Privacy Protection Notice

Effective Date: 11 May 2025

Content of the Privacy Protection Notice

This Privacy Protection Notice (hereinafter referred to as the “Notice”) aims to transparently inform you about the personal data we collect when you use the website https://sidronautika.com – particularly during browsing, registration, and purchases – as well as when using the services provided by Sidro Nautika, the purposes and legal basis for processing such data, and how we ensure their security.

Sidro Nautika is committed to protecting your personal data and handling it confidentially.

This Notice details:

  • the purpose and legal basis of data processing,
  • the details and contact information of the data controller,
  • the types of personal data processed,
  • the method and duration of data processing,
  • measures to ensure data security,
  • your data protection rights and how to exercise them.

1. Purpose, Compliance, and Legal Basis of Data Processing

The purpose of this Notice is to establish the lawful framework for the use of registries/databases maintained by Sidro Nautika s.r.o. (hereinafter referred to as the “Data Controller”), ensure compliance with constitutional principles of data protection, the right to informational self-determination, and data security requirements, as well as enable individuals to control their data, understand the circumstances of its processing, and prevent unauthorized access, alteration, or disclosure of data.

The Data Controller undertakes to comply with the provisions set out in this Notice. Contacting the Data Controller and using its services presupposes acceptance of this Notice. The Data Controller implements all technical and organizational measures to ensure the secure processing of partners’ data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

1.1 Personal and Material Scope

The personal scope of this Notice applies to the Data Controller, as well as to individuals whose data is included in the data processing activities covered by this Notice, and to persons whose rights or legitimate interests are affected by the data processing. The material scope of the Notice covers all data processing activities arising from the operations and services on the website.

1.2 Legal Bases for Data Processing

Personal data is processed only in the following cases:

  • the data subject has given consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) GDPR),
  • processing is necessary for the performance of a contract to which the data subject is a party (Article 6(1)(b) GDPR),
  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject (Article 6(1)(c) GDPR),
  • processing is necessary to protect the vital interests of the data subject or another natural person (Article 6(1)(d) GDPR),
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party (Article 6(1)(f) GDPR).

1.3 Data Protection at Places of Performance

The services of the Data Controller may be provided in Slovakia, Hungary, or Croatia. Data processing is subject to the supplementary legal provisions of the country of performance, but the primary framework is GDPR. Hungarian clients may file complaints with the National Authority for Data Protection and Freedom of Information (NAIH), and Croatian clients with the Croatian Personal Data Protection Agency (AZOP).

2. Duration of Data Processing by Purpose

The Data Controller processes personal data for varying durations depending on the purpose of processing, in compliance with applicable legal regulations:

  • Newsletter distribution: Data is processed until you unsubscribe or request data deletion.
  • Blacklist: Data of individuals on the blacklist is processed indefinitely to avoid sending marketing communications, unless the data subject requests deletion.
  • Cookies: Processing lasts until the purpose is fulfilled or until you object. For cookies based on consent, processing lasts until the cookie expires or a deletion request is made.
  • Registration, courses, boat rentals: Data is retained for 5 years after the service ends due to the statute of limitations under civil law.
  • Invoicing: Accounting documents are retained for 8 years in accordance with accounting regulations.
  • Messages: Received messages are retained for up to 13 months, or 5 years for legal claims.
  • Social media: The duration of processing is determined by the rules of the respective platform.
  • Complaint handling: Complaint data is retained for 5 years, and records in the complaint book for 2 years.

3. Details and Contact Information of the Data Controller

  • Company Name: Sidro Nautika s.r.o.
  • Registered Office: Petőfiho 3125, Štúrovo 94301, Slovakia
  • Company Registration Number: 55 614 132
  • Tax Number: 2122042615
  • Phone: +36 20 250 9297
  • Emailhello@sidronautika.com
  • Websitehttps://sidronautika.com/
  • Primary Supervisory Authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, Slovakia

4. Acceptance of the Data Protection Notice

By using the Sidro Nautika website or our services, you confirm that you have read, understood, and familiarized yourself with the contents of this Data Protection Notice. By checking the appropriate box on the relevant interface, you expressly consent to Sidro Nautika processing your data in accordance with this Notice.

5. Data Processors

The Data Controller only uses data processors that provide adequate guarantees to meet GDPR requirements. Details of the hosting provider:

  • Name: Websupport Magyarország Kft.
  • Registered Office: 1119 Budapest, Fehérvári út 97-99.
  • Company Registration Number: 01-09-381419
  • Tax Number: 25138205-2-43
  • Phone: +36 22 78 76 74
  • Emailsupport@websupport.hu
  • Websitewebsupport.hu

Additional Data Processors

  • Payment Services: Payment service providers (e.g., Stripe, PayPal) process payment data based on their own data protection policies, available on their websites.
  • Marketing Services: For sending newsletters, we may use third-party services (e.g., Mailchimp), which process data in compliance with GDPR.
  • Analytics Tools: For website traffic analysis, we use services like Google Analytics, which process data anonymously where possible.

The Data Controller enters into data processing agreements with processors to ensure that data is processed only for specified purposes and in accordance with the Data Controller’s instructions.

6. Types of Personal Data Processed

The Data Controller processes the following categories of personal data depending on the purpose of processing:

  • Identification Data: name, surname, date of birth, ID document number (e.g., for boat rentals or course registrations).
  • Contact Details: email address, phone number, residential address.
  • Payment Data: bank account number, payment card details (processed by the payment service provider), billing information.
  • Website Usage Data: IP address, browser type, cookie data, behavioral data on the site (e.g., clicks, visited subpages).
  • Service-Related Data: information about registered courses, boat rentals, preferences, feedback.
  • Photos and Videos: recordings made at events (with prior consent or based on legitimate interest for promotional purposes).

The Data Controller processes only the data necessary to achieve the specified purpose and minimizes the scope of processed data in accordance with the GDPR principle of data minimization.

7. Data Transfers

The Data Controller may transfer personal data to third countries (outside the EU/EEA) only if GDPR conditions are met, such as:

  • an adequacy decision by the European Commission,
  • standard contractual clauses,
  • binding corporate rules.

For boat rentals in Croatia, data (e.g., crew lists) may be provided to Croatian authorities or charter companies in compliance with Croatian maritime regulations (e.g., Pomorski zakonik). Such transfers are based on contract performance or legal obligations.

8. Data Security

The Data Controller implements the following technical and organizational measures to ensure data security:

  • Technical Measures:
    • Encryption of data during transmission (SSL/TLS protocol).
    • Regular software and security system updates.
    • Access to data restricted to authorized personnel using passwords and two-factor authentication.
    • Data backups on secure servers.
  • Organizational Measures:
    • Employee training on data protection.
    • Regular risk assessments and data processing audits.
    • Contractual obligations with data processors.

In the event of a data breach (e.g., data leak), the Data Controller will notify affected individuals and relevant authorities within 72 hours in accordance with Article 33 GDPR, if the breach is likely to result in a risk to individuals’ rights and freedoms.

9. Data Subject Rights

As a data subject, you have the following rights under GDPR:

  • Right of Access: You may request information about what data we process about you, for what purposes, and for how long.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): You may request deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw consent.
  • Right to Restriction of Processing: You may request restriction of processing under certain conditions.
  • Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You may object to processing based on legitimate interests.
  • Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: You may file a complaint with a supervisory authority (Office for Personal Data Protection SR, NAIH for Hungarian clients, or AZOP for Croatian clients).

Requests to exercise your rights can be submitted in writing to hello@sidronautika.com. The Data Controller will respond to your request within 30 days, or in complex cases, within 60 days.

10. Use of Cookies

The website uses cookies to enhance user experience, analyze traffic, and provide personalized content. Types of cookies used:

  • Essential Cookies: Enable basic site functions, such as navigation and login.
  • Analytical Cookies: Help analyze visitor behavior (e.g., Google Analytics).
  • Marketing Cookies: Enable the display of personalized advertisements.

Upon your first visit to the site, we request your consent for the use of cookies. You may withdraw consent or adjust cookie settings at any time via the website’s interface. More information about cookies is available in our Cookie Policy at https://sidronautika.com/cookies.

11. Social Media and External Platforms

The Data Controller operates profiles on social media platforms (e.g., Facebook, Instagram, TikTok), where user data (e.g., likes, comments) may be processed. Data processing on these platforms is subject to the respective platform’s rules, which we recommend reviewing.

When using external payment services (e.g., Stripe, PayPal) or booking platforms, your data may be processed by these providers. We recommend reviewing their data protection policies.

12. Changes to the Data Protection Notice

The Data Controller reserves the right to unilaterally amend this Notice, particularly in the event of changes in legal regulations, technical conditions, or services. You will be informed of changes via the website or email, if applicable. The updated Notice takes effect upon publication on the website.

13. Contact and Complaints

If you have questions regarding the processing of your data or wish to exercise your rights, please contact us:

  • Emailhello@sidronautika.com
  • Phone: +36 20 250 9297
  • Postal Address: Sidro Nautika s.r.o., Petőfiho 3125, Štúrovo 94301, Slovakia

You may file complaints with the supervisory authority:

  • Slovakia: Office for Personal Data Protection SR, Hraničná 12, 820 07 Bratislava, www.dataprotection.gov.sk
  • Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), www.naih.hu
  • Croatia: Agencija za zaštitu osobnih podataka (AZOP), www.azop.hr

You may also use the EU’s online dispute resolution platform: https://ec.europa.eu/consumers/odr.

14. Final Provisions

This Notice is drafted in accordance with GDPR and the legal regulations of the Slovak Republic. In case of any conflict between this Notice and mandatory legal regulations, the legal regulations shall prevail. If any part of this Notice becomes invalid, the remaining provisions remain in force.

Date: Štúrovo, 11 May 2025

Data Controller: Sidro Nautika s.r.o.
hello@sidronautika.com
+36 20 250 9297

Subscribe to Sidro Nautika newsletters!

Stay up to date with our courses, boating news, and exclusive offers! Just provide your email address, and we’ll send you what’s worth knowing from time to time. By subscribing, you accept our privacy policy, and you can unsubscribe at any time.

© 2025 Sidronautika.com