Legal · GDPR

Privacy Policy

Effective: 1 May 2026 Last updated: 1 May 2026 Version 1.0

This Privacy Policy explains how ArbiTech s.r.o. ("ArbiTech", "we", "our", or "us") collects, uses, and protects personal data when you visit arbitech.sk or otherwise interact with us. We process personal data in accordance with Regulation (EU) 2016/679 (the "GDPR") and Slovak Act No. 18/2018 Coll. on the Protection of Personal Data.

Contents

  1. Data Controller
  2. Personal Data We Collect
  3. Purposes & Legal Basis
  4. Recipients of Personal Data
  5. International Transfers
  6. Data Retention
  7. Your Rights
  8. Right to Lodge a Complaint
  9. Cookies
  10. Security
  11. Changes to this Policy
  12. Contact

1. Data Controller

The controller responsible for your personal data is:

ArbiTech s.r.o.

Registered seat: Bratislava, Slovakia

Company ID (IČO): to be inserted

Email (general): info@arbitech.sk

Email (privacy): privacy@arbitech.sk

We have not appointed a Data Protection Officer (DPO) under Art. 37 GDPR because we are not legally required to do so. Privacy enquiries are handled directly by the controller at the address above.

2. Personal Data We Collect

We collect only the data we need to operate our business. Specifically:

2.1 Information you give us

  • Contact form submissions — first name, last name, email address, optional company name, area of interest, and the content of your message.
  • Email correspondence sent to info@arbitech.sk, job@arbitech.sk, privacy@arbitech.sk or any other ArbiTech address — the address you write from and any data you choose to include in the message.
  • Job applications — typically name, contact details, professional history, CV/résumé, and any supporting materials you attach.

2.2 Information collected automatically

  • Server logs — IP address, user-agent string (browser and operating system), referring URL, requested URL, response status, and timestamps.
  • Live market data — our home-page price ticker fetches public-market data directly from Binance's public REST API; this is not personal data and is not associated with you.

We do not use third-party advertising trackers, behavioural-profiling cookies, marketing pixels, or session-replay tools.

3. Purposes & Legal Basis for Processing

We process personal data for the following purposes, on the legal bases set out in Article 6 of the GDPR:

Purpose Categories of data Legal basis
Replying to enquiries, proposals, and partnership requests Contact-form data, email correspondence Art. 6(1)(b) — pre-contractual measures, or 6(1)(f) — legitimate interest in operating our business
Evaluating job applications CV and supporting materials Art. 6(1)(b) — pre-contractual measures, supplemented by Art. 6(1)(a) — consent for retention beyond the active recruitment process
Operating, securing, and troubleshooting the website Server-log data Art. 6(1)(f) — legitimate interest in service security and integrity
Complying with legal, tax, and accounting obligations Contract data, invoicing data Art. 6(1)(c) — legal obligation

4. Recipients of Personal Data

We do not sell, rent, or trade personal data. Personal data may be disclosed to the following categories of recipients:

  • Hosting and email-infrastructure providers, acting as processors under written agreements that meet the requirements of Art. 28 GDPR.
  • Professional advisers (lawyers, accountants, auditors), where strictly necessary and bound by professional confidentiality.
  • Public authorities, where disclosure is required by applicable law or court order.
  • Our affiliated entity ArbiOps s.r.o., where you have indicated interest in services or roles delivered jointly across the Arbi Group.

5. International Transfers

Our primary infrastructure is located within the European Economic Area (EEA). Where any processor is located outside the EEA, we ensure that transfers are protected by appropriate safeguards under Chapter V GDPR — typically the European Commission's Standard Contractual Clauses (Decision 2021/914) or, where applicable, an adequacy decision. A copy of the relevant safeguards can be requested at privacy@arbitech.sk.

6. Data Retention

We retain personal data only for as long as is necessary for the purposes set out in this Policy:

  • Contact-form submissions and general correspondence: up to 24 months from the last related communication, then deleted unless a contractual or legal basis requires longer retention.
  • Job applications: for the duration of the active recruitment process, plus up to 12 months thereafter only with the candidate's explicit consent; otherwise deleted promptly.
  • Server logs: up to 6 months for security, debugging, and abuse prevention.
  • Contract and invoicing records: 10 years, as required by Slovak accounting and tax law.

7. Your Rights

Subject to the conditions and exceptions of the GDPR, you have the right to:

  • obtain confirmation of whether we process your personal data and a copy of that data — right of access (Art. 15);
  • have inaccurate or incomplete data corrected — right to rectification (Art. 16);
  • request erasure of your data — right to be forgotten (Art. 17);
  • request that we restrict processing — right to restriction (Art. 18);
  • receive your data in a structured, machine-readable format and transmit it to another controller — right to data portability (Art. 20);
  • object to processing based on our legitimate interest — right to object (Art. 21);
  • withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal — Art. 7(3).

To exercise any of these rights, please write to privacy@arbitech.sk. We will respond within one month of receiving your request; this period may be extended by up to two further months where necessary, in which case we will inform you of the extension and the reasons for it.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the EU Member State where you reside, work, or where the alleged infringement took place. The Slovak supervisory authority is:

Úrad na ochranu osobných údajov Slovenskej republiky

Hraničná 12, 820 07 Bratislava 27, Slovakia

Web: dataprotection.gov.sk

Email: statny.dozor@pdp.gov.sk

9. Cookies

This website uses only strictly necessary cookies that are essential for it to function (for example, session cookies that remember whether you have already dismissed a notice in the current visit). These cookies do not require consent under Art. 5(3) of the ePrivacy Directive as transposed into Slovak law.

We do not use marketing, advertising, analytics, or behavioural-profiling cookies. No data is shared with third-party advertising networks.

10. Security

We apply technical and organisational measures appropriate to the nature, scope, and purposes of processing, including: access control on a need-to-know basis, encryption of data in transit (TLS 1.2 or higher), encryption at rest where technically feasible, hardened server configurations, regular patching, and secure secrets management. Despite these measures, no system can guarantee absolute security; if a personal-data breach occurs that is likely to result in a high risk to your rights and freedoms, we will notify you and the supervisory authority in accordance with Art. 33–34 GDPR.

11. Changes to this Policy

We may update this Privacy Policy to reflect changes in our processing activities or applicable law. The current version is always available at this URL. Material changes will be highlighted on this page and, where appropriate, notified by email to active contacts. The "Effective" and "Last updated" dates at the top of this document indicate when the latest changes took effect.

12. Contact

For any questions about this Privacy Policy or how we handle your personal data, please write to:

Privacy enquiries

privacy@arbitech.sk