GDPR, Privacy and Cookies Policy
Effective date: 01 January 2026
This Privacy and Cookies Policy explains how Webiano Digital & Marketing Agency processes personal data when you use our website, contact us, request our services, subscribe to our newsletter, interact with our official social media pages, or otherwise communicate with us.
We process personal data in accordance with Regulation (EU) 2016/679 (GDPR), applicable Slovak personal data protection rules, and the Slovak rules governing cookies and similar technologies.
Who we are
For the operation of this website, contact forms, newsletter administration, social media communications, and brand-related marketing activities, the joint controllers are:
Deluxtrade s.r.o.
Company ID No.: 46560548
Registered office: Smetanova 17, 943 01 Štúrovo, Slovak Republic
Deluxtrade Europe s.r.o.
Company ID No.: 47639181
VAT ID: SK2024042702
Registered office: Smetanova 17, 943 01 Štúrovo, Slovak Republic
For contractual, billing, tax, accounting, and related legal matters, the controller is the legal entity identified in the relevant offer, order, contract, or invoice.
You may contact us regarding privacy matters at:
Email: sk@webiano.digital
Phone: +421 901 721 888
Postal address: Smetanova 17, 943 01 Štúrovo, Slovak Republic
You may exercise your data protection rights through either of the above entities.
Scope of this policy
This policy applies to personal data processed through:
the website and its forms
email, phone, and direct communications
newsletter and marketing communications
official social media profiles and messaging channels
business enquiries, quotations, and service delivery
cookies and similar technologies
This policy does not apply to third-party websites, platforms, or services that may be linked from our website and operate under their own privacy notices.
What personal data we process, why we process it, and how long we keep it
| Purpose of processing | Categories of personal data | Legal basis | Retention period |
|---|---|---|---|
| Responding to enquiries, messages, and requests sent through the website, email, phone, or social media | Name, email address, phone number, company name, message content, any information you choose to provide | Article 6(1)(f) GDPR, our legitimate interest in handling communications and business enquiries | Usually up to 12 months after the last communication, unless a longer period is necessary to handle the request or defend legal claims |
| Preparing quotations, arranging meetings, and taking pre-contractual steps at your request | Name, email address, phone number, company details, project details, billing details where needed | Article 6(1)(b) GDPR, pre-contractual measures taken at your request | Usually up to 12 months from the last active contact, unless a contract is concluded |
| Providing services and managing the client relationship | Identification and contact data, company data, billing data, project materials, communication records, data necessary for service delivery | Article 6(1)(b) GDPR, performance of a contract | For the duration of the contract and thereafter for as long as necessary to protect legal claims and comply with legal obligations |
| Invoicing, accounting, tax compliance, and record-keeping | Name, surname, address, business address, company ID, VAT ID, billing and payment data, transaction details | Article 6(1)(c) GDPR, compliance with legal obligations | For the period required by applicable accounting, tax, and related legal rules |
| Sending newsletters to subscribers who have opted in | Email address, name, company name, subscription preferences | Article 6(1)(a) GDPR, consent | Until consent is withdrawn or until we stop the newsletter service |
| Sending information about similar services to existing clients where permitted by law | Name, email address, company, information about the existing business relationship | Article 6(1)(f) GDPR, legitimate interest in direct marketing to existing clients, subject to applicable e-privacy rules | Until you object, unsubscribe, or for a reasonable period after the end of the client relationship |
| Publishing testimonials, references, case studies, photographs, or audiovisual materials containing personal data | Name, surname, job title, company, image, voice, testimonial content | Article 6(1)(a) GDPR, consent, unless another lawful basis clearly applies | Until consent is withdrawn, the content is removed, or the agreed publication period expires |
| Administering events, campaigns, giveaways, or public promotions, if applicable | Name, surname, contact details, delivery details, image where relevant, campaign-related records | Article 6(1)(b) GDPR or Article 6(1)(a) GDPR, depending on the activity | For the duration of the campaign and thereafter for as long as necessary to document the process and comply with legal obligations |
| Website security, fraud prevention, troubleshooting, and protection of our systems | IP address, device and browser data, server logs, timestamps, security-related technical data | Article 6(1)(f) GDPR, legitimate interest in website and network security | Usually up to 90 days, unless longer retention is necessary for security incidents or legal claims |
| Managing cookie preferences and keeping evidence of consent or refusal | Consent choice, consent timestamp, cookie banner preferences, device/browser identifiers linked to the consent record | Article 6(1)(f) GDPR, accountability and proof of compliance, and where required Article 6(1)(c) GDPR | For as long as needed to demonstrate compliance, typically up to 5 years or according to the limitation period relevant to the issue |
| Analytics, performance measurement, personalization, and advertising based on non-essential cookies or similar technologies | Online identifiers, IP address, cookie IDs, browser and device data, usage data, page interactions, campaign data | Article 6(1)(a) GDPR, consent | For the period stated in the cookie settings tool or until consent is withdrawn |
If we need to process your personal data for a new purpose that is incompatible with the original purpose, we will inform you before doing so unless the law allows otherwise.
Data we expect you not to send us
Please do not send us special category data or other highly sensitive personal data through ordinary contact forms or general email unless this is strictly necessary and we have agreed on an appropriate legal and security basis in advance.
Source of personal data
We usually obtain personal data:
directly from you, when you contact us, send an enquiry, subscribe, enter into a contract, or interact with us on social media
from the company or organisation you represent, where you act as a contact person, employee, contractor, or representative
automatically from your device and browser, through logs, cookies, and similar technologies when you visit the website
from publicly available business sources, such as company websites, professional profiles, or public registers, where this is relevant to a business enquiry or service relationship
Whether providing data is mandatory
In some cases, providing personal data is necessary for us to respond to your request, prepare an offer, enter into a contract, or comply with legal obligations. If you do not provide the required data, we may be unable to answer your request, conclude a contract, or deliver the requested service.
Where processing is based on consent, providing your data is voluntary and you may withdraw your consent at any time.
Recipients of personal data
We may disclose personal data to the following categories of recipients where necessary and appropriate:
hosting, IT, website maintenance, and cybersecurity providers
email, office, and cloud service providers
analytics, advertising, and social media platform providers, but only where the relevant legal basis exists, especially consent where required
accounting, tax, audit, and legal advisers
payment, invoicing, and administrative service providers
contractors and professional partners involved in the delivery of a requested service
public authorities, courts, regulators, law enforcement authorities, and supervisory bodies where disclosure is required by law or necessary to protect our rights
Where a recipient acts as a processor on our behalf, we require that recipient to process personal data only on our instructions and under appropriate contractual and security safeguards.
Social media pages and messaging
If you contact us through our official profiles or pages on social media platforms, your personal data is also processed by the relevant platform provider under its own rules.
For our own communication, community management, and responses to messages, we act as an independent controller of the personal data we actively process.
For certain aggregated page insights, audience statistics, and platform analytics features made available by social media providers, we and the platform provider may act as joint controllers to the extent required by applicable law and the platform’s terms.
International transfers
We primarily process personal data within the European Economic Area.
However, some of our service providers or platform partners may process data outside the European Economic Area, including in the United States. Where such transfers occur, we use a lawful transfer mechanism, for example:
an adequacy decision issued by the European Commission
the EU-US Data Privacy Framework, where the US recipient is properly certified and the framework is applicable
the European Commission’s Standard Contractual Clauses together with supplementary safeguards where required
You may contact us if you would like more information about the transfer mechanism relevant to a specific processing activity.
Automated decision-making and profiling
We do not carry out solely automated decision-making that produces legal effects or similarly significant effects on individuals through this website.
We may use limited segmentation, campaign measurement, or audience analytics for marketing and website improvement purposes, but not in a way that results in legally significant automated decisions about you.
Data security
We apply appropriate technical, organisational, and security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures include access controls, need-to-know restrictions, secure hosting arrangements, vendor due diligence, internal policies, and security procedures proportionate to the nature of the data and the risks involved.
Your rights
Under the GDPR, you may have the following rights:
Right of access
You may ask us whether we process your personal data and request access to that data and related information.
Right to rectification
You may request that we correct inaccurate personal data or complete incomplete data.
Right to erasure
You may request deletion of your personal data where the legal conditions are met.
Right to restriction of processing
You may request that we limit the way we process your data in certain situations.
Right to data portability
Where legally applicable, you may request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.
Right to object
You may object to processing based on legitimate interests. You also have the right to object at any time to the processing of your personal data for direct marketing purposes, and if you do so, we will stop processing your data for that purpose.
Right to withdraw consent
Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to lodge a complaint
You may lodge a complaint with the supervisory authority, especially in the Member State of your habitual residence, place of work, or place of the alleged infringement.
To exercise your rights, contact us using the contact details listed above. We may request reasonable proof of identity before acting on your request.
We respond to requests within the time limits required by law, normally within one month. That period may be extended where the request is complex or numerous, in accordance with the GDPR.
Supervisory authority in Slovakia
If you wish to lodge a complaint in Slovakia, you may contact:
Personal Data Protection Office of the Slovak Republic
Budova Park one
Námestie 1. mája 18
811 06 Bratislava
Slovak Republic
Email: statny.dozor@pdp.gov.sk
Cookies and similar technologies
We use cookies and similar technologies to make the website work, keep it secure, remember your preferences, measure website performance, and where you agree, support analytics and marketing activities.
Cookies are small text files or comparable technologies stored on your device when you visit a website.
Types of cookies we use
| Category | Purpose | Legal basis |
|---|---|---|
| Strictly necessary cookies | Essential site functions, security, load balancing, session handling, consent preference storage | Necessary for the functioning of the site and applicable electronic communications rules |
| Preference cookies | Remembering language, interface, and user choices | Consent where required |
| Analytics cookies | Measuring traffic, understanding how visitors use the site, improving content and performance | Consent |
| Marketing cookies | Advertising measurement, remarketing, audience building, campaign effectiveness | Consent |
| Third-party content cookies | Embedded video, social media integrations, or other third-party content that may place cookies | Consent where required |
How consent works
When you first visit the website, you will be able to:
accept all non-essential cookies
reject all non-essential cookies
choose your cookie preferences by category
Non-essential cookies are not set before you provide valid consent, except where a cookie is strictly necessary for the technical operation of the website or for a service you explicitly requested.
You may change or withdraw your cookie preferences at any time through the cookie settings tool available on the website.
Browser settings
You can also manage cookies through your browser settings. However, disabling strictly necessary cookies may affect the functionality and availability of some parts of the website.
Detailed cookie information
The current list of cookies, providers, purposes, duration, and categories is available in our cookie settings tool or cookie banner interface on the website. We may update that list from time to time as our tools and services change.
Children
Our website and services are intended for business and general professional use and are not directed at children under the age of 16. If you believe that a child has provided personal data to us without appropriate authorisation, please contact us and we will review the matter.
Changes to this policy
We may update this Privacy and Cookies Policy from time to time to reflect changes in law, guidance, technology, our services, or our processing activities.
The latest version will always be published on the website together with the effective date.
If the changes are material, we will take appropriate steps to bring the updated version to your attention.
Contact
If you have any questions about this Privacy and Cookies Policy or about how we process personal data, please contact us at:
Webiano Digital & Marketing Agency
Smetanova 17
943 01 Štúrovo
Slovak Republic
Email: sk@webiano.digital
Phone: +421 901 721 888