In accordance with §6 to §12 of the Act, the basic Personal Data Processing Principles are:

1. Principle of legality: Personal data may only be processed in a lawful manner and in such a way that does not violate the data subject’s basic rights.
2. Principle of limited purpose: Personal data may only be obtained for a specific, explicitly identified, and legitimate interest and must not be further processed in any way that is incompatible with such purpose; further processing of personal data for the purposes of archiving, historical research or statistical purposes, if performed in accordance with a special regulation and if adequate guarantees are provided to protect the data subject’s rights under §78 (8) of the Act is not considered incompatible with the original purpose.
3. Principle of minimising personal data: The processing of personal data must be appropriate, relevant, and limited to the scope necessary to accomplish the purpose for which this data is processed.
4. Principle of accuracy: Processed personal data must be accurate and updated as needed; adequate and effective safeguards must be taken to ensure that personal data that is inaccurate in terms of the process for which this data is processed is deleted or corrected without any undue delay.
5. Principle of minimising archiving: Personal data must be archived in a format that permits identification of the data subject for as long as necessary to accomplish the purpose for which this personal data is processed; personal data may be archived for a longer period of time if only maintained for archiving purposes, for scientific purposes, for historical research purposes or for statistical purposes under a specific regulation and if adequate guarantees are provided to protect the data subject’s rights under §78 (8) of the Act.
6. Principle of integrity and confidentiality: Personal data must be processed in such a way so that technical and organisational safeguards guarantee an adequate level of protection for personal data, including protection against unauthorised processing, unlawful processing, accidental loss, deletion or degradation of personal data.
7. Principle of responsibility: The controller is responsible for adherence to the basic principles for processing personal data, for the conformity of personal data with the principles of processing personal and is obliged to demonstrate such conformity with the personal data processing principles when prompted by the Office for Personal Data Protection of the Slovak Republic (“Office”).

In accordance with §12 of the Act, the controller is responsible for adherence to the basic principles for processing personal data, for the conformity of personal data with the principles of processing personal and is obliged to demonstrate such conformity with personal data processing principles when prompted by the Office.

In accordance with §6 to §12 of the Act, the basic Personal Data Processing Principles are:

1. The controller of your personal data is AT-Industry spol. s r.o., with registered office at Rybničná 40/K, 831 06 Bratislava, Company ID: 17 309 565 (“Company”).
2. The Company strives to act lawfully and responsibly in obtaining, collecting, using and protecting personal data.
3. The Personal Data Protection Principles (“Principles”) are prepared for such purposes and:
   1. define the basic conditions for processing personal data obtained by the Company,
   2. explain the scope, purpose, reason and method of processing personal data,
   3. explain the circumstances under which personal data is shared with other companies,
   4. explain the rights of data subjects,
   5. stipulate safeguards,
   if you use our services and we provide services to you.
4. The use and provisioning of the Company's services is defined as:
   1. use of our Company’s online services,
   2. registration in the marketing program,
   3. placing an order with our Company and its acceptance by our Company,
   4. assignment of an order number,
   5. concluding an agreement with the Company,
   6. purchasing in our Company,
   7. goods or services delivered by our Company,
   8. billing for a specific service, i.e. receipt of an invoice and invoice payment,
   9. the claims process.
5. These Principles concern the safeguards adopted by our Company to protect personal data.
6. These principles concern the operation of our Company’s CCTV system.

Our Company processes personal data:

1. obtained from you as a client based on provided documentation, orders, documents, and online communication,
2. obtained from your based on your written consent, whereby consent in this case may be given in writing, via email, or using the contact form on the website,
3. obtained from third parties,
4. obtained from publicly accessible sources.

1. Our Company processes personal data exclusively for the purposes of fulfilling our contractual and statutory obligations.
2. We process the following data for the purposes of fulfilling our contractual and statutory obligations:
   1. name and surname, title,
   2. email address,
   3. phone number,
   4. address
   5. other details necessary to fulfil statutory obligations.
3. To provide marketing services and advertising activities, we process personal data based on your written consent, and specifically the following data:
   1. name and surname, title,
   2. email address,
   3. phone number,
4. We process personal data based on the legitimate interest of caring for our clients and their protection.
5. e also process personal data based on the legitimate interest of protecting the security of our clients and protecting the Company’s property. We use a CCTV system for such purposes and process the following data:
   1. CCTV system recordings with dates
6. For legal purposes, we process personal data as described above.

1. We do not share your personal data with third parties.
2. Personal data may be shared with other companies for the following reasons:
   1. if sharing of personal data is required by law or is so ordered by a public authority, or, where necessary, for the administration of justice,
   2. if sharing of personal data is necessary to enforce our legal rights and to prevent fraud,
   3. in the event of the restructuring or sale of our Company to a third party.

We only provide your personal data to authorised parties and parties with whom we have concluded a valid agreement on authorisation to process personal data, including:

1. an accounting firm - AUDITOR,

or to fulfil statutory obligations to state authorities, public authorities, as well as the courts, court-appointed executors, notary publics and lawyers.

1. Your basic right as a data subject is the right to access personal data: the right to see the personal data we process and archive. To request a copy of your personal data that we process, please send a “data subject’s personal data access request” form via mail addressed to the Company’s address or via email. Proof of your identity as a data subject is required in such instances.
2. Your other rights associated with personal data include:
   1. Right to correct inaccurate information if the personal data we process and archive is inaccurate or incomplete, please contact us and we will correct it.
   2. Right to object to our use of your personal data. If we receive such an objection, we will assess its contents and then consider a way to proceed in using your personal data. You will be informed of the manner in which we decide to handle your objection. If we determine that your objection is legitimate, we will then limit the scope of our use of your personal data or delete this data, depending on your request.
   3. Objections related to direct marketing if you raise such an objection, we will immediately refrain from using your personal data for direct marketing purposes.
   4. Right to restrict the processing of personal data at your request. If you request that we restrict the processing of your personal data for the following reasons:
      1. we process any of your data in an unlawful manner,
      2. we no longer need to archive some of your personal data,
      3. your objection is determined to be justified,
      4. you partially revoked your consent (the revocation of consent is permitted in the same manner in which originally provided and in which you specify the data that you request specific restrictions on processing),
      your personal data will be deleted from our databases. In other instances, we will assess your request / objection and then decide on how to proceed.
   5. Right to delete personal data at your request. If you request that we delete your personal data for the following reasons:
      1. we process any of your data in an unlawful manner,
      2. we no longer need to archive some of your personal data,
      3. your objection is determined to be justified,
      4. you partially revoked your consent (the revocation of consent is permitted in the same manner in which originally provided and in which you specify the data that you request specific restrictions on processing),
      your personal data will be deleted from our databases. In other instances, we will assess your request / objection and then decide on how to proceed.
   6. Right to request the transfer or “ transmission” of a copy of such data. This right facilitates changes between service providers. Please send a request to transfer or transmit your personal data by mail to the address of the Company’s registered office or via email. Proof of your identity as a data subject is required in such instances.
   7. Filing a complaint with the supervising authority for personal data protection. We would obviously prefer to resolve whatever issue you may have without involving the Office for Personal Data Protection, but you do have the right to file a complaint with the Office for Personal Data Protection, Hraničná 12, 820 07 Bratislava, email: statny.dozor@pdp.gov.sk.

1. We only archive your personal data to comply with our contractual obligations for the period of online communication, to fulfil your order, or our agreeement, and for the period necessary to resolve any claims process.
2. We only archive your personal data provided based on your consent over the duration of such consent or the termination of the given service.
3. We only archive your personal data based on our legitimate interest for the duration of such legitimate interest.
4. We do not keep your personal data for longer than necessary.

1. The security of your personal data is exceptionally important to us and as such, we have taken the necessary physical, technical and organisational safeguards.
2. Our Company’s premises are secured by an alarm system, a CCTV system and other means of physical protection. We require control of physical access to our premises and we therefore have controlled access to the Company’s premises.
3. Data in computers and the data contained in them are password protected.
4. Physical documents with personal data are kept in locked cabinets in the Company’s financial department.
5. With respect to obtaining, archiving and disclosing personal data, we require strict compliance with all safeguards approved by our Company in accordance with the General Data Protection Regulation.
6. Please note the fact that we cannot guarantee the security of the personal data you provide to us over the Internet despite all of the technical and organisational safeguards that are in place.

To protect our website from automated attacks, spam, and abuse, we use Cloudflare Turnstile, a privacy-first CAPTCHA alternative provided by Cloudflare, Inc.

1. Purpose and Legal Basis: We process certain data through Turnstile to ensure that interactions on our site (such as form submissions) are performed by real humans rather than automated "bots." This is necessary to protect our legitimate interest in maintaining a secure, functional website and preventing fraud.
2. Data Minimization: Unlike traditional CAPTCHA services, Turnstile is designed to minimize data collection. It does not use "tracking cookies" for advertising purposes and does not create user profiles. It primarily analyzes browser signals and "proof-of-work" challenges to confirm human interaction.
3. Categories of Data: Data processed may include browser information, device type, and session-specific interaction data. This data is used solely for the purpose of risk analysis.
4. Data Processor: Cloudflare acts as our Data Processor. We have a Data Processing Addendum (DPA) in place with Cloudflare to ensure your data is handled in compliance with applicable data protection laws, including the use of Standard Contractual Clauses for any international data transfers.
5. Opt-out: Because this service is strictly necessary for the security and functionality of our web forms, it remains active regardless of your marketing cookie preferences.

For more information, please see Cloudflare's Privacy Policy and Terms of Service.

1. These personal data protection principles take effect on the date of their publication on the Company’s website and supersede any current version hereof.
2. The Company reserves the right to amend these principles if there is any internal change in personal data processing. The new or amended principles will be published on the Company’s website.

In Bratislava, dated 7.9.2020