Contact

DATA PROCESSING DECLARATION BY THE CONTROLLER

This section provides information on the processing and protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR), and Act No. 18/2018 Coll. on the protection of personal data and on the amendment and supplementation of certain laws (hereinafter referred to as the “Personal Data Protection Act”).

1. Controller

ACCOUNTA, s.r.o.
Štefánikova 23, 917 01 Trnava, Slovakia
Company ID (IČO): 46396250

We process your personal data as a Controller. This means we determine the purpose for which your personal data is collected, the means of processing, and we are responsible for ensuring the processing is lawful.
Inquiries can be submitted by phone: +421 905 763 936 or by email: gdpr@accounta.sk.

2. Processors

In some cases, we may process your personal data via processors authorized under Article 28 of the GDPR. These processors act on our behalf and are contractually obliged to comply with data protection regulations.

We use the following categories of processors:

• Providers of technical solutions, web hosting, IT system maintenance and support

Categories of data recipients: authorized employees of the controller, legal advisors, auditors, public authorities, and supervisory bodies.

3. Purposes of Personal Data Processing

As a Controller, we process personal data based on a lawful basis for the following purposes:

• Responding to inquiries, requests, or questions
  • Purpose: Providing an appropriate response
  • Legal basis: Article 6(1)(f) GDPR – legitimate interest
  • Note: You have the right to object
• Interest in our services or products
  • Purpose: Pre-contractual steps
  • Legal basis: Article 6(1)(b) GDPR – performance of a contract
• Contractual processing
  • Purpose: Order execution, invoicing, service delivery
  • Legal basis: Article 6(1)(b) GDPR
• Job applicants
  • Purpose: Application to job offer or registration in our job applicant database
  • Legal basis:
    • Article 6(1)(b) GDPR – pre-contractual relationship
    • Article 6(1)(a) GDPR – consent for database registration (can be withdrawn anytime)
• Legal obligations
  • Purpose: Compliance with tax, labor, accounting, and other regulations
  • Legal basis: Article 6(1)(c) GDPR
• Internal record keeping (contracts, invoices, correspondence)
  • Legal basis:
    • Article 6(1)(b) GDPR – contract
    • Article 6(1)(c) GDPR – legal obligation
    • Article 6(1)(f) GDPR – legitimate interest (you may object)
• Business contact management
  • Purpose: Maintaining business relationships
  • Legal basis: Article 6(1)(f) GDPR in connection with §78(3) of the Slovak Data Protection Act

As a Processor (Article 28 GDPR), we process personal data on behalf of our clients within services such as:

• Accounting services
  • Purpose: Full accounting for businesses and individuals
  • Data: Identifiers, financial info, invoices, payments, tax documents
• Payroll and HR management
  • Purpose: Payroll processing, social/health insurance, personnel agenda
  • Data: Names, salaries, health and family info, bank details
• Tax advisory
  • Purpose: Tax optimization, consultation, filing and reviewing tax returns
  • Data: Financial and tax-relevant personal information

In these cases, we act only on your instructions and follow our data processing agreement in full compliance with GDPR.

4. Data Retention Period

We retain your personal data:

• As required by applicable tax and accounting laws (e.g., Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax, Act No. 563/2009 Coll. on Tax Administration)
• Data not subject to legal archiving will be deleted or anonymized once no longer needed.
• Data processed on consent basis (Article 6(1)(a) GDPR) is stored for up to 3 years, unless consent is withdrawn earlier.
• Data processed on legitimate interest basis is deleted once the purpose has been fulfilled, unless it enters into a contractual stage.

Data is securely deleted when:

• All legal obligations are fulfilled
• No active contracts, claims, or complaints remain
• Consent is withdrawn or expired
• A legitimate objection is upheld

In case we accidentally obtain personal data not intended for processing, we take immediate steps to notify the data subject and securely delete such data.

5. Disclosure of Data

We do not publish or disclose your personal data without lawful grounds.

6. Cross-Border Transfers & Profiling

We do not transfer personal data outside the EU/EEA, nor do we engage in automated decision-making or profiling.

7. Rights of the Data Subject

You have the right to:

• Access your personal data
• Rectify inaccurate or outdated data
• Erase data under defined conditions (e.g. withdrawal of consent, unlawful processing)
• Restrict processing temporarily
• Data portability (if based on consent or contract and automated)
• Object to processing based on legitimate interest or direct marketing
• Withdraw consent at any time
• Lodge a complaint with the relevant supervisory authority

Contact us by phone, email, or mail. We will respond no later than 30 days from receiving your request.

8. Supervisory Authority Contact Details (Slovakia)

Office for Personal Data Protection of the Slovak Republic
Address: Park One Building, Námestie 1. mája 18, 811 06 Bratislava
Website: www.dataprotection.gov.sk
Phone: +421 2 3231 3220

Email:

• General inquiries: statny.dozor@pdp.gov.sk
• Public information requests: info@pdp.gov.sk
• Technical issues: webmaster@pdp.gov.sk
• Youth education and incident help: ochrana@pdp.gov.sk