GDPR & Privacy Policy

Controller: Ramige s.r.o.

Company ID: 53 808 673

Contact e-mail: hello@lesai.sk

Registered office and commercial register details: complete before production publishing.

• handling contact form requests and follow-up communication
• pre-contract communication and proposal preparation
• contract and legal compliance duties after cooperation starts
• website security, incident prevention, and logging
• service quality improvements and internal reporting
• traffic measurement, campaign attribution, and advertising performance measurement based on voluntary cookie consent

• identity and contact data: name, e-mail, company (if provided)
• communication content: message text and follow-up replies
• technical data: IP address, request timestamp, user-agent, basic server logs
• analytics and attribution data (with consent): pseudonymous visitor/session identifiers, pageview events, and campaign UTM/click-id parameters

• Art. 6(1)(b): pre-contract steps and contract performance
• Art. 6(1)(c): legal obligations (e.g., accounting)
• Art. 6(1)(f): legitimate interests in security, operations, and legal claims defense
• Art. 6(1)(a): consent for optional analytics and marketing cookies/scripts and related campaign attribution

Data may be processed only by authorized staff and contracted processors (e.g., hosting, e-mail infrastructure, technical system administration).

We sign data processing agreements under Art. 28 GDPR and require appropriate technical and organizational safeguards.

When marketing consent is granted, recipients may also include analytics and ad technology providers (e.g., Google Ireland Limited, Meta Platforms Ireland Limited).

If external analytics/ad tools are enabled, data transfers outside the EU/EEA (primarily to the U.S.) may occur.

Any such transfer is performed only under lawful GDPR mechanisms (adequacy decision or standard contractual clauses) with additional safeguards.

• contact requests: typically 24 months after the last communication
• contract/accounting agenda: statutory periods (typically up to 10 years for accounting records)
• security logs: typically up to 90 days, longer only for incident handling or legal claims
• internal analytics events (pageview/CTA/scroll/engagement): typically up to 400 days
• cookie consent record: typically 12 months

• right of access
• right to rectification
• right to erasure or restriction where legally applicable
• right to data portability
• right to object to legitimate-interest processing
• right to withdraw consent (where consent is the legal basis)
• right to lodge a complaint with the Slovak Data Protection Authority

We do not perform solely automated decision-making with legal or similarly significant effects on data subjects on this website.

• access management and least-privilege approach
• continuous patching, hardening, and environment isolation
• encrypted data transport (HTTPS/TLS)
• event logging and operational auditability

For GDPR requests, contact hello@lesai.sk.

Supervisory authority: Slovak Data Protection Authority, https://dataprotection.gov.sk.

This policy may be updated as needed. The latest version is always published on this page with the last update date.