Information on Personal Data Processing (GDPR)

1. Controller Identification

Controller:
Joto.sk, s.r.o.
Bratislavská 2543/108
902 01 Pezinok
Slovak Republic
Company ID: 44807767
Tax ID: 2022845000
E-mail: info@joto.sk
View in the Commercial Register

2. Purposes of Personal Data Processing

We process your personal data mainly for the following purposes:

  • handling inquiries and communication received via the contact form or email,
  • preparing price offers, solution proposals and pre-contractual communication,
  • concluding and performing contractual relationships (e.g., development of websites, applications, AI solutions),
  • invoicing, accounting and maintaining legally required documentation,
  • improving the quality of our services, statistics and technical logs,
  • protecting the rights and legitimate interests of the controller.

3. Legal Basis for Processing

  • Performance of a contract under Article 6(1)(b) GDPR – handling your inquiry, preparing offers, concluding and executing a project.
  • Legal obligation under Article 6(1)(c) GDPR – accounting, tax obligations, and document retention required by law.
  • Legitimate interest under Article 6(1)(f) GDPR – protection of rights, prevention of misuse, maintaining communication logs, service security.
  • Consent under Article 6(1)(a) GDPR – only where required (e.g., optional marketing communication). Consent may be withdrawn at any time.

4. Categories of Processed Data

  • identification data – name, surname, company name (if provided),
  • contact data – email, phone number, postal address (if provided),
  • communication content – messages sent via the form or email, project specifications, notes,
  • contractual data – data contained in contracts, orders and invoices,
  • technical data – IP address, cookies, logs, device information.

5. Recipients of Personal Data

Personal data may be shared with the following categories of recipients:

  • website hosting and server infrastructure provider,
  • external accountant or accounting company,
  • external IT suppliers and cooperating developers,
  • public authorities, if required by law.

6. Transfers to Third Countries

We do not transfer personal data outside the European Union, except where third-party tools are used (e.g., email services, analytics) that provide adequate data protection guarantees in accordance with GDPR (e.g., Standard Contractual Clauses).

7. Data Retention Period

We retain data according to the purpose of processing:

  • inquiries and communication – typically up to 2 years from the last contact,
  • contractual documentation and invoicing – according to legal requirements (usually 10 years),
  • data processed based on consent – until consent is withdrawn,
  • technical logs – for the period necessary to ensure secure website operation.

8. Rights of the Data Subject

You have the right to:

  • obtain confirmation whether we process your personal data and access them,
  • request correction of inaccurate data,
  • request deletion of personal data (“right to be forgotten”),
  • request restriction of processing,
  • object to processing based on legitimate interest,
  • request data portability,
  • withdraw consent at any time (if processing is based on consent),
  • file a complaint with the Slovak Data Protection Authority.

9. Automated Decision-Making and Profiling

Joto.sk does not use automated individual decision-making or profiling with legal or similarly significant effects under Article 22 GDPR.

10. Supervisory Authority

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava
Website: www.dataprotection.gov.sk

Last updated: 25.11.2025