INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to Articles 12, 13 and 14 of the GDPR (hereinafter “Information”)
This Information describes how the controller, HRAVY s. r. o., with its registered seat at Eurovea Central 1, Pribinova 8, Bratislava – Staré Mesto 811 09, Company ID No.: 54 726 671, registered in the Commercial Register of the Bratislava III Municipal Court, Section: Sro, File No.: 161976/B (hereinafter the “controller”), processes personal data.
If anything in this Information is unclear or difficult to understand, we will be happy to explain any term or section. We process personal data in accordance with the requirements of the GDPR, Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts, as amended, and other generally binding legal regulations.
1. BASIC TERMS
1.1 Personal data – any information relating to an identified or identifiable natural person, for example name, surname, date of birth, personal ID number, telephone number, email address, IP address, etc.
1.2 GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
1.3 Data subject – a natural person to whom the personal data relate.
1.4 Processing of personal data – any activity or processing operations performed by the controller or processor involving personal data.
1.5 Controller – a natural or legal person who determines the purpose and means of personal data processing.
1.6 Purpose of processing – a clearly defined or established intention for which personal data are processed in connection with a specific activity.
1.7 Legitimate interest – the interest of the controller or a third party that requires the processing of personal data, provided it outweighs the interests or fundamental rights and freedoms of the data subject.
1.8 Recipient – any natural or legal person, public authority, agency, or other body to whom personal data are disclosed.
2. PERSONAL DATA CONTROLLER
Controller: HRAVY s. r. o.
Legal form: Limited liability company
Seat: Eurovea Central 1, Pribinova 8, Bratislava – Staré Mesto 811 09
Email: [email protected]
Telephone: +421 908 341 605
3. PURPOSES AND LEGAL BASES OF PROCESSING
|
Purpose |
Legal Basis |
|
Accounting |
Art. 6(1)(c) GDPR – compliance with legal obligation |
|
HR and payroll |
Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(c) GDPR – legal obligation |
|
GDPR administration |
Art. 6(1)(c) GDPR – legal obligation |
|
Network and other security |
Art. 6(1)(f) GDPR – legitimate interest |
|
Supplier/Customer contracts |
Art. 6(1)(b) GDPR – performance of a contract; Art. 6(1)(f) GDPR – legitimate interest |
|
Website (cookies) |
Art. 6(1)(a) GDPR – consent |
|
Attendance records |
Art. 6(1)(c) GDPR – legal obligation |
|
Fire protection |
Art. 6(1)(c) GDPR – legal obligation |
|
Occupational health & safety (BOZP) |
Art. 6(1)(c) GDPR – legal obligation |
|
CCTV – protection of property and persons, theft prevention, vandalism prevention, unauthorized entry prevention, support for incident investigation, and workplace safety compliance |
Art. 6(1)(f) GDPR – legitimate interest |
|
Publishing and other processing via social networks (Facebook, Instagram, YouTube, LinkedIn) |
Art. 6(1)(a) GDPR – consent; Art. 6(1)(f) GDPR – legitimate interest |
|
Consumer competitions |
Art. 6(1)(a) GDPR – consent |
|
Direct marketing |
Art. 6(1)(a) GDPR – consent |
4. LEGITIMATE INTERESTS OF THE CONTROLLER OR THIRD PARTIES
|
Legitimate interest |
Description |
|
Network and other security |
Controller’s interest in ensuring security – obligation under GDPR to implement adequate security measures, including logging activities of subjects accessing the controller’s environment |
|
Supplier/customer contracts |
Legitimate interest of the controller and third parties in fulfilling contracts with suppliers |
|
Website (cookies) |
Controller’s interest in raising awareness of its activities |
|
Direct marketing |
Controller’s interest in marketing and promoting provided services |
|
Social networks |
Controller’s interest in raising awareness of its activities |
|
CCTV |
Protection of property and persons, prevention of theft, vandalism, unauthorized entry, support for incident investigation, and workplace safety through a costeffective CCTV system |
5. RECIPIENTS
Personal data may be disclosed to:
-
persons processing data under the controller’s direct authorization (employees, contractors, etc.)
-
processors (fire protection service providers, BOZP providers, external accounting providers)
-
managing director
-
state authorities (Tax Office, Social Insurance Agency, Labour Office, Data Protection Authority, other authorities) only when not acting within a specific investigation
-
health insurance companies, bailiffs, supplementary pension companies, pension funds
-
other authorized entities as necessary
6. TRANSFER TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
The controller generally does not transfer personal data outside the EU/EEA.
A transfer may occur if a data subject interacts with the controller’s profiles on Facebook, Instagram, YouTube, or LinkedIn. In such cases, personal data may be transferred to the USA in accordance with the European Commission’s adequacy decision – EU–U.S. Data Privacy Framework.
7. DATA RETENTION PERIODS
Personal data are stored only for as long as necessary for the purposes for which they are processed. Retention periods/deletion deadlines or criteria for their determination are documented in processing activity records, available upon request.
8. RIGHTS OF THE DATA SUBJECT
Data subjects have the following rights:
8.1 Right to Information on the Processing of Personal Data
This includes, in particular: the identity and contact details of the controller, the purposes of processing, the categories of personal data concerned, the recipient or categories of recipients, information on any transfers of personal data to third countries, the retention period, authorized processors, a list of your rights, the possibility to contact the Office for Personal Data Protection of the Slovak Republic, the source of processed personal data, and information on whether automated decision-making and profiling take place and how they are carried out.
8.2 Right of Access to Personal Data
You have the right to obtain confirmation as to whether your personal data are being processed and, if so, to access information on the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients, the data retention period, your rights, your right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, the source of personal data, information on automated decisionmaking and profiling, and the safeguards applied in the case of transfers to a third country or an international organization. You also have the right to obtain a copy of the personal data undergoing processing.
8.3 Right to Rectification
You have the right to the rectification of inaccurate personal data. Considering the purposes of processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
8.4 Right to Erasure (“Right to be Forgotten”)
In certain cases established by law, we are obliged to erase your personal data. Each request is subject to an individual assessment of whether the conditions for erasure are met, as we may be bound by legal obligations or may process the data on the basis of legitimate interest. If our legitimate interest (or the legitimate interest of a third party) outweighs your interests, we are entitled to continue processing the personal data for that purpose.
8.5 Right to Restriction of Processing
You may request that the controller restrict the processing of your personal data if one of the following applies:
-
you contest the accuracy of the personal data, for a period enabling the controller to verify their accuracy;
-
the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
-
the controller no longer needs the personal data for processing purposes, but you require them for the establishment, exercise, or defense of legal claims;
-
you have objected to processing in specific situations under the GDPR (task carried out in the public interest, legitimate interest of the controller, or profiling), pending the verification whether the controller’s legitimate grounds override those of the data subject.
8.6 Right to Data Portability
If you request the transfer of your personal data to another controller, we will provide the data in an appropriate format, provided that no legal or other significant obstacles prevent us from doing so.
8.7 Right to Object and Automated Individual DecisionMaking
You have the right to object at any time to the processing of personal data concerning you when such processing is carried out on the grounds of public interest or legitimate interest.
If we process personal data for direct marketing purposes based on legitimate interest, you may object at any time to such processing, including profiling to the extent that it relates to direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
8.8 Processing Based on Consent (Right to Withdraw Consent)
Where processing is based on your consent under Article 6(1)(a) or Article 9(2)(a) GDPR, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8.9 Right to Submit a Petition, Complaint, or Request to the Supervisory Authority
You may contact the supervisory authority at any time with a petition, suggestion, or complaint concerning the processing of your personal data.
Supervisory authority:
Office for Personal Data Protection of the Slovak Republic,
Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic
Tel.: +421/2/3231 3220
Website: https://dataprotection.gov.sk/sk/
-
Response Timeframe
We will provide a response and information on measures taken as soon as possible, but no later than within one month. If necessary and considering the complexity and number of requests, we may extend the period by two additional months. You will be informed of any extension, including the reasons.
-
Contact Point
Data subjects may exercise their rights with the controller via email at [email protected] or by post at:
HRAVY s. r. o.
Eurovea Central 1
Pribinova 8
Bratislava – Staré Mesto 811 09
Slovak Republic
All notifications and statements regarding the exercise of rights are provided free of charge. However, if a request is manifestly unfounded or excessive — especially because it is repetitive — we may charge a reasonable fee reflecting administrative costs or refuse to act on the request. In the case of repeated requests for copies of processed personal data, we reserve the right to charge a reasonable administrative fee.
9. PROVISION OF PERSONAL DATA
The provision of personal data is voluntary; therefore, providing data to us as the controller, given that we are a private‑law entity, is not a legal requirement. If you wish to conclude a contract with us, the provision of personal data may be necessary for the conclusion of such a contract. In that case, the provision of data constitutes a contractual requirement.
The data subject is not obliged to provide their personal data; they provide them voluntarily. Refusal to provide personal data generally does not have negative consequences for the data subject; however, in certain cases it may result in our inability to provide the requested service to the data subject.
10. AUTOMATED DECISION-MAKING AND PROFILING
The controller does not use automated individual decision-making, including profiling.
11. PROCESSING FOR OTHER PURPOSES
We respect the principle of purpose limitation, meaning that personal data are processed solely for a specific, explicitly stated, and legitimate purpose, unless the processing is carried out for a compatible purpose. Processing for another purpose may also be based on the data subject’s consent, or on the law of the European Union or the Slovak Republic.
To determine whether another purpose is compatible with the purpose for which the personal data were originally collected, we perform a so‑called compatibility test before starting such processing. In this test, we take into account:
11.1 any link between the purposes for which the personal data were collected and the purposes of the intended further processing;
11.2 the context in which the personal data were collected, in particular the relationship between the data subjects and the controller;
11.3 the nature of the personal data, especially whether special categories of personal data under Article 9 GDPR, or personal data relating to criminal convictions and offences under Article 10 GDPR, are processed;
11.4 the possible consequences of the intended further processing for the data subjects;
11.5 the existence of appropriate safeguards, which may include encryption or pseudonymisation.
12. OVERVIEW OF SELECTED PERSONAL DATA PROTECTION LEGISLATION
-
Charter of Fundamental Rights of the European Union (Article 8);
-
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation – GDPR);
-
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (consolidated version);
-
Act No. 351/2011 Coll. on Electronic Communications, as amended;
-
Constitution of the Slovak Republic (published under No. 460/1992 Coll.);
-
Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts, as amended;
-
Decree No. 158/2018 Coll. of the Office for Personal Data Protection of the Slovak Republic on the Procedure for Conducting a Data Protection Impact Assessment.
13. USE OF COOKIES
The website www.adventica.sk uses cookies that collect and store information during the user’s browsing session. Cookies are used for various purposes, such as recording choices made by the user while browsing the website or tracking the user’s activity on the website. They may also be used to store any information previously entered by the user into forms on the website. The use of cookies can be disabled in most internet browsers.
According to GDPR (Recital 30), cookies are defined as online identifiers which, in combination with unique identifiers and other information obtained from servers, may be used to create profiles of natural persons and to identify them; therefore, cookies are considered personal data under the GDPR.
The controller may use cookies only with the user’s consent. The user may withdraw their consent to cookies at any time. Each user can express their consent or refusal to the use of cookies when visiting the website through a consentmanagement tool (banner, CMP, bar). If the user does not give consent to the use of cookies, such cookies will not be activated on the website.
We use the following cookies:
|
Cookie name |
Provider |
Type |
Expiry |
Purpose |
|
Necessary cookies |
|
|
|
|
|
CookieConsent |
adventica.sk |
HTTP Necessary |
1 year |
Stores the user's cookie consent state for the current domain |
|
PHPSESSID |
adventica.sk |
HTTP Necessary |
Deleted after session ends |
Maintains the user's session state during page requests. |
|
test_cookie |
doubleclick.net |
HTTP Necessary |
1 day |
Unclassified |
|
maps/gen_204 |
maps.google.com |
Pixel |
Deleted after session ends |
Used in connection with map integration on the website. The cookie stores user interaction with the map to optimize its functionality. |
|
_ga |
adventica.sk |
HTTP Statistical |
2 years |
Used to send data to Google Analytics about the device and visitor behavior. Tracks visitors across devices and marketing channels. |
|
_ga_# |
adventica.sk |
HTTP Statistical |
2 years |
Used to send data to Google Analytics about the device and visitor behavior. Tracks visitors across devices and marketing channels. |
|
__Secure-ROLLOUT_TOKEN |
youtube.com |
HTTP Marketing |
180 days |
Unclassified |
|
__Secure-YEC |
youtube.com |
HTTP Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
__Secure-YNID |
youtube.com |
HTTP Marketing |
180 days |
Unclassified |
|
_fbp |
adventica.sk |
HTTP Marketing |
3 months |
Used by Facebook to provide a range of advertising products, such as real-time bidding from third parties. |
|
_gcl_au |
adventica.sk |
HTTP Marketing |
3 months |
Used to measure the effectiveness of website advertising efforts by collecting data on website ad conversion rates across multiple websites. |
|
_gcl_ls |
googletagmanager.com |
HTTP Marketing |
Permanent |
Tracks conversion rates between the user and advertising banners on the website – This is used to optimize the relevance of ads on the website. |
|
LAST_RESULT_ENTRY_KEY |
youtube.com |
HTTP Marketing |
Deleted after session ends |
Used to track user interaction with embedded content. |
|
lastExternalReferrer |
connect.facebook.net |
HTTP Marketing |
Permanent |
Determines how the user arrived at the website by recording their last URL address. |
|
lastExternalReferrerTime |
connect.facebook.net |
HTTP Marketing |
Permanent |
Determines how the user arrived at the website by recording their last URL address. |
|
LogsDatabaseV2:V#||LogsRequest |
youtube.com |
IndexedDBMarketing |
Permanent |
Used to track user interaction with embedded content. |
|
pagead/1p-user-list/# |
google.com |
Pixel Marketing |
Deleted after session ends |
Tracks whether the user showed interest in specific products or events across multiple websites and determines how the user navigates between sites. This is used to measure ad effectiveness and facilitates payment of referral fees between websites. |
|
remote_sid |
youtube.com |
HTTP Marketing |
Deleted after session ends |
Necessary for the implementation and operation of YouTube video content on the website. |
|
ServiceWorkerLogsDatabase#SWHealthLog |
youtube.com |
IndexedDBMarketing |
Permanent |
Necessary for the implementation and operation of YouTube video content on the website. |
|
TESTCOOKIESENABLED |
youtube.com |
HTTP Marketing |
1 day |
Used to track user interaction with embedded content. |
|
VISITOR_INFO1_LIVE |
youtube.com |
HTTP Marketing |
180 days |
Unclassified |
|
YSC |
youtube.com |
HTTP Marketing |
Deleted after session ends |
Unclassified |
|
ytidb::LAST_RESULT_ENTRY_KEY |
youtube.com |
HTML Marketing |
Permanent |
Used to track user interaction with embedded content. |
|
YtIdbMeta#databases |
youtube.com |
IndexedDBMarketing |
Deleted after session ends |
Used to track user interaction with embedded content. |
|
yt-remote-cast-available |
youtube.com |
HTML Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-cast-installed |
youtube.com |
HTML Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-connected-devices |
youtube.com |
HTML Marketing |
Permanent |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-device-id |
youtube.com |
HTML Marketing |
Permanent |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-fast-check-period |
youtube.com |
HTML Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-session-app |
youtube.com |
HTML Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
yt-remote-session-name |
youtube.com |
HTML Marketing |
Deleted after session ends |
Stores the user's video player preferences when using embedded YouTube video |
|
nvart |
adventica.sk |
HTTP |
14 days |
Unclassified |
|
|
|
|
|
|
Necessary cookies
These cookies are essential for the usability of the website. They enable basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Statistical cookies
These cookies help website owners understand how visitors interact with the website by collecting and reporting information anonymously.
Marketing cookies
These cookies are used to track visitors across websites. Their purpose is to display advertisements that are relevant and engaging for individual users, making them more valuable for publishers and thirdparty advertisers.
14. CHANGES TO THE PRIVACY POLICY
We reserve the right to amend the wording of these personal data processing rules, in particular when it is necessary to reflect legislative changes or modifications to the purposes or means of processing. If any changes to the personal data processing rules could affect the rights of data subjects, we will inform them in an appropriate manner and sufficiently in advance.
This document is updated regularly.
Last update: 11.02.2026