Privacy policy

effective as of 1 May 2025

The purpose of this document is to explain how our company collects, uses, and protects personal data obtained from its customers, employees, website visitors, suppliers, other contractual partners, and other individuals. It also informs you about who we may disclose your personal data to, and advises you of your rights relating to your personal data.

When processing your personal data, we comply with legislation applicable in the Slovak Republic, including, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), Act No 18/2018 on the protection of personal data (the “Act”), and other relevant legislation.

The controller of the information systems in which your personal data is processed is:

Company name: EUCOS SK s.r.o.

Registered office: Kováčska 38, 044 25 Medzev 

Registration number: 36 668 702

Incorporation:  Commercial Register maintained by Košice Municipal Court, Section: Sro, File: 18606/V

Phone: +421 905 944 695                                

email: eucos@eucos.sk

(the “Controller”)

We respect every individual’s right to privacy and therefore take all necessary measures and do our utmost to ensure the security of all information and personal data we obtain. We have aimed to write this policy as simply and clearly as possible for everyone to understand. However, if you have any questions about data protection at our company after reading this document, or if you have any related concerns, please contact us using the details above.

We would also like to inform you that, in the processing of your personal data, no data is transferred to third countries outside the European Union or to international organisations. The Controller does not engage in automated individual decision-making, including profiling, pursuant to Section 28(1) and (4) of the Act.

What is personal data?

“Personal data” means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, or an online identifier. Personal data also includes one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Personal data also encompass special categories of personal data, i.e. data from which it is possible to determine or infer information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, physical or mental health, sexual life, or sexual orientation.

Why do we process personal data?

Processing personal data is essential for us primarily in order to:

• sell goods and provide services;
• employ staff;
• fulfil various legal and contractual obligations;
• protect our legitimate interests and those of our customers, business partners, and other persons;
• inform our customers and potential customers about current offers and news that may be of interest to them.

We therefore obtain personal data from you so that we can establish and pursue our contractual relationship with you. In this respect, it is important that you provide us with complete, accurate, up-to-date, and truthful personal data. We do not intentionally collect any special categories of personal data unless you voluntarily provide them to us.  We do not process special categories of personal data unless consent has been granted by the data subject.

What personal data do we process, on what legal basis, for what purpose, for how long, and who are the recipients?

We process your personal data on the basis of one or more of the following legal bases:

1. Consent to the processing of personal data

We process only the personal data for which you have given us your consent, and solely for the specific purpose for which this consent was granted. It is processed for no longer than the period for which your consent was given or until it is withdrawn. The recipient of your personal data on this legal basis is the Controller or another party as specified in your consent. The provision of personal data on this legal basis is voluntary. Withholding your personal data should not have any adverse or significant consequences for you.

• Contractual performance or pre-contractual steps

We process only the personal data that is necessary for the performance of a contract to which you are a party or under which a service or product is to be provided to you, or which is required to take steps at your request prior to entering into such a contract. Withholding this data would make it impossible to conclude the contract with you or to provide contractual performance.

This processing typically concerns cases where:

– you contacted the Controller via the contact form on our website or left a comment on the Controller’s website;

– you ordered products or services from the Controller, or are the recipient of products or services from the Controller;

– you have concluded, or wish to conclude, an employment contract, or other work contract, with the Controller;

– you are a supplier or another contractual partner of the Controller.

The personal data we may process in this situation mainly comprises:

• first name, surname, title, permanent address, date of birth, telephone number, and email address;
• company registration number (IČO), tax ID (DIČ), VAT number (IČ DPH), or any other identification number;
• bank account details.

It may also include, for example:

• for employment-related contractual relationships: surname at birth, personal identification number, place of birth, signature, marital status, nationality, citizenship, temporary address, sex, education details, legal capacity, and other information required to calculate wages or wage compensation, social and health insurance contributions, tax, etc.;
• if you leave a comment on the Controller’s website: the data displayed in the comment form, the user’s IP address and browser user agent for purposes of spam protection, and your profile picture, which will be publicly displayed along with your comment content once your comment is approved;
• any other personal data you provide to us for the purpose of selling our products or providing our services, or for fulfilling any other contractual obligation.

When a comment is submitted, the comment and its metadata are stored separately. This allows us to automatically recognise and approve related comments without having to hold them for moderation.

If you register as a user on our website, we also store the personal data you provide in your user profile. All users may view, edit, or delete their personal data at any time (however, they cannot change their username). Website administrators may also view and edit this information.

We process this personal data for one or more of the following purposes:

• to respond to an enquiry you have submitted via the contact form on our website;

• to identify you as a contracting party in a contractual relationship with the Controller;
• to identify you as a person to whom performance is to be provided under a contract between the Controller and another party;
• to duly fulfil the Controller’s contractual obligations;
• to manage and administer the contractual relationship;
• to identify payments made for products or services or other contractual performance;
• to duly comply with other legal or contractual obligations of the Controller;
• to handle any claims or complaints.

This data is processed until:

• the enquiry you submitted via our contact form has been addressed in full;
• all obligations arising from the relevant contractual relationship have been fulfilled, including the resolution of any complaints or other claims you have raised; and/or
• all other rights and obligations between you and the Controller have been settled.

The recipients of your personal data on this legal basis are the Controller and, if necessary, a party engaged by the Controller to provide the service you purchased or to deliver the purchased products, any of the Controller’s professional advisers (in legal, accounting, or tax matters, etc.), or a party providing IT services to the Controller. If you post a comment on the Controller’s website, an anonymised string created from your email address (known as a hash) may be provided to the Gravatar service to check if you use it. The Gravatar privacy policy can be found at: https://automattic.com/privacy/.

• Obligation arising from a specific regulation or an international treaty binding upon the Slovak Republic

We process personal data on this legal basis to the extent necessary under a specific regulation or an international treaty binding upon the Slovak Republic. 

Personal data is processed on this legal basis to fulfil obligations laid down, in particular, by accounting, payroll, and tax legislation. This includes the transfer of personal data primarily to financial administration authorities, social and health insurance agencies, supplementary pension insurance companies, pension fund management companies, the Office of Labour, Social Affairs and Family, and other public authorities in compliance with the relevant legislation. It also covers compliance with archiving obligations and, where applicable, the fulfilment of the obligation to respond to requests from courts, bailiffs, law enforcement agencies, and other competent bodies, especially in connection with criminal or civil proceedings under the Code of Criminal Procedure or the Code of Civil Dispute Procedure.

The data subject is required to provide this personal data, as failure to do so would prevent us from fulfilling obligations imposed on us by the relevant legislation.

We process personal data for these purposes for as long as is necessary to fully achieve the purpose of processing as set out in the applicable legal provisions.

The recipients of your personal data on this legal basis are the Controller and the entities specified in the specific regulation or international treaty, examples of which are listed above.

• The need to protect your or another natural person’s life, health, or property

We process personal data on this legal basis to the extent necessary to protect the life, health, or property of you or another natural person (this is primarily identifying data, such as first name and surname, permanent address, and, where applicable, contact details – in particular a phone number and email address).

Personal data is processed on this legal basis in particular:

• to identify individuals at risk of harm to life, health, or property, with the aim of preventing such harm;
• to identify individuals who have caused or are evidently planning to cause harm to others’ life, health, or property, with the aim of preventing them from doing so.

We process personal data on this legal basis for as long as is necessary to achieve the stated purpose.

The provision of personal data on this legal basis is a contractual requirement, as without it we would be unable to ensure the necessary protection of your or another natural person’s life, health or property.

The recipients of your personal data on this legal basis are the Controller and persons responsible for ensuring the protection of life, health, or property (including, but not limited to, health professionals, the police, security staff, law enforcement authorities, and any other relevant state authorities or persons).

• Legitimate interest of the Controller or a third party

We process personal data on this legal basis to the extent necessary for the legitimate interests of the Controller, which may include:

• our legitimate interest in maintaining relationships with our business contacts and providing information about our products and services, as well as raising awareness of our company (scope of personal data processing: email address);
• our legitimate interest in developing and optimising our website and improving your user experience.

We process personal data on this legal basis for as long as is necessary to achieve the stated purpose.

The provision of personal data on this legal basis is voluntary. However, without it, we will not be able to inform you of the above.

The recipients of your personal data processed on this legal basis are the Controller and providers of IT or other services to the Controller.

You have the right to object to the processing of personal data on this legal basis (including profiling), in line with the information outlined below in the section “What rights do you, as a data subject, have in relation to your personal data?” for reasons relating to your particular situation. The Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your rights or interests, or for the establishment, exercise, or defence of legal claims.

You also have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing. In this case, the Controller may no longer process your personal data for direct marketing purposes.

Use of cookies

Cookies are small text files that a website stores on your device (PC, smartphone, etc.) when you visit it, allowing it to record specific information relating to your device. On the one hand, they serve to optimise the website and improve user satisfaction (e.g. by storing login details, information about your activity and preferences such as language, font size, and other display settings so that you do not have to re-enter them when you return to the site or navigate between pages). On the other hand, they are used for to collect statistical data on how the website is used, enabling us to analyse it with a view to improving our services.

We use cookies to store user preferences, better tailor advertising to the interests of visitors, and ensure the website functions as intended. We retain data via cookies that is not linked to you personally, and we do not use it to identify you.  The use of cookies does not pose a risk to you, as they cannot transmit viruses or access data from your device’s hard drive.

You can manage cookies via your internet browser. Most browsers accept cookies by default. If you leave a comment on our site, you may choose to have your name, email address, and website stored in cookies for your convenience, so that you do not have to fill in your details again when posting another comment. These cookies are valid for one year.

If you visit our login page, we will set temporary cookies to determine whether your browser accepts cookies. These cookies contain no personal data and are deleted when you close your browser.

When you log in, we will set several cookies to save your login details and display preferences. Login cookies are valid for two days, and display settings for one year. If you select “remember me”, your login will be retained for two weeks. When you log out, these cookies are deleted.

When editing or publishing an article, additional cookies will be stored in your browser. These cookies contain no personal data and relate only to the ID of the article being edited. They are valid for one day.

The use of cookies and permission to store them in your web browser is entirely at your discretion. You may delete cookies at any time or configure your browser to reject them or prevent them from being stored (see aboutcookies.org for details). However, doing so may require you to manually adjust some settings each time you visit the site, and some services may not function properly, or some parts of the site may be inaccessible.

Embedded content from other websites

Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor had visited the external website directly. These websites may collect personal data about you, use cookies, embed third-party tracking tools, and monitor your interaction with the embedded content, including tracking your interaction if you have an account with the external website and are logged in.

Security of your personal data

To protect the security of your personal data, we have adopted a number of appropriate technical and organisational measures, such as:

• the securing of the operating environment in which we collect your personal data, with access restricted solely to persons designated by the Controller via password-protected access;
• physical security of premises where devices containing collected personal data are located;
• the securing of data storage systems where personal data is held via antivirus software and similar protection.

What rights do you, as a data subject, have in relation to your personal data?

As a data subject, you have the right to clear, transparent, and understandable information about how your personal data is used, and the following rights:

• the right to request access to your personal data from the Controller and confirmation of whether or not your personal data is being processed. If so, you have the right to receive information on:
  • the purpose of the processing of the personal data;
  • the category of personal data to be processed;
  • the identification of the recipient or on the category of recipient to whom the personal data is to be provided, in particular on a recipient in a third country, or on an international organisation, if possible;
  • the period for which the personal data will be stored, or, where that is not possible, information on the criteria used to determine that period;
  • whether the provision of personal data is a legal or contractual requirement, or necessary to enter into a contract;
  • the existence of automated individual decision-making, including profiling, pursuant to Section 28(1) and (4) of the Act; in those cases, the Controller will provide the data subject with information on the procedure applied, as well as on the significance and the envisaged consequences of such processing of personal data for the data subject;

• the right to rectification of inaccurate or incomplete personal data, if you believe we are processing inaccurate or incomplete information about you;
• the right to erasure of your personal data where:
  • it is no longer necessary for the purpose for which it was collected or otherwise processed;
  • it was processed based on your consent and you have withdrawn this consent, if there is no other legal basis for processing;
  • you legitimately object to the processing of personal data pursuant to Section 27(1) and there are no overriding legitimate grounds for the processing of personal data pursuant to Section 27(2) of the Act;
  • it has been processed unlawfully;
  • erasure is required to comply with legal obligations under the Act, a specific regulation, or an international treaty binding on the Slovak Republic,
  • it has been collected in relation to an offer of information society services pursuant to Section 15(1) of the Act;

unless processing is required under Section 23(4) of the Act;,

• the right to restrict the processing of your personal data where:
  • you contest the accuracy of the data, for a period enabling us to verify its accuracy;
  • the processing is unlawful, but you oppose the erasure of the data and request the restriction of its use instead;
  • the Controller no longer needs the data for the original purpose, but you require it to establish, exercise, or defend legal claims;
  • you have objected to processing under Section 27(1) of the Act, pending verification of whether the Controller’s legitimate grounds override yours;
• the right to data portability as set out in Section 26 of the Act;
• the right to object to the processing of personal data:
  • which is based on the legitimate interests of the Controller or a third party, on grounds relating to your particular situation, including profiling;
  • for direct marketing purposes, including profiling to the extent that it relates to direct marketing;
  • on grounds relating to your particular situation, except where the processing is necessary for the performance of a task carried out in the public interest, or where the data is processed for scientific, historical, or statistical purposes under Section 78(7) of the Act;
• the right to withdraw your consent in cases where the processing of your personal data is based on your consent;
• the right to submit an application for the institution of proceedings with the Office for Personal Data Protection in accordance with Section 100 of the Act;
• the right to unsubscribe from marketing communications at any time.

Changes to this privacy notice

We reserve the right to amend this privacy notice as required to reflect changes in our practices, offerings, or applicable legislation. When we make changes, we will update the effective date of the Privacy Policy at the top of this document. If we make significant changes to the way we collect, use or otherwise process your personal data, we will draw attention to this on our website by posting an important notice about such changes. We recommend checking our website occasionally to stay informed of any updates to our Privacy Policy.