Privacy Policy
Privacy Policy
1. Introduction and scope
ARMITAS, a.s. (hereinafter the "Controller"), operator of the website www.armitas.sk, is committed to protecting the privacy of visitors and users of this website. This Privacy Policy (hereinafter the "Policy") describes what personal data we collect, why we collect it, how we process it, to whom we disclose it, and what your rights are.
This Policy applies to all personal data processed in connection with visiting and using www.armitas.sk, including data provided through the contact form and data obtained through cookies and other tracking technologies.
This Policy is issued in compliance with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (GDPR),
- Act No. 18/2018 Coll. on the Protection of Personal Data,
- Act No. 452/2021 Coll. on Electronic Communications (§ 109),
- Act No. 22/2004 Coll. on Electronic Commerce.
2. Identity of the Controller
The Controller of personal data within the meaning of Article 4(7) GDPR is:
| Company name | ARMITAS, a.s. |
| Registered office | Plynárenská 5944/7A, 821 09 Bratislava – Ružinov, Slovak Republic |
| Legal form | Joint-stock company |
| Company ID (IČO) | 57 370 842 |
| Tax ID (DIČ) | 2122700668 |
| VAT ID (IČ DPH) | SK2122700668 |
| Company register | District Court Bratislava III, Section: Sa, Entry No. 7886/B |
| [email protected] | |
| Website | www.armitas.sk |
3. Purposes of processing, legal basis and categories of data
3.1 Contact form
The website operates a contact form on the /contact/ page through which visitors may submit enquiries.
| Categories of data | First and last name, email address, message text |
| Purpose | Handling enquiries, responding to questions, establishing business contact |
| Legal basis | Article 6(1)(b) GDPR – performance of a contract or pre-contractual negotiations; or Article 6(1)(f) GDPR – legitimate interest (responding to an enquiry) |
| Retention period | Max. 3 years from the last contact, unless a contractual relationship is established |
| Recipients | Authorised employees of the Controller; Webnode platform (processor) |
3.2 Web analytics – Google Analytics 4
The website uses Google Analytics 4 (Measurement ID: G-92DTJYQXGQ) via Google Tag Manager (GTM-542MMSL).
| Categories of data | Anonymised IP address, device and browser type, pages visited, time on site, pseudonymised identifiers (cookies _ga, _gid, _ga_*) |
| Purpose | Statistical analysis of website traffic, content performance measurement, website improvement |
| Legal basis | Article 6(1)(a) GDPR – consent via cookie banner; § 109(4) Act No. 452/2021 Coll. |
| Retention period | 2 years (cookie _ga); 24 hours (cookie _gid); GA4 data: 14 months |
| Recipients / transfer | Google LLC, USA – Standard Contractual Clauses (SCC) under Article 46 GDPR |
3.3 Google Ads – remarketing and conversion tracking
The website uses Google Ads (ID: AW-465935583) for conversion measurement and remarketing.
| Categories of data | Pseudonymised click identifier (GCLID), IP address (cookies _gcl_aw, _gcl_ls, _gac_*) |
| Purpose | Measuring the effectiveness of advertising campaigns, remarketing, conversion attribution |
| Legal basis | Article 6(1)(a) GDPR – consent; § 109(4) Act No. 452/2021 Coll. |
| Retention period | 90 days (cookies _gcl_aw, _gcl_ls, _gac_*) |
| Recipients / transfer | Google LLC, USA – Standard Contractual Clauses (SCC) under Article 46 GDPR |
3.4 Technical operation of the website
Minimum technical data are processed for the correct functioning of the website. Consent is not required (§ 109(8) Act No. 452/2021 Coll.).
| Categories of data | Session identifier (PHPSESSID), cookie banner setting (wnd_cookie_bar), language preference |
| Purpose | Ensuring website functionality, session management, storing language preferences |
| Legal basis | Article 6(1)(f) GDPR – legitimate interest; § 109(8) Act No. 452/2021 Coll. |
| Retention period | Until the end of the browser session or max. 1 year (cookie settings and language) |
| Recipients | Webnode platform (technical infrastructure processor) |
3.5 Processing of data of business partners and prospects (B2B)
| Categories of data | First and last name, job title, email, phone number, employer address |
| Purpose | Concluding and performing contracts, business communication, customer relationship management |
| Legal basis | Article 6(1)(b) GDPR – performance of a contract; Article 6(1)(f) GDPR – legitimate interest |
| Retention period | For the duration of the contractual relationship and 10 years after its termination |
| Recipients | Authorised employees, accounting and tax advisors, auditors, public authorities |
4. Recipients and processors of personal data
| Recipient / Processor | Purpose of sharing | Country / Safeguard |
|---|---|---|
| Webnode International Limited | Operating the technical infrastructure of the website | EU / EEA |
| Google LLC (Analytics, Ads, GTM) | Web analytics, remarketing campaigns, tag management | USA / SCC (Art. 46 GDPR) |
| Authorised employees of the Controller | Handling enquiries, managing business relationships | SR / EU |
| Accounting, tax and legal advisors | Fulfilment of statutory obligations | SR / EU |
| Public authorities (upon request) | Fulfilment of legal obligations, court proceedings | SR / EU |
The Controller does not sell, exchange or transfer your personal data to third parties for their own marketing purposes without your explicit consent.
5. Transfers of personal data to third countries
The Controller transfers personal data to third countries (outside the EU/EEA) exclusively via Google LLC services, where data are processed on servers in the United States. These transfers are safeguarded by:
- Standard Contractual Clauses (SCC) approved by the European Commission – Commission Implementing Decision (EU) 2021/914,
- supplementary technical measures (encryption, pseudonymisation, IP address anonymisation).
For more information on Google's data processing, see: policies.google.com/privacy
6. Retention periods
| Category of data | Purpose | Retention period |
|---|---|---|
| Contact form | Handling enquiries | Max. 3 years from last contact |
| Contractual documentation (B2B) | Contract performance, archiving obligation | 10 years from termination of contract |
| Google Analytics (cookies) | Web analytics | _ga, _ga_*: 2 years; _gid: 24 hours; GA4 data: 14 months |
| Google Ads (cookies) | Advertising campaigns | _gcl_aw, _gcl_ls, _gac_*: 90 days |
| Technical cookies (session) | Website operation | Until end of browser session |
| Cookie settings and language | Website functionality | Max. 1 year |
After the retention period expires, personal data are securely deleted or anonymised.
7. Rights of data subjects
As a data subject, you have the following rights under the GDPR and Act No. 18/2018 Coll.:
| Right | Description and conditions |
|---|---|
| Right of access (Art. 15 GDPR) | Right to obtain confirmation as to whether we process your personal data and, if so, access to them. |
| Right to rectification (Art. 16 GDPR) | Right to immediate rectification of inaccurate or completion of incomplete personal data. |
| Right to erasure (Art. 17 GDPR) | Right to erasure ("right to be forgotten") where the purpose of processing has ceased or consent is withdrawn. |
| Right to restriction (Art. 18 GDPR) | Right to restrict processing, e.g. while the accuracy of data is verified. |
| Right to data portability (Art. 20 GDPR) | Right to receive personal data in a structured, machine-readable format and transfer them to another controller. |
| Right to object (Art. 21 GDPR) | Right to object at any time to processing based on legitimate interest or for direct marketing purposes. |
| Right to withdraw consent (Art. 7(3) GDPR) | Consent to cookie processing may be withdrawn at any time via cookie settings on the website or by email – without negative consequences. |
| Right to lodge a complaint (Art. 77 GDPR) | Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, tel.: +421 2 3231 3214, [email protected], www.dataprotection.gov.sk |
8. Cookies and tracking technologies
The website uses cookies and similar technologies. Detailed information about individual cookies, their purposes, legal bases, providers and retention periods is available in a separate document.
9. Security of personal data
The Controller implements appropriate technical and organisational measures to protect personal data in accordance with Articles 25 and 32 GDPR:
- Secure communication via HTTPS protocol (TLS encryption).
- Technical cookies set with Secure, HttpOnly and SameSite=Lax attributes.
- Pseudonymisation and anonymisation of analytical data (IP address anonymisation in Google Analytics 4).
- Access to personal data restricted to authorised employees on a need-to-know basis.
- Regular review and update of security measures.
10. Automated decision-making and profiling
11. Links to social media
The website contains links (icons) to the Controller's profiles on Facebook (Meta Platforms Ireland Ltd.) and LinkedIn (LinkedIn Ireland Unlimited Company). These links are implemented as simple hyperlinks – no personal data is shared automatically when the page loads.
If you click on these links, the processing of your personal data is governed by the privacy policies of the respective platforms. The Controller accepts no responsibility for data processing by third parties on their own platforms.
12. Changes to this Privacy Policy
The Controller reserves the right to update this Policy at any time, in particular in connection with changes in legislation or changes in processing activities. Users will be informed of changes by updating the date of issue and version number. We recommend checking the current version of the Policy at www.armitas.sk.
13. Contact
For any questions or requests regarding data protection, please contact us:
ARMI