under Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter as “GDPR”)


I.  The controller

The company A1Attack s. r. o., with ist registered office at Tureň 2, 903 01 Senec, registration no.: 48 208 639, registered in the Commercial register of the District Court Bratislava I, section: Sro, insert no.: 105015/B (hereinafter as the “ Controller”).

II.  The contact details of the Controller

adress:       Tureň 2, 903 01 Senec

In compliance with clause 12 and clause 13 of GDPR the Controller inform you as the data subject about processing of your personal data and your rights connected with it. When processing personal data, the Controller is governed primarily by GDPR and those provisions of Act no. 18/2018. Coll. on the protection of personal data (hereinafter as the “Act”) which are applicable (especially § 78).

III.  Extent of processed personal data

The Controller collects personal data of the data subject in the extent of name, surname, e-mail address and telephone.

IV.  The purposes of the processing of personal data

The processing of personal data by the Controller is necessary to perform the Controller’s tasks related to the pre-contractual relations between the Controller and the data subject resulting from the expressed interest of the data subject in providing the Controller with an experience flight and subsequent performance of contractual duties arising from the concluded contracts and services provided by the Controller.



Legal basis for the processing

Performance of contract and pre-contractual relationships (contacting data subject to provide her/him with services of experience flight)

clause 6 (1) letter b) of GDPR - the performance of a contract and implementation of measures prior to the conclusion of the contract

Storage of evidence of the origin, duration, content and possible termination of the contractual relationship

clause 6 (1) letter f) of GDPR – the Controller’s legitimate interest and clause 6 (1) letter c) of GDPR – special legislation (eg. tax and accountant laws)

Accounting and tax purposes

clause 6 (1) letter c) of GDPR – fulfilment of a legal obligation

Purposes related to protection of the Controller’s legitimate interests (debt collection)

clause 6 (1) letter f) of GDPR – the Controller’s legitimate interest

Purpose of registration and administration of incoming and outgoing mail, administration of consignments delivered and sent to and from electronic mailbox and registration and archiving of contracts and other documents related to the contractual relationship


clause 6 (1) letter f) of GDPR – the Controller’s legitimate interest and clause 6 (1) letter c) of GDPR – special laws (eg. Act on Archives and Registries)

V.  The Controller’s legitimate interests

In the case of processing of personal data for the purposes defined in Article IV on the legal basis of the Controller’s legitimate interest, the processing is established on the exercise or defence of the rights and legal interests of the Controller towards the data subject in connection with services provided to the data subject arising from the contractual relationship between the Controller and data subject.

VI.  Categories of recipients

The Controller shall disclose personal data to the extent necessary to the following categories of recipients:

-       the Controller’s employees under a duty of confidentiality in the performance of their duties;

-       persons authorized by the Controller to carry out services (eg. Slovenská pošta a.s., accounting company);

-       state offices and state authorities in relation to the fulfillment of legal obligations;

-       the Controller’s attorneys.

VII.  Transfer of personal data to third countries

The Controller does not intend cross-border transfer of personal data to third countries outside the European Economic Area (EU, Iceland, Norway and Liechtenstein).

VIII.  The existence of automated decision-making

The Controller does not make automated individual decision.

IX.  Retention period of personal data

The Controller shall keep personal data as long as necessary for the purposes for which the personal data is processed. Personal data shall be stored in accordance with the periods specified in the relevant legislation (eg. Act no. 395/2002 Coll. on Archives and Registries), in the case of a legal basis for performance of the contract for the entire duration of the contractual relationship between the parties and in case of its termination for necessary period stipulated by special legal regulations (eg. the Act on Accounting) and for the period of legitimate interest.

X.  Information on the rights of the data subject

a.  Right of access to personal data

Based on your request the Controller shall issue a confirmation as to whether or not personal data concerning you are being processed. If data subject requests information by electronic means, it shall be provided in a commonly used electronic form, by e-mail, unless otherwise requested.

b.  Right to rectification

If the Controller has inaccurate personal data concerning data subject, the data subject shall have the right to rectification. At the same time, the data subject has the right to have incomplete personal data completed. The rectification or completion of personal data will be done without undue delay after the data subject has requested.

c.  Right to erasure

The data subject has the right to erasure of personal data concerning him/her, provided that conditions set out in clause 17 of GDPR are met after that (i) personal data is no longer necessary for the purposes for which we have collected or processed it, (ii) personal data was processed illegally, (iii) personal data must be deleted in order to fulfill the Controller's legal obligation.

d.  Right to restriction of processing

Under certain circumstances the data subject is entitled to ask the Controller to stop using his/her personal data. These are, for example, cases where the data subject thinks that the personal data held by the Controller may be inaccurate or when he/she thinks that the Controller no longer needs to use his/her personal data.

e.  Right to data portability

The data subject has the right to receive the personal data concerning him/her, which he/she has provided to the Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller if personal data was obtained based on consent of the data subject or on a contract and the processing is carried out by automated means.

f.  Right to object

The data subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her. The data subject is entitled to object to processing based on a legitimate interest of the Controller. The Controller shall review delivered objection. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests and rights of the data subject or for the exercise of legal claims

g.  Right to lodge a complaint

The data subject has the right to lodge a complaint with Data Protection Office of the Slovak Republic, with its registered office at Hraničná 4826/12, 820 07 Bratislava at any time, if he/she considers that his/her rights in the area of data protection have been violated.

h.  Right to withdraw the consent

The data subject shall have the right to withdraw his/her consent at any time, provided that processing was based on that legal basis. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

XI.  Final provisions

The Controller reserves the right to change this information in case of a change in the processing of personal data and in the case of a legislative change.