General Data Protection Regulation (EU) 2016/679 — GDPR
Effective date: 7 April 2026
Website: www.comeworks.eu
| This Privacy Policy explains how COME WORKS s.r.o. collects, uses, stores and protects the personal data of visitors to our website and persons who contact us. Please read this document carefully. If you have any questions, contact us at: info@comeworks.eu | +421 911 549 346 |
1. CONTROLLER OF PERSONAL DATA
The controller of your personal data within the meaning of Article 4(7) of the General Data Protection Regulation (GDPR) is:
| Field | Details |
| Company name | COME WORKS s.r.o. |
| Registered address | Československej armády 29, 934 01 Levice, Slovak Republic |
| Company ID (IČO) | 51 230 143 |
| Tax ID (DIČ) | 2120640093 |
| VAT number (IČ DPH) | SK2120640093 (registered under §4, effective 1 October 2020) |
| Company register | Commercial Register of the District Court Nitra, Section: Sro, Insert No. 44596/N |
| Statutory representative | Peter Duris |
| info@comeworks.eu | |
| Phone — Slovakia | +421 911 549 346 |
| Phone — Austria | +43 664 9337 4218 |
| Website | www.comeworks.eu |
For all matters relating to the processing of your personal data, you may contact us at the above email address. We will respond within 30 days as required by GDPR Article 12(3).
2. SCOPE AND PURPOSE OF THIS POLICY
This Privacy Policy applies to the website www.comeworks.eu and to all personal data processed by COME WORKS s.r.o. in connection with:
- Visits to our website
- Enquiries submitted through our contact form or by email
- Requests for quotations and business communications
- Job applications submitted through our website
- Our use of website analytics and cookies
This Policy applies to natural persons (individuals) whose data we process. It does not apply to legal entities. We process personal data exclusively in accordance with the GDPR, Slovak Act No. 18/2018 Coll. on Personal Data Protection, and other applicable national legislation.
3. CATEGORIES OF PERSONAL DATA WE PROCESS
3.1 Data you provide directly to us
When you contact us, submit an enquiry, request a quotation or apply for a position, you may provide us with the following data:
| Category | Examples of data collected |
| Contact and identification data | First name, last name, job title, company name |
| Contact details | Email address, telephone number, postal address |
| Communication data | Content of messages, enquiries, requests and correspondence |
| Professional data | CV, work experience, qualifications, certifications (job applications only) |
| Project-related data | Description of planned construction or engineering project, location, scope |
3.2 Data we collect automatically when you visit our website
When you visit our website, certain technical data is collected automatically by our servers and by analytics tools (subject to your cookie consent):
| Category | Details |
| Technical data | IP address (anonymised), browser type and version, operating system, device type |
| Usage data | Pages visited, time spent on each page, referring URL, links clicked |
| Cookie data | Session identifiers, language preferences, cookie consent status |
| Analytics data | Aggregated and anonymised website traffic statistics (Google Analytics) |
3.3 Data we do not collect
We do not intentionally collect or process any of the following special categories of personal data within the meaning of GDPR Article 9:
- Racial or ethnic origin
- Political opinions, religious or philosophical beliefs
- Trade union membership
- Genetic or biometric data
- Data concerning health, sex life or sexual orientation
If any such data is inadvertently included in a message or document you send us, we will delete it promptly and will not process it.
4. LEGAL BASES FOR PROCESSING
We process personal data only when we have a valid legal basis under GDPR Article 6. The following table sets out each processing activity and its legal basis:
| Processing activity | Data processed | Legal basis (GDPR Art. 6) | Retention |
| Website contact form and email enquiries | Name, email, phone, company, message | Art. 6(1)(b) — steps taken at the request of the data subject prior to entering into a contract | 3 years from last contact |
| Responding to requests for quotations and proposals | Name, email, company, project information | Art. 6(1)(b) — performance of a contract or pre-contractual measures | 5 years (statutory accounting obligation) |
| Conclusion and performance of service contracts | Name, address, company, bank details, correspondence | Art. 6(1)(b) — performance of a contract; Art. 6(1)(c) — compliance with a legal obligation | 10 years (Slovak Act No. 431/2002 Coll. on Accounting; Austrian UGB §212) |
| Compliance with tax and accounting obligations | Invoice data, contract data, payment records | Art. 6(1)(c) — compliance with a legal obligation | 10 years |
| Job applications received via website or email | CV, name, contact details, qualifications, work history | Art. 6(1)(a) — consent given by the applicant | 6 months from receipt if unsuccessful; immediately upon request for deletion |
| Website analytics (Google Analytics) | Anonymised IP address, browsing behaviour, session data | Art. 6(1)(a) — consent given via cookie banner | Until consent is withdrawn; Google Analytics data: 26 months (Google default) |
| Strictly necessary cookies (session / security) | Session ID, CSRF token, language preference | Art. 6(1)(f) — legitimate interests (secure and functional website operation) | Session duration or up to 12 months |
| Sending marketing communications (newsletter) | Email address, first name | Art. 6(1)(a) — explicit consent given at subscription | Until consent is withdrawn |
Where we rely on legitimate interests (Article 6(1)(f)), we have assessed those interests against your rights and freedoms and concluded that our interests do not override yours. You have the right to object to such processing at any time — see Section 8.
5. RECIPIENTS AND PROCESSORS OF PERSONAL DATA
We do not sell your personal data to third parties. We share your data only with trusted service providers who process it on our behalf under binding data processing agreements (DPA) pursuant to GDPR Article 28, or with authorities where required by law.
| Recipient / Processor | Country | Purpose | Safeguard |
| Web hosting provider | EU / EEA | Storage of website data and database | DPA under GDPR Art. 28 |
| Google LLC — Google Analytics | USA (data processed in EU/EEA) | Website traffic analytics | Standard Contractual Clauses (SCCs); IP anonymisation enabled |
| Google LLC — Google Workspace (Gmail) | USA (data processed in EU/EEA) | Email communication | Standard Contractual Clauses (SCCs) |
| Accounting software / accountant | Slovak Republic | Invoicing, bookkeeping, tax compliance | DPA under GDPR Art. 28 / professional secrecy |
| Public authorities (tax office, courts, etc.) | Slovak Republic / EU | Legal obligations | Statutory obligation under applicable law |
All processors are contractually bound to process your data only on our documented instructions, to implement appropriate security measures, and to delete or return the data upon termination of the service.
6. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
Some of our processors — in particular Google LLC — are headquartered in the United States of America, which is a country outside the European Economic Area (EEA). Such transfers are carried out on the basis of:
- Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to GDPR Article 46(2)(c), which impose binding data protection obligations on the recipient
- Your explicit consent, where applicable (e.g. when you accept analytics cookies)
The following measures are in place to protect your data when transferred to Google LLC:
- IP anonymisation is enabled in Google Analytics — your full IP address is never stored by Google
- Data is primarily processed within Google’s EU/EEA data centres where possible
- Google has committed to the EU-US Data Privacy Framework
For more information on Google’s data protection practices, see: https://policies.google.com/privacy
We do not transfer your personal data to any other third countries. If this changes, we will update this Privacy Policy and, where required, seek your consent.
7. RETENTION PERIODS
We retain personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law. The specific retention periods applicable to each category of data are set out in the table in Section 4.
The following general principles apply to all personal data we hold:
- Data will be deleted or anonymised as soon as the purpose of processing has been fulfilled and no legal retention obligation applies
- Where you withdraw consent or successfully exercise your right to erasure, your data will be deleted within 30 days unless a longer statutory retention period applies
- Data retained for accounting and tax compliance purposes (up to 10 years) will be stored securely and accessed only for the specific legal purpose
- Job application data will be deleted within 6 months of receipt of the application if no employment relationship is established, unless you provide additional consent for us to retain your data for future vacancies
At the end of any retention period, personal data is securely deleted from our systems or anonymised in a way that prevents re-identification.
8. YOUR RIGHTS AS A DATA SUBJECT
Under the GDPR you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at: info@comeworks.eu
| Right | What it means | Conditions / Notes |
| Right of access (Art. 15 GDPR) | You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of the data and information about how it is processed. | We will respond within 30 days. One free copy per request; reasonable fee may apply for further copies. |
| Right to rectification (Art. 16 GDPR) | You have the right to have inaccurate personal data concerning you corrected without undue delay. | Applies to factually incorrect data. We will rectify data within 30 days of your request. |
| Right to erasure (Art. 17 GDPR) | You have the right to request the deletion of your personal data (‘right to be forgotten’) in certain circumstances. | Does not apply where processing is necessary for legal compliance or the establishment of legal claims. |
| Right to restriction (Art. 18 GDPR) | You have the right to request that we restrict the processing of your data under certain conditions (e.g. while accuracy is disputed). | We will mark the data as restricted and limit its processing accordingly. |
| Right to data portability (Art. 20 GDPR) | Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format. | Applies only to data you provided to us directly. |
| Right to object (Art. 21 GDPR) | You have the right to object at any time to the processing of your data where it is based on our legitimate interests (Art. 6(1)(f)) or carried out for direct marketing purposes. | We will cease processing unless we demonstrate compelling legitimate grounds overriding your interests. |
| Right to withdraw consent (Art. 7(3) GDPR) | Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. | Withdrawal can be made by contacting us at info@comeworks.eu or via the cookie settings on our website. |
| Right not to be subject to automated decisions (Art. 22 GDPR) | You have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. | We do not carry out automated decision-making or profiling. |
| Right to lodge a complaint (Art. 77 GDPR) | You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes the GDPR. | See Section 10 for supervisory authority contacts. |
We will not discriminate against you for exercising your rights. There is no charge for submitting a rights request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee.
9. SECURITY OF PERSONAL DATA
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, as required by GDPR Article 32. These measures include:
Technical measures
- SSL/TLS encryption for all data transmitted via our website (HTTPS)
- Encrypted storage of sensitive data
- Firewall and intrusion detection systems on our web server
- Regular automated security backups with offsite storage
- Access controls limiting database access to authorised personnel only
- Use of strong password policies and multi-factor authentication where applicable
Organisational measures
- All staff with access to personal data are trained on GDPR obligations and data protection best practices
- Access to personal data is granted on a need-to-know basis only
- Third-party processors are vetted and bound by data processing agreements
- Procedures are in place for detecting, reporting and investigating personal data breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay, as required by GDPR Article 34.
10. COOKIES AND SIMILAR TECHNOLOGIES
Our website uses cookies — small text files stored on your device. Some cookies are essential for the website to function correctly. Others require your prior consent under the EU ePrivacy Directive and GDPR.
| Cookie category | Purpose | Legal basis | Duration |
| Strictly Necessary | Core website functionality: navigation, session management, form security (CSRF protection). The website cannot function properly without these cookies. | Art. 6(1)(f) — legitimate interests. No consent required. | Session or up to 12 months |
| Functional | Remembering your language preference and other optional settings to improve your experience. | Art. 6(1)(a) — consent | Up to 12 months |
| Analytics (Google Analytics) | Collecting anonymised data on how visitors use our website (pages viewed, time on site, traffic sources) to help us improve the website. IP addresses are anonymised before any data is sent to Google. | Art. 6(1)(a) — consent | _ga: 24 months | _gid: 24 hours |
| Marketing | Serving relevant advertisements to visitors who have previously visited our website (remarketing). We do not currently use marketing cookies — this category is reserved for future use. | Art. 6(1)(a) — consent | Up to 90 days |
Managing your cookie preferences
When you first visit our website, a cookie consent banner will be displayed. You may:
- Accept all cookies
- Accept only strictly necessary cookies
- Customise your preferences by category
You may change or withdraw your cookie consent at any time by clicking the ‘Cookie Settings’ link in the footer of our website. You may also manage cookies directly through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.
For detailed information about cookies and how to manage them, please see our Cookie Policy at: www.comeworks.eu/en/cookie-policy
11. GOOGLE ANALYTICS — ADDITIONAL INFORMATION
We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Google processes data on our behalf under a Data Processing Amendment to the Google Ads Controller-Controller Data Protection Terms.
| Setting / Measure | Details / Status |
| IP anonymisation | ENABLED — IP addresses are truncated before storage; full IP is never retained |
| Data sharing with Google | DISABLED — we do not share analytics data with Google for Google’s own purposes |
| Advertising features | DISABLED — we do not use remarketing or advertising reporting features via Google Analytics |
| Data retention | Set to 26 months (Google Analytics default) |
| Transfer safeguard | Standard Contractual Clauses (SCCs) — European Commission Decision of 4 June 2021 |
| Opt-out | Browser add-on: https://tools.google.com/dlpage/gaoptout |
| Google Privacy Policy | https://policies.google.com/privacy |
If you do not consent to Google Analytics cookies via our cookie banner, no Google Analytics data will be collected about your visit.
12. CHILDREN’S PRIVACY
Our website and services are directed exclusively at business clients (B2B). We do not knowingly collect personal data from children under the age of 16.
If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate parental consent, we will delete such data as soon as possible. If you believe we may have received data from a child, please contact us immediately at: info@comeworks.eu
13. AUTOMATED DECISION-MAKING AND PROFILING
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects concerning you, as referred to in GDPR Article 22.
All decisions regarding business relationships, quotations and employment are made by human staff based on the information provided by you.
14. LINKS TO THIRD-PARTY WEBSITES
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party websites you visit.
The presence of a link on our website does not constitute an endorsement of the linked website or its content.
15. SUPERVISORY AUTHORITIES
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR. You may lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, your place of work or the place of the alleged infringement.
| Country / Jurisdiction | Supervisory Authority |
| Slovak Republic (primary — registered seat of controller) | Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky) Hraničná 12, 820 07 Bratislava 27 Tel.: +421 2 3231 3214 Email: statny.dozor@pdp.gov.sk Web: www.dataprotection.gov.sk |
| Republic of Austria | Austrian Data Protection Authority (Datenschutzbehörde — DSB) Barichgasse 40–42, 1030 Vienna Tel.: +43 1 521 52 0 Web: www.dsb.gv.at |
| Federal Republic of Germany | Federal Commissioner for Data Protection and Freedom of Information (BfDI) — or the supervisory authority of the relevant Federal State (Bundesland) Web: www.bfdi.bund.de |
| Any EU/EEA Member State | The data protection supervisory authority in the Member State of your habitual residence or place of work Directory: https://edpb.europa.eu/about-edpb/about-edpb/members_en |
16. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, changes in applicable law, or for other operational, legal or regulatory reasons.
The date of the most recent update is shown at the top of this document. We recommend that you review this Privacy Policy periodically. Where changes are material, we will provide a prominent notice on our website or, where appropriate, notify you directly.
Your continued use of our website after any changes to this Privacy Policy constitutes acceptance of those changes, to the extent permitted by applicable law.
| This Privacy Policy was last updated on: 7 April 2026 It applies to all personal data processed by COME WORKS s.r.o. via the website www.comeworks.eu. Governing law: GDPR (EU) 2016/679 | Slovak Act No. 18/2018 Coll. on Personal Data Protection Supervisory authority (primary): Office for Personal Data Protection of the Slovak Republic |
COME WORKS s.r.o.
Československej armády 29, 934 01 Levice, Slovak Republic
Company ID: 51 230 143 | VAT: SK2120640093 | Register: Commercial Register of the District Court Nitra, Section: Sro, Insert No. 44596/N
info@comeworks.eu | +421 911 549 346 | +43 664 9337 4218 | www.comeworks.eu