Privacy Policy

1. Introduction

This Privacy Policy (“Policy”) describes how greasy s.r.o., registered at Mateja Bela 3460/68, 010 15 Žilina, Slovakia, Company ID: 56800371 (“Provider”), processes personal data in connection with the provision of the online platform spoteek (“Service”).

This Policy applies to:

  • Organizers – individuals or companies using the Service to organize events.
  • Participants – individuals registering for events organized via the Service.

2. Role under GDPR

  • With respect to Organizers’ data, the Provider acts as a data controller.
  • With respect to Participants’ data, the Provider acts as a data processor, with the Organizer being the controller.

3. Processing of Organizers’ Data

Purpose of processing:

  • Account registration and management
  • Invoicing and payment processing
  • Communication and technical support
  • Compliance with legal obligations

Legal basis:

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Compliance with a legal obligation (Art. 6(1)(c) GDPR)
  • Legitimate interest (Art. 6(1)(f) GDPR) – protection of rights and operation of the Service

Categories of data processed:

  • Full name
  • Email address
  • Telephone number (if provided)
  • Billing details
  • Service usage data, IP address

Retention period: For the duration of the contractual relationship and for 3 years after its termination, unless longer retention is required by law.

4. Processing of Participants’ Data

Purpose of processing:

  • Enabling registration and participation in events
  • Managing participant lists
  • Communication related to the event

Legal basis:

  • Performance of a contract between the Participant and the Organizer (Art. 6(1)(b) GDPR)

Categories of data processed:

  • Full name
  • Email address
  • Telephone number (if required)
  • IP address
  • Event attendance information
  • Additional data provided during registration

Retention period: As instructed by the Organizer, but no longer than necessary for the purpose of processing. After this period, data will be deleted or anonymized.

5. Data Sharing and Subprocessors

Personal data may be disclosed to third parties solely for the purpose of providing the Service. The Provider uses the following subprocessors:

  • Linode LLC – hosting infrastructure and database provider (servers located in the EU – Germany)
  • Resend, Inc. – transactional email service provider (servers in the EU and USA)
  • Mailchimp (The Rocket Science Group LLC) – email marketing platform for managing newsletter subscriptions and bulk communication, if enabled by the Organizer (servers in the USA)
  • Stripe Payments Europe, Ltd. – payment gateway provider for processing payments and related billing data

The Provider ensures that all subprocessors meet GDPR requirements and that a data processing agreement is in place with each of them.

6. Data Transfers Outside the EU

Some subprocessors (Resend, Mailchimp) have servers in the USA. When transferring data outside the EU, the Provider ensures such transfer complies with GDPR, primarily through:

  • Adequacy decisions of the European Commission, or
  • Standard Contractual Clauses (SCC) providing appropriate safeguards for personal data.

7. Rights of Data Subjects

Every data subject has the right to:

  • Access their data
  • Rectify or complete their data
  • Erase their data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Lodge a complaint with the Slovak Data Protection Authority

Requests can be sent to: info@spoteek.com

8. Data Security

The Provider implements appropriate technical and organizational measures to protect data, including encryption, access control, backups, and security incident monitoring.

9. Changes to the Policy

The Provider may update this Policy at any time. The updated version will be published in the Service and notified to Organizers.

10. Contact

greasy s.r.o.
Email: info@spoteek.com