Memorandum on the protection of personal data
The protection of privacy and the security of personal data processing are very important to us. When processing personal data of data subjects, we act in compliance with applicable legal regulations and ensure their protection to the maximum possible extent.
This Memorandum on the Protection of Personal Data (hereinafter the “Memorandum”) provides you with information on how we handle your personal data, as well as how you can contact us if you have questions regarding the processing of your personal data. We recommend that you read the information contained in this Memorandum carefully.
1. About us
GoodRequest, s.r.o. (hereinafter “GoodRequest”) focuses primarily on mobile app development, web solutions, functional UI/UX design, and full product support after delivery. We create unique mobile and web applications with emphasis on minimalist design and usability. Our goal is to transform your ideas into a successful product.
When processing your personal data, we comply with the legal regulations of the Slovak Republic, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), Act No. 18/2018 Coll. on the Protection of Personal Data, as well as other applicable legislation.
The operator of information systems in which personal data of our clients, their customers, and other subjects are processed is GoodRequest, s.r.o., registered office at Obchodná 3D, 010 08 Žilina, Slovakia, Company ID: 47 419 971, registered in the Commercial Register of the District Court of Žilina, Section: Sro, Insert No.: 60761/L.
2. What data do we process about you?
A personal data element is any piece of information that can identify a specific natural person. This means not only obvious identifiers such as first name, surname, or date of birth. GDPR defines personal data as any information leading to the identification of a natural person. Each natural person to whom personal data relates is considered a data subject with specific rights regarding their personal data.
If you are our client, we process only such personal data as are necessary to provide you with professional services and a quality product. The scope of these data is determined by the content of our contractual relationship or by generally binding legal regulations. Typically, this includes name, surname, telephone number, and email address. Such data are also provided through our contact form at www.goodrequest.com. If the contact data belong to a person through whom we communicate with you, GDPR does not apply to such data. If we process your personal data on the basis of consent, the list and scope of such data are defined directly in the consent, to the extent necessary to fulfil the purpose for which the personal data are processed.
If you are a customer of our client for whom we have developed a mobile application or web platform, the scope and type of personal data are determined by our client as the operator of that product. Typically, this may include name, surname, address, photograph, phone number, GPS location, or age. The scope and purpose of such data processing are defined by our client, who also determines the extent to which we, as processor, will process the data.
3. For what purpose do we process your data?
We process your personal data only to the extent necessary for the given purpose. Most of our processing operations are justified by the need to provide you with the service you order in connection with the execution of a specific project. We therefore obtain personal data from you for the purpose of concluding and performing our contractual relationship. It is important that you provide us with complete, correct, current, and truthful personal data.
In GoodRequest, we process the personal data of our clients or potential clients for various purposes, primarily in the following categories:
- identification and registration of clients
- conclusion and fulfilment of contractual relationships (project execution)
- customer registration within our internal CRM system
- fulfilment of obligations arising from specific legal regulations
- sending of marketing emails and newsletters
4. Protection of our clients’ data and our clients’ customers’ data
At GoodRequest, strict rules apply regarding the conditions under which our employees or other authorised persons may access our clients’ data or the data of our clients’ customers, to which we have access as part of project execution.
We process personal data using automated processing tools within our information systems, which are secured and protected in accordance with applicable security standards and data protection regulations, fully meeting the principles of integrity, availability, confidentiality, and security under GDPR.
Our employees are authorised to process personal data on behalf of GoodRequest based on their employment relationship with us, as well as based on generally binding legal regulations. Employees are strictly regulated by two-level access permissions to systems in which our clients’ and their customers’ data are processed.
When processing your data, we must comply with certain obligations. The key ones include:
- We process and collect your personal data only for clear and lawful purposes, and only for the period necessary to achieve the purpose for which we obtained them.
- We do not knowingly or unlawfully interfere with your right to privacy.
- We protect your personal data from loss, destruction, and misuse.
- All our employees and cooperating persons are bound by confidentiality and must not disclose customer data to third parties.
5. Where your personal data go (categories of recipients)
The personal data of our clients are not disclosed outside GoodRequest except where this results from your consent or an applicable legal regulation. This means that personal data may be disclosed or provided to third parties or recipients if required directly by law, by a legally binding act of the European Union, or by an international treaty binding on the Slovak Republic.
The personal data of our clients, potential clients, and job applicants are not disclosed outside GoodRequest except where this results from your consent or an applicable legal regulation. However, in some cases it is necessary to disclose certain data to a predetermined group of recipients, in particular:
- Our contractual partners and suppliers who assist us with project execution and service delivery (e.g. external specialists or subcontractors).
- External accounting and legal services that handle accounting and legal matters.
Examples of recipients may include:
- Client relationship management and project management: Atlassian Pty Ltd (e.g. Jira, Confluence), Notion Labs Inc.
- CRM, marketing communication, and relationship management with potential clients: HubSpot Inc., Lemlist, Appollo, Brevo
- HR and personnel management: Google Inc., Tellent (Recruitee)
- Website analytics and optimisation: Google Analytics 4, Hotjar Ltd.
- Payroll and accounting: KROS a.s.
For every natural or legal person to whom we disclose personal data and who processes them on our behalf as a processor, we ensure compliance with and fulfilment of security requirements regarding the processing of personal data.
6. Cookie Declaration
On our website, we use cookies and similar technologies (e.g. pixels, scripts) to ensure proper functionality, analyse traffic, and customise content and advertising.
Cookies may be necessary for the technical functioning of the website, serve analytical purposes, or enable personalised marketing communication.
You can change your cookie settings or withdraw your consent at any time through the cookie banner on our website. More information about individual cookies, their providers, purposes, and storage duration can be found in the following table.
Essential cookies
| Name | Provider | Purpose | Expiration | Type |
|---|---|---|---|---|
cc_cookie | goodrequest.com | Saves user preferences regarding consent to cookies. | 6 months | HTTP |
__cf_bm | Cloudflare | Protecting website from bots and malicious traffic. | 30 minutes | HTTP |
_hssrc | HubSpot | Determines whether the user has restarted the browser. | Session | HTTP |
Analytical/statistical cookies
| Name | Provider | Purpose | Expiration | Type |
|---|---|---|---|---|
_ga, _ga_3ZXHWLYB5L | Google Analytics | User identification and website traffic monitoring. | 2 years | HTTP |
_gid | Google Analytics | Tracking sessions and website visitors. | 24 hours | HTTP |
_clck | Microsoft Clarity | Stores an anonymous user ID for UX analysis. | 1 year | HTTP |
_clsk | Microsoft Clarity | Connects session events for UX analytics. | 1 day | HTTP |
_hjSession_* | Hotjar | ID of the current session for UX analysis. | 30 minutes | HTTP |
_hjSessionUser_* | Hotjar | User ID for long-term UX analysis. | 1 year | HTTP |
_hssc | HubSpot | Determines the session and number of page views. | 30 minutes | HTTP |
__hstc | HubSpot | HubSpot's main analytics tracking cookie. | 6 – 13 months | HTTP |
lms_analytics | Stores interaction data for analytical purposes. | 1 year | HTTP | |
AnalyticsSyncHistory | Synchronization of user IDs between domains. | 30 days | HTTP | |
li_sugr | Anonymous ID for Insight Tag analytics. | 3 months | HTTP | |
_lfa | Leadfeeder / Dealfront | Tracking corporate website visitors. | 1 year | HTTP |
Marketing cookies
| Name | Provider | Purpose | Expiration | Type |
|---|---|---|---|---|
_fbp | Meta (Facebook) | Personalized advertising and retargeting. | 3 months | HTTP |
_gcl_au | Google Ads | Testing ad performance and conversions. | 3 months | HTTP |
hubspotutk | HubSpot | Tracking visitor identity for marketing and CRM. | 6 – 13 months | HTTP |
UserMatchHistory | Retargeting and pairing users for advertising. | 30 days | HTTP | |
lms_ads | Stores interaction data for advertising purposes. | 1 year | HTTP | |
bcookie, lidc, li_mc, li_gc, _guid | User ID for advertising, security, and analytics. | 3 months – 1 year | HTTP | |
guest_id, guest_id_ads, guest_id_marketing, personalization_id | Twitter / X | User identification and retargeting for advertising. | 1 – 3 months | HTTP |
__Secure-1PSID, __Secure-3PSID, SID, HSID, SSID, APISID, SAPISID | Authentication and personalized advertising. | 6 months – 2 years | HTTP |
7. What rights do data subjects have
At GoodRequest, we do everything possible to adequately reflect the rights of our clients as data subjects. At the same time, we are prepared to respond to requests from our clients’ customers that may be addressed to our clients, fully in accordance with GDPR.
Right of access to your data
If you are our client, you have the right to request confirmation from us as to whether we process your personal data and, if so, the right to access such data. We can also provide data to our clients’ customers upon request to a similar extent. In this respect, we are prepared to provide the following information:
- identification and contact details of GoodRequest
- purposes of processing
- categories of personal data
- categories of recipients of your data
- processing of personal data based on legitimate interest
- data retention periods
- information on the source from which we obtained your personal data
- information on the rights to object, erase, and restrict personal data
Right to rectification of your data
Some information we hold about our clients may be incorrect or outdated. We cannot update it without your cooperation. For this reason, it is important that you notify us without delay of any changes to your personal data. As a data subject, you are responsible for the accuracy, currency, completeness, and truthfulness of the personal data you provided to GoodRequest.
As our client, you have the right to request correction of inaccurate or outdated data in our information systems. Please contact us if you discover that we hold incorrect or outdated information about you.
Right to object to the processing of your data
If you disagree with our processing of your personal data in certain cases, you have the right to object. This applies especially when we process your personal data based on our legitimate interest.
If you do not wish us to use your personal data for direct marketing when offering our services, you can change your marketing preferences so that your data is no longer used for this purpose.
Right to restriction of processing
In certain circumstances, the processing of your personal data may no longer be justified, and you have the right to request restriction of such processing.
Right to erasure of your data
If you believe that certain personal data concerning you are being processed unlawfully, you have the right to request deletion of such data. You must prove the unlawfulness of processing with relevant documentation.
Right to data portability
You have the right to obtain personal data you have provided to us in electronic form, in a structured format. You also have the right to request that we transfer your data to another entity, which you must properly designate in your request, including the email address of the third party, at: privacy@goodrequest.com.
How to exercise your rights
As our client, you can exercise all your rights regarding personal data by sending a request to:
Email address: privacy@goodrequest.com
Postal address:
GoodRequest, s.r.o.
Obchodná 3D
010 08 Žilina
Slovakia
GoodRequest reserves the right, under GDPR, to request identification details of the data subject to ensure sufficient verification of the applicant’s identity in order to protect the rights of data subjects.
GoodRequest has one month from receipt of the request to respond. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests. GoodRequest will inform the applicant of any such extension within one month of receipt of the request, along with the reasons for the delay. The applicant will be informed of the extension in the same manner chosen for delivery of the response.
Information requested by the applicant is provided free of charge. If the request is clearly unfounded or excessive, particularly due to its repetitive nature, GoodRequest has the right to either:
i) charge a reasonable fee reflecting administrative costs, or
ii) refuse to act on the request.
Right to lodge a complaint with the supervisory authority
If you believe that your rights concerning personal data have been violated, or that conditions of data processing have been breached, you have the right to lodge a complaint with the supervisory authority:
Office for Personal Data Protection of the Slovak Republic
Hraničná 12
820 07 Bratislava
8. How long do we process your personal data?
We store and protect your personal data for the period prescribed by applicable legal regulations, or if processed on the basis of your consent, for the period specified in your consent. Where the legal basis for processing is the performance of a contractual obligation, we process your data at least until the service is provided. Even after completion of the service you ordered, it is necessary to process certain personal data to ensure proper management of the product we developed.
Retention periods vary depending on the specific purpose for which personal data are processed.
Expected retention periods of personal data:
| Purpose | Legal basis | Retention period after fulfilment of the purpose/completion of the transaction |
|---|---|---|
| Identification and registration of clients | Performance of contract | 5 years |
| Conclusion and execution of contractual relations (project implementation) | Contract execution | 5 years |
| Registration of customers within the internal CRM system | Contract execution | 5 years |
| Taxes and accounting | Law | 10 years |
9. Processing of your personal data based on consent
From time to time, we may ask you to consent to the processing of your personal data for the purpose of presenting our company. You can revoke any consent you have given us to process your personal data at any time by contacting privacy@goodrequest.com.
The provision of your personal data is voluntary, we cannot force you to consent to the processing of your personal data in any way, and you are entitled to refuse to provide your personal data.
10. Processing of personal data based on legitimate interest
In certain cases, we also process your personal data on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Such processing is always carried out with regard to proportionality, minimization of impact, and respect for your rights.
The purposes of processing based on legitimate interest include, in particular:
- establishing business contact with a potential client (e.g., in the form of cold outreach),
- follow-up contact in connection with requested content (e.g., e-book, webinar, template),
- business communication with representatives of legal entities within B2B relationships,
- internal registration of potential business partners in our CRM system,
- sending relevant professional or business content (so-called "nurturing" campaigns), if related to previous interaction or the position of the recipient.
This processing applies primarily to the contact details of persons who represent legal entities or who are in a position where it can be reasonably assumed that they are interested in our products and services.
The data subject has the right to object to such processing at any time. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds that override your rights and freedoms, or unless required by law.
11. Final provisions
If you have any questions regarding personal data protection that are not answered in this document, please write to us at privacy@goodrequest.com.