Privacy Policy

shape
shape

1. IDENTIFICATION OF THE ADMINISTRATOR

Personal data controller:
STARTxUP s.r.o.
Prakovce 319, 055 62 Prakovce, Slovak Republic
ID No.: 52337278
VAT No.: 2120989046
VAT No.: SK2120989046
E-mail: info@hexxxa.com
Tel.: +421 915 884 175

2. PERSONAL DATA PROCESSING PRINCIPLES

We respect your privacy and are committed to protecting your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No.18/2018 Coll. on the protection of personal data.

2.1 Basic principles

  • Lawfulness – we process data only on the basis of a valid legal basis
  • Minimisation – we collect only the data necessary for the purpose
  • Accuracy – we keep the data up to date and correct
  • Transparency – we inform you clearly about the processing
  • Security – we protect data from unauthorised access

3. WHAT PERSONAL DATA WE PROCESS

3.1 Identification data

  • Name and surname
  • E-mail address
  • Phone number
  • Delivery address and billing address

3.2 Business data

  • Order history
  • Payment information (without payment card details)
  • Communication with customers
  • Preferences and interests (with your consent)

3.3 Technical data

  • IP address
  • Browser and device information
  • Cookies and similar technologies
  • Website traffic data

4. PURPOSES AND LEGAL BASES OF PROCESSING

4.1 Performance of the contract (Article 6(1)(b) GDPR)

  • Order processing and handling
  • Delivery of goods and services
  • Communication about the order
  • Complaints and customer service

4.2 Consent of the data subject (Article 6(1)(a) GDPR)

  • Sending newsletters and marketing messages
  • Personalisation of content
  • Analysing web behaviour to improve services

4.3 Compliance with a legal obligation (Article 6(1)(c) GDPR)

  • Bookkeeping
  • Archiving of documents
  • Fulfilling tax obligations

4.4 Legitimate interest of the controller (Article 6(1)(f) GDPR)

  • Protection against fraud
  • IT systems security
  • Debt recovery
  • Analysis and statistics (anonymised data)

5. DATA RETENTION PERIOD

5.1 Contractual data

  • Accounting documents: 10 years from the end of the accounting period
  • Order history: 5 years since last order
  • Communication: 3 years from the end of the contractual relationship

5.2 Marketing data

  • Newsletter: until withdrawal of consent or 3 years of inactivity
  • Analytical data: 26 months (Google Analytics)

5.3 Technical data

  • Server logs: 12 months
  • Cookies: depending on type and settings (1 month to 2 years)

6. RECIPIENTS OF PERSONAL DATA

6.1 Internal beneficiaries

  • Staff and associates to the extent necessary

6.2 External intermediaries

  • Courier services – for delivery of orders
  • Payment gateways – for payment processing (TatraPay, PayPal, etc.)
  • Hosting provider – for website operation
  • Email marketing – for sending newsletters
  • Analytics tools – Google Analytics, Facebook Pixel

6.3 Transfer to third countries

Some of our intermediaries may transfer data outside the EU. We ensure that such transfers are protected by appropriate safeguards (e.g. EU standard contractual clauses).

7. YOUR RIGHTS

7.1 Right to information (Article 15 GDPR)

You have the right to know what personal data we process about you and for what purpose.

7.2 Right to rectification (Article 16 GDPR)

You can ask for incorrect or incomplete data to be corrected.

7.3 Right to erasure (Article 17 GDPR)

In certain cases, you may request that your data be deleted.

7.4 Right to restriction of processing (Article 18 GDPR)

You can request a restriction of processing in specific situations.

7.5 Right to portability (Article 20 GDPR)

You have the right to receive your data in a structured format.

7.6 Right to object (Article 21 GDPR)

You can object to processing on the basis of a legitimate interest.

7.7 Right to withdraw consent

You may withdraw your consent at any time without giving any reason.

8. DATA SECURITY

8.1 Technical measures

  • SSL communication encryption
  • Regular security updates
  • Data backup
  • Monitoring security incidents

8.2 Organisational arrangements

  • Staff training on data protection
  • Access permissions for authorised persons only
  • Contracts with intermediaries containing GDPR clauses
  • Data handling rules

9. COOKIES AND SIMILAR TECHNOLOGIES

9.1 Types of cookies

  • Necessary – for site functionality (always active)
  • Analytics – for traffic analysis (Google Analytics)
  • Marketing – to personalise ads (with your consent)
  • Functional – to improve the user experience

9.2 Managing cookies

You can manage cookies:

  • In the cookie banner on our site
  • In your browser settings
  • By contacting us at info@hexxxa.com

10. CONTACT AND COMPLAINTS

10.1 Contact to the Administrator

E-mail: info@hexxxa.com
Phone: +421 915 884 175
Address: STARTxUP s.r.o., Prakovce 319, 055 62 Prakovce

10.2 Supervisory authority

If you have any doubts about the processing of your data, you can contact:

Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava
Tel: +421 2 32 31 32 14
E-mail: statny.dozor@pdp.gov.sk
Website: www.dataprotection.gov.sk

11. CHANGES TO THE RULES

We may update this policy due to changes in legislation or our processes. We will notify you of significant changes by email or notice on the website.

12. FINAL PROVISIONS

This policy is valid from 01.06.2025. By using our website and services, you agree to this privacy policy.

For any questions regarding privacy, please contact us at info@hexxxa.com.

STARTxUP s.r.o.
Prakovce 319, 055 62 Prakovce
info@hexxxa.com

Last update: 01.06.2025