PRIVACY POLICY AND INFORMATION ON THE PROCESSING OF PERSONAL DATA
Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR") in connection with Section 19 of Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts, as amended (hereinafter referred to as "Act No. 18/2018 Coll."). (hereinafter referred to as the "Privacy Policy" or "Information")
I.
Controler
Prevádzkovateľ: TradeIn IT, s.r.o, Sídlo: Bartókova 2/D, 811 02 Bratislava, IČO: 47 844 710
Contact for Data Protection Officer (DPO):The Controller is not obliged to appoint a Data Protection Officer (DPO).
In case of questions concerning personal data and GDPR, you may contact us at the above address or at the e-mail address: dpo@aponea.com
Contact for Data Protection Officer (DPO):The Controller is not obliged to appoint a Data Protection Officer (DPO).
II.
Purposes of Processing and Legal Bases
The Controller processes your personal data in a lawful manner for the following purposes:
Purposes of Processing
Legal Basis
Processing accounting documents and keeping accounts
Article 6(1)(c) GDPR. Specific legal regulations: Act No. 431/2002 Coll. on Accounting, as amended; Act No. 222/2004 Coll. on Value Added Tax, as amended; Act No. 595/2003 Coll. on Income Tax, as amended; Act No. 582/2004 Coll. on Local Taxes and Local Fee for Municipal Waste and Small Construction Waste – necessary to comply with the CONTROLLER’S LEGAL OBLIGATIONS under the above legal regulations.
Exercising data subject rights under GDPR and Act No. 18/2018 Coll.
Article 6(1)(c) GDPR. Specific legal regulations: Act No. 18/2018 Coll. and GDPR – necessary to comply with the CONTROLLER’S LEGAL OBLIGATIONS.
Recording security incidents (data breaches)
-
Keeping records of shareholders and executives, company agenda
Article 6(1)(c) GDPR. Specific legal regulations: Act No. 455/1991 Coll. on Trade Licensing (Trade Licensing Act), as amended; Act No. 513/1991 Coll. Commercial Code, as amended – necessary to comply with the CONTROLLER’S LEGAL OBLIGATIONS.
Fulfilling obligations related to record management
Article 6(1)(c) GDPR. Specific legal regulations: Act No. 395/2002 Coll. on Archives and Registries and on Amendments to Certain Acts, as amended – necessary to comply with the CONTROLLER’S LEGAL OBLIGATIONS.
Registration on the Platform
Article 6(1)(b) GDPR – contractual and pre-contractual relationships. Data are necessary to process the order (performance of a contract). Without the provision of data, the services cannot be provided.
Reservation services
Article 6(1)(b) GDPR – contractual and pre-contractual relationships. Data are necessary to process the order (performance of a contract). Without the provision of data, the services cannot be provided.
Google Analytics – measuring website traffic and visitor demographics
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: measuring traffic, demographics, and user experience.
Google Tag Manager
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: optimization of the website and the application to ensure intuitiveness and better user experience.
Facebook Pixel
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: carrying out marketing and remarketing activities of the Controller and measuring their performance.
Smart Look – monitoring user behavior patterns on the website
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: optimizing the website and the application to be customer-oriented and provide a better user experience.
Client references
Article 6(1)(a) GDPR – consent of the data subject. Consent is given freely and voluntarily and may be withdrawn at any time with the Controller.
Publication of photographs
Article 6(1)(a) GDPR – consent of the data subject. Consent is given freely and voluntarily and may be withdrawn at any time with the Controller.
Recording contacts in Aponea.com
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: ensuring effective communication with suppliers and customers or their contact persons.
Cookies – optimization of the website – essential cookies
Article 6(1)(f) GDPR – LEGITIMATE INTEREST. The legitimate interest is: optimizing the website and the application to be customer-oriented and provide a better user experience.
III.
What Data We Process
The Controller processes ordinary personal data in its processing activities, in particular:
•
first name, surname, permanent address or correspondence address, date of birth, gender, photograph, telephone number, emergency contact (name, surname, relationship to the person, and telephone number),
•
full registration details of a legal entity, including personal data of the natural person representing the legal entity, as well as business address if it is a natural person-entrepreneur,
•
contact telephone number and e-mail address.
If you have made available to the Service Provider additional personal data (health-related complications, health restrictions, or other sensitive data) and granted consent to their processing, the Service Provider may process and archive such data also directly within the Platform. For precise details of such personal data, you need to contact the Service Provider directly. The Controller is entitled to delete from the Platform also personal data obtained by the Service Provider.
IV.
Categories of Data Subjects
Purposes of Processing
Categories of Data Subjects
Processing accounting documents and keeping accounts
Company employees, employees of suppliers of goods and services, suppliers, customers of goods and services.
Exercising data subject rights under GDPR and Act No. 18/2018 Coll.
Persons exercising their rights as data subjects.
Recording security incidents (data breaches)
Natural persons reporting a security incident, natural persons dealing with the incident, natural persons who are the source of the incident.
Keeping records of shareholders and executives, company agenda
Shareholders, executives, former shareholders, former executives.
Fulfilling obligations related to record management
Persons – senders and recipients of correspondence.
Registration on the Platform
Clients (B2B) – operators (legal/natural persons) and their customers.
Reservation services
Clients (B2B) – operators (legal/natural persons) and their customers.
Google Analytics
Internet visitors who visit the Controller’s website and application – Aponea.com.
Google Tag Manager
Internet visitors who visit the Controller’s website and application – Aponea.com.
Facebook Pixel
Internet visitors who visit the Controller’s website and application – Aponea.com.
Smart Look
Internet visitors who visit the Controller’s website and application – Aponea.com.
Client references
Customers/clients.
Publication of photographs
Customers/clients who have granted consent.
Recording contacts in Aponea.com
Employees of clients, statutory representatives of clients, clients – natural persons.
Cookies – optimization of websites – essential cookies
Internet visitors who visit the fan page Aponea.com.
V.
Data Retention Periods
We retain your personal data for no longer than is necessary for the purposes for which the personal data are processed. In storing personal data, we follow specific legal regulations that set retention periods and/or the fundamental GDPR principles regarding retention and disposal of personal data. Personal data processed based on your consent are always retained only for the period for which you have granted us consent.
If we process your personal data based on legitimate interest, the processing continues as long as our legitimate interest persists. You may object at any time to the processing of your personal data carried out on the basis of legitimate interest.
VI.
Sources of Processed Data
The personal data we process about you originate from you – from clients who publish offers of their services and from persons who respond to service offers. We also obtain data when you register on our website and create a user account.
We also obtain data from social networks – if you choose to log in to our Services via social networks, such as Facebook, you provide us with your personal data and other information available from your profile (and which you choose to share with us).
VII.
Recipients or Categories of Recipients of Data
We do not share, sell, transfer, or otherwise disclose your personal data to third parties and will not do so in the future unless required by law, necessary for contractual purposes, or unless you have given explicit consent. We provide your personal data only in justified cases and only to the necessary extent to the following categories of recipients:
•
entities in cases where legal regulations impose on us the right or obligation to provide your personal data, or if necessary to protect our legitimate interests (e.g. law enforcement authorities, police, courts, other state and public administration authorities, etc.),
•
to a partner whose products or services you purchased through our site, exclusively so that the partner may issue you a tax document for the given goods or services,
•
depending on the payment method chosen for the ordered services, in some cases we share your data with the provider of that payment method.
The Controller provides your personal data only to the necessary extent and exclusively to recipients on the basis of legal regulations or contracts to processors who process personal data for the Controller and under its instructions, in particular:
•
Stripe, Inc.
•
Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.)
•
Google
VIII.
Transfer of Personal Data to Third Countries
The Controller does not transfer personal data to third countries. However, this does not prevent such transfer by a processor, provided that such transfer is necessary, has a valid legal basis, and all personal data protection rules are complied with.
IX.
Your Rights
Right of access
You have the right to request information about what personal data we process about you and to obtain a copy. If you request electronically, the information will be provided in a commonly used electronic format unless you request otherwise.
Right to rectification
You may request the rectification, update, or completion of inaccurate, incomplete, or outdated personal data.
Right to erasure
You may request the deletion of your data if they are no longer necessary for the purposes for which they were collected. Requests will be assessed in light of all relevant circumstances; deletion may be prevented by legal or regulatory obligations.
Right to restriction of processing
In certain cases, you may request restriction of processing, e.g. until the accuracy of the data is verified or in cases of unlawful processing.
Right to data portability
If the processing is based on consent and is carried out by automated means, you may obtain your data in a structured, commonly used, and machine-readable format and transfer it to another controller.
Right to object
You may object to processing based on legitimate interest. If there are no compelling legitimate grounds, we will stop processing your data. You may lodge an objection:
a) in writing to the Controller’s address,
b)by e-mail to dpo@aponea.com
Právo na odvolanie súhlasu
If the processing is based on consent, you may withdraw it at any time:
a) in writing to the Controller’s address,
a) in writing to the Controller’s address,
b)by e-mail to dpo@aponea.com.
The Controller has informed you of your right to withdraw consent at any time (if processing is based on consent) and of the manner in which this right can be exercised.
Right to lodge a complaint
If you wish to complain about the way your data are processed, including the exercise of the above rights, you may contact the Controller. All complaints will be reviewed. If you are not satisfied, you may contact the supervisory authority:
Office for Personal Data Protection of the Slovak Republic
Budova Park One,
Office for Personal Data Protection of the Slovak Republic
Budova Park One,
Námestie 1. mája 18, 811 06 Bratislava,
Slovak republic
https://dataprotection.gov.sk.
Slovak republic
https://dataprotection.gov.sk.
If the processing is based on a contract, the provision of personal data is necessary for the performance of the contract (without them the Controller cannot perform the contract). If the processing is based on a legal obligation, the processing is necessary to fulfill the Controller’s legal obligations. If the processing is based on consent, the data are processed only to the extent of the granted consent.
VII.
Automated Decision-Making
The Controller does not carry out automated decision-making or profiling for the purposes described in this document. Requests for the exercise of data subject rights are handled free of charge.
Bratislava, 1 September 2025