Privacy Policy

ByteWoods, spol. s r.o., company ID 01849883, VAT ID CZ01849883

č.ev. 7, 739 36 Sedliště, Czech Republic

Registered with the Regional Court in Ostrava, file C 56795

GDPR e-mail: gdpr@myslotio.com

As controller: data about website visitors, people requesting a demo or support, Slotio customers, account administrators, billing contacts and people contacted for marketing. This typically includes identification and contact data, company and billing data, subscription information, communication and technical data about use of the website and service.

As processor: end-customer data and other customer data that the customer uploads into Slotio booking forms or administration. Depending on the controller customer settings, this may include name, e-mail, phone, booking data and related notes.

• Performance of contract - providing the service, account management, subscriptions and technical support.
• Legal obligation - invoicing, accounting and tax records.
• Legitimate interest - security, fraud prevention, audit, operational communication and protection of legal claims.
• Consent - marketing communication or optional cookies where consent is required.

• accounting documents and billing records: 10 years where required by law
• account and subscription data: for the contractual relationship and then only as needed for settlement of rights, security and protection of legal claims
• production customer data after contract end: usually 30 days for export and deletion no later than 60 days after the export period ends
• backup copies of customer data: overwritten in the ordinary backup cycle no later than 90 days after production data deletion
• end-customer booking data during service use: according to the settings and instructions of the customer acting as controller
• operational logs and security records: for the necessary period, usually 90 days

• Stripe, Inc. - payment processing and fraud prevention
• Hosting and cloud infrastructure - storage and operation of application data
• E-mail and notification services - delivery of system messages
• Accounting and tax services - compliance with legal obligations

We enter into data processing agreements or equivalent contractual terms with processors. Information on currently engaged subprocessors is provided according to the contractual framework and actual operating setup of the service.

Where personal data is transferred outside the EU/EEA, we use an appropriate legal mechanism, especially an adequacy decision or standard contractual clauses. For vendors such as Stripe, the specific transfer setup follows their contractual documentation and transfer configuration.

Data subjects have the right of access, rectification, erasure, restriction of processing, data portability, objection and the right to lodge a complaint with the supervisory authority.

Send requests to gdpr@myslotio.com. We usually respond within 30 days.

• HTTPS and encrypted communication (TLS)
• role-based access restrictions and least-privilege access
• access logging, updates and backups
• payment data is processed through Stripe; we do not store card numbers

For customer personal data, the customer acts as controller and Slotio as processor. The public Data Processing Addendum (DPA) forms part of the contractual framework. Send questions to gdpr@myslotio.com. Contact form: myslotio.com/kontakt.