FinStat, s. r. o., fully respects and complies with the personal data protection requirements set forth in the relevant legal regulations, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, the “Regulation”).
This information is intended in particular for customers and registered users of the website https://hithorizons.com/ and contact persons of our customers whose personal data are processed by FinStat, s. r. o in relation to provision of HitHorizons services. Its aim is to provide data subjects with a sufficient overview of how their personal data are processed by FinStat, s. r. o. and what rights they have in relation to FinStat, s. r. o. regarding these data.
FinStat also processes personal data of other individuals so that it can its customers provide with commercial data about other entrepreneurs and companies. You can find more information about this processing here.

Information about processing of personal data through cookies used on website hithorizons.com is available here.

I. Who is processing your personal data?

The personal data controller is FinStat, s. r. o., with its registered office at Plynárenská 7/B, 821 09 Bratislava, the Slovak Republic, Corporate ID No.: 47 165 367, incorporated in the Business Register of the Bratislava III Municipal Court, Section Sro, File No. 89268/B (hereinafter referred to as “FinStat”, “we” or the “Controller”). The Controller’s contact information can be found in Article XIII.

II. Whose personal data do we process?

FinStat as the operator of the www.hithorizons.com website and HitHorizons for Teams processes the personal data of its customers, their contact persons and users who provided their personal data directly to the Controller to get access to paid services through the www.hithorizons.com or whose data have been provided to the Controller by their employer as our customer.

III. Which of your personal data are processed?

FinStat processes personal data of its customers, registered users or individuals acting on behalf of the customers (such as employees of FinStat's customers), that we have either obtained from you, person or entity you work for or through your use of our services or website, to the following extent: email address (which also serves as the log-in name), password in connection with the method of identification of these data with a particular computer / phone / tablet belonging to a particular natural person, name (or company name if the customer is a legal entity), address, contact email regarding the order, and the email used to log in to the user account. FinStat also processes Corporate ID number, Tax ID number, VAT ID number, name and surname of a contact person of the customer and their job position, telephone and email address and other business-related data. FinStat also processes information on services provided and any other data generated in the provision of HitHorizons services.
We may process information obtained through our communication with you, including:

• information about you that you provide us directly or that results from our mutual communication via the website, e-mail, or otherwise.
• information you give us or that we obtain when you use our website or services, obtain information about or subscribe to our services, participate in our promotional activities and questionnaires, contact us with your request or report an issue or perform any of these activities on behalf of your employer or another person or entity you represent.

When you use our website, we may obtain technical information from you, including the Internet protocol (IP) address used to connect your device to the Internet, specific online identifiers, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. When you use our services, we process also the unique identifier assigned to your user account to monitor site performance and conduct diagnostics to ensure optimal functionality. We may also collect the IP address from you and process it only for technical and security reasons. However, IP addresses are stored in our system separately from other data (in server logs).

IV. Why do we process your personal data?

Your personal data are used in the processing activities of FinStat:

• a) to conclude and perform a service agreement to which you or your employer (or another person on behalf which you are using or seeking to use our services) are a contracting party and to provide access to and operate our services and to manage and administer our relationships with our customers and users of our website;
• b) to develop relationships with customers and potential customers by performing marketing activities and supporting the Controller’s business;
• c) to meet the legal obligations of our company related to bookkeeping;
• d) for the purposes of maintaining a customer database – the CRM application;
• e) to maintain the protection and security of our website and
• f) for the purposes of establishment, exercise or defence of legal claims.

If you have used our service in the past and provided us with your email address, we may contact you at this email address in order to promote our services, special offers, news and provide other information related to our services via our newsletter. However, in relation to this you have the option to choose not to receive our newsletters by ticking the appropriate check box when submitting your email. You may also unsubscribe from our newsletter at any time by ticking the appropriate check box or by using the link in the newsletter, or you may contact us in this regard at any time.

V. On what legal basis is your personal data processed?

Your personal data are processed by the Controller on the following legal basis:

• If you, as a natural person, are the Controller’s customer, the processing for the purpose specified in Article IV, letter a) of this Privacy Policy is necessary for the conclusion and fulfilment of the service agreement with you as the Controller’s customer.
• If you are an employee of the Controller’s customer or are using the services as a natural person on behalf of the Controller’s customer, the processing of your data for the purpose specified in Article IV, letter a) of this Privacy Policy is based on the Controller’s legitimate interest in conclusion and fulfilment of the service agreement with the Controller’s customers.
• The processing for the purposes specified in Article IV, letter b) and c) of this Privacy Policy are based on the legitimate interest of the Controller in developing and maintaining relationships with customers.
• Your personal data is processed for the purpose specified in Article IV, letter c) of this Privacy Policy based on our legal obligations, particularly those arising from the Slovak Accounting Act No. 431/2002 Coll.
• The processing for the purposes specified in Article IV, letter e) of this Privacy Policy is based on our legitimate interest in protection and security of our website.
• The processing for the purposes specified in Article IV, letter f) of this Privacy Policy is based on our legitimate interest in assertion, exercise and defence of legal claims and to keep the relevant evidence.
  Where it is necessary to obtain your consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (for example, if you subscribe to our newsletter). If we process your personal data on the basis of your prior consent to that processing, you have the right to withdraw your consent at any time. In such case we shall stop the processing concerned. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

VI. Where are your personal data processed?

Your personal data are processed exclusively in the territory of the Slovak Republic or the European Union in compliance with the legal regulations applicable in this territory. Your personal data are stored exclusively on our technical equipment, whereby the data are stored in an encrypted form so as to be protected from unauthorised access.

VII. Who do we provide your personal data to?

If necessary, your personal data may be provided or made available to certain supervisory bodies, other public administration bodies or public authorities authorised to request such data from FinStat pursuant to the respective legal regulations (in particular, to courts of justice and law enforcement authorities), and to entities providing legal or other professional services to FinStat.
Furthermore, to the extent necessary, your personal data may be provided or otherwise made available to our sales representatives, legal counsel, IT service providers and also to the company providing accounting and bookkeeping services for the Controller. Please note that we may only disclose your personal data to service providers that have undertaken the necessary security measures to protect your data. When we share personal information with others, we require them to keep it safe (if we use subcontractors to support us in providing services who may process personal data for us, we ensure that selection of our subcontractors and any processing of personal data by them is compliant with the Regulation in terms of technical and organizational security of processing operations).
The current recipients to whom personal information is provided are the Controller's contractors, who have concluded respective agreements with the Controller, including IT developers and business development managers.

VIII. How long will your personal data be processed?

For the purposes specified in Article IV, letter a) and d) your personal data will be stored for the term of the service agreement with our customer and for the next 10 years from the termination of such an agreement, due to the obligation to archive all of our accounting documentation.
For the purposes of sending marketing communications, your personal data will be processed for the duration of our business relationship with you (if you, as a natural person, are our customer) or with your employer or another entity on behalf of which you are using our services and for an additional 5 years after its termination.
In order to maintain our customer database (CRM application) your personal data will be processed for the duration of our business relationship with you (if you, as a natural person, are our customer) or with your employer or another entity on behalf of which you are using our services, and for the 5 years following the termination of our business relationship.
For the purpose of establishing, exercising or defending legal claims, your personal data will be stored for the duration of the service agreement and throughout the statutory limitation periods thereafter.
Once your data has been processed and there is no legal basis for further processing of your data, it will be deleted; this does not apply if further processing is necessary for the fulfilment of our legal obligations or if it is required for any other legitimate and lawful purpose.
When processing of your personal data is based on consent and you decide to withdraw your consent, we do further not process your personal data for the specific purpose (if not stated otherwise, you consent is valid at the latest to the termination of the agreement with us and if there is no agreement, the consent is valid during three years). Personal data processed based on legitimate interest is processed only for the duration of this interest (usually during your use of the website and services). The unique identifier assigned to your user account and other data processed within performance analytical tools are stored for a maximum of one year.

IX. Is your personal data used for automated decision-making?

Your personal data is not used for profiling or for other forms of automated decision-making.

X. Where did we acquire your personal data?

We acquired your personal data directly from you or your employer or another entity on behalf of which you are using our services.

XI. Are you obliged to provide your personal data?

If you, as a natural person, are our customer or are seeking to become one, yes, you are obliged to provide your data under the law or your contract, whereas it is not possible to conclude a contract and to provide our services without them.

XII. What rights do you have as a data subject?

As a data subject whose personal data are being processed, you have the following rights against FinStat:

• the right of access to personal data – you have the right to obtain confirmation from FinStat as to whether or not your personal data is being processed, and, if so, you are entitled to request access to your personal data and to receive information about the processing;
• the right to rectification of personal data – you have the right to obtain from FinStat without undue delay the rectification or completion of inaccurate or incomplete personal data that concern you;
• the right to restriction of the processing of personal data – you have the right to obtain from FinStat in certain cases restriction of the processing of your personal data so that the data would, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest; you may request restriction of processing, in particular if you have doubts as to the accuracy of your personal data, for a period that allows FinStat to verify the accuracy of such data.;
• the right to erasure (right to be forgotten) – you have the right to obtain the erasure of your personal data from all paper or electronic FinStat databases and the Controller shall erase the personal data if the legal requirements are met, such as if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if the data subject objects to the processing of personal data and there are no overriding legitimate grounds for the processing of personal data;
• the right to data portability – you have the right to receive the personal data concerning you that you provided to us, in a structured, commonly used and machine-readable format, and transmit them to another controller (you can exercise this right if the processing is based on your consent or on a contract or carried out by automatic means);
• in addition, you have the right to lodge a complaint with a supervisory authority, such authority being the Office for Personal Data Protection of the Slovak Republic. You can reach our office at the following address/numbers: Hraničná 12, 820 07 Bratislava 27, the Slovak Republic, or via email at: statny.dozor@pdp.gov.sk, or by sending a fax to: +421 2 3231 3234, or by phone on the following number: +421 2 3231 3214.
  You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, which is based on the legitimate interest. In such a case, we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you object to processing of your personal data for direct marketing purposes, your personal data shall no longer be processed for such purposes.

XIII. Who supervises the correct processing of your personal data?

The compliance of the personal data processing with the respective legal regulations pertaining to personal data protection is supervised by the Controller’s Data Protection Officer, which you can reach via email at: dpo@finstat.sk.

XIV. How can you contact us?

Should you have any concerns or questions, or should you wish to exercise your rights pertaining to the processing or protection of your personal data, you can contact FinStat s. r. o. via email to podnety@finstat.sk.
If you wish to exercise any of your rights as a data subject and from your request it is not possible to verify the identity of the person making the request or if we have reasonable doubts about the identity of the person making the request, we reserve the right to ask for further information necessary to confirm the identity of the person submitting the request.

XV. Changes or updates to this document

This Information can be changed, amended or updated from time to time, in order to reflect changes in the legislation or the terms of our personal data processing.