Information on the Processing of Personal Data
1. Basic Provisions
In the processing of personal data, the controller is the person who determines the purposes and means of processing personal data. In the case of your personal data, the controller is Talent management s.r.o., with its registered office at: Hviezdna 1405/4, 94 901 Nitra, ID No.: 54 519 438, registered in the Commercial Register of the District Court in Nitra, Section: Sro, file no. 57059/N, email address: info@katarinaplichtova.com, telephone number +421 905 413 320 (hereinafter referred to as the “Controller”).
The Controller is responsible for the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”).
The Controller has taken all appropriate technical and organizational measures to ensure the protection of personal data. In this document, the Controller provides you with detailed information about the processing of personal data. The data subject has the right to know how the Controller processes their personal data. Personal data is considered to be any information that can directly or indirectly identify you as a specific natural person.
The Controller provides services in the areas of coaching, mentoring people’s talents and strengths, facilitating workshops, corporate training, and operational support services for CEOs. The Controller provides these services primarily through its website www.katarinaplichtova.com, as well as through consultations and posts published on social media.
The Controller strives to process personal data only to the extent necessary and required for predetermined purposes and for the necessary period of time.
Since the Controller actively uses its website and maintains a presence on social media in its activities, you will also find separate information here regarding the processing of personal data on these platforms.
At the same time, the Controller informs you of the rights of the data subject and what the data subject may request from the Controller regarding the processing of personal data.
2. Purposes of processing, legal bases for processing, categories of data subjects, retention period for personal data, recipients of personal data
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(b) of the GDPR Processing of personal data is necessary for the performance of a contract
Categories of data subjects
Clients interested in receiving services
Category of personal data
Basic personal data (first name, last name, address, email address, phone number)
Retention period for personal data
For the duration of the contractual relationship up to 5 years from the date of termination of service provision
Categories of recipients of personal data
No recipients
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(b) of the GDPR: processing of personal data is necessary for the performance of a contract
Categories of data subjects
Clients
Category of personal data
Personal data provided by the client during the provision of services, which may relate in particular to their work, personal life, and personality traits
Retention period for personal data
For the duration of the contractual relationship
Categories of recipients of personal data
No recipients
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(c) of the GDPR Act No. 431/2002 Coll. on Accounting
Categories of data subjects
Clients, Suppliers
Category of personal data
General personal data (first name, last name, permanent residence, place of business, ID number, tax ID, VAT ID, bank account, payment card number, and other transaction data)
Retention period for personal data
10 years
Categories of recipients of personal data
Accounting firm, statistical office, bailiff, bankruptcy trustee, provisional administrator, tax administrator, tax advisor, FAPI software operator, Stripe payment gateway
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(f) of the GDPR – legitimate interest
Categories of data subjects
Clients to whom services have already been provided
Category of personal data
Basic personal data (first name, last name, email address)
Retention period for personal data
For the duration of sending marketing materials
Categories of recipients of personal data
Mailchimp
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(a) of the GDPR: consent
Categories of data subjects
Subscribers who have voluntarily signed up to receive newsletters
Category of personal data
Basic personal data (first name, last name, email address)
Retention period for personal data
For the duration of marketing activities
Categories of recipients of personal data
Mailchimp
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(a) of the GDPR: consent
Categories of data subjects
Event participants
Category of personal data
Photographs, audiovisual recordings of the event participant’s likeness, and their oral/written statements
Retention period for personal data
For the period specified in the consent
Categories of recipients of personal data
Social media operators
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(f) of the GDPR The processing of personal data is necessary to protect legitimate interests
Categories of data subjects
Debtors
Category of personal data
Common personal data necessary to identify the debtor (first name, last name, permanent residence, date of birth)
Retention period for personal data
For the duration of the statute of limitations period determined depending on the type of claim
Categories of recipients of personal data
Attorney, court, bailiff
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(c) of the GDPR, Act No. 108/2024 Coll. on Consumer Protection and on amendments to other legal regulations, as amended
Categories of data subjects
Person filing the complaint
Category of personal data
Standard personal data contained in the complaint and other personal data necessary for the proper handling of the complaint
Retention period for personal data
For the period specified by law
Categories of recipients of personal data
Court, SOI
Legal basis for processing Article 6(1) of the GDPR
Article 6(1)(c) of the GDPR
Categories of data subjects
Data subjects
Category of personal data
Standard personal data necessary for the proper handling of the request
Retention period for personal data
During the period for the imposition of a sanction by the Slovak Data Protection Authority, i.e., after the expiration of 5 years from the exercise of the data subject’s right.
Categories of recipients of personal data
Office for Personal Data Protection, law enforcement authorities
3. Cookies, analytics tools, and social media
Cookies and analytics tools
a) Website
If a data subject visits the website www.katarinaplichtova.com, a so-called cookie may be stored on your device (depending on your web browser settings). The controller always processes cookies with the data subject’s consent.
A cookie is a small text file sent to your browser by the websites you visit. It allows websites to remember information about your visit, such as your preferred language and other settings. This makes subsequent visits to the site easier and more productive. Cookies are essential for a personalized browsing experience.
When you visit the website or the Operator’s profiles on social media, personal data may be processed for statistical and analytical purposes (LinkedIn, Instagram, Facebook, Google). This data is used to personalize the content of the website and content on the social networks LinkedIn, Facebook, and Instagram. The Operator processes this data based on your consent – if you granted it when visiting our website in connection with cookies.
b) Facebook
When you visit a profile, Facebook records, among other things, the IP address and other information and stores cookies on the data subject’s device. Based on the information collected in this way, Facebook provides statistical information about the use of the Provider’s Facebook profile and other related services.
When processing data on the Facebook profile for statistical purposes, the Controller and Facebook act as joint controllers pursuant to Article 26 of the GDPR.
Facebook processes users’ personal data on behalf of the Controller to measure the performance and reach of its communication campaigns. It provides the Provider with an aggregated (anonymized) overview of users who interact with the Provider’s communication and marketing content through users’ personal profiles created on Facebook.
In such cases, Facebook acts as a processor for the Controller.
The personal data of data subjects is processed by Facebook in accordance with the Data Processing Terms and is protected in accordance with the Data Security Terms. Both documents are available at www.facebook.com in the section labeled “legal terms.”
c) Google Analytics
Google Analytics is a web analytics service provided by Google Inc. This service provides aggregated anonymous statistics regarding visitors to our website. In addition to generating reports on website usage statistics, Google Analytics can be used to display more relevant ads on Google properties and across the web, as well as to measure interactions with the ads displayed.
Social Media
a) Facebook and Instagram
The Operator has set up profiles on Facebook and Instagram.
If you follow the Operator’s activities on social media or communicate with the Operator through these platforms, please review the privacy policies of the respective social media platform operators. In addition to the processing of personal data through the Operator’s social media profiles, your personal data is also processed directly by the social media platforms themselves.
The Operator has no control over this processing, and data subjects must exercise their rights arising from the use of these social networks directly with these operators. Further information on the processing of personal data by social media operators can be found below on the respective social media platforms.
On social media profiles, the Operator focuses on the following activities:
a) direct marketing, promotion, and raising awareness about the Provider, its activities, and initiatives (this involves Facebook users and involves the collection of status updates in the background directly on Facebook);
b) communication with users or visitors to the Operator’s profile, comments, or communication via Messenger (communication is archived directly on Facebook); on Instagram, communication takes place via Direct;
c) tracking and evaluating statistics, tracking reach and interaction (the Operator tracks and evaluates aggregated statistical data but cannot identify specific users from it – anonymous statistical data about users);
b) LinkedIn
The Operator also maintains a profile on the LinkedIn social network, through which it promotes its activities, provides information about its events, and communicates with users and profile visitors. The Operator also tracks and evaluates statistics on traffic to its profile, but only at an anonymous level.
LinkedIn uses advertising cookies, the settings for which the data subject can change directly on the LinkedIn website, where you can also find information about personal data protection.
4. Rights of the Data Subject
Right to withdraw consent:
In cases where the processing of personal data is based on the data subject’s consent, the data subject may withdraw this consent at any time in accordance with the procedures described in the relevant consent form. The Controller guarantees that consent may be withdrawn in the same manner as it was granted. Withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal. In some cases, withdrawal of consent will result in the inability to use certain services that are based on the processing of your personal data.
Right to Rectification:
If the data subject suspects that their data processed by the Controller is incorrect, they have the right to request that the Controller correct or supplement their personal data. The Provider strives to continuously update personal data and constantly endeavors to keep it accurate, complete, current, and relevant, based on the latest information available to it.
Right to Restriction of Processing:
The Controller may restrict the processing of the data subject’s personal data if:
a) the data subject contests the accuracy of the personal data, for a period necessary for the Controller to verify the accuracy,
b) the processing of personal data is unlawful and the data subject requests restriction of processing instead of erasure of the personal data,
c) the Controller no longer needs the personal data, but the data subject requires it to establish, exercise, or defend legal claims, or
d) the data subject objects to the processing, while the controller verifies the legitimacy of this request.
Right of access:
The data subject has the right to request confirmation from the Controller as to whether we are processing any of your personal data, including, for example, information about which categories of personal data are being processed, for what purpose the personal data is being used, to whom it is disclosed, how long it will be retained, and where it was obtained – if not directly from you – and, where applicable, to which recipients or categories of recipients the personal data has been disclosed, as well as the rights of data subjects in connection therewith.
Confirmation of whether the Controller processes personal data shall be sent to the data subject preferably by electronic means.
The Controller is also obligated to provide the data subject with the personal data we process about them, if requested.
The Controller reserves the right to charge a reasonable fee for processing the request. This applies in particular to unreasonable and frequently repeated requests or requests that require disproportionate administrative effort. The fee will be charged in the amount of the administrative costs associated with producing copies of the data (e.g., the cost of the data storage medium – CD, USB drive).
Right to data portability:
Upon request by the data subject, the Controller shall provide all processed personal data in a structured, commonly used, and machine-readable format; or, if technically feasible, the Controller shall transmit such data to another controller designated by the data subject. This right may be exercised provided that the Controller processes personal data based on consent or a contract, and only if the processing is carried out by automated means. The Controller notes that the exercise of the right to data portability does not apply to personal data processed by the Controller pursuant to law.
Right to erasure:
The Controller shall erase personal data without undue delay if:
a) the personal data is no longer necessary for the purpose for which it was collected or processed;
b) the data subject has objected to the processing of personal data for the purposes of legitimate interests, and there are no legitimate interests of the Controller that override the interests of the data subject;
c) the processing is based on consent, the consent has been withdrawn, and there is no other legal basis for the processing;
d) the personal data has been processed unlawfully;
e) erasure is required to comply with a legal obligation under European Union or Member State law to which the Controller is subject;
f) the personal data collected pertained to a person under the age of 16;
and provided that the processing was not necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to object to processing:
The data subject may object at any time to the processing of their personal data for a specific reason, provided that the processing is not based on consent but on the legitimate interests of the Controller or the legitimate interests of a third party. In such a case, the Controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing that override your rights and freedoms. If the data subject objects to the processing, they must specify whether they wish to have the personal data erased or to have the processing restricted.
Right to lodge a complaint:
In the event of an alleged violation of applicable data protection laws, the data subject may file a complaint with the data protection supervisory authority in the country where they reside or in the country where the alleged data protection violation occurred. In Slovakia, this authority is the Office for Personal Data Protection of the Slovak Republic.
Timeframe for processing your request when exercising your rights:
The Controller will endeavor to process the request within 30 days of its receipt. However, depending on the volume and complexity of requests, this period may be extended by an additional 2 months. The Controller will inform the data subject of this fact no later than 30 days after receiving your request, along with the reason for the extension.
Impossible identification:
The Controller anticipates that in some cases it will not be possible to locate all personal data based on the identifiers provided by the data subject in their request. In such cases, where the Controller is unable to identify the data subject, the Controller is unable to comply with the request unless the data subject provides additional information enabling their identification. The Controller will inform the data subject of the reasons why the request cannot be processed.
Submitting requests to exercise your rights:
For information regarding the protection of personal data, as well as to exercise your rights as a data subject, please contact the Controller at this email address: info@katarinaplichtova.com.
Date: March 31, 2026
The Controller reserves the right to update these terms and conditions. For this reason, it recommends that data subjects review them periodically. Updates to the text are indicated by the date of the last update.