Ochrana osobných údajov (GDPR)

Naposledy aktualizované: 22. 10. 2025

1. Introduction

Welcome to Expiro. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we handle your personal data when you visit our website and use our services, and tell you about your privacy rights and how the law protects you.

2. Data Controller

The data controller responsible for your personal data is Expiro.

Contact: [email protected]

3. What Data We Collect

We collect and process the following types of personal data:

3.1 Account Information

  • Username, email address, password (encrypted)
  • Name (first and last name)
  • Phone number
  • Address, city, country, postal code
  • Date of birth
  • Profile picture (avatar)

3.2 Business Information (for Business users)

  • Company name, ID (IČO), VAT ID (DIČ)
  • Company address

3.3 Service Usage Data

  • Vehicles information (brand, model, license plate, etc.)
  • Revisions and maintenance records
  • Subscription information (name, price, billing cycle)
  • Orders and payment history

3.4 Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Login timestamps

4. How We Use Your Data

We use your personal data for the following purposes:

  • Service Provision: To provide and maintain our subscription tracking, vehicle management, and revision reminder services
  • Account Management: To create and manage your account
  • Payment Processing: To process payments and generate invoices
  • Communication: To send you service-related notifications, reminders, and updates
  • Customer Support: To respond to your inquiries and provide technical support
  • Service Improvement: To analyze usage patterns and improve our services
  • Legal Compliance: To comply with legal obligations (tax, accounting)
  • Marketing: To send promotional communications (only with your explicit consent)

5. Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the services you requested
  • Legal Obligation: Processing required by law (e.g., accounting, tax records)
  • Legitimate Interest: Service improvement, fraud prevention, security
  • Consent: Marketing communications (you can withdraw consent at any time)

6. Data Sharing

We do not sell your personal data. We only share data with:

  • Payment Processors: Stripe (for payment processing) - subject to their privacy policy
  • Cloud Providers: For hosting and data storage (with appropriate safeguards)
  • Legal Authorities: When required by law

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format (JSON)
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw marketing consent at any time

To exercise these rights, visit your Settings page or contact us at [email protected]

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., tax records: 10 years)
  • Resolve disputes and enforce agreements

When you delete your account, we will anonymize or delete your data within 30 days, except for data we must retain for legal compliance.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encrypted password storage (bcrypt)
  • Access controls and authentication
  • Regular security audits
  • Admin activity logging

10. Cookies

We use essential cookies for:

  • Authentication (session management)
  • Security
  • Service functionality

We do not use third-party tracking or advertising cookies without your consent.

11. Children's Privacy

Our services are not intended for users under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. International Data Transfers

Your data may be transferred and stored in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your data.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a prominent notice on our website. The "Last updated" date at the top will reflect the most recent revision.

14. Contact Us

If you have questions about this privacy policy or want to exercise your rights, contact us:

Email: [email protected]

Support: [email protected]

15. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data properly.

Slovakia: Úrad na ochranu osobných údajov (dataprotection.gov.sk)

← Back to Home