Privacy & Cookies
Last updated: 21 May 2026
This page explains what personal data we collect when you use this website, how we use it, and what rights you have under the EU General Data Protection Regulation (GDPR).
Who we are
This website is operated by Satur Travel a.s., Miletičova 1, 824 72 Bratislava, Slovakia (the “Controller”). If you have any questions about how we handle your personal data, contact us at:
- Email: info@incomingslovakia.com
- Phone: +421 2 501 13 430
- Post: Satur Travel a.s., Miletičova 1, 824 72 Bratislava, Slovakia
What personal data we collect, and why
When you submit the contact form
| Data | Why we need it | Legal basis |
|---|---|---|
| Your name | To address you correctly in our reply | Legitimate interest |
| Your email address | To send our reply | Legitimate interest |
| Your phone number (optional) | To call you back if you ask us to | Legitimate interest |
| The content of your message | To answer your enquiry | Legitimate interest |
| Your IP address (briefly logged by our server) | To prevent spam and abuse | Legitimate interest |
We process this data on the basis of Art. 6(1)(f) GDPR — legitimate interest in responding to enquiries about our services. We do not use it for marketing without your separate, explicit consent.
When you simply browse the site
We use Cloudflare as our hosting and CDN provider. Cloudflare automatically logs limited technical data about every request (IP address, user agent, referring URL, request timestamp) for the purposes of security, abuse prevention, and operating the service. This data is processed by Cloudflare under their own privacy policy: cloudflare.com/privacypolicy.
How long we keep your data
- Contact form messages: retained for up to 24 months from your last interaction, then deleted, unless we have a contractual relationship with you (in which case standard accounting retention periods apply — typically 10 years under Slovak law).
- Cloudflare access logs: retained by Cloudflare for short periods according to their policy (typically up to 30 days).
Who we share your data with
We share your personal data only with the following categories of processors, each acting under a written Data Processing Agreement:
| Processor | What they do | Where they’re based |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, edge functions | USA / EU (data centres in Frankfurt and Amsterdam are used for EU traffic) |
| Resend (Resend.com, Inc.) | Delivers contact-form emails to our inbox | USA |
| GitHub, Inc. | Stores the website source code (for editorial purposes) | USA |
International transfers to the USA are covered by the EU–US Data Privacy Framework where applicable, or by Standard Contractual Clauses approved by the European Commission. We do not sell your personal data, and we do not share it for advertising purposes.
Cookies
This website is almost entirely cookie-free. Specifically:
- We do not use Google Analytics, Facebook Pixel, Hotjar, or any other analytics, advertising, or tracking cookies
- We do not set any first-party cookies for tracking, personalisation, or marketing
- We do not use a consent banner because we have no non-essential cookies to ask consent for
The only cookie-like storage that may be set on your device comes from:
| Source | Type | Purpose |
|---|---|---|
| Cloudflare | __cf_bm (essential) | Bot management — distinguishes humans from automated traffic. Lifetime ~30 minutes. |
| OpenStreetMap iframe (Contact page only) | Third-party cookies set by openstreetmap.org when you view the map | Map rendering and tile delivery, controlled by OpenStreetMap |
The Cloudflare bot-management cookie is strictly necessary under Art. 5(3) of the ePrivacy Directive and does not require consent. The OpenStreetMap iframe is loaded only on the Contact page; if you do not want OSM to set any cookies, simply do not visit /contact, or block third-party cookies in your browser.
Your rights under GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectify — ask us to correct inaccurate or incomplete data
- Erase — ask us to delete your data (the “right to be forgotten”)
- Restrict processing — ask us to limit how we use your data
- Data portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interest
- Withdraw consent — where processing is based on consent, withdraw it at any time
- Lodge a complaint — file a complaint with the Slovak Data Protection Authority (dataprotection.gov.sk) or the supervisory authority in your country of residence
To exercise any of these rights, email info@incomingslovakia.com. We will respond within one month, as required by Art. 12(3) GDPR.
Security
We protect your data through:
- HTTPS encryption on every page of this site (enforced)
- Encrypted secrets storage for all third-party API keys
- Restricted-access editorial CMS protected by GitHub OAuth
- No long-term storage of contact-form submissions on the website server itself (messages are forwarded by email and not persisted in any database here)
Changes to this policy
If we materially change this policy, we will update the “Last updated” date at the top of this page. For substantial changes, we will display a notice on the homepage for at least 30 days.
Questions
If anything on this page is unclear, or you want more detail about how we handle your data, email us at info@incomingslovakia.com. We aim to reply within one business day.