BUSINESS PARTNERS, THEIR EMPLOYEES, CONTACT PERSONS AND REPRESENTATIVES
Protecting your privacy in the processing of personal data is an important task and commitment for nettle. Please familiarize yourself with nettle's Personal Data Processing Policy. In this document, we provide you with all the information so that you know what personal data nettle collects, for what purposes it processes it, with whom it shares it, what rights you have, and how you can contact nettle if you have further questions regarding the processing of personal data. We believe this will assure you that your personal data will be processed to the necessary extent, securely and professionally.
The primary document governing the processing of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter "GDPR"), and the relevant provisions of Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments and Supplements to Certain Acts (hereinafter the "Act").
In connection with its activities, nettle collects personal data of business partners, potential business partners, their employees, contact persons, authorized representatives, subcontractors, and possibly other natural persons (hereinafter "business partners"). nettle fully respects and protects the personal data of data subjects it comes into contact with and upholds the principles of lawful and secure processing of personal data.
The information set out in this document applies in cases where nettle processes personal data as a controller and relates to business partners who are natural persons, as well as to employees, contact persons and authorized representatives of business partners who are legal entities. This information does not apply to the processing of data of a legal entity.
RESPONSIBILITY FOR PERSONAL DATA PROCESSING
nettle, s. r. o.
Registered office: Matúšova 56/A, 811 04 Bratislava – Staré Mesto
Company ID: 51 472 341
Registered in the Commercial Register of the Municipal Court Bratislava III, Section Sro, Insert No.: 127121/B Email: all@nettle.ai
nettle processes the personal data of business partners to the extent and under the conditions set out in this document and, as the controller, is responsible for their protection and processing. Unless otherwise provided by law, nettle is also responsible for the processing of personal data by processors it has authorized for this purpose.
The processing of collected and provided personal data is a necessary part of nettle's activities. Without processing personal data, nettle would not be able to provide its services to its business partners to the required extent and quality. nettle processes personal data only to the extent necessary and only to achieve a specific processing purpose, which is always related to the provision of services or the performance of activities by nettle, or for the purpose of fulfilling legal obligations. The specific processing purpose is always defined prior to the collection of personal data, and without processing personal data, this legitimate purpose could not be achieved.
CONDITIONS FOR PERSONAL DATA PROCESSING
Categories of personal data: Depending on the specific processing purpose and legal basis, nettle processes categories of personal data as set out in the table below.
Legal basis for processing personal data: The legal bases for individual purposes of personal data processing are set out in the table below.
nettle uses personal data of business partners where it is necessary for the performance of a contract or within the context of pre-contractual relations, where their use is required by law, where it is necessary to protect nettle's legitimate interests, or where the data subjects have given valid consent.
Processing based on consent is voluntary, meaning that the business partner as the data subject has the right to withdraw their consent at any time. In such a case, we will stop using the personal data and, if there is no other legal basis for their use or storage, we will delete them without undue delay.
The provision and processing of personal data for the purposes of contract performance and pre-contractual relations is a contractual requirement. If nettle does not have personal data to the necessary extent (in particular for identity verification and obtaining data necessary for contract performance), it cannot conclude the contract.
nettle seeks to protect certain interests that are important for the proper conduct of its business activities (e.g., recovering unpaid payments, compensation for damages, and defending other legal claims), and for this purpose uses the personal data of business partners. nettle always ensures that legitimate interests are not disproportionate.
If you are nevertheless concerned that processing overrides your fundamental rights and freedoms, you may object to it.
nettle processes and provides personal data to other entities also in cases where there is a statutory requirement established by law.
Data retention period: Personal data is processed by nettle only for the necessary period and always for the period stipulated by applicable law. The length of retention of personal data further depends on the purpose for which we process the personal data. Retention periods are set out in the table below.
RECIPIENTS OF PERSONAL DATA
In some cases, it is necessary to provide personal data provided to nettle to other entities as well. Personal data processed by nettle in its capacity as controller may be provided to third parties, provided that nettle decides to do so, or where nettle is obliged to provide personal data under the legal order of the Slovak Republic. nettle emphasizes that it transfers personal data to other entities only in necessary cases and to the necessary extent, and nettle always ensures that a high standard of personal data protection for the data subject is guaranteed. At the same time, nettle informs that the categories of recipients may change depending on the specific purpose of personal data processing.
Processors: These are persons who are contractual partners of nettle and process your personal data based on nettle's instructions, always to the extent necessary for the specified purpose. In this case, nettle is the controller and the processor is nettle's contractual partner. nettle assures that when selecting processors it acts in accordance with GDPR and the Act, and entrusts the processing of personal data only to processors that provide sufficient security, technical, organizational, and personnel measures ensuring the protection of your rights as a data subject. In this case, the recipients are the following categories:
• nettle's business partners providing physical and software services for nettle's information technology, in particular information systems, computer programs and servers necessary for the provision of services and performance of nettle's activities;
• business partners ensuring fulfillment of nettle's obligations in the area of human resources, taxes, audit, and accounting.
Entities authorized to process personal data by law: In order for nettle to fulfill obligations arising from legal regulations and requirements of state or other authorities, we also disclose your personal data to state authorities, law
enforcement authorities, courts, bailiffs, etc.
TRANSFER TO THIRD COUNTRIES
The personal data of the data subject may be processed in countries of the European Union and countries that are parties to the Agreement on the European Economic Area. Transfer of personal data to third countries may only occur if the legal regime of such countries is considered by the European Commission to be a legal regime providing an adequate level of personal data protection.
AUTOMATED DECISION-MAKING
nettle does not carry out automated individual decision-making, including profiling, without human intervention that would have legal effects on business partners or a similarly significant impact.
SECURITY
nettle takes thorough care of the security of personal data and processing occurs only in accordance with applicable legal regulations, including GDPR and the Act. nettle places emphasis on the security, technical, organizational and personnel protection of processed data.
nettle stores personal data in electronic form in databases and systems that nettle protects against any damage, destruction, loss or other misuse. Access to the relevant systems and databases is restricted to persons who need to handle personal data with regard to the purpose of personal data processing. The quality of personal data protection is regularly monitored and improved.
RIGHTS OF DATA SUBJECTS
Data subjects have the following rights in connection with the protection of personal data:
Right of access to personal data
The data subject has the right to request confirmation as to whether personal data concerning them are being processed, and if so, the right to obtain access to such personal data. The data subject will be provided with a copy of the personal data being processed.
Right to rectification
The data subject has the right to have inaccurate personal data concerning them corrected without undue delay. Taking into account the purposes of processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure (right to be forgotten)
The data subject has the right to have their personal data erased and to cease processing if: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws consent or objects to the processing of personal data concerning them; or the processing of personal data is not in accordance with GDPR or the Act for other reasons.
Right to restriction of processing
The data subject has the right to have processing restricted if: the data subject contests the accuracy of the personal data, for a period enabling nettle to verify the accuracy; the processing is unlawful and the data subject opts for restriction of processing rather than erasure; nettle no longer needs the personal data for the purposes of processing but the data subject needs them for the establishment, exercise, or defense of legal claims. If processing has been restricted, nettle will inform the data subject before the restriction is lifted.
Right to data portability
Where processing is carried out by automated means, the data subject may receive their personal data that they have provided to nettle in a structured, commonly used, machine-readable and interoperable format. The data subject also has the right to request that nettle transfer their personal data to a controller of their choice. Portability of data does not automatically lead to deletion of data from nettle's systems and does not affect the original retention period applicable to the transferred data.
Right to object
The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is based on legitimate interest, including objecting to profiling.
Right to withdraw consent (where processing is based on consent)
The data subject has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent given before its withdrawal.
Right to lodge a complaint with a supervisory authority
If the data subject believes that nettle is processing their personal data in violation of applicable law, they have the right to lodge a complaint with the state authority supervising personal data protection. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection of the Slovak Republic, Námestie 1. mája, 811 06 Bratislava, tel.: +421 2 3231 3214, e-mail: statny.dozor@pdp.gov.sk.
In order to protect the rights of data subjects and prevent possible misuse or leakage of personal data, the rights of the data subject may only be exercised in the following ways:
• by postal mail sent to the registered office address of nettle,
• by email at: dataprivacy@nettle.ai
In order to accept a request to exercise rights, it is necessary to sufficiently identify the applicant and clearly and intelligibly specify the subject of the request. Otherwise, the request will be rejected.
DATA PROTECTION OFFICER
The company has designated a responsible person (Data Protection Officer) entrusted with overseeing the processing of personal data. If you have any questions or comments regarding the protection of personal data at these companies, you may contact this responsible person by post at the registered office address of the relevant company, indicating that the correspondence is addressed to the responsible person, or by email at: dataprivacy@nettle.ai.
CONTACT US
If you have any questions or comments regarding the processing of personal data, please send us an email to: dataprivacy@nettle.ai or all@nettle.ai.
VERSION APRIL 2026