Legal document

Privacy Policy

Last updated: 27 April 2026

This document describes how Spotlight s. r. o. processes personal data in compliance with Regulation (EU) 2016/679 (the „GDPR") and Slovak Act No. 18/2018 on Personal Data Protection.

1. Data controller

Spotlight s. r. o.
Registered office: Bratislava, Slovak Republic
Company ID: 00 000 000
E-mail: hello@spotlight.sk

2. Data we process

We only process data you voluntarily provide via the contact form or e-mail:

  • Full name
  • E-mail address
  • Phone number (if provided)
  • Company name (if provided)
  • Message content / project description
  • Technical data (IP address, browser type) — automatically via analytics

3. Purpose of processing

  • Communication — responding to your inquiry, preparing a quote, business correspondence.
  • Contract performance — if a contractual relationship is formed, data is needed for performance and legal duties (invoicing, archiving).
  • Analytics — anonymized website traffic statistics (Google Analytics 4 with IP anonymization).
  • Marketing — only with consent, via newsletter.

4. Legal basis

  • Art. 6(1)(a) GDPR — your consent (form, newsletter, marketing cookies).
  • Art. 6(1)(b) GDPR — contract performance or pre-contractual measures.
  • Art. 6(1)(c) GDPR — legal obligations (accounting).
  • Art. 6(1)(f) GDPR — legitimate interest (website security and operation).

5. Retention period

  • Inquiries without a follow-up contract: 12 months from last contact.
  • Contract data: 10 years (Slovak Accounting Act).
  • Marketing data: until consent is withdrawn.
  • Cookies: by type, max. 24 months.

6. Recipients

Your data may be shared with the following processors:

  • Hosting providers (Cloudflare, Vercel) — website and log storage.
  • E-mail services (Google Workspace, Resend) — communication.
  • Accountant / tax advisor — invoicing.
  • Analytics tools (Google Analytics 4 — anonymized).

Some processors may transfer data to third countries (USA), based on EU-approved Standard Contractual Clauses.

7. Your rights

As a data subject you have the right to:

  • Access your data (Art. 15 GDPR)
  • Rectification of incorrect data (Art. 16)
  • Erasure / „right to be forgotten" (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent (Art. 7(3))
  • Lodge a complaint with the Slovak Data Protection Authority

Exercise any of these rights by e-mail to hello@spotlight.sk. We respond within 30 days.

8. Security

We protect data with technical and organizational measures: HTTPS encryption, access controls, regular backups, two-factor authentication on internal systems.

9. Changes

We may update this policy. We will notify you of material changes by e-mail or via a notice on the website.

10. Contact

Questions about data protection: hello@spotlight.sk