Privacy

Privacy Policy

This Privacy Policy describes how POLLÁK ŠAĽA collects, uses, protects, and processes personal data when you use this website and its related services, including contact forms, Client Zone, authentication, support requests, manuals, AI-powered search, transactional emails, analytics, cookies, and service providers.

Last updated
1 July 2026
Effective date
1 July 2026
Policy version
2026.07

Data Controller

  • This website and the related online services are operated by POLLÁK ŠAĽA s.r.o., Diakovská 6245/9C, 927 01 Šaľa, Slovakia.
  • For privacy questions or data requests, contact us at pollaksala@pollaksala.sk or through the public contact page.

Public website usage

  • When you browse the public website, we process technical request data needed to deliver pages, keep the service secure, remember permitted choices, and display the correct language version.
  • Public pages may load technical assets required for the proper operation and display of the website.

Contact form and inquiries

  • When you submit the contact form, we process the message, email address, company, contact person, country, selected context, and related request details so we can respond and manage follow-up communication.
  • The form records that you acknowledged reading this Privacy Policy, together with the time and source of that acknowledgement. Contact form messages are not processed by AI.
  • If you contact a listed representative, dealer, department, phone number, or email address directly, the recipient you choose receives the information you send.

Client Zone

  • The Client Zone is a restricted area for invited users linked to a client/company account and, where applicable, assigned machines.
  • We process account identity, email, role, client relationship, access status, and machine access information so the correct user can access the correct restricted content.

OTP login, invitations, and sessions

  • Login and invitation flows process your email address, one-time code challenge, invite token where applicable, role/client assignment, session data, and security records needed to verify access.
  • Authenticated areas use necessary session cookies and access checks. Login challenges are time-limited and may be retained as security records for abuse prevention and audit purposes.

Support and service requests

  • Client Zone support, service, spare-parts, and other requests may include request type, selected machine, message text, user/client identifiers, and contact details.
  • These records are used to handle the request, assign follow-up, maintain service history, and protect the account from misuse.

Restricted manuals and machine documentation

  • For restricted manuals and machine documentation, we process the user, client, machine, manual version, access status, and download event needed to authorize access.
  • Manual download security logs may include IP address, user agent, request identifier, timestamp, and whether access succeeded, failed, or was denied.

AI-powered search and content support

  • The public search may send your search query, language, and technical context to OpenAI to interpret intent, create embeddings, and return more relevant results. Please avoid entering unnecessary personal data into search fields.
  • OpenAI may also be used by authorized administrators for content translation, search indexing, summaries, or similar content-support tasks. Contact requests are not sent to OpenAI by the contact form.

Transactional emails

  • We send necessary emails such as contact confirmations, internal inquiry notifications, OTP login codes, invitation emails, and access-related messages.
  • These emails may include the recipient address, message content needed for the purpose, delivery metadata, and provider identifiers returned by the email service.

Analytics

  • Google Analytics, Vercel Analytics, and Hotjar/Contentsquare are blocked by default and load only after analytics consent on eligible public pages.
  • Analytics tools are not active in admin, authentication, invite, API, or Client Zone areas. Sensitive public contact and search areas are marked to prevent Hotjar capture where the current service configuration supports it.

Cookies and browser storage

  • Necessary cookies and storage support security, authentication, consent preferences, and contact-form anti-abuse checks. Optional analytics cookies/storage are used only after analytics consent.
  • The Cookie Policy explains the current categories, services, storage names where known, and how to change or withdraw analytics consent.

Processors and recipients

  • We use the processors and recipients listed below to operate the website, deliver email, store data, protect forms, provide analytics after consent, support AI search, and serve assets.
  • Access is limited to authorized persons and providers that need the data for the described purposes. External representatives or dealers are independent recipients when you contact them directly.

International transfers

  • Some providers may process data outside the European Economic Area. Where this happens, we rely on appropriate contractual and technical safeguards such as data processing agreements and standard contractual clauses where required.
  • The exact transfer path can depend on provider configuration, routing, support, and infrastructure availability.

Security

  • We use access controls, role checks, OTP-based login, private manual storage, no-store headers for protected areas, consent controls, anti-spam checks, and audit logs to protect the service.
  • No online service is risk-free, but appropriate technical and organisational measures are implemented according to the sensitivity of the processed data.

Children’s data

  • This website and Client Zone are intended for business, customer, and professional use and are not directed at children.
  • If we learn that children’s personal data was provided without an appropriate reason or authority, we will restrict or delete it where required.

Automated decision-making and profiling

  • The service does not make decisions with legal or similarly significant effects solely by automated means.
  • Analytics and AI-powered search are used for measurement, relevance, and content support, not for eligibility decisions, credit decisions, employment decisions, or legal profiling.

Processors and recipients

This table lists the services used by this project, their purpose, data categories, and role.

Service / recipientPurposeData categoriesRole / recipient type
ResendTransactional email delivery for contact confirmations, internal inquiry notifications, OTP codes, invites, and access-related messages.Email addresses, names where included, message content needed for the email, delivery metadata.Processor
Google reCAPTCHA / Google Cloud Fraud DefenseSpam and abuse prevention for the public contact form.reCAPTCHA token, technical browser/request data, and interaction signals needed to verify the challenge.Processor
Google AnalyticsOptional public-site analytics after analytics consent.Page URL, device/browser information, approximate location, interaction events, analytics cookies such as _ga where set.Processor
Hotjar / ContentsquareOptional public-site behavior analytics after analytics consent.Session behavior on eligible public pages, device/browser data, _hj cookies/storage; sensitive areas are suppressed where implemented.Processor
Vercel hosting, serverless, CDN, and logsHosting, serverless execution, CDN delivery, deployment, availability, and security logging.Technical request data, IP address, user agent, request identifiers, route and response metadata, application data processed by server routes.Processor
Vercel BlobStorage and delivery of public assets and private Client Zone manuals.Uploaded public asset metadata; private manual files, filenames, checksums, access metadata.Processor
Neon / PostgreSQL database hostingDatabase storage for application records.Contact requests, client accounts, users, invites, OTP challenge records, machine/manual access records, support requests, audit logs, content data.Processor
OpenAIAI-powered search relevance, embeddings, intent detection, content translation, summaries, and search-index support.Search query text, locale/context, generated intent and embedding data, admin-entered content sent for translation or indexing. Contact form submissions are not sent to OpenAI by the contact form.Processor
jsDelivr CDNDelivery of flag/icon assets used by the language selector.Technical request data needed to serve CDN assets, such as IP address, user agent, requested asset, and referrer where available.Independent recipient
External representatives and dealersDirect business communication when you choose to contact a listed representative or dealer.Contact details and message content you send directly to that recipient.Independent recipient

Retention overview

Retention depends on the data type, business context, security need, and legal obligations.

Data categoryTypical retention period
Contact inquiries and confirmation evidenceRetained for as long as reasonably necessary to answer the inquiry, manage follow-up communication, prove the request context, and meet legal or business obligations.
Client Zone accounts and access recordsRetained while the account/client relationship is active and afterward where needed for contractual, support, audit, or legal obligations.
OTP challenges and invitationsRetained only for a short period for login/invite verification; related records may remain temporarily for security, abuse prevention, and audit purposes.
Support and service requestsRetained for as long as reasonably necessary to resolve the request, maintain service history, and support related business obligations.
Manual download audit logsRetained for as long as reasonably necessary to verify restricted access, investigate misuse, resolve disputes, and maintain security records.
Analytics consent preferenceThe application stores ps_analytics_consent for up to 180 days unless changed earlier.
Analytics provider dataRetained according to the analytics provider configuration and provider retention settings, only after analytics consent.
AI search processingSearch queries are not intentionally stored as database records by the public search route. Normalized query embeddings may be cached in application memory for approximately 24 hours, intent results are cached briefly, and OpenAI may process the query according to the applicable service terms.

Your rights and how to exercise them

  • Depending on the situation, you may request access, correction, deletion, restriction, portability, objection, or withdrawal of consent where consent is the legal basis.
  • You may also lodge a complaint with the Office for Personal Data Protection of the Slovak Republic if you believe your data is processed unlawfully.
  • We may need to verify your identity before acting on a request, especially for Client Zone or restricted-access records.

To contact us about privacy or data-protection rights, email pollaksala@pollaksala.sk or use the contact page.