People by nettle

Privacy Policy

BUSINESS PARTNERS, THEIR EMPLOYEES, CONTACT PERSONS AND REPRESENTATIVES

Protecting your privacy when processing your personal data is an important responsibility and commitment for Nettle. Please familiarize yourself with Nettle's Privacy Policy. In this document, we provide you with all the information you need to know related to what personal data Nettle collects, for what purposes it processes it, with whom it shares it, what your rights are and how you can contact Nettle if you have any further questions about the processing of your personal data. We trust that this will reassure you that your personal data will be processed only to the extent necessary, securely and professionally.

The starting document for the processing of personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter referred to as "GDPR") and the relevant provisions of Act No. 18/2018 Coll. on the protection of personal data and on amending and supplementing certain acts (hereinafter referred to as the "Act").

In connection with the performance of its business activities, Nettle collects the personal data of business partners, potential business partners, their employees, contact persons, authorised representatives, subcontractors and, where applicable, other natural persons (hereinafter referred to as "business partners"). Nettle fully respects and protects the personal data of data subjects with whom it comes into contact with and respects the principles of lawful and secure processing of personal data.

The information provided in this document applies in cases where Nettle processes personal data as a controller and applies to business partners who are natural persons and to employees, contact persons and authorised representatives of business partners who are legal persons. This information does not apply to the processing of data by a legal entity.

RESPONSIBILITY FOR THE PROCESSING OF PERSONAL DATA

Nettle, s. r. o.

Address: Matúšova 56/A, 811 04 Bratislava - Old Town

Commercial registration no. IČO: 51472 341

The company is registered in the Commercial Register of the District Court Bratislava I, Section Sro, Entry No.:127121/B

Email: dataprivacy@nettle.ai

Nettle processes the personal data of business partners within the scope and under the conditions set out in this document and is responsible for their protection and processing as the controller. Unless otherwise provided for by law, Nettle is also responsible for the processing of personal data by the processors it has commissioned for this purpose.

The processing of the personal data collected and provided is an essential part of Nettle's activities. Without the processing of personal data, Nettle would not be able to provide its services to its business partners to the required extent and desired quality. Nettle only processes personal data to the extent necessary and only to achieve a specific purpose of processing, whereby the purpose is always related to the provision of services or the performance of activities by Nettle, or for the purpose of fulfilling legal obligations. The specific purpose of the said processing itself is always defined before the personal data is collected, and without the processing of the personal data this legitimate purpose could not be achieved.

CONDITIONS FOR PROCESSING PERSONAL DATA

Categories of personal data: depending on the specific purpose of the processing and the legal basis, Nettle processes categories of personal data as outlined in the table below.

Legal basis for the processing of personal data: the legal bases for the individual purposes of the processing of personal data are set out in the table below.

If you are nevertheless concerned that the processing overrides your fundamental rights and freedoms, you can object to it.

Nettle uses the personal data of business partners if this is necessary for the performance of a contract or in the context of a pre-contractual relationship, if their use by Nettle is required by law or if this is necessary to protect the legitimate interests of Nettle or if Nettle has received valid consent from the data subject.

The processing of data on the basis of consent is voluntary, which means that the business partner, as the data subject, has the right to withdraw consent at any time. In this case, we will cease to use the personal data and, if there is no other legal basis for its use or storage, we will destroy it without undue delay.

The provision and processing of personal data for the purposes of the performance of the contract and pre-contractual relations constitutes a contractual requirement. If Nettle does not have the personal data to the extent necessary (in particular to verify identity and to obtain the data necessary for the performance of the contract), it cannot conclude the contract.

Nettle wishes to protect certain interests that are important for the proper conduct of its business (e.g. to recover outstanding payments, damages and to defend other legal claims) and Nettle uses the personal data of business partners for this purpose. Nettle always ensures that legitimate interests are not disproportionate.

Nettle also processes and discloses personal data to other entities where there is a legal requirement to do so under the law.

Data retention period: personal data are processed by Nettle only for the necessary period and always for the period prescribed by applicable law. Furthermore, the length of retention of personal data depends on the purpose for which the personal data is processed. The data retention periods are set out in the table below.

RECIPIENTS OF PERSONAL DATA

In some cases, personal data provided to Nettle may also need to be disclosed to other entities. Personal data processed by Nettle in its capacity as controller may be disclosed to third parties, provided that Nettle so decides or the obligation to disclose personal data arises from the legal order of the Slovak Republic. Nettle emphasises that it only discloses personal data to other entities in necessary cases and to the extent necessary, and that Nettle always takes care to guarantee a high standard of protection for the data subject's personal data. At the same time, Nettle informs that the categories of recipients may change depending on the specific purpose of the processing of personal data.

Processors: these are persons who are contractual partners of Nettle and process your personal data on the instructions of Nettle, always to the extent necessary for the stated purpose. Thus, in this case, Nettle is the controller, and the processor is a contractual partner of Nettle. Nettle assures that it acts in accordance with the GDPR and the Act when selecting processors, and only entrusts the processing of personal data to processors who provide sufficient security, technical, organisational and personnel measures to ensure the protection of your rights as a data subject. In this case, the recipients are the following categories of recipients:

Nettle's business partners providing physical and programmatic servicing of Nettle's information technology, in particular information systems, computer programs and servers, necessary for the provision of services and the performance of Nettle's activities.
Business partners providing Nettle with HR, tax, audit, and accounting services.

Entities authorised to process personal data by law: In order for Nettle to comply with its obligations under the law and the requirements of state or other authorities, we also disclose your personal data to state authorities, law enforcement agencies, courts, bailiffs, etc.

TRANSFER TO THIRD COUNTRIES

The personal data of the data subject may be processed in countries of the European Union and countries that are party to the Agreement on the European Economic Area. The transfer of personal data to third countries may only take place if the legal regime of such countries is considered by the European Commission to ensure an adequate level of protection of personal data.

AUTOMATED DECISION MAKING

Nettle does not carry out automated individual decision-making, including profiling without human intervention, which would have legal effects or similarly significant effects on business partners.

SAFETY

Nettle is diligent about the security of personal data and processing occurs or takes place only in accordance with applicable law, including the GDPR and the Act. Nettle places emphasis on the security, technical, organizational and personnel security of the processed data.

Personal data in electronic form is stored by Nettle in databases and systems that Nettle protects from any damage, destruction, loss or other misuse. Access to the systems and databases in question shall be restricted to those persons who need to handle the personal data with regard to the purpose for which the personal data are processed. The quality of the personal data protection safeguards is regularly monitored and improved.

RIGHTS OF DATA SUBJECTS

The data subject has the following rights in relation to the protection of personal data:

Right of access to personal data

The data subject shall have the right to request confirmation as to whether personal data relating to him or her are being processed and, if so, to obtain access to those personal data. The data subject shall be provided with a copy of the personal data processed.

Right to repair

The data subject shall have the right to have inaccurate personal data concerning him or her rectified without undue delay. With regard to the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by providing a supplementary declaration.

Right to erasure ('right to be forgotten')

The data subject shall have the right to have his or her personal data erased and to have them no longer processed:

where the personal data are no longer necessary in connection with the purposes for which they were collected or otherwise processed.
where the data subject has withdrawn his or her consent or has objected to the processing of personal data concerning him or her; or
if the processing of the data subject's personal data does not comply with the GDPR or the Act for other reasons.

Right to restriction of processing

The data subject has the right to have the processing restricted if:

the data subject contests the accuracy of the personal data during a period allowing Nettle to verify the accuracy of the personal data.
the processing is unlawful, and the data subject chooses to request the restriction of the processing instead of requesting the erasure of the personal data;
the personal data of the data subject are no longer necessary for the purposes of the processing but are needed by the data subject for the establishment, exercise or defense of legal claims.

If there is a restriction of processing, Nettle shall inform the data subject before the restriction of processing is lifted.

The right to transfer

Where the processing of personal data is carried out by automated means, the data subject shall have the possibility to obtain the personal data relating to him or her which the data subject has provided to Nettle, in a structured, commonly used, machine-readable and interoperable format. At the same time, the data subject has the right to request Nettle to transfer his or her personal data to a controller of the data subject's choice.

Data portability does not automatically lead to the deletion of data from Nettle systems, nor does it affect the initial retention period applicable to the transferred data.

Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her situation, to processing of personal data concerning him or her which is carried out on the basis of a legitimate interest, including to object to profiling.

Right to withdraw consent (if the processing of personal data is based on consent)

The data subject shall have the right to withdraw his or her consent at any time without affecting the lawfulness of processing based on consent given prior to its withdrawal.

Right to lodge a complaint with the supervisory authority

If the data subject considers that Nettle is processing his or her personal data in breach of applicable law, you have the right to lodge a complaint with the national data protection supervisory authority. For the territory of the Slovak Republic, the supervisory authority is the Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, tel.: +421 2 3231 3214, e-mail: statny.dozor@pdp.gov.sk.

In order to protect the rights of data subjects and to prevent possible misuse or leakage of personal data, the rights of the data subject can only be exercised in the following ways:

by post sent to the address of the Nettle registered office,
by e-mail to: dataprivacy@nettle.ai.

In order to accept a request for the exercise of rights, it is necessary to identify the applicant sufficiently and to specify the subject matter of the request clearly and comprehensibly. Otherwise, the request will be rejected.

DATA PROTECTION OFFICER

The operator does not have a designated responsible person.

CONTACT US

If you have any questions or comments regarding the processing of your personal data, please send us an email to: dataprivacy@nettle.ai.

Version: December 2025