Corporate Privacy Policy

This Corporate Privacy Policy provides an overview about how we process personal data at Vestberry, s.r.o., with registered seat at Stare Grunty 18, 841 04 Bratislava, company ID no. (IČO): 51 882 540, registered in the Commercial Registry, kept by Bratislava I District Court under Section Sro, Insert no. 130692/B (hereinafter referred to as “we“, “us“ or „Vestberry“).

This Corporate Privacy Policy only covers processing operations which are undertaken from our data controller’s position (including joint controller’s position). This covers our own corporate activities, HR hiring processes, our own legal agenda or marketing activities. This Corporate Privacy Policy does not cover any processing of personal data by virtue of provision of our services to our clients, where we act as processors on behalf of our clients. In this respectplease see our Platform Privacy Policy.

In case of any question about how we processor your personal data or when enforcing your data subjects’ rights, please do not hesitate to contact:

via email at: info@vestberry.com; or
by post at: Vestberry, s.r.o. Stare Grunty 18, 841 04 Bratislava, Slovakia.

We have not appointed data protection officer internally, but we use specialized external legal counsels for data protection & legal compliance.

What are our purposes of processing of personal data?

As a controller, we process personal data for the following purposes and based on following legal bases.

Purpose of processing	Sub-purpose or agendas	Legal basis
1. Employment purposes	Personnel and payroll purposes – Involves data processing that we can process about you to fulfill the typical obligations and exercise of the employer's rights under labor law, when you are our employee or applicant for a job on an open position at Vestberry.	Legal obligation
	Voluntary publication of employee pictures – Section 78 (3) of the Data Protection Act allows employer to publish specific information about employees but photography is absent. Office for the personal data used to require consent for the publishing of photography's of employees (e.g. on the website, social media, company profiles etc.)	Consent
	Storage of data about unsuccessful job applicants – Includes the processing of the personal data we need to obtain and store the CVs of job seekers at Vestberry and to retain the CVs of unsuccessful candidates to contact them with a suitable job offer in the future.	Consent
	Governance and development of the human resources – Covers all core activities of HR department managing through HR internal software, generating reports, evaluations done by managers, working trip organization, employee trainings as well as performing all internal workflow through multiple modern channels.	Legitimate interest
	Employee benefits – It covers all processing operations related to benefit granting procedure as well as providing necessary personal data to third parties provided various benefit systems.	Contract performance and consent
	Remote work (home office) – Covers all processing operations necessary to perform work remotely from home (e.g. video conferencing calls and remote work file management).	Contract performance and legitimate interest
2. Employee monitoring	Electronic monitoring of work time expenses – Type of monitoring aimed on controlling work time hours, time tracking and pauses from work.	Legitimate interest
3. Billing, tax and accounting purposes	Typical tax and accounting purposes including keeping accounting evidence, invoices, tax reporting, communication with tax authorities and similar.	Legal obligation
4. Establishment, exercise, or defense of legal claims (legal agenda)	Typical legal agenda including legal disputes, negotiation, conclusion or performance of agreements, settlements, administrative or other proceedings, reporting and similar.	Legitimate interest
5. Fulfilling of legal obligations	Corporate & registers' agenda – Covers is the processing of personal data of shareholders and other persons as part of the corporate governance based Commercial Code and any statutory registries and entries.	Legal obligation
	Compliance – Any other legal compliance obligations, including anti money laundering obligations to the extent applicable to us.	Legal obligation
6. Development, testing and updating of the software / products	For the purposes of development and testing of the software, we process very limited amounts of personal data that typically include only contact details, employee data or aggregated anonymous data.	Legitimate interest
7. Direct marketing and PR purposes	Sending marketing communication (newsletter) – This is the processing of personal data when sending an e-mail informing an existing customer or potential customer about news, new products, discounts or different sales events. In case the newsletter is sent to existing customers, it is possible to rely on the legitimate interest and the possibility provided in section 116 (13) and (14) of the Slovak Act on Electronic Communications. If you send a newsletter to potential customers (for example, people registered for newsletter, people who have given permission to a third party), you must be able to demonstrate unambiguous consent.	Consent and legitimate interest
	Marketing and personalization of the ads – Increasing sales of services can be considered as a legitimate interest in the organization's efforts to better understand its customers, trends and customer expectations in the provision or offer of services. Such processing may include e.g. a general analysis of customer behavior for better marketing strategies, decisions or more targeted advertising; targeted advertising of products or services; analysis of the success of various marketing campaigns (e.g. via Google Analytics, Facebook); user segmentation for more direct marketing communication (if the conditions for direct marketing communications are met). In line with recital 47 of the GDPR, direct marketing purposes may be based on legitimate interest. However, if ePrivacy rules requires consent for certain cases of electronic data processing, the consent shall be used.	Consent and legitimate interest
	Raising awareness in online environment – Processing of the personal data of participants in discussions, content contributors, actively communicating data subjects (registered users of social network) for the purpose of management and using official social networking profiles. Part of the processing may also include the use of social network media as your "Fan page". This is governed by the social network provider's terms of service whereas the social network provider becomes your processor.	Legitimate interest
	Customer satisfaction surveys – Processing of your customer's personal data that made the purchase, and you'd like to assess customer satisfaction in the form of a poll within short period of time from the purchase.	Legitimate interest
	Marketing analytics – Contains usage of various marketing and analytical tools allowing full automated profiling of personal data and creating dashboards, analytical reports, usage and navigation on our Platform etc.	Legitimate interest and consent
8. Security of personal data and IT systems	Monitoring of users, networks and devices – Covers usage of multiple security monitoring tools for searching for suspicious activities on end points or within network.	Legal obligation
	Right access management – Covers usage of identity access management solutions and granting privileges for individual user identities.	Legal obligation
	Creation of back-ups for restoration systems and data – Covers all security back-ups involving personal data for increasing redundancy and ability to restore own data and internally used systems in Vestberry.	Legal obligation
	Logging – Covers creation, retaining and analyze of security logs involving also personal data of the users.	Legal obligation
9. Statistical purposes	Any allowed conversion of personal data not aggregated anonymous data.	Legal basis of the original purpose pursuant Article 89 GDPR and recital 50 GDPR.
10. Archiving purposes	N/A	Legal basis of the original purpose pursuant Article 89 GDPR and recital 50 GDPR.

What legitimate interest we pursue?

In particular, we pursue the following legitimate interest of our company or 3rd parties:

Governance and development of the human resources;
Remote work (home office);
Electronic monitoring of work time expenses;
Establishment, exercise, or defense of legal claims (legal agenda);
Development, testing and updating of the software / products;
Sending marketing communication (newsletter);
Raising awareness in online environment;
Customer satisfaction surveys;
Marketing & analytics.

We have conducted balancing tests that confirm we are able to rely on these legitimate interests, but you are fee to object against just processing according to Article 21 GDPR based on your specific situation and circumstances.

Who are recipients of your personal data?

Your personal data are available to our recipients on need-to-know basis maintaining the confidentiality of the data recipients. Depending on the purpose of processing and particular circumstances typical recipients of your personal data are:

Accounting and payroll companies;
Postal companies and shipping companies;
Professional advisors (e.g. attorneys);
Health and public social insurance companies as well as companies administering pension funds;
Providers of standard software or technical (IT) support;
Providers of various cloud software services e.g. for business and financial administration, CRM, HR administration, analytics, IT security and software development;
Providers of marketing & analytics tools;
Providers of social media platforms and social networks;
Providers of web hosting services;
Providers of video-conference services
Sponsors and business partners at the events;

We also use various processors to support us in providing services who might process personal data for us. These processors include mainly developers, hosting, cloud and similar software service providers located or with servers located in the EU/EEA and the US, mainly but not limited to Google Cloud, Google Suite, JIRA, Trello, Microsoft 365, Monday, Notion, Slack, Smartsheet or Totango. We ensure that selection of our processors and any processing of personal data by them is compliant with the GDPR.

If we are requested by the public authorities to provide your personal data we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request. In case that you have a question about our current processors, do not hesitate to contact us for further information.

What countries do we transfer your personal data to?

By default, we seek not to transfer your personal data outside the EU and/or EEA where not necessary. As a rule, we seek to have all cloud and servers located in the EEA. However, some of our processors might be based or their servers might be located in the United States of America (U.S.) or in other country regarded as third party not ensuring adequate level of protection.

After the EU-US Privacy Shield has been abolished by the Court of Justice of the EU in July 2020, USA is again regarded a third party not ensuring adequate level of protection. Any transfer of personal data outside the EEA is done by us only under strict compliance with the GDPR.

We ensure the third-party recipients concluded EU standard contractual clauses (the “EU SCC”) with us (unless we rely on adequacy decisions of the European Commission). In addition to EU SCC, we seek to adopt additional safeguards to be compliant with the highest safety standards, especially when the 3rd country partner might be subject to US surveillance laws that were viewed disproportionate by the Court of Justice of the EU.

Information for Australian citizens

Under Australian Privacy Principles (the “APPs”) – Privacy Act 1988.

We (as a Data Exporter) have reasonable serious steps to ensure that the Data Importer does not in principle breach the APPs by relying in the reasonable safeguards based on the Data Importer’s jurisdiction.

The receiving entity is obliged to handle Personal Data in a manner consistent with the APPs, ensuring that the level of protection is substantially equivalent to that provided under Australian privacy law and impose equivalent data protections on any sub-processors it engages.

Personal Data is transferred to Vestberry located in the EU, as well as to the processors listed below.

For transparency and more detailed information please see the following:

Identification of the supplier - processor / Third Country Transfers	Processor´s Privacy Policy	Legal Safeguards for Cross-border Transfer of Personal
Google / US	https://policies.google.com/privacy?hl=en-US	EU SCC – available here: https://privacy.google.com/businesses/controllerterms/mccs/ EU SCC and DPA for Google cloud services available here: https://cloud.google.com/terms/eu-model-contract-clause https://cloud.google.com/terms/data-processing-terms https://workspace.google.com/terms/dpa_terms.html EU SCC and DPA for Google Analytics and Google Ads available here: https://privacy.google.com/businesses/processorterms/
Atlassian (JIRA Software) / US	https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers	EU SCC – available here: Atlassian Customer DPA https://www.atlassian.com/trust/privacy/latest-updates/international-data-transfers
Microsoft / US	https://privacy.microsoft.com/en-us/privacystatement	EU SCC – available here: https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-eu-model-clauses?view=o365-worldwide
Monday / US	https://monday.com/trustcenter/privacy	EU SCC – available here: https://monday.com/l/privacy/https-monday-com-l-scc-processor-to-processor/
Notion / US	https://www.notion.so/help/security-and-privacy	EU SCC – available here: Notion Data Processing Addendum
Slack / US	https://slack.com/intl/en-sk/privacy-policy	EU SCC – available here: https://slack.com/intl/en-sk/terms-of-service/data-processing
Smartsheet / US	https://www.smartsheet.com/legal/privacy	EU SCC – available here: https://www.smartsheet.com/legal/DPA
Totango / US	https://www.totango.com/gdpr	EU SCC – available here: https://www.totango.com/data-processing-agreement

How long do we store your personal data?

We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies.

General retention periods for the above purposes of processing are as follows:

Purpose	General retention period
Employment purposes	During the duration of the contractual relationship or until the receipt of the controller's instruction. Some personal data are stored longer within the statutory time limits. In individual cases may be selected personal data processed further on compatible purpose of establishment, exercise or defense of legal claims.
Employee monitoring	Until the acceptance of the objection against processing. Unnecessary data are deleted ongoing. In individual cases may be selected personal data processed further on compatible purpose of establishment, exercise or defense of legal claims.
Billing, tax and accounting purposes	Until expiration of legal period for keeping accounting documents which means at least for 10 years.
Establishment, exercise or defense of legal claims (legal agenda)	Until the limitation of the legal claim, i.e. during the legal dispute, negotiation, or settlement, during court, administrative or criminal proceedings (can generally be from 2 to 7 years) or until the relevant limitation period has not passed, which depending on type of legal claim may generally be from 2 to 10 years.
Fulfilling of legal obligations	As required to comply with various legal obligations (in Slovakia typically 2-10 years).
Development, testing and updating of the software / products	Until the end of concerned process. Unnecessary data are deleted ongoing. In individual cases may be selected personal data processed further on compatible purpose of security of personal data and IT system.
Direct marketing and PR purposes	Until the acceptance of the objection against processing or sign-out from the newsletter performed by data subject or consent withdrawal if the consent is the applicable legal basis for the processing personal data.
Security of personal data and IT systems	Maximally 1 year, but unnecessary dynamic data may be deleted earlier. In individual cases may be selected personal data processed further on compatible purpose of establishment, exercise or defense of legal claims.
Archiving purposes	Until expiry of archiving period for applicable type of documents stated internally in compliance with local law.

The above retention periods only represent general periods of processing of personal data for the respective purposes. In fact, we proceed to liquidation or anonymization of personal data before the expiration of these general periods if the personal data are deemed unnecessary in view of the above-mentioned processing purposes.

How do we collect your personal data?

Generally, we collect your personal data directly from you. Provision of personal data by you is voluntary and does not present a requirement to enter into a contract or a contractual requirement. You can provide your personal data to us by different means e.g.:

communication with you (e.g. messaging via our web, e-mail or social media);
registration on our website and within usage our platform;
presence on conferences and events (purchasing a ticket);
activity on our profiles on social media;
in the process of concluding or negotiating the contract;
entering our premises or areas designated for photography (at conferences);
completing and submitting a contact form with your comments, queries or questions.
activity on our profiles on our websites or fanpages established on the social media and social networks;
via marketing and tracking tools;
engaging into our hiring procedures;
in relation to legal issue which arise between us may be the source of your personal data, your or our lawyers, courts, public authorities, other dispute parties etc. ;

However, we may also obtain your personal information from your employer or from the company in relation to which we process your personal data. This is typically the case when we conclude or negotiate a contractual relationship with the company or its terms. If the collection of personal data relates to a contractual relationship it is often a contractual requirement or a requirement that is required for the conclusion of a contract. Failure to provide personal data (whether yours or your colleagues) may have negative consequences for the company you represent, as this may result in failure to conclude or performance of a contractual relationship. If you are a member of a statutory body of an organization that is a contracting party to us or with whom we are negotiating a contractual relationship, we may obtain your personal data from publicly available sources and registers. In any case we do not systematically process any random personal data obtained to any of the purposes for processing personal data.

Do you have contractual or legal obligation provide us with your personal data?

It depends on individual situation and on particular purpose of the processing your personal data.

In relation to all purposes, where are legal basis the consent is provision of your personal data fully voluntary and can´t be considered as any legal or contractual demand on you. In case of not provision of your personal data in such cases is only consequence our inability to achieve applicable purpose of the processing (e.g. we can´t keep your CV longer in our database and in future we won´t contact you with job offers).

In relation to all purposes where the legal basis for the processing personal data is contract may be provision of your personal data contractually requested or necessary for conclusion or proper fulfillment of the contract. In case of not provision of your personal data in such cases may be the consequence our inability to conclude the contract or properly fulfill our contractual obligations. Therefore, please be careful and try to avoid the arising of business damage.

In relation to all purposes where the legal basis is legal obligation may be provision of your personal data legally requested or necessary for fulfillment of our legal obligations stemmed from binding law. In case of not provision of your personal data in such cases may be threatened or violated proper fulfillment of our legal obligations, what may have various and multiple negative consequences on us as legally responsible person, as well as you as data subject since according to nature of individual situation you may be negatively affected too (e.g. we will not be able to pay you contributions to the Social Insurance Agency or to health insurance companies or to apply the tax bonuses to which you are entitled as an employee).

What rights do you have?

You have the right to withdraw your consent at any time. You also have a right to object to any direct marketing processing of your personal data including profiling.

You have right to object to any processing that is based on legitimate interest including to profiling based on such legitimate interest pursuant to the Article 21 GDPR. You have right to objection to processing on statistics purpose.

In case of exercising the right we will gladly demonstrate to you how we have evaluated these legitimate interests as compelling over the rights and freedoms of data subjects.

The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.

Among others, you have:

Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
Right to erasure of personal data according to Article of the 17 GDPR, if one of the conditions for erasure is fulfilled and no exception applies.
Right to restriction of processing according to Article 18 GDPR, if one of the conditions for restriction is fulfilled.
The right to data portability according to Article 20 of the GDPR, the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR.

You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that our competent data protection authority is the Office for Protection of Personal Data of the Slovak Republic. In any case we advise to primarily consult us with your questions or requests.

Do we process your personal data via automated means which produces legal effects concerning you?

We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data.

How do we use cookies?

Vestberry uses cookies to function correctly. In order to use the Vestberry dashboard we place small data files called cookies on your device. Most big websites do this too. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies can be “persistent” or “session” cookies. For more information

Persistent cookies remain on a user’s device for the period of time specified in the cookie. They are activated each time that the user visits the website that created that particular cookie.
Session cookies allow website operators to link the actions of a user during a browser session. A browser session starts when a user opens the browser window and finishes when they close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted.

We use cookies and similar technologies on our website or within our Vestberry platform for the following purposes:

to enable certain functions of the service including storing your preferences;
to provide and conduct analytics;
to enable advertisements delivery, including behavioral advertising.

We use both session and persistent cookies on the service and we use different types of cookies to run our services: Essential cookies. We may use essential cookies to authenticate users and prevent fraudulent use of user accounts. We will ask you to consent to our use of cookies in accordance with the terms of this policy where such consent is required.

Vestberry uses cookies in many different ways. In accordance with the case law of the European Court of Justice in case C 673/17 Planet 49 GmbH, we also provide you with detailed information regarding the duration of operation of individual cookies as well as whether third parties have access to these files.

Cookie name & Category of the cookie	Purpose of the use and possibility of third-party access	Time of expiry
__cf_bm Category: Necessary	This cookie is used only by Vestberry to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	1 day
embed/v3/counters.gif Category: Necessary	Used to implement forms on the website	Session
li_gc Category: Necessary	Store the user's cookie consent state for current domain	2 years
rc::a Category: Necessary	This cookie is used only by Vestberry to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent
rc::c Category: Necessary	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Session
lang Category: Preferences	This cookie is used to remember the user's selected language version of a website.	1 day
__hssc Category: Statistics	Identifies if the cookie data needs to be updated in the visitor's browser.	1 day
__hssrc Category: Statistics	This cookie is used only by our Platform. It is used to recognise the visitor's browser upon re-entry on the website.	1 day
__hstc Category: Statistics	This cookie sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	179 days
_ga Category: Statistics	This cookie registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_gat Category: Statistics	Used by Google Analytics to throttle request rate.	1 day
_gid Category: Statistics	Used by Google Analytics to registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day
AnalyticsSyncHistory Category: Statistics	Used in connection with data-synchronization with third-party analysis service.	29 days
collect Category: Statistics	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session
hubspotutk Category: Statistics	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	179 days
mf_initialDomQueue Category: Statistics	Registers data on visitors' website-behaviour. This is used for internal analysis and website optimization.	Session
mf_transmitQueue Category: Statistics	Collects data on the user's navigation and behaviour on the website. This is used to compile statistical reports and heatmap for the website owner.	Session
ph_<project_api_key>_posthog Category: Statistics	This cookie is used by PostHog to track navigation in our Platform and allows us to conduct session replays.	365 days
_fbp Category: Marketing	Used by Facebook to deliver a series of advertisement products such as real time bidding from a third party advertisers.	3 months
__ptq.gif Category: Marketing	Sends data to the marketing platform Hubspot about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.	Session
bcookie bscookie Category: Marketing	Used by the social networking service, LinkedIn, for tracking the use of embedded services.	2 years
lang Category: Marketing	Set by LinkedIn when a web page contains an embedded "Follow us" panel.	Session
lidc Category: Marketing	Used by the social networking service, LinkedIn, for tracking the use of embedded services.	1 day
UserMatchHistory Category: Marketing	Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.	29 days
mf_# Category: Marketing	Collects data of the user's navigation and interaction on the website in order to personalise the purchasing experience.	Session

In addition to our own cookies, we may also use various third-party’s cookies to report usage statistics of the service, deliver advertisements on and through the service, and so on. The third parties’ cookies, which we may use, are namely Google Analytics. Details of the third-party cookies used by us may be found on the webpages of the respective third parties. You can prevent this processing of data from Google Analytics by setting up an Internet browser in which you can install the browser add-on available through the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Clicking on the link will save an opt-out cookie in your internet browser to prevent future data collection when you visit our website. For more details on the terms of processing of your personal information by Google Inc, you can read the Privacy Policy of Google Analytics, https://policies.google.com/technologies/partner-sites?hl=en

What are your choices regarding cookies

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly. We will use cookies only for a time of the validity of your consent to our use of cookies.

Google Analytics

This service from Google Inc. is an analytics tool that stores information in cookies to generate statistics about traffic to our sites. This functionality is not indispensable for browsing and serves to monitor the website’s performance and improve it. When using Google Analytics, we do not process any personal information or other identifiers usable for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data is not processed by Google Inc., the Google Analytics controller. The main cookie used by Google Analytics is the _ga file. More about the types of cookies used by Google Inc. you can learn here: https://policies.google.com/technologies/types?hl=en_US or see information above.

In addition to reporting on our website usage statistics, Google Analytics, along with some advertising cookies, can be used to show you more relevant ads from Google Inc. (based on your search and activity history within our website), as well as to measure the interactions with display ads from Google Inc. Google Analytics also uses cookies on our website to analyse your behaviour, which are stored on the website’s end-user device (computer, tablet, smartphone). Google anonymizes part of the end user’s IP address of our website as soon as it is collected, thereby enhancing your privacy. Google Inc. uses the information collected during the use of the website to evaluate your use of our website, to provide us with activity reports on the website and to provide us with other services related to the use of our website and the use of the Internet.

This data processing by Google Analytics can be prevented by appropriately setting up an Internet browser where you can install the browser plug-in (available on the following link): https://tools.google.com/dlpage/gaoptout?hl=en. Clicking on this link will save your opt-out cookie to your web browser, which will prevent future data from being accessed when you visit our website (www.vestberry.com). For more information on the processing of your personal information by Google Inc. when using Google Analytics, you can read their Privacy Policy available at: https://policies.google.com/technologies/partner-sites?hl=en_US.

PostHog

PostHog is an all-in-one suite of product and data tools including product analytics, web analytics, session replay, heatmaps, feature flags, experiments, surveys, and more that we use in Vestberry Platform.

For PostHog to work optimally, we store a small amount of information about the user on the user’s browser. This ensures we identify users properly if they navigate away from your site and come back later. We store the following information in the user’s browser:

User’s ID
Session ID & Device ID
Active & enabled feature flags
Any super properties you have defined.
Some PostHog configuration options (e.g. whether session recording is enabled)

Withdrawal of consent with PostHog cookie can be done via Cokie settings that you can find in the admin section of Vestberry Platform.

How we use social networks?

Please read relevant privacy policies to better understand processing of your personal data by providers of social media platforms. We only have a typical admin control over the personal data processed by us via our own company profile. We assume that by using these social media platforms, you understand that your personal data might be processed for other purposes and that your personal data might by transferred to other third countries and third parties by providers of social media platforms.

Facebook

In connection with the processing of statistical data on the use of our Facebook profile, we have the status of a joint controller with Facebook, while basic information on the agreement of joint controllers pursuant Art. 26 (1) and (2) can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Our social media add-ons are integrated on our website. You will recognize them by the Facebook logo on the website. When you visit our website, Facebook receives information that you have visited our website with your IP address. If you click on the Facebook icon available on our website while you are signed in and / or registered to your Facebook account, the content of the website is redirected to your Facebook profile. Consequently, Facebook may associate your visit to your website with your user account. Data is transferred regardless of whether you have a Facebook account or not. Please note that when using our website, we have no influence on the data collected and the data processing processes, and we also do not know the overall scope of the data being collected, the purpose of the processing or the data processing of such data. Facebook stores your information about you as user profiles and uses it for your own advertising, market research, and / or customizing services and tools to registered users. Such evaluation is performed in order to inform other Facebook users of your activities on our website. You are entitled to object against the creation of such user profiles, and you must contact Facebook to lodge an objection against that processing. We always recommend you sign out of your Facebook account, especially to avoid associating your online activity with your profile. For more information about the purpose and scope of your data discovery and processing by Facebook, please visit the Facebook Privacy Statement at: https://www.facebook.com/policy.php

We would also like to inform you that we can use the services provided by Facebook Ireland Limited, which are labelled as “data file custom audiences” – the management of the audience for advertising campaigns, and may combine the data we process with personal data processed in Facebook and “measurement and analytics”, in which Facebook processes personal data on our behalf to measure the performance and reach of our advertising campaigns and provide us with user reports that have seen and responded to our advertising content. Therefore, this processing of your personal data may occur if you interact with our advertising content or our websites as you use your Facebook-based user profile. In such cases, we use Facebook as the processor, using the following legal safeguards to process your personal data: https://www.facebook.com/legal/terms/businesstools, https://www.facebook.com/legal/terms/dataprocessing.

If the above-described processing of personal data interferes with you, you can object to it or you can also use the available self-regulatory tools developed for the online marketing sector, available here: http://www.aboutads.info/choices or www.youronlinechoices.eu. These online tools allow you to automatically identify and delete third-party digital identifiers (including those from Facebook) in your browser, thereby preventing your personal data from being processed.

LinkedIn

Our website also has an integrated plug-in of the LinkedIn social network, which is operated by LinkedIn Company, Inc., 1000 W Maude Sunnyvale, CA 94085, USA. Vestberry has no influence on the processing of your personal data by the Twitter as controller of this social network nor control except common administration of our profile available here: https://www.linkedin.com/company/vestberry´For more information on the processing of your personal data, you can use the link: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy

We can use LinkedIn also as our processor during support the sales, recruiting, marketing, educational or other business practices aimed on increasing awareness of Vestberry in online environment towards relevant professional audience based on this Data Processing Addendum: https://www.linkedin.com/legal/l/dpa

Twitter

Our website also has an integrated plug-in of the Twitter social network, which is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. Vestberry has no influence on the processing of your personal data by the Twitter as controller of this social network nor control except common administration of our profile available here: https://mobile.twitter.com/vestberry. For more information on the processing of your personal data, you can use the link: https://twitter.com/privacy?lang=en

your personal data?

It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. Our company has implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially taking into account the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

Changes to this privacy policy

We may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice, on our websites or by email.

Bratislava – 25th June 2025

Previous version upon request

Changes to this privacy policy

Homepage