Back to home

PRIVACY / GDPR

Privacy policy

A transparent explanation of the information we need for a project enquiry, why we process it and the choices available to you.

Controller
PanaComm s. r. o.
Effective from
15 July 2026
Privacy contact
oliver@panacomm.sk

01 / CLEAR DATA PRACTICE

At a glance

We use information to assess your brief, prepare a quotation, deliver agreed work and operate the enquiry form securely.

  • We primarily process information that you choose to send us.
  • Project attachments are used only in connection with your enquiry.
  • We do not sell form data or use it to build advertising profiles.

Who controls your data

CNC Formy is a brand operated by PanaComm s. r. o., which determines the purposes and means of processing personal data on this website.

CNC FormyPanaComm s. r. o.
Tolstého 5
811 06 Bratislava – Staré Mesto
Slovenská republika
ID
Company ID 55183638
TAX
Tax ID 2121913794
Register
Bratislava III City Court, Section Sro, Insert No. 167366/B

We have not appointed a data protection officer. You can direct any privacy question to us using the contact details below.

Data we process

The scope depends on how you contact us and what you choose to attach to your enquiry.

01

Enquiry form

Name, email address, selected service and message.

02

Project attachments

Photos, technical drawings, 3D/CAD data, documents or archives that you choose to upload. Please do not send unnecessary personal data or information that you are not authorised to share.

03

Communication and project data

Follow-up email or telephone communication, quotation materials and information required to deliver the project.

04

Technical and security data

IP address or a shortened cryptographic derivative, browser information, request time, security token, basic request metadata and the outcome of abuse-prevention checks.

We obtain data directly from you and automatically from the technical communication between your device and our server. Sending an enquiry is voluntary; without a name, email and project description, however, we cannot reliably respond.

Why we need the data

Each purpose has a specific legal basis under the General Data Protection Regulation (GDPR).

Enquiry and quotation

Reviewing your brief, asking technical questions, proposing a solution and preparing a quotation.

Legal basis

Article 6(1)(b) GDPR — steps taken prior to entering into a contract

Project delivery

Project communication, manufacturing, delivery of results, invoicing and handling related requests.

Legal basis

Article 6(1)(b) GDPR — performance of a contract

Website security

Preventing spam, automated attacks, repeated submissions and technical misuse.

Legal basis

Article 6(1)(f) GDPR — legitimate interest in protecting the website and communication

Legal obligations

In particular accounting, tax or other obligations that apply once a business relationship is established.

Legal basis

Article 6(1)(c) GDPR — compliance with a legal obligation

Submitting the form is not treated as consent to marketing. If we ever wish to send marketing communications, we will establish a separate and clearly explained legal basis.

Who may receive the data

We disclose information only to the extent required to operate the site, deliver the message and handle the enquiry. Providers act as processors or independent controllers depending on the nature of their service.

ProviderRoleData involved
Vercel

Website hosting, content delivery, technical security, form protection and Web Analytics.

Technical visit and request information; form content passes through the hosting infrastructure.

Resend

Secure delivery of the form to our email inbox.

Name, email, service, message, project attachments and technical delivery data.

Email provider

Receipt and storage of the delivered message and subsequent project communication.

Message content, contact details and attachments.

We use Vercel Web Analytics for aggregate measurement of website traffic and performance. According to Vercel’s published documentation, the service is designed without third-party cookies. We do not use analytics to build individual advertising profiles.

EU / US

Transfers outside the EEA

Vercel and Resend are providers based in the United States and, depending on the service configuration, data may be processed outside the European Economic Area, including in the US. In their published documents, the providers state that they use GDPR transfer mechanisms, notably the European Commission’s Standard Contractual Clauses and supplementary safeguards where appropriate. You may request current information about a specific transfer and its safeguards using our contact email.

How long we retain data

We do not apply one universal deadline. Retention depends on how the enquiry develops, whether a contract is formed and which obligations apply to the record concerned.

01

Enquiry without a project

For the time needed to handle it and close the conversation; longer only where reasonably necessary to protect legal claims or where you ask us to continue discussions.

02

Delivered project

For the duration of our relationship and afterwards to the extent required by accounting, tax, warranty and other legal duties or the establishment, exercise or defence of legal claims.

03

Attachments

They follow the lifecycle of the related enquiry or project unless continued storage is required for agreed support, repeat manufacturing or the protection of rights.

04

Security records

Only for the time needed to detect misuse, investigate an incident and protect the service; some technical logs are managed by providers under their own retention rules.

Your rights

Subject to the conditions of the GDPR, you may exercise the rights below. We may reasonably verify your identity before responding.

  • Access your data and information about its processing
  • Correct inaccurate or complete incomplete data
  • Erase data when there is no longer a reason to process it
  • Restrict processing in the circumstances set out by law
  • Receive or transfer data where the portability conditions apply
  • Object to processing based on legitimate interests
  • Withdraw consent without affecting previous processing where we rely on consent for a specific purpose

If you believe we have not handled your information properly, you may lodge a complaint with the Office for Personal Data Protection of the Slovak Republic. We would appreciate the opportunity to explain or resolve the matter first.

Open the authority website

Form protection without an intrusive CAPTCHA

The form uses several background layers designed to distinguish a legitimate enquiry from automated misuse.

SEC / ACTIVE
  • A signed, time-limited security token linked to the browser
  • Request-origin checks, rate limiting and a hidden trap field
  • Server-side bot, file-format, size and basic attachment-structure checks
  • Encrypted HTTPS transport and restricted access to delivered communication

The security assessment may reject an automated-looking submission, but it does not constitute a decision with legal or similarly significant effects. If a legitimate form is blocked, email us directly at oliver@panacomm.sk.

Analytics and cookies

We do not use advertising cookies or tracking for behavioural advertising. Vercel Web Analytics gives us an aggregate view of traffic and technical website performance and, according to the provider’s documentation, is designed without third-party cookies.

NO AD PROFILINGAGGREGATE ANALYTICSSECURE FORM SIGNALS

Essential security mechanisms may use technical browser and request signals to protect the form. We do not use these signals for marketing.

A question about your data?

Tell us what you need to know or which right you wish to exercise. We will respond clearly and without undue delay.

Contact the controlleroliver@panacomm.sk

We may update this notice when the form, a provider or a legal requirement changes. The current version and effective date are always published on this page.