Effective from: May 18, 2026 · Last updated: May 18, 2026
The data controller within the meaning of Art. 4(7) GDPR is Vassweb s. r. o., operating under the Vassweb brand (hereinafter "we" or "operator").
Company name: Vassweb s. r. o.
Registered office: Školská 981/36, 931 01 Šamorín, Slovakia
Reg. No.: 56 921 021
Tax ID: 2122501524 · VAT ID: SK2122501524
Registration: Commercial Register of the District Court Trnava, Section: Sro, File No. 59422/T
Managing Director: Richard Vass
Email: info@vassweb.com
Phone: +421 918 668 728
We take your privacy seriously. This page describes what data we collect, why we collect it, and what rights you have regarding its processing under Regulation (EU) 2016/679 (GDPR).
When you send us a message through the contact form, we collect your name, email address, and message text. We use this data exclusively to respond to your inquiry. We do not send any marketing emails and we do not share your data with third parties.
We use Google Analytics 4 (operated by Google Ireland Limited) to analyze website traffic. This service collects anonymized data about how visitors use our website — for example, which pages they visited, how long they stayed, and what device they used.
Important: Google Analytics is only activated if you explicitly consent via the cookie banner. If you decline cookies, no analytical data is collected.
Our server (Vercel) automatically records basic technical data such as IP address, browser type, and access time. This data is used solely to ensure the website functions properly and to protect against misuse.
We operate an AI chatbot on our website that responds to your questions in real time. Conversations are processed via the API of Anthropic PBC (USA), with optional fallback processing through OpenAI Inc. (USA). If you share a contact detail (email or phone) during the conversation, it is stored in our lead database in Supabase (EU) for subsequent follow-up by our team.
Cross-border transfer: Transfers to the USA are protected by Standard Contractual Clauses (SCC) under the European Commission decision.
Retention period: Chat history is retained for 90 days; contact details (leads) are retained until you withdraw consent or request deletion.
If you subscribe to our newsletter, we collect your email address and name (if provided). We use a double opt-in process — after submitting your email, we send a confirmation message and only add you to the list once you click the confirmation link.
Processors: Delivery via Resend (USA), list storage in Supabase (EU).
Unsubscribe: Every email contains a one-click unsubscribe link. Upon unsubscribe, we remove your address from the list.
After submitting the contact form, we automatically send you a confirmation email via Resend. Your details are also stored in our internal CRM database (Supabase, EU) as a lead, so we have communication history and can assist you better.
Retention period: Active leads are retained for the duration of communication or contractual relationship; inactive contacts are automatically deleted after 12 months of inactivity.
Our website integrates Meta Pixel (operator: Meta Platforms Ireland Ltd., Ireland) for Facebook and Instagram remarketing purposes. The pixel is activated only if you actively grant consent for marketing cookies in the cookie banner. By default, marketing cookies are disabled.
We process your data based on the following legal grounds:
Legitimate Interest (Art. 6(1)(f) GDPR) — processing contact form data to respond to your message and technical data to ensure website operation.
Consent (Art. 6(1)(a) GDPR) — analytical cookies (Google Analytics) are activated only with your explicit consent, which you can withdraw at any time.
We do not share your personal data with any third parties for marketing purposes. Data may be processed by the following service providers acting as our processors:
Vercel Inc. — website hosting (USA, protected by Standard Contractual Clauses)
Supabase Inc. — database, lead and chat history storage (EU region)
Anthropic PBC — AI processing of the chatbot (USA, SCC); voice processing partner provider for upcoming services (does NOT permanently store content)
OpenAI Inc. — fallback AI provider for the chatbot (USA, SCC)
Resend Inc. — delivery of transactional and newsletter emails (USA, SCC)
Google Ireland Limited — traffic analytics (only with consent)
Meta Platforms Ireland Ltd. — marketing pixel for Facebook and Instagram remarketing (only with consent)
Contact form data is retained for the period necessary to handle your request, up to a maximum of 12 months. Analytics data in Google Analytics is retained for 14 months (GA4 default setting) and is then automatically deleted.
Under GDPR, you have the following rights:
Right of Access — you have the right to know what data we process about you
Right to Rectification — you can request correction of inaccurate data
Right to Erasure — you can request deletion of your data
Right to Restriction — you can request restriction of processing
Right to Portability — you can request export of your data
Right to Withdraw Consent — you can withdraw cookie consent at any time by clearing cookies in your browser
Right to Lodge a Complaint — you have the right to file a complaint with the Office for Personal Data Protection of the SR (dataprotection.gov.sk)
To exercise any of your rights, contact us at info@vassweb.com.
Our website uses analytical and marketing cookies. Marketing cookies are disabled by default and are activated only if you actively grant consent via the cookie banner. Without consent, we use exclusively necessary technical cookies for site operation.
_ga, _ga_* — Google Analytics cookies
Purpose: Measuring traffic and behavior on the website · Duration: 14 months · Type: Analytical · Activation: Only with consent
_fbp, fr — Meta Pixel cookies
Purpose: Facebook and Instagram remarketing (Pixel ID: 1650043139749771) · Duration: up to 90 days · Type: Marketing · Activation: Disabled by default, only with active consent · Opt-out: cookie banner settings
Our portfolio includes two upcoming AI services. These services require a separate client order and process data exclusively under a service agreement (Art. 6(1)(b) GDPR).
AI front desk for small and medium businesses. Processes voice calls (via phone), chat messages, and email communication. Supports 70+ languages. Captured leads are written to the client's CRM.
Processors: voice processing partner provider (real-time transcription, does NOT permanently store audio), AI provider (Anthropic / OpenAI, SCC), CRM (Supabase EU).
Custom enterprise AI with proprietary knowledge graph and vector memory. Allows self-host deploymentfor clients requiring data residency (data stays within the client's infrastructure). Supports enterprise compliance requirements (ISO 27001, SOC 2 — in preparation).
Detailed terms of personal data processing for VassFront and VassBrain will be part of a separate Data Processing Agreement (DPA) signed with each client before service launch.
For transparency, we summarise the processing chain of our AI chatbot. When you interact with the chatbot, your data may be processed by the following processors as defined in Article 28 GDPR:
Supabase Inc. (EU region) — stores the text of your messages and any contact information you provide (email, phone). Acts as a data processor for Vassweb s. r. o. Processing is governed by a Data Processing Agreement (DPA) signed with Supabase.
Anthropic PBC (USA)— generates AI responses in real time. Processes the text of your messages as a processor under Article 28 GDPR. Cross-border transfer is protected by Standard Contractual Clauses (SCC) per the European Commission's decision. Per Anthropic's public commitments, content is NOT stored permanently and is NOT used to train models.
Retention period: Leads captured via the chatbot (with contact information) are retained for a maximum of 12 months from the last contact. Raw chat history (without contact information) is retained for 90 days, then automatically deleted.
To exercise your rights (access, deletion, portability) regarding chatbot data, contact us at info@vassweb.com.
We may update this policy from time to time. We will inform you of significant changes through a notice on our website. We recommend checking this policy regularly.