Privacy Policy
This policy explains how the website Cairn processes the personal data of visitors and customers, in line with Regulation (EU) 2016/679 (GDPR) and Slovak Act No. 18/2018 Coll. on personal data protection.
1. Controller
Lukáš Slesár, operating under the brand Cairn
Lastovičia 4459/1, Nové Zámky, Slovakia
Business ID (IČO): not assigned
E-mail: support@cairn.sk
2. What we process, why, and on what basis
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name and e-mail from your Google account (sign-in when ordering or booking a call) | Verifying your identity, matching your order, communication about it | Performance of a contract (Art. 6(1)(b) GDPR) | For the account relationship and up to 30 days after a verified deletion request, except records subject to a legal retention duty |
| Order details (chosen product, amount, payment reference, buyer e-mail) | Fulfilling the order and issuing payment instructions | Performance of a contract (Art. 6(1)(b) GDPR) | 10 years (accounting documents) |
| Card payment data (processed by Stripe — we never see your card details) | Processing card payments via Stripe | Performance of a contract (Art. 6(1)(b) GDPR) | Per Stripe; on our side only payment confirmation (10 yrs – accounting) |
| A necessary session cookie for sign-in | Keeping you signed in during ordering/booking | Legitimate interest / contract (Art. 6(1)(f)/(b)) | Until sign-out / session expiry |
| Name, optional business name, rating and review text | Review moderation and publication | Consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn or the review is removed |
| IP address and basic request metadata in security/hosting logs | Security, abuse prevention and reliable operation | Legitimate interest (Art. 6(1)(f) GDPR) | According to the hosting provider's operational retention settings |
Bank transfer is the currently available payment method. Card checkout is offered only when Stripe is explicitly enabled. If used, card data is handled directly by Stripe — Cairn does not receive or store the full card number.
3. Processors and third parties
We use the following providers, who may process data on our behalf:
- Vercel Inc. — website hosting and CDN
- Supabase — database and sign-in (EU region, Frankfurt)
- Google — sign-in via Google account (OAuth) and call booking via Google Meet
- Stripe — card payment processing (if you choose to pay by card)
- Resend — transactional order and review-request e-mail, when configured
Fonts are self-hosted (loaded from our own site), not from an external service. Some providers (Google, Vercel) may process data outside the EU/EEA; such transfers are covered by the EU Standard Contractual Clauses. The customer database is hosted in the EU.
4. Cookies
The site uses no analytics or marketing cookies and does not track visitors. We only set a necessary session cookie required to sign in when ordering or booking.
5. Your rights
As a data subject you have the right to: access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, to object to processing, and to withdraw consent at any time. To exercise these rights e-mail support@cairn.sk; we will respond without undue delay, within one month at the latest.
6. Right to lodge a complaint
If you believe we process your data unlawfully, you may lodge a complaint with the supervisory authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava, dataprotection.gov.sk.
7. Changes to this policy
We may update this policy. The current version is always available on this page, with the date of last update shown above.
8. Contact
Lukáš Slesár · Cairn · support@cairn.sk