Privacy Policy
within the meaning of Articles 12, 13 and 14 GDPR (hereinafter the “Information”)
This Information describes the manner in which the controller innie s. r. o., with its registered office at Námestie Štefana Moysesa 42/14, Banská Bystrica 974 01, Company ID (IČO): 53 851 293, registered with the District Court Banská Bystrica, Section: Sro, Insert No.: 41562/S (hereinafter the “controller”) processes personal data. If anything in this Information is unclear or incomprehensible to you, we will be happy to explain any term or part to you. We process personal data in accordance with the requirements of the GDPR, Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts, as amended, and other generally binding legal regulations.
Basic concepts
1. Personal data – any information relating to an identified or identifiable natural person, for example name, surname, date of birth, birth number, telephone number, e-mail address, IP address and the like.
2. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
3. Data subject – a natural person to whom the personal data relate.
4. Processing of personal data – an activity or processing operations which the controller or processor carries out with personal data.
5. Controller – a natural person or legal person who determines the purpose and means of the processing of personal data.
6. Purpose of the processing of personal data – a clearly defined or specified intention of the processing of personal data, set out in advance, which is linked to a particular activity.
7. Legitimate interest – an interest of the controller or of a third party from which the need to process personal data arises, where it overrides the interests or fundamental rights and freedoms of the data subject.
8. Recipient – a natural or legal person, public authority, agency or other body to which the personal data are disclosed.
Controller of personal data
The controller of personal data is:
| Controller: | innie s. r. o. |
| Legal form: | limited liability company |
| Registered office: | Námestie Štefana Moysesa 42/14, Banská Bystrica 974 01 |
| E-mail: | info@inodemy.com |
Purposes and legal bases of the processing
| purpose | legal basis |
| Bookkeeping Fulfilment of obligations arising from accounting regulations, keeping accounting records, management of accounting documents | Art. 6(1)(c) GDPR – compliance with a legal obligation |
| Internal personal data protection agenda Records of personal data necessary for the purposes of fulfilling the obligations laid down by the GDPR and other legal regulations on the protection of personal data, in particular the records and handling of the rights of data subjects and records of security incidents | Art. 6(1)(c) GDPR – compliance with a legal obligation |
| Network security and other security | Art. 6(1)(f) GDPR – legitimate interest |
| Supplier/Customer contracts In the performance of contracts with suppliers and customers we process the personal data of suppliers and customers who are natural persons or of persons who act and appear on behalf of suppliers and customers who are legal persons. | Art. 6(1)(b) GDPR – performance of a contract Art. 6(1)(f) GDPR - legitimate interest |
| Website (cookies - we use cookies and other tracking technologies to improve your website browsing experience, to display personalised content and targeted advertising, and to analyse traffic) | Art. 6(1)(a) GDPR - consent of the data subject |
| Profile on the social networks Facebook, Instagram and TikTok (marketing – presentation of activities) | Art. 6(1)(f) GDPR – legitimate interest |
| Publication and other processing of personal data through social networks (Facebook, Instagram) | Art. 6(1)(a) GDPR – consent of the data subject Art. 6(1)(f) GDPR - legitimate interest |
| Direct marketing (promotion of activities through newsletters) | Art. 6(1)(a) GDPR – consent of the data subject |
| References obtaining and publishing customer ratings and recommendations | Art. 6(1)(a) GDPR – consent of the data subject |
| Registration obtaining and publishing customer ratings and recommendations | Art. 6(1)(b) GDPR – performance of a contract |
| IS Payment gateway (Paddle) Execution of the payment transaction, payment verification | Art. 6(1)(b) GDPR – performance of a contract |
Legitimate interests of the controller
| purpose | characteristics |
| Network and other security | the legitimate interest of the controller in ensuring security - the obligation under the GDPR to implement appropriate security measures, which include keeping records of the activity of entities accessing the controller's environment |
| Supplier/Customer contracts | the legitimate interest of the controller, as well as of third parties, in the performance of contracts with suppliers |
| Profile on the social networks Facebook, Instagram and TikTok (marketing – presentation of activities) | the legitimate interest of the controller in processing the personal data that users publish when visiting the controller's profile |
Recipients
A recipient is any person to whom the controller discloses personal data, irrespective of whether it is a third party. The data which the controller processes are, depending on the individual purposes of the processing, disclosed to the following recipients:
- processors (accounting services provider, information system provider)
- state authorities (the tax office, another state authority), but only where they do not receive personal data in the course of a specific investigation;
- the recipient may also be another authorised body.
transfer to a third country and an international organisation
A transfer to a third country may theoretically occur where the data subject visits/uses the controller's company profile on the social networks Facebook and Instagram. In this case, a transfer of personal data to the United States of America may occur in accordance with the European Commission's adequacy decision - **EU-U.S. DATA PRIVACY FRAMEWORK**. The controller also uses the TikTok platform. When using this platform, a transfer of personal data to China may occur, whereby the transfer is based on standard contractual clauses and Art. 49 GDPR. For more information, see TikTok Privacy Policy.
Retention period
We retain personal data in a form which permits identification for no longer than is necessary to achieve the purpose for which the personal data are processed or for the period laid down by a legal regulation. We retain personal data as follows:
| purpose | retention period (or criteria for its determination) |
| Bookkeeping Fulfilment of obligations arising from accounting regulations, keeping accounting records, management of accounting documents | 10 years following the year to which they relate: various accounting documents, accounting books, depreciation plan, inventory lists, inventory records; 5 years following the year to which they relate: tax documents; 10 years following the year to which they relate: payrolls and other wage documentation; 10 years following the year to which they relate: annual wage sheets; at least 20 years following the year to which they relate: personnel files |
| Internal personal data protection agenda Records of personal data necessary for the purposes of fulfilling the obligations laid down by the GDPR and other legal regulations on the protection of personal data, in particular the records and handling of the rights of data subjects and records of security incidents | 5 years - the objective time limit for an inspection carried out by the Office for Personal Data Protection |
| Performance of supplier and customer contracts In the performance of contracts with suppliers we process the personal data of suppliers who are natural persons or of persons who act and appear on behalf of suppliers who are legal persons. | 4 years from the year in which the last contact with the supplier occurred |
| Profile on the social networks Facebook and Instagram Presentation of the controller's activities | for the period during which the account is active |
| Direct marketing (promotion of activities through newsletters) | We process personal data (e-mail address, name) for the duration of the consent, i.e. for the entire period of the newsletter subscription. After the consent is withdrawn (unsubscription), the personal data are erased within 30 days. We retain the record of the grant and withdrawal of consent for a period of 4 years for the purpose of demonstrating the lawfulness of the processing. |
| References | For the duration of the consent, but no longer than 5 years from its grant. After this period expires, we contact the customer with a request to renew the consent. If the consent is not renewed, the reference is removed from the website within 30 days. |
| Registration | for the period during which the account is active |
| IS Payment gateway (Paddle) | for the period during which the account is active |
Rights of the data subject
Data subjects have the following rights:
Information on the processing of personal data
The content of the information consists in particular of the identity and contact details of the controller, the purposes of the processing, the categories of personal data concerned, the recipient or categories of recipients of the personal data, information on the transfer of personal data to third countries, the retention period of the personal data, the authorised controllers, the list of your rights, the possibility of contacting the Office for Personal Data Protection of the Slovak Republic, the source of the processed personal data, and information on whether and how automated decision-making and profiling take place.
Right of access to personal data
You have the right to obtain confirmation as to whether or not personal data are being processed and, if so, you have the right of access to information on the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients, the retention period of the personal data, information on your rights, on the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, information on the source of the personal data, information on whether automated decision-making and profiling take place, and information and safeguards in the event of a transfer of personal data to a third country or an international organisation. You have the right to be provided with a copy of the processed personal data.
Right to rectification
The data subject has the right to the rectification of inaccurate personal data. Having regard to the purpose of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (right to be forgotten)
In certain cases laid down by law we are obliged to erase the data subject's personal data. However, each such request is subject to an individual assessment of whether the conditions are met, because as a controller we may be bound by a legal obligation or we may process personal data on the basis of a legitimate interest. If our legitimate interest (or the legitimate interest of a third party) overrides the interests of the data subject, we are entitled to continue processing the personal data for the relevant purpose.
Right to restriction of processing
The data subject may request the controller to restrict the processing of personal data if any of the following situations occurs:
- the data subject has contested the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing of the personal data is unlawful but the data subject refuses the erasure of those data and instead requests the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing of personal data in specific situations under the GDPR (a task carried out in the public interest, the legitimate interest of the controller or profiling), pending verification of whether the legitimate interests of the controller override the legitimate interests of the data subject.
Right to data portability
If the data subject requests that we transmit their personal data to another controller, we hand over the personal data in a corresponding format to the designated body, provided that no legal or other significant obstacles prevent us from doing so.
Right to object and automated individual decision-making
The data subject has the right to object at any time to the processing of personal data concerning them which is carried out on the legal basis of the public interest or a legitimate interest.
| If we were to process personal data for the purposes of direct marketing on the legal basis of a legitimate interest, the data subject may object at any time to the processing of personal data by the controller for the purposes of direct marketing, including profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for the purposes of direct marketing, the personal data shall no longer be processed for such purposes. |
Processing based on consent (right to withdraw consent)
Where the processing is based on the consent of the data subject within the meaning of Art. 6(1)(a) GDPR or Art. 9(1)(a) GDPR, data subjects have the right to withdraw their consent at any time. Such withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.
Right to lodge a proposal, suggestion or complaint with the supervisory authority
Data subjects may at any time submit a proposal, suggestion or complaint regarding the processing of personal data to the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with its registered office at Galvaniho Business Centrum II, Galvaniho 7/B, Bratislava, Slovak Republic, tel. no.: +421/2/3231 3220, website: https://dataprotection.gov.sk/sk/
- Time limit for a response
We will provide a statement and, where applicable, information on the measures taken as soon as possible, but no later than within one month. Where necessary, and taking into account the complexity and number of requests, we are entitled to extend the time limit by two months. We will inform the data subject of any extension of the time limit, including the reason for it.
- Contact point
Data subjects may exercise their individual rights with the controller, by e-mail to the address: info@inodemy.com or to the postal address Innie s. r. o., Námestie Štefana Moysesa 42/14, Banská Bystrica 974 01, Slovak Republic.
We provide all communications and statements in relation to the exercised rights free of charge. However, if a request were to be manifestly unfounded or excessive, in particular because it were repetitive, we are entitled to charge a reasonable fee taking into account the administrative costs, or to refuse to act on the request. In the event of a repeated request for the provision of copies of the processed personal data, we reserve the right to charge a reasonable fee for the administrative costs.
Provision of personal data
The provision of personal data is primarily voluntary; however, in certain cases the law requires us to obtain and keep records of personal data. If you wish to conclude a contract with us, the provision of personal data may be necessary for the conclusion of the contract. In such a case, the provision is a contractual requirement. The data subject is not obliged to provide their personal data; they provide them voluntarily. A refusal to provide personal data where it is a statutory requirement or a requirement necessary for the performance of a contract may result in our being unable to cooperate with you or to conclude a contract.
Automated decision-making and profiling
The controller does not use what is known as automated individual decision-making, including profiling.
Processing for a further purpose
In the course of processing, we respect the principle of purpose limitation, i.e. that we process data only on the basis of a specifically determined, explicitly stated and legitimate purpose, except in the case of processing for a compatible purpose. Processing for another purpose may also be based on the consent of the data subject, the law of the European Union or of the Slovak Republic. In order to ascertain whether another purpose is compatible with the purpose for which the personal data were originally obtained, before the processing begins we carry out what is known as a compatibility test, in which we take into account:
1. any link between the purposes for which the personal data were obtained and the purposes of the intended further processing;
2. the circumstances in which the personal data were obtained, in particular regarding the relationship between the data subjects and the controller;
3. the nature of the personal data, in particular whether special categories of personal data are processed pursuant to Art. 9 GDPR or personal data relating to convictions for criminal offences and minor offences pursuant to Art. 10 GDPR;
4. the possible consequences of the intended further processing for the data subjects;
5. the existence of appropriate safeguards, which may include encryption or pseudonymisation.
Overview of selected legal regulations in the area of personal data protection
- Charter of Fundamental Rights of the European Union (Article 8),
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),
- Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (consolidated version),
- Act No. 452/2021 Coll. on Electronic Communications, as amended,
- Constitution of the Slovak Republic (published under No. 460/1992 Coll.),
- Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts, as amended,
- Decree No. 158/2018 Coll. of the Office for Personal Data Protection of the Slovak Republic on the procedure for carrying out a data protection impact assessment.
USE OF cookies
The website www.inodemy.com uses cookies, which collect and store information while it is being browsed. Cookies are used for various purposes, e.g. to record a choice that the user made while browsing the website or to record the user's activity while browsing the website. They may also be used to remember any information that the user previously entered into forms on the website. Their use can be disabled in most internet browsers. According to the GDPR (Recital 30), cookies are defined as online identifiers which, in combination with unique identifiers and other information obtained from servers, may be used to create profiles of natural persons and to identify them, and they are therefore considered personal data under the GDPR. The controller may use cookies only with the user's consent. The user may withdraw the consent granted to cookies at any time. Each user may express their consent/refusal to the use of cookies when visiting the website by means of a consent management tool (banner, CMP, bar). If the user does not express consent to the use of cookies, these are not activated on the website.
We use the following cookies:
| cookie name | provider | type | validity | purpose |
| Necessary cookies | ||||
| CookieConsent | inodemy.com | necessary HTTP | 1 year | Stores the user's consent state for cookie usage for the current domain |
| GeoIP | wikimedia.org | statistical HTTP | deleted at the end of the session | Collects data such as visitors' IP address, geographical location and navigation on the website – this information is used for internal optimisation and statistics for the website operator. |
| WMF-Last-Access | upload.wikimedia.org | statistical HTTP | 1 month | This cookie is used to count how many times the website has been visited by different visitors – this is achieved by assigning an ID to the visitor so that the visitor is not registered twice. |
| inodemy_read_v1 | inodemy.com | HTML | permanent | Unclassified |
| NetworkProbeLimit | commons.wikimedia.org | HTTP | 1 day | Unclassified |
| NetworkProbeLimit | upload.wikimedia.org | HTTP | deleted at the end of the session | Unclassified |
| WMF-Uniq | commons.wikimedia.org | HTTP | 1 year | Unclassified |
| WMF-Uniq | upload.wikimedia.org | HTTP | 1 year | Unclassified |
Necessary cookies: These are required for the usability of the website. They help to build websites by enabling basic functions such as page navigation and access to protected areas of the website. The website cannot function fully without these cookies.
Statistical cookies: These help website owners to understand how to interact with website visitors by collecting and reporting information anonymously.
Changes to the PERSONAL DATA PROCESSING rules
We are entitled to change the wording of these personal data processing rules, in particular where it is necessary to incorporate legislative changes, or changes to the purpose and means of the processing. In the event that changes occur to the personal data processing rules which would be capable of affecting the rights of data subjects, we will notify data subjects of this in an appropriate manner and sufficiently in advance.
LANGUAGE VERSIONS
The Information on the processing of personal data is available in the Slovak language, with the following language versions available to the recipient: Czech, Polish, English. In the event of any discrepancies or doubts, the Slovak language version shall prevail.
This document is regularly updated.
Last updated: 09.06.2026