Privacy Policy

1. Basic Provisions

The data controller of personal data pursuant to Article 4, point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "GDPR") is Cardoso s. r. o., ID (IČO): 53549619, Tax ID (DIČ): 2121419795, with its registered office at: Karloveská 45, 841 04 Bratislava (hereinafter: the "Controller").

The contact details of the Controller are:

Address: Karloveská 45, 841 04 Bratislava

Email: info@curliculum.com

1.1. Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

1.2. The Controller has not appointed a Data Protection Officer (DPO).

2. Sources and Categories of Processed Personal Data

2.1. The Controller processes personal data that you have provided or personal data obtained in connection with the fulfillment of your order. 

2.2. The Controller processes your identification and contact data, as well as data necessary for the fulfillment of the contract.

3. Legal Basis and Purpose of Processing

3.1. The legal basis for processing your personal data is:

3.1.1. Fulfillment of the contract between you and the Controller pursuant to Art. 6(1)(b) GDPR.

3.1.2. Fulfillment of legal obligations applicable to the Controller pursuant to Art. 6(1)(c) GDPR.

3.1.3. The Controller's legitimate interest in direct marketing (specifically for sending business communications and newsletters) pursuant to Art. 6(1)(f) GDPR.

3.1.4. Your consent to the processing of personal data for direct marketing purposes (specifically for sending business communications and newsletters) pursuant to Art. 6(1)(a) GDPR in conjunction with Section 7(2) of Act No. 480/2004 Coll., on certain information society services, in cases where no goods or services have been ordered.

3.2. The purpose of processing personal data is:

3.2.1. Processing your order and exercising rights and obligations arising from the contractual relationship between you and the Controller. Personal data required for the successful processing of your order (name, address, contact) is requested during the order process; providing this data is a necessary requirement for concluding and fulfilling the contract. Without this data, it is not possible to conclude or fulfill the contract.

3.2.2. Sending business communications and conducting other marketing activities.

3.3. There is no automated individual decision-making by the Controller within the meaning of Art. 22 GDPR.

4. Data Retention Period

4.1. The Controller stores your personal data:

4.1.1. For the period necessary to exercise rights and obligations arising from the contractual relationship and to settle claims from these relationships, but no longer than the period specified by applicable legal regulations..

4.1.2. Until consent for marketing purposes is withdrawn, for a maximum of 10 years, if the data is processed based on consent.

4.2. After the retention period expires, the Controller shall delete the personal data.

5. Recipients of Personal Data (Subcontractors)

5.1. Recipients of your personal data include:

5.1.1. Parties involved in the delivery of goods and the processing of payments under the contract (payment gateway provider GoPay Czech, transport service providers Packeta/Zásilkovna).

5.1.2. Parties providing e-shop operation services (Deenzo s.r.o.) and other services related to e-shop operation (data storage, inventory software).

5.1.3. Marketing service providers.

5.1.4. Accounting service providers.

5.2. The Controller does not intend to transfer personal data to a third country (outside the EU) or an international organization.

6. Your Rights

6.1. Under the conditions set out in the GDPR, you have:

6.1.1. The right of access to your personal data (Art. 15 GDPR).

6.1.2. The right to rectification (Art. 16 GDPR) or restriction of processing (Art. 18 GDPR).

6.1.3. The right to erasure ("right to be forgotten") (Art. 17 GDPR).

6.1.4. The right to object to processing (Art. 21 GDPR).

6.1.5. The right to data portability (Art. 20 GDPR).

6.1.6. The right to withdraw consent in writing or electronically via the address or email provided in Section 1.

6.2. If you have any further questions or wish to exercise your rights, you can contact the Controller at: 

Cardoso s.r.o. Karloveská 415/45, 841 04 Bratislava 

Email: info@curliculum.com 

If you are not satisfied with our response or believe we are processing your data incorrectly, you have the right to contact the supervisory authority: 

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov) at https://dataprotection.gov.sk/uoou/ or: Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic 

Email: statny.dozor@pdp.gov.sk 

7. Data Security Conditions

7.1. The Controller declares that it has taken all appropriate technical and organizational measures to secure personal data. 

7.2. The Controller has adopted technical measures to secure data storage (passwords, antivirus programs) and physical archives. 

7.3. The Controller declares that only authorized persons have access to personal data.

8. Final Provisions

8.1. By submitting an order through the online order form, you confirm that you are familiar with the privacy policy and accept it in its entirety. 

8.2. You agree to these terms by checking the consent box in the online form. 

8.3. The Controller is entitled to change these terms. The new version will be published on the website and may also be sent to the email address you provided.

These terms take effect on February 1, 2026.