Privacy Policy
TI Capital s.r.o., with its registered office at Talichova 2, 841 02 Bratislava – Dúbravka district. Company ID (IČO): 55941362, Tax ID (DIČ): 2122141516, registered in the Commercial Register of the Bratislava III District Court, Section Sro, Insert No. 175070/B. Tel.: +421 940 984 000, Email: info@ti-capital.sk
12. Protection of Personal Data
12.1. Contracting Parties acknowledge and agree that in the Agreement-established contractual relationship, the provider is a Processor under Article 28 of Regulation (EU) 2016/679 (GDPR), and the client is the Controller under Article 4(7). Further personal data processing conditions shall be in a separate Article 28(3)-compliant contract.
12.2. Providers are authorized to process personal data on client behalf as Processor from Agreement effective dates. Clients and providers agree Article 12 fully replaces contracts per Act No. 18/2018 Coll. Sections 34 et seq. on Personal Data Protection.
12.3. This Article governs client personal data processing instructions to providers.
12.4. Upon personal data processing purpose expiration, and before Agreement expiry, providers shall promptly return to clients all stored personal data and related documents in readable electronic form if available. Client-received or data-subject-provided documents with personal data sent via email shall be encrypted (ZIP or PDF) with security-policy-meeting passwords. If return is impossible, providers shall immediately destroy personal data. Upon processing purpose termination, clients shall ensure personal data secure storage and protection per applicable law.
12.5. Personal data processing occurs via automated and non-automated means.
12.6. Personal data processing purpose, information system name, and processed personal data list or scope are specified in Appendix 1.
12.7. For this Article's purposes, data subjects are primarily natural persons — client customers (clients) and employees.
12.8. Client Obligations and Rights
a) Clients shall provide all cooperation necessary for this Article's fulfillment.
b) Clients have the right to request regular processed personal data protection state reports from providers, which shall provide them without undue delay.
c) If clients entrusted personal data processing to providers only after data collection, clients must notify data subjects at first contact, and no later than three months after providers were entrusted. This applies if a legal commercial-code Section 69 successor takes over processing.
12.9. Provider Obligations
a) Process personal data only per client documented instructions.
b) Ensure persons authorized for personal data processing (e.g., provider employees) are confidentiality-bound.
c) Implement Act No. 18/2018 Section 39-related processing security measures.
d) Provide technical and organizational assistance enabling client obligation fulfillment per data-subject requests.
e) Return personal data to clients upon personal-data-processing-related service termination.
f) Erase personal data copies per client instruction.
g) Provide clients with audit and inspection information and assistance by clients or appointed auditors.
h) Inform clients without undue delay if instructions are believed to infringe GDPR, Personal Data Protection Act, another special law, or Slovakia-binding international treaties.
i) Notify clients without undue delay of any personal data breaches.
j) Inform data subjects at first contact that their data are processed on client behalf for specified purposes.
k) Not share client personal data with third parties except as required for tax filings or by law.
l) Ensure technical and organizational measures, including EU-based servers, TLS 1.2+ data transmission, AES-256 data-storage encryption, and perform regular security audits as needed.
m) Retain personal data processed via electronic services (E-forms) for five years from client last activity.
12.10. Personal Data Processing Conditions
a) Providers shall ensure GDPR compliance and implement appropriate technical and organizational processing and authority-disclosure measures.
b) Providers shall protect data confidentiality, integrity, and availability per GDPR, Personal Data Protection Act, and relevant security measures.
12.11. Permitted Personal Data Operations
a) Providers may perform personal data operations or operation sets in Appendix 1-listed information systems, including collection, recording, organizing, structuring, alteration, retrieval, consultation, use, disclosure, combination, storage, deletion, and other lawful operations, as law and these Terms and Conditions permit.
b) Providers may obtain and process personal data from Appendix 1-listed persons only to the extent necessary for service provision.
c) Providers shall not use or aggregate personal data for purposes other than Appendix 1-specified.
d) Providers shall implement technical, organizational, and personnel measures proportionate to processing risk, considering confidentiality, data importance, and potential system risks.
e) Providers and employees shall maintain personal data confidentiality encountered in service course and remain bound after assignment termination.
f) Providers warrant not to process personal data contrary to data-subject legitimate interests and will not infringe their rights or privacy.
g) Providers shall ensure any personal data processing-instructed persons are informed of their rights and obligations before data access.
h) Providers shall process personal data per good morals and all applicable laws.
12.12. Personal Data Processing via Electronic Services (E-forms) and Contact Forms
a) Providers process personal, financial, and contact data entered by clients through web applications per GDPR and applicable law.
b) E-forms-processed data are used exclusively for tax return preparation/filing and customer communication.
c) Contact forms communicate with clients; only minimally necessary data are collected. The legal basis for processing is Article 6(1)(b) GDPR (necessity for performance of a contract or pre-contractual measures) and Article 6(1)(f) GDPR (legitimate interest of the provider in communication). Data collected through contact forms are not used for advertising or profiling purposes.
d) Personal data shall not be shared with third parties except as required for tax return filing or law-mandated.
e) Data are stored on EU-based servers, transmitted via TLS 1.2+, and encrypted at rest with AES-256.
f) Personal data processed via E-forms and contact forms are retained for five years from client last activity.
g) Clients may request data access upon identity verification; if data do not exist, clients will be informed accordingly.
12.13. Website Analytics and Cookies
a) The provider's website does not use advertising or tracking cookies. No consent banner is displayed because no cookies requiring consent are set.
b) To understand which pages of this website are visited and how often, the provider uses a privacy-friendly, self-hosted analytics tool running on the provider's own servers within the EU. This tool does not set cookies, does not store any information on user devices, does not collect data that can identify users personally, and processes only aggregate anonymous statistics such as page views and referring sites. Because no cookies or personal identifiers are used, this measurement does not require consent under Article 5(3) of Directive 2002/58/EC (ePrivacy Directive). User data are never sold or shared with advertising networks.
c) The website does not use Google Analytics, Google Tag Manager, Google Ads, Google Maps, Facebook Pixel (Meta), Stripe, reCAPTCHA, or any other advertising network tools. Fonts are self-hosted on the provider's servers; no requests are made to Google Fonts or other external font services on page load.
d) In the client portal (login area), strictly necessary session cookies may be used. These cookies expire at the end of the session or shortly after logout, serve exclusively to maintain the authenticated session, do not transfer personal data to third parties, and do not require consent.
12.14. Providers may use automated document processing tools, including third-party artificial intelligence services acting as sub-processors per Article 28 GDPR. Such services are used exclusively for accounting document structured data extraction. Providers guarantee sub-processors: (i) process data within the EU; (ii) are bound by data processing agreements (DPA) with terms no less stringent than these Terms; (iii) do not use client data for model training or other purposes; (iv) delete data no later than 30 days after processing.
Appendix 1 (dated October 15, 2025)
Information System Name and Processed Data
| Information System Name | Purpose of Personal Data Processing | Categories of Personal Data |
|---|---|---|
| Simple Accounting and Tax Returns for Individuals | Accounting records and preparation of tax returns for individuals | Full name; Tax identification number; Contact details; Financial data; Income and expense data; Bank account information; Tax benefit data |
| Client Database | Storage and maintenance of client contact information, management of contractual relationships | Full name; Address; Phone number; Email; Tax identification number; Interaction history; Contractual terms information |
| HR Records and Payroll | Maintaining personnel records, calculating salaries and taxes | Full name; Passport data; Position; Salary; Tax information; Bank details; Leave and sick leave information |
| Double-Entry Accounting and Tax Returns for Legal Entities | Maintaining accounting records and preparation of tax returns for legal entities | Organization name; Tax identification number; Contact details; Financial statements; Bank account data; Tax documents |
| Business Travel | Recording and monitoring employee business trips, calculation of compensations | Employee full name; Travel dates and locations; Route; Expenses; Supporting documents |
| Electronic Services ("E-forms") | Collection of data for preparation and submission of tax returns and other formal documents via electronic forms | Personal data (full name, address, contacts); Tax data; Income and expense data; Bank details |
| Contact Forms | Receiving and processing inquiries and requests from clients via contact forms on the website | Full name; Contact phone number; Email address; Inquiry content |
| (AI) Automated Recognition and Structuring of Accounting Documents | Automated recognition and structuring of invoices for accounting purposes | Organization name; IČO, DIČ, IČ DPH; Address; Bank details; Amounts; Description of goods/services |