

Effective from: May 18, 2026 · Last updated: May 18, 2026
The data controller within the meaning of Art. 4(7) GDPR is Vassweb s. r. o., operating under the Vassweb brand (hereinafter "we" or "operator").
Company name: Vassweb s. r. o.
Registered office: Školská 981/36, 931 01 Šamorín, Slovakia
Reg. No.: 56 921 021
Tax ID: 2122501524 · VAT ID: SK2122501524
Registration: Commercial Register of the District Court Trnava, Section: Sro, File No. 59422/T
Managing Director: Richard Vass
Email: info@vassweb.com
Phone: +421 918 668 728
We take your privacy seriously. This page describes what data we collect, why we collect it, and what rights you have regarding its processing under Regulation (EU) 2016/679 (GDPR).
When you send us a message through the contact form, we collect your name, email address, and message text. We use this data exclusively to respond to your inquiry. We do not send any marketing emails and we do not share your data with third parties.
We use Google Analytics 4 (operated by Google Ireland Limited) to analyze website traffic. This service collects anonymized data about how visitors use our website — for example, which pages they visited, how long they stayed, and what device they used.
Important: Google Analytics is only activated if you explicitly consent via the cookie banner. If you decline cookies, no analytical data is collected.
Our server (Vercel) automatically records basic technical data such as IP address, browser type, and access time. This data is used solely to ensure the website functions properly and to protect against misuse.
We operate an AI chatbot on our website that responds to your questions in real time. Conversations are processed via the API of Anthropic PBC (USA), with optional fallback processing through OpenAI Inc. (USA). If you share a contact detail (email or phone) during the conversation, it is stored in our lead database in Supabase (EU) for subsequent follow-up by our team.
Cross-border transfer: Transfers to the USA are protected by Standard Contractual Clauses (SCC) under the European Commission decision.
Retention period: We retain chat history for a maximum of 90 days. After this period, or upon your request, we delete it. Contact details (leads) are retained until you withdraw consent or request deletion.
If you subscribe to our newsletter, we collect your email address and name (if provided). We use a double opt-in process — after submitting your email, we send a confirmation message and only add you to the list once you click the confirmation link.
Processors: Delivery via Resend (USA), list storage in Supabase (EU).
Unsubscribe: Every email contains a one-click unsubscribe link. Upon unsubscribe, we remove your address from the list.
After submitting the contact form, we automatically send you a confirmation email via Resend. Your details are also stored in our internal CRM database (Supabase, EU) as a lead, so we have communication history and can assist you better.
Retention period: Active leads are retained for the duration of communication or the contractual relationship. We retain inactive contacts for a maximum of 12 months from the last contact; after this period, or upon your request, we delete them.
Our website integrates Meta Pixel (operator: Meta Platforms Ireland Ltd., Ireland) for Facebook and Instagram remarketing purposes. The pixel is activated only if you actively grant consent for marketing cookies in the cookie banner. By default, marketing cookies are disabled. Marketing cookies also include Google Ads (conversion tracking) — controller Google Ireland Ltd.; cookies _gcl_au and _gcl_aw; purpose: measuring conversions from advertising campaigns; duration up to ~90 days; set only with marketing consent.
We process your data for the purposes set out below, each of which is assigned its legal basis under Art. 6(1) GDPR:
Contact form / responding to an inquiry — Art. 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and Art. 6(1)(f) GDPR (our legitimate interest in responding to your message).
Keeping a lead in our CRM — Art. 6(1)(f) GDPR (our legitimate interest in maintaining a record of communication and following up on inquiries).
Newsletter — Art. 6(1)(a) GDPR (your consent, given through a double opt-in process), which you can withdraw at any time.
AI chatbot — Art. 6(1)(b) GDPR (provision of the service you requested) and Art. 6(1)(f) GDPR (our legitimate interest in operating support and lead capture on the website).
Performance of an order / contract — Art. 6(1)(b) GDPR (processing necessary to perform a contract for the provision of services to which you are a party).
Technical data and website operation — Art. 6(1)(f) GDPR (our legitimate interest in the proper functioning and security of the website).
Analytical cookies (Google Analytics 4, Vercel Web Analytics and Speed Insights) — Art. 6(1)(a) GDPR (your consent), activated only with your explicit consent, which you can withdraw at any time.
Marketing cookies (Meta Pixel) — Art. 6(1)(a) GDPR (your consent), activated only with your explicit consent, which you can withdraw at any time.
Accounting and tax documents — Art. 6(1)(c) GDPR (compliance with a legal obligation), in particular under Act No. 431/2002 Coll. on Accounting (retention period of 10 years).
We do not share your personal data with any third parties for marketing purposes. Data may be processed by the following service providers acting as our processors:
Vercel Inc. — website hosting (USA, protected by Standard Contractual Clauses)
Vercel Inc. — Vercel Web Analytics and Speed Insights, cookieless traffic and performance analytics (data derived from the IP address, device type, referrer and the paths visited; loaded only after you consent to analytics — consent-gated) (USA, SCC)
Cloudflare, Inc. — DNS provider (processes the IP address when resolving DNS queries) (USA, SCC)
Supabase Inc. — database, lead and chat history storage (EU region)
Anthropic PBC — AI processing of the chatbot (USA, SCC; content is NOT stored permanently and is NOT used to train models)
OpenAI Inc. — fallback AI provider for the chatbot (USA, SCC)
Resend Inc. — delivery of transactional and newsletter emails (USA, SCC)
Google Ireland Limited — traffic analytics (only with consent)
Meta Platforms Ireland Ltd. — marketing pixel for Facebook and Instagram remarketing (only with consent)
We retain contact form data for a maximum of 12 months — for the period necessary to handle your request. After this period, or upon your request, we delete it. Analytics data in Google Analytics is retained for up to 14 months (GA4 default setting).
Accounting and tax documents: Where a contract is concluded and invoices issued, we retain the related accounting and tax documents for 10 years, in accordance with our legal obligation under Act No. 431/2002 Coll. on Accounting.
Under GDPR, you have the following rights:
Right of Access — you have the right to know what data we process about you
Right to Rectification — you can request correction of inaccurate data
Right to Erasure — you can request deletion of your data
Right to Restriction — you can request restriction of processing
Right to Portability — you can request export of your data
Right to Object (Art. 21 GDPR) — you can object at any time, on grounds relating to your particular situation, to processing based on our legitimate interest (Art. 6(1)(f) GDPR), including any related profiling
Right to Withdraw Consent— you can withdraw cookie consent at any time via the "Cookie settings" button in the footer (which reopens the cookie banner) or by clearing this site's data
Right to Lodge a Complaint — you have the right to file a complaint with the Office for Personal Data Protection of the SR (dataprotection.gov.sk)
To exercise any of your rights, contact us at info@vassweb.com.
Our website uses analytical and marketing cookies. Marketing cookies are disabled by default and are activated only if you actively grant consent via the cookie banner. Without consent, we use exclusively necessary technical cookies for site operation.
_ga, _ga_* — Google Analytics cookies
Purpose: Measuring traffic and behavior on the website · Duration: 14 months · Type: Analytical · Activation: Only with consent
_fbp, fr — Meta Pixel cookies
Purpose: Facebook and Instagram remarketing (Pixel ID: 1650043139749771) · Duration: up to 90 days · Type: Marketing · Activation: Disabled by default, only with active consent · Opt-out: cookie banner settings
_gcl_au, _gcl_aw — Google Ads (conversion tracking)
Controller: Google Ireland Ltd. · Purpose: Measuring conversions from advertising campaigns · Duration: up to ~90 days · Type: Marketing · Activation: Only with marketing consent
Our portfolio includes upcoming AI services (e.g. HlasAI, Terminuj.sk, Firma OPS). These require a separate client order and process data exclusively under a service agreement (Art. 6(1)(b) GDPR).
Depending on the specific service, they may process voice calls, chat and email communication, bookings or CRM records. Captured data is written only to the client's own systems.
Processors: EU infrastructure (e.g. Supabase EU) and an advanced AI provider under Standard Contractual Clauses (SCC); any real-time voice transcription does NOT permanently store audio.
Detailed terms of personal data processing for each service are part of a separate Data Processing Agreement (DPA) signed with the client before launch.
For transparency, we summarise the processing chain of our AI chatbot. When you interact with the chatbot, your data may be processed by the following processors as defined in Article 28 GDPR:
Supabase Inc. (EU region) — stores the text of your messages and any contact information you provide (email, phone). Acts as a data processor for Vassweb s. r. o. Processing is governed by a Data Processing Agreement (DPA) signed with Supabase.
Anthropic PBC (USA)— generates AI responses in real time. Processes the text of your messages as a processor under Article 28 GDPR. Cross-border transfer is protected by Standard Contractual Clauses (SCC) per the European Commission's decision. Per Anthropic's public commitments, content is NOT stored permanently and is NOT used to train models.
Retention period: Leads captured via the chatbot (with contact information) are retained for a maximum of 12 months from the last contact. We retain raw chat history (without contact information) for a maximum of 90 days; after this period, or upon your request, we delete it.
To exercise your rights (access, deletion, portability) regarding chatbot data, contact us at info@vassweb.com.
We may update this policy from time to time. We will inform you of significant changes through a notice on our website. We recommend checking this policy regularly.