rezvi.online
Start free →

Privacy Policy

v1.1.0

Privacy Policy

Version 1.1.0 | Effective 22 June 2026

This policy explains what personal data we process when operating rezvi.online, for what purposes, on what legal basis, and what rights you have. We comply with Regulation (EU) 2016/679 (GDPR).

1. Controller

  • Operator / controller: Ivan Hromada, sole trader (Slovakia)
  • Company ID (IČO): 51710285
  • Trade register: No. 660-11146, District Office Veľký Krtíš
  • Data protection contact: privacy@rezvi.online
  • General contact: info@rezvi.online
  • Web: rezvi.online

Given the scale of processing, the operator is not required to appoint a Data Protection Officer (DPO). For data protection matters, contact privacy@rezvi.online.

2. Controller vs. processor

  • For Business data (registration and account management), rezvi.online acts as a controller.
  • For End Customer personal data that a Business enters or collects through the Platform (bookings), the Business is the controller and rezvi.online acts as a processor, processing data on the Business's instructions to the extent needed to provide the service.

3. Data we process

3.1 Businesses (platform customers)

  • Identification and contact data: name, email, phone
  • Login data: email, hashed password (Argon2id)
  • Billing and payment data (payments handled by Stripe)
  • Activity records: IP address, user-agent, access logs
  • Account settings and configuration

3.2 End Customers

  • Identification and contact data: name, email, phone (provided when booking)
  • Booking details: service, date, time, notes
  • IP address and technical identifiers

4. Purposes and legal basis

Purpose Legal basis
Providing and managing the Platform Contract performance — Art. 6(1)(b) GDPR
Processing End Customer bookings Contract / controller instructions (processing)
Invoicing and accounting Legal obligation — Art. 6(1)(c) GDPR
Marketing communications Consent — Art. 6(1)(a) GDPR
Security and fraud prevention Legitimate interest — Art. 6(1)(f) GDPR

5. Recipients and processors

Personal data may be made available to trusted providers who process it on our behalf under a data processing agreement:

  • Stripe Payments Europe, Ltd. — payment processing
  • Email communication providers — notifications and confirmations
  • Cloud infrastructure providers (hosting, database) — operated within the EU/EEA
  • Public authorities — where required by law

We do not sell personal data.

6. Retention

  • Business account data: for the duration of the contract and then per statutory periods
  • Accounting and invoicing documents: 10 years (Accounting Act)
  • Booking records: as long as needed by the Business, typically up to 5 years
  • Marketing consents: until withdrawn
  • Security logs: typically 12 months

7. Your rights

Under the GDPR you have the right to:

  • access your data (Art. 15)
  • rectification of inaccurate data (Art. 16)
  • erasure (Art. 17)
  • restriction of processing (Art. 18)
  • portability (Art. 20)
  • objection to processing (Art. 21)
  • withdrawal of consent at any time, without affecting the lawfulness of prior processing

We handle requests without undue delay, within 1 month at the latest. Contact: privacy@rezvi.online.

If you are an End Customer, please contact the relevant Business (controller) first regarding your booking data.

8. Supervisory authority

You may lodge a complaint with the Slovak Data Protection Office (Úrad na ochranu osobných údajov SR), dataprotection.gov.sk. EU residents may also contact their local supervisory authority.

9. International transfers

We process data primarily within the EU/EEA. Any transfer outside the EU/EEA is made only with appropriate GDPR safeguards (an adequacy decision or EC Standard Contractual Clauses).

10. Cookies

The Platform uses cookies and similar technologies. See the separate Cookie Policy.

11. Automated decision-making

We do not carry out automated individual decision-making or profiling with legal effects for data subjects.

12. Security

We apply appropriate technical and organisational measures: encryption in transit (TLS), password hashing (Argon2id), access controls, and ongoing updates.

13. Children

The Platform is not intended for persons under 16. We do not knowingly process children's data without parental consent.

14. Changes

We will announce material changes in advance (by email or in the app) and publish the current version number.

Ivan Hromada · IČO 51710285 · privacy@rezvi.online · rezvi.online