Privacy Policy and Cookie Policy

Article 1 – Data Controller

The data controller within the meaning of Article 4(7) of the GDPR is:

(the "Controller")

The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR") and Act No. 18/2018 Coll. on Personal Data Protection.

Article 2 – Personal Data We Collect

2.1 When you register for and use the LoadPlan Service, we collect the following categories of personal data:

Identity and contact data

• full name;
• email address.

Billing data

• billing address (street, city, postcode, country);
• for business users: business name, Company ID (IČO), Tax ID (DIČ), VAT ID (IČ DPH) (if assigned);
• payment history and issued invoices.

Service usage data

• date and time of login;
• IP address used to access the Service;
• content created by the User within the Service (loading plan configurations).

Data collected by the platform's built-in analytics tool

The Service is built on the Macaly platform, which provides a built-in analytics tool. This tool may process basic technical data necessary for the operation of the Service. The Controller does not independently collect data on operating system type, browser type, previously visited pages or User interactions beyond what is strictly necessary for operation.

Article 3 – Purposes and Legal Bases of Processing

3.1 We process personal data for the following purposes and on the following legal bases:

a) Providing the Service and performing the contract

Legal basis: Article 6(1)(b) GDPR – performance of a contract. Scope: identity, contact, billing and Service usage data. Retention period: for the duration of the contract and 30 days after its termination.

b) Invoicing and compliance with tax obligations

Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation (Act No. 431/2002 Coll. on Accounting). Scope: billing data, payment history. Retention period: 10 years from the date the accounting document was issued.

c) Handling defect reports

Legal basis: Article 6(1)(c) GDPR – compliance with a legal obligation (Act No. 108/2024 Coll.) and Article 6(1)(f) GDPR – legitimate interest in establishing and defending legal claims. Retention period: for the duration of the complaint procedure and subsequently for the applicable limitation period — 3 years for consumers (Section 101 of the Civil Code) or 4 years for business users (Commercial Code). Accounting documents related to the complaint are retained for 10 years in accordance with Act No. 431/2002 Coll. on Accounting.

d) Protection of the Controller's legitimate interests

Legal basis: Article 6(1)(f) GDPR – legitimate interest. Purpose: security of the Service, fraud prevention, establishment and defence of legal claims. Retention period: for as long as the legitimate interest persists, but no longer than 3 years.

e) Marketing communications (consent only)

Legal basis: Article 6(1)(a) GDPR – consent of the data subject. Purpose: sending newsletters, offers and promotional messages. Retention period: until consent is withdrawn, but no longer than 5 years from the last expression of interest. Consent may be withdrawn at any time by clicking the link in any message or by emailing the Controller.

Article 4 – Recipients of Personal Data

4.1 Users' personal data may be disclosed to the following categories of recipients (processors):

• the provider of the platform and hosting on which the Service operates;
• the provider of email services for transactional and operational communications;
• the payment service provider (for payments made via payment link);
• the Controller's accountant or tax adviser;
• public authorities where required by law.

4.2 A specific list of processors and their contact details is available on request at: loadplan@lukkeedigital.sk

4.3 The Controller has entered into data processing agreements with all processors in accordance with Article 28 of the GDPR.

4.4 In the event of a merger, acquisition, or sale of the business, Users' personal data may be transferred to the acquirer, who will become the new data controller. The transfer is carried out on the basis of legitimate interest (Article 6(1)(f) GDPR) in maintaining continuity of the Service. The User will be notified by email and will have the right to object to the processing or to stop using the Service.

Article 5 – Transfers to Third Countries

5.1 Some processors may process personal data in third countries outside the EU/EEA (for example, the United States).

5.2 Any transfer of personal data to a third country is carried out solely under the conditions set out in Articles 44–49 of the GDPR, in particular on the basis of:

• an adequacy decision of the European Commission (e.g. the EU-US Data Privacy Framework);
• standard contractual clauses (SCCs) approved by the European Commission;
• other appropriate safeguards within the meaning of the GDPR.

Article 6 – Data Subject Rights

6.1 In connection with the processing of your personal data, you have the following rights:

• right of access to personal data (Article 15 GDPR);
• right to rectification of inaccurate data (Article 16 GDPR);
• right to erasure (“right to be forgotten”) (Article 17 GDPR);
• right to restriction of processing (Article 18 GDPR);
• right to data portability (Article 20 GDPR);
• right to object to processing (Article 21 GDPR);
• right to withdraw consent where processing is based on consent (Article 7(3) GDPR);
• right to lodge a complaint with a supervisory authority.

6.2 You may exercise your rights in writing or by email at: loadplan@lukkeedigital.sk The Controller will respond to your request within 30 days of receipt at the latest.

6.3 You may file a complaint with the Office for Personal Data Protection of the Slovak Republic:

Article 7 – Security of Personal Data

7.1 The Controller has adopted appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction or misuse.

7.2 Data transmitted between the User and the Service is encrypted using HTTPS/TLS.

7.3 Access to personal data is restricted to authorised persons who are bound by a duty of confidentiality.

7.4 In the event of a personal data breach that is likely to pose a risk to the rights and freedoms of data subjects, the Controller will notify the Office for Personal Data Protection without undue delay and, where the risk is high, will also notify the affected data subjects.

Article 8 – Cookies and Similar Technologies

8.1 The LoadPlan website and Service uses cookies and similar technologies to ensure proper functionality, improve the user experience and analyse traffic.

8.2 Cookies are small text files stored on the User's device when they visit the website.

Categories of cookies used

a) Strictly necessary cookies — required for the basic functioning of the Service (e.g. login, session security). These cookies cannot be declined. Legal basis: statutory exemption from the obligation to obtain consent under Section 109(8) of Act No. 452/2021 Coll. on Electronic Communications.

b) Functional cookies — allow the Service to remember User preferences (e.g. language, display settings). Legal basis: User consent.

c) Analytical cookies — help us understand how Users interact with the Service and enable improvements. Legal basis: User consent.

d) Marketing cookies — used for targeted advertising and campaign effectiveness tracking (if deployed). Legal basis: User consent.

8.3 On first visiting the website, the User is shown a cookie banner through which they may grant or refuse consent for each category of cookies (except strictly necessary cookies).

8.4 The User may change or withdraw their cookie consent at any time via the cookie settings on the Service's website or through their browser settings.

8.5 The User may delete or block cookies at any time in their browser settings. Disabling certain cookies may, however, limit the functionality of the Service.

Article 9 – Automated Decision-Making and Profiling

9.1 The Controller does not carry out automated decision-making or profiling that produces legal effects or similarly significantly affects data subjects within the meaning of Article 22 of the GDPR.

Article 10 – Changes to This Policy

10.1 The Controller reserves the right to update this Privacy Policy.

10.2 The User will be informed of any material changes by email or through a notice in the Service at least 15 days before the changes take effect.

10.3 The current version of this Policy is always available on the Service's website.

Article 11 – Final Provisions

11.1 This Privacy Policy takes effect on the date stated at the top of the document.

11.2 This Policy is drawn up in Slovak and English. In the event of any conflict, the Slovak version prevails.

11.3 If you have any questions about the processing of your personal data, please contact us at: loadplan@lukkeedigital.sk