Privacy first
Data protection
We process the minimum of data necessary to conclude a contract. This document summarises the key points under the GDPR Regulation (EU 2016/679).Last updated: máj 2026
Data controller
- Rival Slovakia s. r. o., Doležalova 15C, Banská Bystrica, IČO 54 281 067.
- GDPR requests: gdpr@pozicauto.sk · General contact: info@pozicauto.sk · Phone: +421 907 633 517.
Purpose of processing
- Handling the reservation and concluding the vehicle rental contract.
- Communication regarding the reservation, vehicle, fines and invoicing.
- Fulfilment of legal obligations (accounting, archiving of contracts).
- Marketing (only with explicit consent — newsletter, offers).
Scope of processed data
- Identification: first name, surname, date of birth, ID card and driving licence number.
- Contact: email, phone, address.
- Payment: card details for online payment (processed by the payment gateway).
- Technical: IP address, cookies, log files when visiting the website.
Retention period
- Contracts and invoices: 10 years (legal obligation).
- Marketing data: until you withdraw your consent.
- Contact forms: 3 years from the last communication.
- Cookies: more on the separate /cookies page.
Your rights
- Right of access to data — you may request a copy of the processed data.
- Right to rectification of inaccurate data.
- Right to erasure (right to be forgotten) after the statutory retention period ends.
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing for direct marketing purposes.
- Right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic (uoou.sk).
Data recipients
- Accounting firm (invoices, tax returns).
- External service providers: Supabase (database), Resend (emails), Vercel (hosting).
- Public authorities where required by law (police, courts, tax office).
- Insurance companies when settling claims.
Security
- Encrypted connection (HTTPS / TLS 1.3).
- Data in the database is protected by Row Level Security policies.
- Passwords are hashed (bcrypt via Supabase Auth).
- Only authorised persons with 2FA have access to the database.
How to exercise your rights
- Send your request to gdpr@pozicauto.sk or by post to the company's registered office.
- We process requests within 30 days (we may extend by a further 60 days in more complex cases).
- We may request additional data to verify your identity.
Questions about GDPR? Write to gdpr@pozicauto.sk and we will reply within 30 days.
