PRIVACY / GDPR
Privacy policy
A transparent explanation of the information we need for a project enquiry, why we process it and the choices available to you.
- Controller
- PanaComm s. r. o.
- Effective from
- 15 July 2026
- Privacy contact
- oliver@panacomm.sk
01 / CLEAR DATA PRACTICE
At a glance
We use information to assess your brief, prepare a quotation, deliver agreed work and operate the enquiry form securely.
- We primarily process information that you choose to send us.
- Project attachments are used only in connection with your enquiry.
- We do not sell form data or use it to build advertising profiles.
Who controls your data
CNC Formy is a brand operated by PanaComm s. r. o., which determines the purposes and means of processing personal data on this website.
811 06 Bratislava – Staré Mesto
Slovenská republika
- ID
- Company ID 55183638
- TAX
- Tax ID 2121913794
- Register
- Bratislava III City Court, Section Sro, Insert No. 167366/B
- oliver@panacomm.sk
We have not appointed a data protection officer. You can direct any privacy question to us using the contact details below.
Data we process
The scope depends on how you contact us and what you choose to attach to your enquiry.
Enquiry form
Name, email address, selected service and message.
Project attachments
Photos, technical drawings, 3D/CAD data, documents or archives that you choose to upload. Please do not send unnecessary personal data or information that you are not authorised to share.
Communication and project data
Follow-up email or telephone communication, quotation materials and information required to deliver the project.
Technical and security data
IP address or a shortened cryptographic derivative, browser information, request time, security token, basic request metadata and the outcome of abuse-prevention checks.
We obtain data directly from you and automatically from the technical communication between your device and our server. Sending an enquiry is voluntary; without a name, email and project description, however, we cannot reliably respond.
Why we need the data
Each purpose has a specific legal basis under the General Data Protection Regulation (GDPR).
Enquiry and quotation
Reviewing your brief, asking technical questions, proposing a solution and preparing a quotation.
Article 6(1)(b) GDPR — steps taken prior to entering into a contract
Project delivery
Project communication, manufacturing, delivery of results, invoicing and handling related requests.
Article 6(1)(b) GDPR — performance of a contract
Website security
Preventing spam, automated attacks, repeated submissions and technical misuse.
Article 6(1)(f) GDPR — legitimate interest in protecting the website and communication
Legal obligations
In particular accounting, tax or other obligations that apply once a business relationship is established.
Article 6(1)(c) GDPR — compliance with a legal obligation
Submitting the form is not treated as consent to marketing. If we ever wish to send marketing communications, we will establish a separate and clearly explained legal basis.
Who may receive the data
We disclose information only to the extent required to operate the site, deliver the message and handle the enquiry. Providers act as processors or independent controllers depending on the nature of their service.
Website hosting, content delivery, technical security, form protection and Web Analytics.
Technical visit and request information; form content passes through the hosting infrastructure.
Secure delivery of the form to our email inbox.
Name, email, service, message, project attachments and technical delivery data.
Receipt and storage of the delivered message and subsequent project communication.
Message content, contact details and attachments.
We use Vercel Web Analytics for aggregate measurement of website traffic and performance. According to Vercel’s published documentation, the service is designed without third-party cookies. We do not use analytics to build individual advertising profiles.
Transfers outside the EEA
Vercel and Resend are providers based in the United States and, depending on the service configuration, data may be processed outside the European Economic Area, including in the US. In their published documents, the providers state that they use GDPR transfer mechanisms, notably the European Commission’s Standard Contractual Clauses and supplementary safeguards where appropriate. You may request current information about a specific transfer and its safeguards using our contact email.
How long we retain data
We do not apply one universal deadline. Retention depends on how the enquiry develops, whether a contract is formed and which obligations apply to the record concerned.
Enquiry without a project
For the time needed to handle it and close the conversation; longer only where reasonably necessary to protect legal claims or where you ask us to continue discussions.
Delivered project
For the duration of our relationship and afterwards to the extent required by accounting, tax, warranty and other legal duties or the establishment, exercise or defence of legal claims.
Attachments
They follow the lifecycle of the related enquiry or project unless continued storage is required for agreed support, repeat manufacturing or the protection of rights.
Security records
Only for the time needed to detect misuse, investigate an incident and protect the service; some technical logs are managed by providers under their own retention rules.
Your rights
Subject to the conditions of the GDPR, you may exercise the rights below. We may reasonably verify your identity before responding.
- Access your data and information about its processing
- Correct inaccurate or complete incomplete data
- Erase data when there is no longer a reason to process it
- Restrict processing in the circumstances set out by law
- Receive or transfer data where the portability conditions apply
- Object to processing based on legitimate interests
- Withdraw consent without affecting previous processing where we rely on consent for a specific purpose
Form protection without an intrusive CAPTCHA
The form uses several background layers designed to distinguish a legitimate enquiry from automated misuse.
- A signed, time-limited security token linked to the browser
- Request-origin checks, rate limiting and a hidden trap field
- Server-side bot, file-format, size and basic attachment-structure checks
- Encrypted HTTPS transport and restricted access to delivered communication
The security assessment may reject an automated-looking submission, but it does not constitute a decision with legal or similarly significant effects. If a legitimate form is blocked, email us directly at oliver@panacomm.sk.
Analytics and cookies
We do not use advertising cookies or tracking for behavioural advertising. Vercel Web Analytics gives us an aggregate view of traffic and technical website performance and, according to the provider’s documentation, is designed without third-party cookies.
Essential security mechanisms may use technical browser and request signals to protect the form. We do not use these signals for marketing.
A question about your data?
Tell us what you need to know or which right you wish to exercise. We will respond clearly and without undue delay.
Contact the controlleroliver@panacomm.skWe may update this notice when the form, a provider or a legal requirement changes. The current version and effective date are always published on this page.
