Information on the processing of personal data

Protection of personal data is important to us. This information is provided in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) with the aim of transparently explaining how and to what extent iiSTATE s.r.o. processes personal data in connection with the operation of this website and its business presentation.

Data Controller

The data controller is:

iiSTATE s.r.o. with registered office: Hrebendova 40/B, 811 02 Bratislava – Staré Mesto

Company ID: 50 183 702, registered in the Commercial Register of the District Court Bratislava III, section Sro, insert no. 109786/B (hereinafter referred to as the "controller" or "we").

For questions regarding the processing of personal data, you can contact us via the email address: office@iistate.sk

Legal Framework for Processing

When processing personal data, we act in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),

• Act No. 18/2018 Coll. on the Protection of Personal Data,

• as well as other generally binding legal regulations applicable to the processing of personal data.

Scope, Nature, and Purpose of Personal Data Processing

This website is purely for informational and presentational purposes and serves to provide general information about the company and its activities. The website does not contain contact forms, registration interfaces, or other interactive elements through which visitors would enter their personal data.

In connection with the operation of the website, there is only limited processing of essential technical data that is automatically generated during its use, specifically:

• IP address of the visitor's device,

• date and time of access to the website,

• technical server logs,

• basic information about the device and internet browser used.

The indicated technical data is processed exclusively to ensure the proper operation, functionality, stability, and security of the website, as well as to protect our information systems.

The legal basis for processing is the legitimate interest of the controller pursuant to Art. 6 para. 1 letter f) GDPR, consisting in ensuring the safe and reliable operation of the website.

Raising Awareness of the Company

As part of presenting our activities, we may publish general information about our activities, projects, or investments on the website, including publicly available references or information on completed projects. Such processing is carried out to an appropriate extent, with an emphasis on protecting the rights of the individuals concerned, and is based on the controller's legitimate interest in presenting its activities online.

Cookies and Technical Means

The website uses necessary technical cookies and similar technical means that are essential to ensure its basic functionality, technical stability, and security.

The website may also use technical components or third-party services (e.g., hosting services, security, content loading, external libraries, or basic analytical tools), which may process technical data about website access, such as IP address or information about the device and browser used, to the necessary extent.

These technical means are not used for targeted advertising or profiling visitors and serve solely to ensure the operation, functionality, and protection of the website.

Profiling and Automated Decision Making

In connection with the operation of this website, we do not conduct profiling or automated individual decision-making as per Article 22 GDPR, even when utilizing technical tools or third-party services related to its operation.

Recipients of Personal Data

Personal data may be disclosed to a necessary extent to:

• providers of IT and hosting services,

• individuals ensuring technical management and maintenance of the website.

These individuals process personal data based on a contractual relationship with the controller and in accordance with applicable legal regulations. Personal data is not disclosed for marketing purposes or to other third parties without a legal basis.

Transfer of Personal Data to Third Countries

The controller does not primarily intend to transfer personal data to countries outside the European Economic Area. In the event of using third-party technical services, technical data may be processed outside the European Economic Area, exclusively in compliance with GDPR and based on appropriate safeguards.

Retention Period for Personal Data

Technical data is retained only for the time necessary to achieve the purposes for which it is processed, but no longer than the period resulting from applicable legal regulations or the controller's internal security rules.

Rights of Data Subjects

As a data subject, you have the right under the GDPR to:

• request access to your personal data,

• request correction or deletion of personal data,

• object to the processing of personal data based on legitimate interest,

• file a complaint with the supervisory authority.

The supervisory authority is the Office for Personal Data Protection of the Slovak Republic,

Hraničná 12, 820 07 Bratislava 27, www.dataprotection.gov.sk.

Changes to this Information

The controller reserves the right to appropriately update this information depending on changes in legal regulations or in the manner of personal data processing. The current version is always available on this website.