Privacy Policy

These privacy policy (“Policy”) explain how SORRYWECAN s. r. o., with registered office at Družstevná 349/22, 082 16 Záhradné, Slovak Republic, Company ID (IČO): 52 778 193, registered in the Commercial Register of the District Court Prešov, Section Sro, Insert No. 39602/P (hereinafter “we”, “us” or “our”), processes personal data.

1. Your status in relation to personal data processing

When providing services to clients, we process personal data on their behalf as a processor. This typically includes data related to marketing, branding, production, web development, or campaign management, such as data about target audiences, contest participants, or website visitors. In these cases we may have a data processing agreement with the client.

When we process personal data for our own purposes (e.g., HR, marketing, administration, legal matters), we act as a controller. Because we may act in both roles, this Policy applies to both our clients and visitors of our website and social media profiles.

2. How to contact us regarding data protection

If you have questions about the processing of your personal data, contact us by email at [email protected] or by mail at the above registered address. If we process your data on behalf of a client, we may not be able to handle your request directly but can forward it to the client as the controller.

3. Purposes and legal bases for processing your personal data

a) Data processed on behalf of clients

When providing our services, we process personal data on behalf of our clients as processors. In these cases, the purpose and legal basis for processing are determined exclusively by the client as the controller, not by us.

b) Data processed as controller

When we determine the purpose and means of processing ourselves, we act as a controller for the following purposes and legal bases under the GDPR:

  1. Direct marketing and online brand communication — based on our legitimate interest (Art. 6(1)(f) GDPR) and, where required by law, on your consent (Art. 6(1)(a) GDPR). This includes sending newsletters, managing social media, and event promotion.
  2. Establishing, enforcing or defending legal claims — based on our legitimate interest (Art. 6(1)(f) GDPR).
  3. Tax, billing and accounting obligations — based on our legal obligation (Art. 6(1)(c) GDPR) under applicable tax and accounting laws.
  4. Human resources and payroll — based on contractual obligations, legal obligations, or your consent where required.
  5. Contractual relations and communication with partners — based on performance of contracts (Art. 6(1)(b) GDPR).
  6. Statistical data and service improvement — conducted on the basis of GDPR Art. 89 for anonymised or aggregated statistics.

4. What personal data do we process?

We process only necessary personal data, such as basic identification and contact information, and any content you share with us. Special categories of data (e.g., health data) are processed only exceptionally and mainly in HR contexts. For marketing, we use cookies and analytics tools (profiling), but not automated individual decision-making.

5. How do we obtain your personal data?

We obtain personal data either directly from you (e.g., contracts, contact forms, recruitment) or indirectly from our clients when acting as a processor. Providing personal data is voluntary but may be necessary for fulfilling a contract.

6. Who has access to your personal data?

Only authorised persons have access to your personal data. Recipients may include technical providers (hosting, cloud services, IT support), marketing and legal advisors, or accountants. All partners are selected with GDPR compliance in mind.

7. Do we transfer your personal data outside the EEA?

Generally, we do not transfer personal data outside the European Economic Area (EEA). If we use partners outside the EEA (e.g., in the USA), we ensure an adequate level of protection through standard contractual clauses or other safeguards as required by the GDPR.

8. How long do we retain personal data?

We retain personal data only for as long as necessary:

  • Marketing data — until consent is withdrawn;
  • Accounting records — 10 years;
  • Employee data — generally 10 years after termination of employment;
  • Data processed on behalf of clients — in accordance with client instructions.

9. What rights do you have regarding your personal data?

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR)

10. Changes to this Policy

We may update this Policy. The latest version will always be available on our website.

SORRYWECAN s. r. o., May 2025