PRIVACY POLICY (Information Obligation)

Article 1 – Who We Are (The Controller)

  1. Your personal data is processed by the company:
    • Business Name: CARDOT s.r.o.
    • Registered Seat: Stará prešovská 1741/10, 040 01 Košice, Slovakia
    • Company ID (IČO): 50020269
    • Contact: +421918778143, info@cardot.sk
    • (hereinafter referred to as the “Controller”).

Article 2 – Why Do We Process Your Data and on What Basis?

  1. We process your data only to the extent necessary to operate the car rental service.
  2. Purpose: Conclusion and performance of the rental contract
    • Legal basis: Performance of a contract (Art. 6(1)(b) GDPR).
    • Explanation: Without this data, we could not conclude the contract with you and hand over the vehicle to you.
  3. Purpose: Bookkeeping and tax administration
    • Legal basis: Legal obligation (Art. 6(1)(c) GDPR).
    • Explanation: We must archive invoices and contracts by law (e.g., the Accounting Act).
  4. Purpose: Handling damage events and fines
    • Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) and legal obligation.
    • Explanation: If an accident occurs or we receive a fine for a traffic violation, we must provide your data to the insurance company or the police.

Article 3 – What Data Do We Process?

  1. We process only common personal data:
    • Name, surname, title.
    • Permanent residence address.
    • Date of birth.
    • ID card number and driving license number (we only record the data in the contract, we do not make photocopies or scans of these documents).
    • Contact details (phone, e-mail).
    • Payment details (bank account number, if the deposit is returned).

Article 4 – Who Has Access to Your Data (Recipients)?

  1. We do not sell your data to anyone. Only the following partners may have access to it, if necessary:
    • External accounting firm (for bookkeeping processing).
    • Insurance companies (in case of handling an insurance event).
    • Police and state authorities (in case of handling traffic violations/fines).
    • IT service providers (e.g., website hosting or e-mail services).

Article 5 – How Long Do We Keep the Data?

  1. The retention period varies by document type:
    • Accounting documents (invoices, contracts): 10 years (required by the Accounting Act).
    • Other data: For the duration of limitation periods (usually 3 to 4 years after the termination of the contract), so that we can defend ourselves in case of legal disputes. After this time, the data is shredded or deleted.

Article 6 – Your Rights

  1. Under the GDPR, you have the right to:
    • Request access to your data (to find out what we record about you).
    • Request correction of incorrect data.
    • Request deletion of data (if it is no longer needed for accounting or legal protection purposes).
    • Object to processing based on legitimate interest.
    • File a complaint with the Office for Personal Data Protection of the Slovak Republic if you believe we are handling your data in violation of the law.