. Data security
The Controller has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These measures include in particular:
- encrypted communication (HTTPS/TLS),
- access to personal data limited to authorised persons only,
- regular security updates to systems,
- minimisation of the scope of data collected.
8. Cookies
8.1. Strictly necessary cookies
The website uses technically necessary cookies required for it to function properly. These cookies do not require consent.
8.2. Analytical cookies
The website uses Google Analytics 4 to analyse traffic. GA4 is configured with the following safeguards:
- IP anonymisation is enabled,
- Google signals for advertising purposes are disabled,
- data is not used for remarketing or targeted advertising,
- the retention period is set to 14 months.
Analytical cookies are only activated after you give consent through the cookie banner.
8.3. Cookie management
You can withdraw or change your cookie consent at any time by using the cookie settings button in the website footer, or by changing your browser settings.
9. Transfers to third countries
Some service providers used by the Controller (see section 5) are located in the USA. Transfers of personal data to the USA are carried out on the basis of standard contractual clauses adopted by the European Commission under Art. 46(2)(c) GDPR, or on the basis of other appropriate safeguards in accordance with the GDPR.
10. Changes to this document
The Controller may update this document at any time. The current version is always available on this page. Material changes will be notified to registered users by email.
11. Contact
For any questions regarding this privacy policy, contact us at: hello@sarneckyco.com