These personal data protection principles contain information about the processing of personal data of data subjects by KOGA Bau s.r.o. with its registered office at Kopčianska 3756/10 851 01 Bratislava – Petržalka district, Company ID: 45462283, registered in the Commercial Register of the Municipal Court Bratislava III, entry no. 118615/B (hereinafter referred to as the “Controller“), on the website www.kogabau.sk or on the company’s social media profile (hereinafter referred to as the “Website“). We process all personal data in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the “GDPR Regulation“) and in accordance with Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the “Act”) and other relevant regulations on the protection of personal data.
The aim of these principles is to provide you with answers to the questions for whom your personal data is processed, how it is processed and what your rights and obligations are in relation to the processing of personal data. These Principles also provide you with other relevant information about the processing of your personal data and thus represent the fulfillment of the Operator’s information obligation under Art. 13, as well as Art. 14 of the GDPR Regulation regarding the processing of personal data on the website. The conditions for the processing of personal data that occurs outside the website are regulated in the Operator’s general principles for the protection of personal data and in other internal regulations of the Operator on the protection of personal data.
Your personal data is processed by KOGA Bau s.r.o. with its registered office at Kopčianska 3756/10 851 01 Bratislava – Petržalka city district, Company ID: 45462283, registered in the Commercial Register of the Municipal Court Bratislava III, entry no. 118615/B.
E-mail: kogabau@kogabau.sk
We process your personal data exclusively for a specified purpose, in a specified manner and by specified means, and only for the period necessary for the purpose of processing. We process your personal data in such a way as to prevent unauthorized access to your personal data, unauthorized transfer, loss, destruction, or other unauthorized processing. When processing your personal data, we comply with technical and organizational measures in order to guarantee the highest level of security with respect to all possible risks. All persons authorized to process your personal data are bound by confidentiality regarding information obtained in connection with the processing of this personal data.
The Operator always processes your personal data in accordance with the principle of minimization in order to meet any contractual and legal requirements, to process personal data in the processing of which it has a legitimate interest, or to process your personal data if you grant it consent to their processing, always only to the extent that the specified purpose of the processing is fulfilled. This means that the Operator does not require personal data from you that are not necessary for the specific purpose of the processing.
The operator processes personal data about you within the scope of common personal data, including: name, surname, mobile phone number, e-mail, contact address, online identifiers (IP address, activity on the website) and other personal data that you provide to it.
We process your personal data in accordance with Art. 6 (1) (b) of the GDPR, i.e. the processing of your personal data is necessary for the performance of a contract or to take steps prior to entering into a contract at the request of the data subject.
In accordance with the above legal basis, we proceed in the case of receiving and processing orders for the services provided, in the event that you order the services we provide via a message sent via the contact form on our website, a message on a social network, a contact e-mail address or by telephone. The retention period of this personal data is until the full settlement of legal and other claims arising from the contractual relationship, at least 3 years from the date of termination of the contractual relationship.
We process your personal data in accordance with Art. 6 (1) (a) of the GDPR, i.e. the processing of your personal data is based on your consent.
We proceed in accordance with the above legal basis if you contact us with your request via a message sent via the contact form located on our website or via a message on a social network. The retention period of this personal data is 3 months from the date of receipt of the request or until it is processed, whichever occurs first.
We also need your consent to measure traffic to our website and to target advertising through analytical and marketing cookies. The retention period of this personal data is until the data subject withdraws consent, but for a maximum of 2 years.
We also process your personal data in accordance with Article 6(1)(c) of the GDPR, i.e. the processing of your personal data is necessary to comply with legal obligations.
We proceed in accordance with the above legal basis if you send us a request or exercise any of the rights of the data subject. The retention period of this personal data is until the request is processed.
In certain cases, the controller is obliged to provide your personal data to public authorities or other recipients who are authorized to process your personal data. These recipients include courts or law enforcement agencies.
Other recipients of your personal data include companies operating social networks if you contact the Operator via a message on a social network (Facebook Inc) and Google, LLC, which is the provider of the Google Analytics service, which is used to measure traffic to the Operator’s website.
The Operator has concluded cooperation agreements with Intermediaries in connection with ensuring proper operation. The Operator has selected the Intermediaries who come into contact with your personal data so that your personal data is safe and that these Intermediaries meet the conditions for the protection of personal data required by the GDPR Regulation and the Act. We have concluded agreements with Intermediaries on the processing of personal data, including confidentiality.
Intermediaries are business companies and natural persons – entrepreneurs with whom the Operator cooperates and who supply it with services (web hosting services, accounting processing), a company providing online accounting and invoicing software, a company providing online cloud storage services.
When processing your personal data by the Operator, in some cases your personal data is transferred to third countries:
The transfer of your personal data in all the above cases is ensured through standard contractual clauses, which are part of the contracts for the processing of personal data concluded with the entities specified above, in accordance with the terms of use of the above-mentioned services.
The security of your personal data is of paramount importance to us. We have taken the necessary technical and organizational measures to ensure the protection of your personal data. As technology improves, we also improve these security systems, using virus checks, antivirus programs and firewalls.
If our systems were to be attacked by a hacker, or if our system were to be attacked in some other way, or if another security incident occurred and there was even the slightest threat of data leakage and damage to your rights, you will be informed within 72 hours of the measures taken and we will also inform the supervisory authority for personal data protection in the Slovak Republic, which is the Office for Personal Data Protection, within the same period.
As a Data Subject whose personal data is processed by the Operator, you have the right to be informed of all of the above-mentioned facts, as well as that you have the following rights:
a) the right to request from the Operator access to the personal data it processes about you
If you would like to know which personal data the Controller processes about you, we will be happy to provide it to you upon request. Simply send us your request by email: kogabau@kogabau.sk and we will process it without delay, but no later than 30 days from the date of receipt of your request.
b) the right to correct your personal data
If the data you have provided to us is out of date, has changed, is in any way incorrect, or is incomplete, please let us know at our email address kogabau@kogabau.sk and we will correct it for you without delay. We will also inform all our Intermediaries who process your personal data about this change so that they can also correct your personal data, and we will also provide you with feedback that this correction of your personal data has taken place.
c) the right to delete your personal data
If you are not satisfied with how we process your personal data, you also have the right to have your personal data deleted. You also have the right to be forgotten – the right to have your personal data deleted after the purpose for which they were provided has been achieved, i.e. after the contract has been fulfilled, or after the end of the mandatory retention period in accordance with special regulations of the Slovak Republic. The right to delete your personal data is therefore not absolute. If we need your data to fulfil our legal obligations, we will have to process it further for this purpose. We do not process or store personal data that has fulfilled its purpose. We will inform you about the deletion of your personal data.
d) the right to restrict the processing of your personal data
As a data subject, you have the right to request restriction of the processing of your personal data, if you contest the accuracy of the personal data, during the period of verification of the accuracy of the data; or if the processing of personal data is unlawful and instead of erasure of the data you request restriction of its processing; and also if the Operator does not need your personal data for the purpose stated, but you need them to prove or defend your legal claims. When restricting the processing of personal data, your data will remain in our systems, but we will no longer use them for our purposes. We will inform you that we have restricted the processing of your personal data.
e) the right to object to the processing of your personal data
As a data subject, you have the right to object to the processing of your personal data on grounds relating to your particular situation, carried out pursuant to Section 13(1)(e) or (f), including profiling based on these provisions. In the event that your data are processed on the basis of a legitimate interest, the Controller shall be obliged to demonstrate that its legitimate interests in processing the personal data override the rights or interests of the data subject or the grounds for asserting a legal claim, otherwise it may not further process these personal data.
f) the right to portability of your personal data
At the same time, you have the right to request the transfer of your personal data to another Controller, whose data you will notify us in writing. Technically possible, it is for us to implement such a transfer in the case of the transfer of an e-mail address, other data, given the difference in the purpose of their processing compared to the processing of an e-mail address (see above), we will provide you with depending on the circumstances of the case. The Controller is entitled to refuse the data subject’s request for data transfer if the requested transfer could have adverse consequences for the rights and freedoms of others and the legal conditions for the exercise of the right to transfer under the GDPR Regulation are not met.
If you are not satisfied with how we process your personal data, you can inform us by email at kogabau@kogabau.sk . You also have the option of filing a complaint or a motion to initiate proceedings with the Office for Personal Data Protection if you believe that we are processing your personal data unlawfully. You can find a sample motion on the website of the Office for Personal Data Protection. The contact details of the Office for Personal Data Protection of the Slovak Republic are as follows: address Hraničná 12, 820 07 Bratislava 27; website: dataprotection.gov.sk, tel. number: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk.
The operator does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making that would involve evaluating your personal aspects.
When providing services to the Controller’s clients (hereinafter referred to as “clients“), the Controller may process personal data of data subjects on behalf of its clients. When processing personal data of data subjects on behalf of clients, the Controller acts as a processor of personal data pursuant to Article 4, point 8 of the GDPR, while the controller who determines the purposes and means of processing personal data when processing personal data by the Controller in the capacity of a processor is always the client.
The Operator concludes a contract with its clients on the authorization of the processing of personal data, which sets out the conditions for the processing of personal data of the data subjects by the Operator as an intermediary on behalf of its clients, and the obligations relating to ensuring an adequate level of protection of the processed personal data.
The purposes, legal bases, scope and circle of recipients of personal data processed by the Operator as an intermediary on behalf of clients are determined by the clients, while the Operator, in cases where it processes the personal data of the data subjects on behalf of its clients, proceeds exclusively according to the instructions of its clients and relevant legal regulations, fulfills the obligations of the intermediary under the provisions of the GDPR Regulation and the Act and does not perform any other processing operations with personal data except those that result from the concluded agreement on the authorization to process personal data and the purposes of processing specified by the clients.
This updated Privacy Policy is valid and effective from June 16, 2021. Given that the information on the processing of personal data contained in this Privacy Policy may need to be updated in the future, the Operator is entitled to change and update this Privacy Policy at any time. In such a case, the Operator will inform you accordingly.
The company KOGA Bau s. r. o. offers comprehensive technical solutions to companies involved in construction. We accompany the client from the design of a technical solution with the designer to the final approval.
The company KOGA Bau s. r. o. offers comprehensive technical solutions to companies involved in construction.
© 2025 KOGABAU | All rights reserved
