Privacy Policy

Your privacy is important to us. It is the policy of SpexSol s. r. o. ("SpexSol", "we", "us", "our") to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, mobile applications and other sites and services we own and operate. This policy applies to the SpexSol marketing site and to the iOS applications published by SpexSol.

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information. Voluntarily provided information refers to any information you knowingly and actively provide us when using or participating in our services. Automatically collected information refers to any information automatically sent by your devices in the course of accessing our products and services.

Log Data

When you visit our website, our hosting provider may keep short-lived server access logs containing your IP address, user agent, the path requested and a timestamp. These logs are used solely to operate the service and to detect abuse or security incidents. Our iOS applications send crash and error diagnostics through Firebase Crashlytics; see section 9 (Cookies and Tracking Technologies) for details.

Personal Information

We may ask for personal information — for example, when you contact us through the website or otherwise interact with our services. This may include:

• 01Name
• 02Email address
• 03Contents of any message you send us

Data Collected by Our iOS Applications

The data our iOS applications collect mirrors what is declared on each app's App Store privacy label. In summary: name and email address only if you contact support; crash and performance diagnostics through Firebase Crashlytics (see section 9); no advertising identifiers; no cross-app or cross-site tracking; and no location data unless you explicitly grant a specific feature permission to access it.

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

We may collect, hold, use and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

• 01to provide you with our platform's core features and services;
• 02to enable you to contact us and to respond to your enquiries;
• 03to comply with our legal obligations and resolve any disputes that we may have;
• 04to improve and maintain the security and integrity of our services.

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.

We keep your personal information only for as long as we need to. Contact form submissions and any related correspondence are retained for up to 12 months after our last reply, after which they are deleted or anonymised. Server access logs are retained for the standard short window applied by our hosting provider. Crash and error reports submitted through Sentry are retained for Sentry's default period (90 days) unless they are tied to an open issue we are still investigating. If your personal information is no longer required and we are not legally obliged to retain it, we will delete it or make it anonymous by removing all details that identify you.

Our products and services are not directed at children. We do not knowingly collect personal information from children under the age of 16 (the digital consent age in Slovakia and most of the EU under Article 8 GDPR), or under the age of 13 in jurisdictions where that lower threshold applies. If we become aware that we have collected personal information from a child below the applicable age without verified parental consent, we will take steps to delete that information.

We may disclose personal information to:

• 01a parent, subsidiary or affiliate of our company;
• 02third-party service providers for the purpose of enabling them to provide their services to us, including (but not limited to) IT service providers, hosting providers, analytics providers, error loggers, and customer support providers;
• 03courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights.

Third-party services we currently use or rely on include:

• 01Firebase Crashlytics (Google Ireland Limited) — crash and error reporting for our iOS applications. Crashlytics processes minimal device and diagnostic data on our behalf as a processor. Data may be transferred to the United States under the European Commission's Standard Contractual Clauses.
• 02Google Analytics 4 and Google Tag Manager (Google Ireland Limited) — measurement of website traffic and usage. Loaded only after you accept analytics cookies via our cookie banner. Data may be transferred to the United States under the European Commission's Standard Contractual Clauses.
• 03Hosting and contact-form delivery providers are still being finalised. Once our integrations are in place they will be listed here by name and purpose.

This list is maintained on a best-effort basis and is updated when our integrations change.

Our marketing website uses Google Tag Manager and Google Analytics 4 (measurement ID G-BTY6T00NQ0) to understand how visitors use the site. These tools are loaded with Google Consent Mode v2 set to "denied" by default and are only activated after you accept analytics cookies via our cookie banner. You can change or withdraw your consent at any time using the "Cookie Settings" link in the footer. If you reject analytics cookies, no analytics or advertising cookies are set and no measurement data is sent. The only other automatically collected data is the short-lived server access log described in section 2, kept by our hosting provider for security and abuse prevention. Our iOS applications use Firebase Crashlytics for crash and error reporting; they do not use advertising identifiers, do not track you across other apps or websites, and do not request App Tracking Transparency permission.

You always retain the right to withhold personal information from us, with the understanding that your experience of our services may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information, you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You have the right to:

• 01request access to the personal information we hold about you;
• 02request that any inaccurate or out-of-date personal information be corrected;
• 03unsubscribe from any direct marketing communications at any time;
• 04request that we delete personal information we hold about you, subject to applicable legal requirements.

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy.

Our website and applications may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy and update the "Last updated" date at the top of this page.

Data Controller

SpexSol s. r. o. acts as a data controller in respect of the personal information we collect from users in the European Economic Area (EEA) and the United Kingdom.

Legal Bases for Processing

We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so. These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:

• 01it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (Article 6(1)(b) GDPR) — for example, when we respond to an enquiry you submit through the contact form;
• 02it satisfies a legitimate interest (which is not overridden by your data protection interests) under Article 6(1)(f) GDPR, such as responding to enquiries that are not pre-contractual, keeping our iOS applications stable and secure through crash reporting, protecting our services from abuse, and protecting our legal rights and interests;
• 03you give us consent to do so for a specific purpose under Article 6(1)(a) GDPR; or
• 04we need to process your data to comply with a legal obligation under Article 6(1)(c) GDPR.

International Transfers Outside the EEA

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA is protected by appropriate safeguards, for example by using Standard Contractual Clauses approved by the European Commission. This applies in particular to crash and error data sent to Firebase Crashlytics and to website analytics data sent to Google Analytics, which may be processed in the United States.

Data Protection Officer

We have not appointed a Data Protection Officer. Given the size of SpexSol and the limited nature of the personal data we process, we are not required to do so under Article 37 GDPR. For any questions relating to your personal data you can contact us directly at skalicky@spexsol.sk.

Your Rights

In addition to the rights listed in section 10, you have the right to:

• 01restrict the processing of your personal information;
• 02object to the processing of your personal information;
• 03request the portability of your personal information;
• 04lodge a complaint with a supervisory authority — in Slovakia, the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky), dataprotection.gov.sk.

Do Not Track

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act: identifiers (such as name, email address and IP address) and internet or other electronic network activity information (such as browsing history and information regarding interaction with our services). We collect this information for the business purposes described in this policy.

Right to Know and Delete

If you are a California resident, you have the right to know what personal information we collect about you, to request deletion of your personal information, and to not be discriminated against for exercising these rights. To exercise any of these rights, please contact us using the details below.

Shine the Light

If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information with third parties for their direct marketing purposes.

For any questions or concerns regarding your privacy, you may contact us using the following details: