GDPR – Privacy Policy

**KorSoft s.r.o.**, located at Neslušská cesta 1102/66, 024 01 Kysucké Nové Mesto, Slovakia (hereinafter referred to as "we" or "KorSoft"), takes the protection of your personal data very seriously. This policy explains how we process and protect your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (the "GDPR") and applicable data protection laws.

1. What Data Do We Process and How Do We Obtain It?

We only process personal data that you voluntarily provide to us or that is generated when using our platforms:

• B2B Contact Form: Name/Company Name, Email, Phone number, and the text of your business request.
• Consultation Bookings (Calendly): Name, Email, Company Name, and the scheduled time for the meeting.
• Local Clickstream Telemetry: If you grant consent, we save anonymized clickstream and page interaction data in our own local database. **This data never includes your name, address, or full IP addresses** (IPs are encrypted and masked prior to database write).

2. Purpose and Legal Basis of Processing

We process your personal data exclusively for the following purposes:

1. Answering Inquiries & Pre-contractual relationships (Legal basis: Performance of contract / pre-contractual steps under Art. 6 (1) (b) GDPR) — processing form inquiries to prepare business bids and specifications.
2. Technical optimization & Website stability (Legal basis: Consent of the data subject under Art. 6 (1) (a) GDPR) — local analytics telemetry without third-party tools.
3. Protection of our rights and legitimate interest (Legal basis: Legitimate interest under Art. 6 (1) (f) GDPR) — spam prevention and protecting our hosting infrastructure.

3. Data Recipients and Third-Country Transfers

We protect your privacy. **We never sell, lease, or share your personal data with third parties for marketing or tracking purposes.**

Our servers and databases are physically and virtually located in secure data centers **exclusively inside the Slovak Republic (EU)**. We do not transfer personal data to third countries outside the EU/EEA. The only exception is the voluntary booking calendar Calendly, which processes scheduling data in strict accordance with European data protection regulations.

4. Data Retention Period

We retain personal data only for as long as necessary to fulfill the intended purpose:

• Inquiry form inputs are kept for the duration of the pre-contractual communication (maximum of 1 year unless it transitions into a contract).
• Active client data is kept for the duration of the business partnership plus 10 years as required by Slovak tax, accounting, and archiving laws.
• Anonymized local clickstream metrics are retained for a maximum of 1 year.

5. Your Rights Under GDPR Regulations

As a data subject, you hold the following rights under GDPR:

• Right of access to your personal data and information on how we process it.
• Right to rectification of inaccurate or incomplete records.
• Right to erasure ("right to be forgotten") if the data is no longer necessary or if you withdraw consent.
• Right to restriction of processing in specific cases.
• Right to object to processing based on legitimate interest.
• Right to data portability in a structured format.
• Right to withdraw consent at any time (e.g. by changing cookie settings).
• Right to lodge a sťažnosť (complaint) with a supervisory authority.

6. Data Security

We enforce robust technical and organizational security protocols to protect your personal data against accidental or illegal loss, destruction, alteration, unauthorized access, or leakage. All data transfers (including the contact form) are encrypted using SSL/TLS protocols (HTTPS). Database access is restricted exclusively to co-founders Jakub Korman and Dušan Korman.

7. Contact

If you wish to exercise your rights or have any questions regarding how we handle your personal data, please contact us directly at: [Load email...].