brıghter
en/sk

Legal · GDPR

Privacy Policy

We take your privacy seriously. This document explains what data we collect, why, how long we keep it and your rights under the EU General Data Protection Regulation.

Last updated · 2026-05-15

1. Who we are (data controller)

The controller of your personal data is BRIGHTER S.R.O., IČO 55 929 532, with registered office at Račianska 88 B, Nové Mesto, 831 02 Bratislava, Slovakia, registered in the Commercial Register of the Municipal Court Bratislava III (“Brighter”, “we”).

Privacy contact: brighter@brighter-studio.com · +421 919 034 092.

2. Data we collect

2.1 Data you provide

  • Identification & contact: name, email, phone, billing address, company name and VAT number when ordering.
  • Project brief data: any materials, references, brand assets, screenshots, datasets or credentials you share with us in the brief.
  • Communications: messages and files exchanged via email, chat, or our contact form.

2.2 Data we collect automatically

  • Technical: IP address, browser type, OS, device type, screen size, referring URL.
  • Usage: pages visited, time on page, clicks, scroll depth (aggregated and anonymized).
  • Cookies: see the dedicated Cookie Policy.

2.3 Data from third parties

We do not buy personal data from third parties. We may receive limited contact information from our payment provider when you complete a purchase (so we can issue an invoice and deliver the service).

3. Purposes & legal bases

  • Performing the contract (Art. 6(1)(b) GDPR) — processing your order, delivering services, communication.
  • Legal obligation (Art. 6(1)(c) GDPR) — tax records, invoicing, accounting, complaints handling under Slovak law.
  • Legitimate interests (Art. 6(1)(f) GDPR) — fraud prevention, security monitoring, improving our services. You may object at any time.
  • Consent (Art. 6(1)(a) GDPR) — non-essential cookies, marketing emails. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. Sharing & processors

We share personal data only with carefully selected processors under written data-processing agreements compliant with Art. 28 GDPR:

  • Licensed EU payment institution — card payment processing (PSD2/SCA, PCI-DSS Level 1)
  • Hostinger International (Lithuania) — web hosting
  • Cloudflare (EU) — DNS, CDN, anti-spam protection
  • Google Workspace — email infrastructure
  • Resend — transactional email
  • Sanity — content management
  • Our accountant under contract (Slovak Republic)

We never sell your data. We only disclose data to public authorities when required by law (e.g. a court order or tax audit).

5. International transfers

Some of our processors (our payment provider, Google, Cloudflare) may transfer data to the United States. Transfers occur under the EU-US Data Privacy Framework and, where applicable, Standard Contractual Clauses (Art. 46(2) GDPR) with additional technical safeguards.

6. Retention periods

  • Order & invoice data: 10 years (Slovak Accounting Act §35).
  • Project files & communications: 90 days after delivery, then deletion or anonymization (unless required for ongoing complaint or dispute).
  • Marketing data: until you unsubscribe.
  • Analytics: 14 months (aggregated thereafter).
  • Server logs: 30 days.

7. Your rights under GDPR

You have the right to:

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — subject to legal retention obligations.
  • Restriction of processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Lodge a complaint with a supervisory authority (see Section 10).

To exercise any of these rights, email brighter@brighter-studio.com. We will reply within 30 days. Identity verification may be required.

8. Cookies

We use only essential cookies until you actively consent to additional categories via the cookie banner. Full list, categories and durations are in the Cookie Policy.

9. Security measures

We protect your data with industry-standard measures:

  • HTTPS/TLS 1.3 on every page
  • Encrypted backups
  • Access control on a need-to-know basis
  • Multi-factor authentication for all admin accounts
  • Regular security reviews of third-party processors

Despite best efforts, no system is 100% secure. In the unlikely event of a breach affecting your rights, we will notify you and the supervisory authority within 72 hours per Art. 33 GDPR.

10. Supervisory authority

If you believe we have mishandled your data, you may lodge a complaint with the Slovak Data Protection Authority:
Úrad na ochranu osobných údajov Slovenskej republiky
Hraničná 12, 820 07 Bratislava 27, Slovakia
dataprotection.gov.sk

11. Changes to this policy

We may update this policy. Material changes will be announced at least 30 days before they take effect. The version above (dated 2026-05-15) is the current one.

12. Contact us

BRIGHTER S.R.O.
Račianska 88 B, Nové Mesto, 831 02 Bratislava, Slovakia
brighter@brighter-studio.com · +421 919 034 092