1. Introductory provisions
This privacy policy (hereinafter the “Policy”) explains how the company identified below as the controller processes the personal data of natural persons (hereinafter the “data subject” or “you”) in connection with the operation of the website www.clinicaccelerator.sk (hereinafter the “Website”) and in connection with the provision of our marketing services for dental clinics and dental practices.
We process personal data in accordance with:
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”);
- Act No. 18/2018 Coll. on the Protection of Personal Data and on amendments to certain acts (hereinafter the “Personal Data Protection Act”);
- Act No. 452/2021 Coll. on Electronic Communications (hereinafter the “Electronic Communications Act”), in particular with regard to cookies and similar technologies.
We take the protection of your personal data seriously and undertake to handle it confidentially, lawfully and transparently.
2. Controller and contact details
The controller that determines the purposes and means of processing your personal data is:
supersede, s. r. o.
Registered seat: Čadečka 3308, 022 01 Čadca, Slovak Republic
Company ID (IČO): 55 083 285
Tax ID (DIČ): 2121857430
VAT ID (IČ DPH): SK2121857430 (registration under Section 7a of the VAT Act, from 24 March 2023)
Managing director and contact person for data protection:
Matúš Rebroš
E-mail: rebros@clinicaccelerator.sk
Phone: +421 911 778 228
For all matters concerning the processing of your personal data and the exercise of your rights, you may contact us using the contact details provided above.
Data Protection Officer (DPO): Given the nature, scope and purpose of our activities, we are not legally obliged to appoint a Data Protection Officer pursuant to Article 37 GDPR. For data protection matters, please therefore contact the contact person listed above directly.
3. What personal data we process
Depending on how you communicate with us and which services you use, we may process in particular the following categories of personal data:
a) Identification and contact data – first name and surname, business name, e-mail address, phone number, the name of the company you represent, and where applicable your job position. We obtain this data primarily from the contact form, from e-mail or telephone communication and within enquiries about our services.
b) Communication data – the content of your messages, enquiries, requests and our mutual communication (e-mails, forms, phone calls, messages via social networks).
c) Contractual and billing data – if you become our client, we process the data needed to conclude and perform the contract, for invoicing and bookkeeping (e.g. billing data, data on ordered services, payment data).
d) Technical data and data on behaviour on the Website – IP address, browser type and version, device and operating system type, date and time of visit, sub-pages visited, source of the visit (referrer), interactions on the page and other data obtained via cookies and similar technologies. You can find details in the separate document Cookie Policy.
e) Marketing data – if you have granted us consent, we process the data needed to send marketing communications (e.g. e-mail address) and to display targeted advertising.
We obtain personal data primarily directly from you. Some technical data is obtained automatically when you visit the Website via third-party tools (see Articles 5 and 6).
4. Purposes and legal bases of processing
We always process your personal data for a predetermined purpose and on the basis of one of the legal bases under Article 6 GDPR:
| Purpose of processing | Legal basis (Article 6 GDPR) |
|---|---|
| Handling an enquiry, answering questions and communication prior to concluding a contract | Article 6(1)(b) – pre-contractual relations at the request of the data subject |
| Conclusion and performance of a contract for the provision of marketing services | Article 6(1)(b) – performance of a contract |
| Keeping accounts, issuing and archiving tax documents | Article 6(1)(c) – compliance with a legal obligation (in particular Act No. 431/2002 Coll. on Accounting, Act No. 222/2004 Coll. on VAT, tax regulations) |
| Protection, operation, security and improvement of the Website; protection of our rights and the assertion of legal claims | Article 6(1)(f) – legitimate interest |
| Direct marketing to existing clients (e.g. offering similar services) | Article 6(1)(f) – legitimate interest |
| Analytics and marketing cookies, displaying targeted advertising, remarketing | Article 6(1)(a) – consent (within the meaning of Section 109(8) of the Electronic Communications Act) |
| Sending the newsletter and marketing communications (where the recipient is not an existing client) | Article 6(1)(a) – consent |
Legitimate interest: Where we process data on the basis of legitimate interest, we have carried out a proportionality test (balancing of interests), in which we assessed that our interests do not override your rights and freedoms. You have the right to object to such processing at any time (see Article 9).
Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal.
The provision of personal data is voluntary. However, without the data necessary to handle an enquiry or to conclude and perform a contract, we may not be able to provide you with the requested services.
5. Cookies and third-party tools
On the Website we use cookies and similar technologies, including third-party analytics and marketing tools:
- Google Analytics 4 – web analytics and traffic measurement;
- Google Tag Manager – a tool for managing and deploying measurement and marketing tags;
- Meta Pixel (Facebook Pixel)– conversion measurement, remarketing and ad optimisation on Meta’s platforms;
- Google Ads (conversion measurement and remarketing) – measuring the effectiveness of advertising and displaying targeted advertising.
Cookies other than necessary (technical) ones, including analytics and marketing cookies, we use solely on the basis of your demonstrable consent granted through the consent management tool (cookie banner). You can withdraw your consent or change your settings at any time.
A complete overview of the individual cookies, their purposes, providers and retention periods, as well as instructions for managing consent, can be found in the separate document Cookie Policy.
6. Recipients and processors
Your personal data may be disclosed to the following categories of recipients, always only to the extent necessary and under conditions compliant with the GDPR:
- providers of web hosting and IT infrastructure for the Website;
- providers of analytics and marketing tools – in particular Google Ireland Limited / Google LLC and Meta Platforms Ireland Limited / Meta Platforms, Inc.;
- providers of accounting, tax and legal services;
- providers of communication and e-mailing tools;
- public authorities and other entities, where the obligation to provide data arises from generally binding legal regulations.
With processors that process personal data on our behalf, we have concluded data processing agreements pursuant to Article 28 GDPR.
Joint controllership with the Meta Pixel tool: In the collection and transfer of certain data via the Meta Pixel tool, we act together with Meta Platforms Ireland Limited as joint controllerswithin the meaning of Article 26 GDPR. Meta subsequently processes the data also as an independent controller for its own purposes. More detailed information on Meta’s processing of data can be found in its privacy policy.
7. Transfer of personal data to third countries
Some of the tool providers listed above (in particular Google and Meta) may process personal data also outside the European Economic Area (EEA), primarily in the United States of America.
Such a transfer is safeguarded by appropriate safeguards within the meaning of Chapter V GDPR, in particular:
- on the basis of an adequacy decision of the European Commission through the EU–US Data Privacy Framework, where the relevant recipient in the USA is certified under that framework (companies of both the Google and Meta groups are certified under this framework); and/or
- on the basis of standard contractual clauses adopted by the European Commission, or other appropriate safeguards.
Upon request, we will provide you with more detailed information about the safeguards applied and how you can obtain a copy of them.
8. Retention period of personal data
We retain personal data only for the period necessary to achieve the purpose for which it was obtained, or for the period required by legal regulations:
| Category / purpose | Retention period |
|---|---|
| Data from an enquiry that did not lead to a contract | for the period necessary to handle the enquiry, usually no more than 1 year from the last communication |
| Contractual data of clients | for the duration of the contractual relationship and subsequently for the period of the limitation periods for asserting or defending legal claims |
| Accounting and tax documents | for the period required by legal regulations (usually 10 years under the Accounting Act) |
| Data processed on the basis of consent (marketing, newsletter) | until consent is withdrawn, but at most for the period for which consent was granted |
| Cookies | for the lifetime of the relevant cookie or until consent is withdrawn (see the Cookie Policy) |
Once the retention period has elapsed, we securely delete or anonymise the personal data.
9. Your rights as a data subject
In connection with the processing of your personal data, you have the following rights under the GDPR:
- Right of access (Article 15 GDPR) – to obtain confirmation as to whether we are processing your personal data and to obtain access to it together with further information.
- Right to rectification (Article 16 GDPR) – to rectify inaccurate and complete incomplete personal data.
- Right to erasure(Article 17 GDPR) – the so-called “right to be forgotten”, i.e. to have data erased under the conditions laid down by law.
- Right to restriction of processing (Article 18 GDPR) – to obtain a restriction of processing in the cases laid down by law.
- Right to data portability (Article 20 GDPR) – to obtain the data you have provided to us in a structured, commonly used and machine-readable format and to transfer it to another controller.
- Right to object (Article 21 GDPR) – to object to processing based on legitimate interest, as well as to processing for direct marketing purposes (including profiling); in the case of direct marketing, we will cease processing for that purpose.
- Right to withdraw consent at any time (Article 7(3) GDPR) – without affecting the lawfulness of processing prior to the withdrawal of consent.
- Right not to be subject to automated individual decision-making including profiling (Article 22 GDPR).
- Right to lodge a complaint with a supervisory authority (Article 77 GDPR).
You can exercise your rights using the contact details provided in Article 2. We will respond to your request without undue delay, at the latest within one month; we may extend this period in justified cases. The exercise of rights is generally free of charge.
10. Automated decision-making and profiling
In the processing of your personal data, there is no automated individual decision-making with legal or similarly significant effects on you within the meaning of Article 22 GDPR.
Within the framework of third-party marketing and analytics tools (Google, Meta), profiling for advertising and analytics purposes (e.g. creation of advertising audiences and remarketing) may take place, solely on the basis of your consent granted through the cookie banner. You can withdraw this consent at any time.
11. Security of personal data
We have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, destruction, loss or misuse, corresponding to the nature of the data processed and the current state of the art (e.g. secure data transmission, access rights management, regular system updates).
12. Changes to this Policy
We may update this Policy from time to time to reflect changes in legal regulations or in the manner of processing personal data. The current version is always available on the Website with the date of the last update indicated. We recommend that you regularly familiarise yourself with its current wording.
13. Supervisory authority
If you believe that the processing of your personal data infringes legal regulations, you have the right to lodge a complaint with a supervisory authority, which is:
Office for Personal Data Protection of the Slovak Republic
Hraničná 12, 820 07 Bratislava 27, Slovak Republic
Web: www.dataprotection.gov.sk
E-mail: statny.dozor@pdp.gov.sk
Phone: +421 2 323 132 14
With regard to the supervision of the use of cookies under the Electronic Communications Act, the supervisory authority is also the Regulatory Authority for Electronic Communications and Postal Services (www.teleoff.gov.sk).
This Privacy Policy is effective from the date stated in the header of the document.