Privacy Policy

This policy explains what personal data we process about you, for what purpose, on what legal basis, how long we keep it, and what rights you have. We process your personal data in accordance with Regulation (EU) 2016/679 (the “GDPR“) and Slovak Act No. 18/2018 Coll. on Personal Data Protection.

1. Who is the data controller

The controller that determines the purposes and means of processing your personal data is:

  • Business name: Volodymyr Kondratiuk
  • Legal form: enterprise of a foreign person (business of a natural person under a trade licence)
  • Place of business: Zuzany Chalupovej 4034/17, 851 07 Bratislava-Petržalka, Slovakia
  • Company ID (IČO): 56918330
  • Tax ID (DIČ): 3122235402
  • Registration: entered in the Trade Register of the District Office Bratislava, Trade Register No. 110-353669
  • E-mail: mail@kavovapohotovost.sk
  • Phone: +421 91 8166429

We operate the online shop and community forum Kávová pohotovosť, focused on selling coffee-machine parts and machines and on coffee-machine repair services.

We have not appointed a Data Protection Officer (DPO), as we are not legally required to. For any data-protection matter, please contact us at the e-mail above.

2. What personal data we process

We only process data needed for a specific purpose:

  • Orders and delivery — first and last name, billing and shipping address, e-mail, phone number, and details of the items and your order.
  • Payment data — for bank-transfer payments, we process the payment identification details (the sender’s name, account number/IBAN, and payment reference) shown on our bank statement, in order to match and post the payment. For card payments, your card details are processed by the payment gateway provider (see section 5) — our shop does not see or store them.
  • User account — username, e-mail address, password (stored in encrypted/hashed form, never in readable form), and e-mail-verification status.
  • Coffee-machine repair service — the contact and delivery details and information about the device and requested repair that you provide.
  • Forum — username, e-mail, the data in your profile, and the content you publish (posts, topics).
  • Contact form — your name, e-mail, and the content of your message.
  • Technical and operational data — IP address, browser type and version, cookie data, and server logs. This data is generated automatically when you visit the site.

We do not knowingly process or request sensitive data (special categories of personal data).

3. Purposes of processing and legal bases

PurposeLegal basis (GDPR)
Fulfilling orders, delivering goods and services, and related communicationPerformance of a contract — Art. 6(1)(b)
Issuing invoices and keeping accounting and tax recordsLegal obligation — Art. 6(1)(c)
Operating your user account and the forumPerformance of a contract and legitimate interest — Art. 6(1)(b) and (f)
Responding to a contact-form messageLegitimate interest / pre-contractual steps — Art. 6(1)(f) / (b)
Protecting forms against spam and abuse (Cloudflare Turnstile)Legitimate interest in site security — Art. 6(1)(f)
Ensuring the basic functionality and security of the site (necessary cookies, logs)Legitimate interest — Art. 6(1)(f)

Providing the data required to enter into and perform a contract and to meet legal obligations is a necessary requirement for processing your order; without it we cannot supply the goods or service.

We currently do not use any analytics tools (such as Google Analytics) and do not send marketing e-mails (newsletters).

4. Cookies

Cookies are small text files stored in your browser. Our site uses strictly necessary cookies only — those required for it to work; without them the site would not function correctly. Under the law, your prior consent is not required for these cookies.

We mainly use:

  • Shop cookies (WooCommerce) — keep the contents of your cart and your session during checkout.
  • Login cookies (WordPress) — keep you signed in to your account and the forum.
  • Cache cookies (LiteSpeed Cache) — ensure fast and correct page rendering.
  • Cloudflare Turnstile — may use a strictly necessary technical token to verify that a form is submitted by a human rather than a bot; it is not used to track you across websites or for advertising.

You can manage or delete cookies at any time in your browser settings. Disabling necessary cookies may limit the functionality of the site (e.g. the shopping cart).

5. Who we share your data with

We do not sell your data. We share it only to the extent necessary for the purposes above, with the following categories of recipients and processors:

  • Hosting and e-mail provider — Hostinger International Ltd. Operates the server and delivers transactional e-mails (order confirmations, account verification, etc.).
  • Delivery company — Packeta Slovakia s. r. o. (Zásielkovňa). We pass on the delivery details needed to ship your parcel. For personal pickup, no data is shared with any third party. (If you add more carriers later, list them here.)
  • Payment gateway provider — Slovenská Sporiteľňa. Card payments and similar methods are processed by this provider. You enter your card details directly with them — our shop never sees or stores card numbers.
  • Our bank — the bank where we hold our business account Slovenská Sporiteľňa processes payments made by bank transfer.
  • Cloudflare, Inc. — as part of the Cloudflare Turnstile service that protects forms against spam and automated bots.
  • Public authorities — only where required by law (e.g. tax authority, courts).

We have contracts in place with our processors that guarantee the protection of your data in line with the GDPR.

6. Transfers to third countries

To protect forms against spam we use Cloudflare Turnstile (Cloudflare, Inc., based in the USA). In this context, some technical data (such as your IP address) may be processed outside the European Economic Area. This transfer is covered by appropriate safeguards — Cloudflare is certified under the EU–U.S. Data Privacy Framework, and/or Standard Contractual Clauses approved by the European Commission apply. Turnstile is designed to minimise the data processed and does not track visitors for advertising.

Apart from the above, we do not transfer your data to third countries.

7. How long we keep your data

  • Accounting records and invoices — 10 years, in accordance with Slovak Act No. 431/2002 Coll. on Accounting.
  • User account and forum data — for as long as the account exists; once it is deleted we erase or anonymise the data (except data we must keep by law, e.g. in accounting).
  • Contact-form messages — for the time needed to handle your request and a reasonable period afterwards.
  • Server logs — only for the short period necessary for security and operational diagnostics.
  • Data processed by Cloudflare Turnstile — according to Cloudflare’s rules.

After these periods expire, we securely delete or anonymise the data.

8. Your rights

As a data subject, under the GDPR you have the right:

  • of access to your personal data (Art. 15),
  • to rectification of inaccurate or incomplete data (Art. 16),
  • to erasure of your data (the “right to be forgotten”, Art. 17),
  • to restriction of processing (Art. 18),
  • to data portability (Art. 20),
  • to object to processing based on legitimate interest (Art. 21),
  • to withdraw consent at any time where processing is based on consent (Art. 7(3)); withdrawal does not affect the lawfulness of processing before withdrawal.

You can exercise your rights via the contact e-mail in section 1. We will respond without undue delay and within one month at the latest.

9. Data security

We have implemented appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction — for example, encrypted transmission over HTTPS, password hashing, e-mail verification at registration, form protection via Cloudflare Turnstile, and restricted access to data.

10. Children’s privacy

Our site is not intended for persons under 16, and we do not knowingly collect personal data from them. If we discover we have obtained such data, we will delete it.

11. Changes to this policy

We may update this policy from time to time, particularly when our services or the law change. The current version is always available on this page; for significant changes we will inform you appropriately.

12. Contact and supervisory authority

For any personal-data matter, contact us at the e-mail in section 1.

If you believe that the processing of your data has infringed your rights, you have the right to lodge a complaint with the supervisory authority:

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky) Galvaniho Business Centrum II, Galvaniho 7/B, Bratislava, Slovakia (re-verify the address on the authority’s website at publish time) Web: www.dataprotection.gov.sk


Effective from: 27.04.2026