This privacy policy (hereinafter referred to as "
Policy") contains information on the processing of personal data of data subjects by Full services, s.r.o. in the performance of its business activities, including the processing of personal data that occurs on the website www.wewater.tech or on the profile of Full services, s.r.o. on the social networks Facebook, INSTRAGRAM, LinkedIn (hereinafter referred to as "
website"). Your personal data is processed in accordance with Regulation 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "
Regulation"), Act No 18/2018 Coll. on the Protection of Personal Data and on Amendments and Additions to Certain Acts (hereinafter referred to as "
Act") and other relevant data protection legislation (the Regulation, the Act and other data protection legislation together hereinafter referred to as "
Data Protection Regulations").
The purpose of this Policy is to provide you with a clear answer to why your personal data is processed, how it is processed and what your rights and obligations are in relation to the processing of your personal data. This Policy also provides you with other relevant information about the processing of your personal data and thus fulfils the information obligation of the controller under Article 13 as well as Article 14 of the Regulation regarding the processing of personal data on the website. The conditions for the processing of personal data that occurs outside the website or in the ordinary course of the controller's business are regulated in the controller's general data protection policy and in other internal data protection regulations of the controller.
Identification of the Operator and contact details
The controller for the processing of your personal data is the company
Full services, s.r.o. with its registered office at Pri Rajčianke 8913/25, 010 01 Žilina, ID No.: 36690643 (hereinafter referred to as the "
Controller").
You can contact the controller in matters relating to the processing and protection of personal data at
Full services, s.r.o., Pri Rajčianke 8913/25, 010 01 Žilina. The Controller has not appointed a person responsible for the protection of personal data.
Purposes, legal bases, categories of personal data processed and retention period
The controller shall always process your personal data
in accordance with
the principle of minimisation only for justified purposes, for a limited period of time, determined in accordance with the applicable law and using the maximum possible level of security.
The controller shall only process personal data if there is a legal basis for the processing and, therefore, it is processed in accordance with the principle of lawfulness. Please see the table below for the specific purposes, legal bases, categories of personal data and information about the retention periods of your personal data. The Data Controller will also provide you with more information about the retention period of your personal data if you request it.
| Purposes of |
Legal basis |
Categories of data subjects |
Categories of personal data |
Retention period or criteria for determining it |
| Receiving and registering orders for services and implementing pre-contractual relations |
Art. 6(1)(b) of the Regulation - performance of the contract and implementation of pre-contractual relations |
natural persons - customers in their capacity as natural persons |
common personal data (name, surname, address of residence / place of business, contact details - phone number, email address, bank connection) |
until the conclusion of the contract or within 1 year from the date of receipt of the request for cooperation / quotation from the person concerned |
| Fulfillment of contractual obligations of the controller (based on concluded contracts with suppliers and customers - natural persons), including contracts concluded at a distance |
Art. 6(1)(b) of the Regulation - performance of the contract and implementation of pre-contractual relations |
natural persons - suppliers of goods and services and their representatives, intermediaries, natural persons - purchasers (customers) and their representatives |
common personal data (name, surname, address of residence / place of business, contact details - phone number, email address, bank connection) |
during the duration of the contractual relationship and after the termination of the contractual relationship until the legal and other claims arising from the contractual relationship are fully settled or until the expiry of the relevant limitation periods, whichever is earlier |
| Registration and management of judicial and administrative proceedings |
Art. 6(1)(c) of the Regulation - compliance with legal obligations |
natural persons acting as parties and their representatives |
ordinary personal data and special category personal data necessary for the performance of legal obligations |
10 years following the year to which they relate |
| Handling complaints and maintaining the prescribed documentation |
Art. 6(1)(c) of the Regulation - compliance with legal obligations |
natural persons making a complaint (customers, their employees and representatives) |
routine personal data necessary for compliance with legal obligations |
3 years from the date of the claim if the claim is made by a natural person customer and 4 years from the date of the claim if the claim is made by a legal person customer |
| Fulfilling the duties of client due diligence and unusual business transaction detection (client and business transaction identification, including copying and scanning of official documents and data retention) and retention of all written documents and data relating to the conduct of business in the performance of the "Business, Organisational and Economic Advisers' Activities" |
Art. 6(1)(c) of the Regulation - compliance with legal obligations |
natural persons - subscribers (customers), their employees and representatives, natural persons - employees and representatives of subscribers (customers), end-users of subscribers' benefits |
first name, surname, date of birth, birth number, address of permanent or other residence, nationality, type and number of identity document, other personal data proving the status of the CRO or the function of the person concerned with the client, other personal data stated in the documents on the transaction |
5 years from the end of the contractual relationship with the customer, unless the financial intelligence unit requests in writing for longer retention (maximum another 5 years) in accordance with Section 19 of Act No. 297/2008 Coll. on protection against money laundering and on protection against terrorist financing and on amendment and supplementation of certain acts, as amended |
| Handling of exercised rights of data subjects |
Art. 6(1)(c) of the Regulation - compliance with legal obligations |
natural persons who have made a request or exercised data subject rights to the controller |
common personal data included in the application |
until the rights asserted have been settled |
| Records of the rights exercised by the persons concerned Records of the manner in which the rights exercised have been dealt with |
Art. 6(1)(f) of the Regulation - the legitimate interest of the controller, which is to record the exercised rights of data subjects for the purpose of demonstrating compliance with obligations arising from legal provisions |
natural persons who have made an application or exercised data subjects' rights to the transferor |
common personal data included in the application |
5 years from the date on which the rights asserted or other request is processed |
| Responding to messages and handling queries/requests from messages sent to the operator via the contact form on the website, messages on social networks, email communication or by telephone |
Art. 6(1)(f) of the Regulation - the legitimate interest of the controller, which is to respond to messages from e-mail communications or messages received in another form for the proper conduct of business communications, the quality of service provision and the acquisition of new clientele |
natural persons sending a message / enquiry |
name, surname, e-mail, telephone number, other data specified in the message |
30 days from the date of receipt of the request or until the request is processed (purpose fulfilled), whichever is sooner |
| Direct marketing - former and current customers (newsletter) |
Art. 6(1)(f) of the Regulation - the legitimate interest of the controller, which consists in the need for the controller to inform its clients about commercial offers and other information concerning the clients |
natural persons - clients/customers, natural persons - representatives of customers/clients |
e-mail address, name, surname, affiliation to the client's company |
3 years from the date of service or until unsubscription from the newsletter |
| Direct marketing - sending a newsletter |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons who have subscribed to the newsletter and given their consent |
e-mail address, name, surname, affiliation to the client's company |
3 years from the date of consent or until its revocation, whichever is the earlier |
| Taking and publishing photographs and audiovisual recordings of data subjects on the website of the controller and on other communication channels (social networks Facebook, Instagram, LinkedIn and Youtube channel) |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons who have given their consent - employees, members of bodies, cooperating business partners, customers |
photography, audiovisual recording |
5 years from the date of consent or until its revocation, whichever is the earlier |
| Publication of the title, name, surname, telephone number, e-mail address and funckie of the data subjects on the website of the Operator and on and on other communication channels (social networks Facebook, Instagram, LinkedIn and Youtube channel) |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons who have given consent (cooperating business partners, other data subjects) |
name, surname, tel. no., e-mail address, function |
5 years from the date of consent or until its revocation, whichever is the earlier |
| Organising competitions for the public and publicising winners |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons entering the competition - members of the public |
common personal data (title, name, surname, home address, photograph) |
2 years from the date of consent or until its revocation, whichever is the earlier |
| Publication of testimonials about the Operator's services (on the Operator's website, communication channels and in the Operator's presentation and sales materials) |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons who have consented to the publication of the reference |
name, surname, function in the client's company |
3 years from the date of consent or until its revocation, whichever is the earlier |
| Processing of personal data for the purpose of measuring website traffic and targeting the operator's advertising (via cookies) |
Art. 6(1)(a) of the Regulation - consent of the data subject |
natural persons who have visited the website and have given their consent |
IP address and other data about activity on the website of the controller |
2 years from the date of consent or until revocation, whichever is earlier (depending on the type of cookie) |
| Processing of accounting documents |
Art. 6(1)(c) of the Regulation - compliance with legal obligations |
natural persons - suppliers of goods and services, their employees and agents, intermediaries, natural persons - customers, their employees and agents |
common personal data necessary for the fulfilment of legal obligations (name, surname, address of residence / place of business, address of service delivery, contact details - telephone number, email address, bank connection) |
10 years following the year to which they relate |
In connection with the security of personal data, the Controller has adopted the relevant internal documentation specifying the appropriate security measures adopted by the Controller for the purpose of securing your personal data.
Source of personal data
When processing personal data, the Controller obtains your personal data directly from you if you provide it yourself (e.g.
by sending a request to the Controller via the contact form on the website, subscribing to the newsletter, ordering services from the Controller, entering a competition organised by the Controller) or directly when you visit the Controller's website
(online identifiers).
If the services of the Operator are ordered by a commercial company of which you are a representative or contact person, the source of your personal data is this company.
To whom does the Controller provide your personal data?
In certain cases, the controller is obliged to provide your personal data to public authorities or other recipients who are authorised to process your personal data. These recipients include courts, law enforcement authorities, the competent tax administrator, supervisory authorities (the Slovak Trade Inspection Authority) as well as the Office for Personal Data Protection.
Other recipients of your personal data include companies operating social networks and the Youtube platform if you contact the Operator via a message on a social network, participate in a competition organised by the Operator on a social network or on a website, give consent to the Operator to publish your testimonial about its services or your photo (Meta Platforms Ireland and LinkedIn Ireland Unlimited Company). If you visit the Operator's website and consent to the use of online analytical and marketing tools (cookies), the recipients of your personal data are also the companies providing online advertising and analytical tools (Meta Platforms Ireland, Google Ireland Limited).
Intermediaries
In some cases, the Controller also provides your personal data to its processors, i.e. external entities that process your personal data on behalf of the Controller. The processors process personal data on the basis of a contract concluded with the Controller, in which they undertake to take appropriate technical and security measures in order to process your personal data securely. The following companies are processors of the Controller:
- commercial companies and natural persons - entrepreneurs with whom the Operator cooperates and who supply services to the Operator (in the provision of marketing services, IT services, web hosting services and services in the field of personal data protection and information security),
- a company providing online accounting and billing software (application),
- companies providing software (applications) services to record time worked, orders placed and client records,
- a company providing an online cloud storage service,
- a company providing newsletter services and
- companies providing hosting services.
Is your personal data transferred to third countries and international organisations?
In some cases, the processing of your personal data by the Controller involves the transfer of your personal data to third countries:
- if you subscribe to a newsletter or if you are sent a client newsletter, your personal data is transferred to The Rocket Science Group, LLC, a company in the USA, which is the operator of the Mailchimp service used by the Controller for the distribution of newsletters,
- if you consent to the storage of analytics and marketing cookies, your personal data may be transferred to the USA, to Google LLC, Meta Platforms and LinkedIn Corporation, as the parent companies of the European providers of the aforementioned services, which the Operator uses for the purpose of measuring traffic and activity on the Operator's website, on the basis of the legislation in force there,
- if you contact the Controller by means of a message on social networks, your personal data may be transferred to the USA, to Meta Platforms and LinkedIn Corporation, as the parent companies of the European operators of the social networks Facebook, INSTAGRAM and LinkedIn, on the basis of the legislation in force there,
- when using online cloud storage, your personal data may be transferred to Google, LLC in the USA, which is the operator of the aforementioned service,
- when using online software (applications) to record time worked, orders placed and client records, your personal data may be transferred to the USA, to the companies operating the CLOCIFY and ASANA applications,
- when using online accounting software, your personal data is transferred to Bindu LTD, a UK company.
The transfer of your personal data is secured in all of the above cases by means of standard contractual clauses, which, in accordance with the terms of use of the above services, are part of the contracts of entrustment with the processing of personal data concluded with the above-specified entities.
Does the Operator use profiling and automated decision-making?
The controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, which would lead to the evaluation of your personal aspects.
Controller as processor processing personal data on behalf of another controller
When providing marketing services, hosting services and IT services for the Operator's clients (hereinafter referred to as "
clients"), personal data of data subjects may be processed by the Controller on behalf of its clients (clients' customers, clients' employees and other data subjects). When processing personal data of data subjects on behalf of clients, the Controller acts as a processor of personal data pursuant to Article 4(8). of the Regulation, whereby the controller who determines the purposes and means of the processing of personal data is always the client when processing personal data by the Controller in the capacity of processor.
The Controller concludes with its clients a contract of entrustment with the processing of personal data, which sets out the conditions for the processing of personal data of data subjects by the Controller as a processor on behalf of its clients, and the obligations relating to ensuring an adequate level of protection of the personal data processed. Unless otherwise agreed in an individual case, the aforementioned contract shall be governed by the wording of the contract of entrustment with the processing of personal data, the online version of which was provided by the Controller to the Client upon conclusion of the contractual relationship.
The purposes, legal bases, scope and range of recipients of the personal data processed by the Operator as a processor on behalf of its clients are determined by the clients, whereby
the Operator, in cases where it processes the personal data of data subjects on behalf of its clients, acts exclusively in accordance with the instructions of its clients and the relevant legislation, fulfils the obligations of a processor under the provisions of the Personal Data Protection Regulations and does not carry out any other processing operations with the personal data other than those which result for the Operator from the concluded contract of entrustment with the processing of personal data and the purposes of the processing determined by the clients.
What are your rights in relation to the processing of personal data?
In connection with the processing of your personal data, you have the following rights as a data subject under the provisions of the Regulation:
| Right of access - As a data subject, you have the right to obtain confirmation from the Data Controller as to whether it is processing your personal data and, if so, the right to obtain access to that personal data and information pursuant to Article 15 of the Regulation. The Controller will provide you with a copy of the personal data that is being processed. If you make a request by electronic means, the information will be provided to you by the Controller in a commonly used electronic format, unless you request otherwise. |
Right to repair - The Controller has taken reasonable measures to ensure the accuracy, completeness and timeliness of your personal data. As a data subject, you have the right to have your inaccurate personal data corrected or your incomplete personal data completed by the Controller without undue delay. |
| RIGHT TO INSTALL
You have the right to object to the processing of personal data, for example, if the Controller processes your personal data on the basis of a legitimate interest or in the case of processing involving profiling. If you object to such processing of your personal data, the Controller will not further process your personal data unless it demonstrates the necessary legitimate grounds for further processing of your personal data. |
| Right to erasure ("right to be forgotten") - You also have the right to obtain from the Data Controller the erasure of your personal data without undue delay if certain conditions are met, for example, if the personal data are no longer necessary for the purposes for which the Data Controller obtained or processed them. However, this right of yours must be considered on a case-by-case basis, as there may be a situation where the Controller is prevented from erasing your personal data by other circumstances (for example, a legal obligation of the Controller). This means that in such a case, the Data Controller will not be able to comply with your request to erase your personal data. |
Right to data portability - In certain circumstances, you have the right to transfer your personal data to another controller that you designate. However, the right to portability only applies to personal data that the Controller processes on the basis of consent granted by you to the Controller, on the basis of a contract to which you are a party or where the Controller processes personal data by automated means. |
| THE RIGHT TO WITHDRAW CONSENT
If the Controller processes your personal data on the basis of your consent, you have the right to withdraw the consent at any time in the same way as you gave it. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to the withdrawal of consent. |
| Right to restriction of processing - You also have the right to have the Controller restrict the processing of your personal data. This will be the case, for example, if you contest the accuracy of the personal data or if the processing is unlawful and you request the restriction of processing, or if the Data Controller no longer needs your personal data for the purposes of processing but you need them to prove, exercise or defend legal claims. The Controller will restrict the processing of your personal data if you so request. |
Right to lodge a complaint or complaint - If you feel that your personal data is being processed in violation of applicable law, you may lodge a complaint with the supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic, with registered office at Námestie 1.mája 18 (Park One Building), 811 06 Bratislava; website: dataprotection.gov.sk, tel. 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk |
You can exercise your rights set out in the table above by contacting the Operator at the contact addresses set out at the beginning of this document. The Controller will provide you with a response to the exercise of your rights free of charge. In the event of a repeated, unfounded or unreasonable request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of the information. The Controller shall provide you with a reply within 1 month from the date on which you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the event of a high number and complexity of requests from data subjects, but not more than 2 months. The Controller will always inform you of the extension of the time limit.
Social media and links to other websites
As part of the marketing and advertising support, you will find links to various social networks such as Facebook on the Operator's website. The Operator hereby wishes to inform you that once you click on the add-on on the website and go to the social network, the privacy policy of the social network operator will apply, except if you contact the Operator via a message on the social network (in which case the processing of your personal data is also governed by this Policy and your personal data will be processed by the Operator in accordance with the information provided above).
For more information on the processing of your personal data by social network operators, please visit the following links: (
Youtube:
https://policies.google.com/technologies/product-privacy?hl=sk.
Validity
This updated Policy is valid and effective as of 10.09.2025. As it may be required to update the information on the processing of personal data contained in this Policy in the future, the Controller is entitled to update this Policy at any time. However, in such a case, the Controller will notify you of this in an appropriate manner in advance.