This is a machine translation of the original document from Slovak-language. The Slovak version of the document is legally binding.
Horecon Platform
Effective date: 1 March 2026
This document sets out information on the processing of personal data and the use of cookies and similar technologies (hereinafter the "Privacy Policy"). The terms of service for entrepreneurs – operators of establishments in the HORECA segment (hereinafter the "Customer") are governed by the separate General Terms and Conditions of the Platform (hereinafter the "GTC"). In the event of distribution of the application via the Apple App Store in the EU, the Operator's business contact details may be published on the application's product page in accordance with DSA requirements and Apple's guidelines.
I. Legal Framework
The processing of personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on the Protection of Personal Data.
II. Who is the Controller
The controller of personal data is Horecon, s. r. o., Company ID: 57 398 895, with its registered office listed in the relevant commercial register (hereinafter the "Operator"). Contact details for the Operator and, where applicable, the Data Protection Officer (if appointed) are provided on the Platform.
III. What Personal Data We Process
Depending on how the Platform is used, the Operator may process in particular the following categories of personal data:
- Identification and contact data: e.g. email address, phone number, username/first and last name from the profile, login credentials.
- Platform usage data: e.g. settings, preferences, interactions (following establishments, clicks), technical logs, access timestamps.
- Device data: e.g. device type, operating system, language, application or browser identifiers, IP address.
- Geolocation data: if the User grants permission, approximate location for searching nearby establishments.
- User-generated content: reviews, ratings, comments, and any uploaded photographs; this content may be publicly visible.
- Voucher and Horecoin data: e.g. voucher generation and redemption, discount value, date and time of redemption, transaction identifier.
- Data from notices and reports under EU Regulation 2022/2065 on a Single Market for Digital Services ("Digital Services Act" / DSA): e.g. notifier's data (name/designation, email, and any additional contact), identification of the reported content, grounds for reporting, attachments (e.g. screenshots), as well as data relating to the person to whom the report pertains, and a record of how the report was handled.
IV. Purposes for Which the Operator Uses Data and the Legal Basis
Below the Operator sets out an overview of the main processing purposes, typical data categories, and legal bases under the GDPR. The specific scope depends on which features of the Platform you use.
| Processing purpose | Examples of data | Legal basis | Retention period (typically) |
|---|---|---|---|
| Account creation and management, access to features | email, login credentials, settings | performance of a contract / pre-contractual measures | for the duration of the account; thereafter for a reasonable period (e.g. 30 days) |
| Platform operation, security, abuse prevention | logs, IP address, device identifiers | legitimate interest in secure operation | typically months to 1 year depending on log type |
| Displaying content and searching for establishments | preferences, approximate location (if permitted) | performance of a contract / legitimate interest | for the duration of use; location only during use (if not stored) |
| Publishing and managing reviews and ratings | first and last name/username, review, rating, photographs | performance of a contract / legitimate interest | for the duration of display of the review or until its deletion (where applicable) |
| Loyalty programme (Horecoin), vouchers, redemption settlement | vouchers, transactions, identifier | performance of a contract; legal obligation for record-keeping (where applicable) | for the duration of the programme + statutory retention periods (where applicable) |
| Marketing communications (newsletter, notifications) | email, push token, preferences | consent or legitimate interest (depending on type) | until withdrawal of consent / objection or end of campaign |
| Exercising data subject rights, handling enquiries | contact data, content of communications | legal obligation / legitimate interest | for the duration of handling + appropriate archiving period |
| Compliance with DSA obligations | data from notices/reports, content identification, decision records, communications | compliance with a legal obligation for the safe and lawful operation of the Platform | for the period necessary to handle and demonstrate compliance with obligations |
V. To Whom the Operator May Disclose Data
The Operator discloses data only to the extent necessary and in particular to the following categories of recipients:
- Customers (establishments) at which the User redeems a voucher – typically for the purpose of verifying the validity of the voucher and settling the discount;
- providers of IT infrastructure and hosting, application management, analytics, and security tools (as processors acting on behalf of the Operator);
- public authorities, where required by law or necessary for the protection of the Operator's rights;
- public authorities, the European Commission, and competent authorities, where required by law or a binding request, in particular in connection with the DSA, to the extent necessary to fulfil a legal obligation.
Where the Operator engages processors, it has concluded data processing agreements with them in accordance with the GDPR.
VI. Transfers to Third Countries
The Operator does not, as a rule, transfer data outside the EU/EEA. Should a transfer to a third country occur, the Operator shall ensure appropriate safeguards in accordance with the GDPR (e.g. an adequacy decision or standard contractual clauses).
VII. User Rights as a Data Subject
The User has in particular the following rights:
- the right of access to personal data;
- the right to rectification of inaccurate data or completion of incomplete data;
- the right to erasure of data ("the right to be forgotten") in cases prescribed by law;
- the right to restriction of processing;
- the right to data portability (where applicable);
- the right to object to processing based on legitimate interest;
- the right to withdraw consent (where processing is based on consent), without affecting the lawfulness of processing prior to withdrawal;
- the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic.
VIII. Cookies and Similar Technologies
8.1 When using the web-based part of the Platform, the Operator may use cookies and similar technologies. In the mobile application, the Operator may use equivalent technologies (e.g. application identifiers) to ensure functionality, measure traffic, and improve services.
8.2 Necessary cookies are required for the Platform to function. Analytical and marketing cookies (if used) will only be used if the User has given their consent via the cookie banner/settings. Consent may be withdrawn or changed at any time.
8.3 Detailed information on individual cookies / similar technologies (name, provider, purpose, category, retention period, and consent settings) is available in the cookie banner / cookie preference centre, which is accessible to the User on first visit and at any time thereafter during use of the Platform.
IX. Security
The Operator implements appropriate technical and organisational measures to protect personal data and secure the Platform. The User is responsible for protecting their login credentials and for using an up-to-date device and application.
X. Contact
10.1 If you have any questions regarding privacy or wish to exercise your rights, please contact the Operator via the contact details provided on the Platform (technical support) or at the email address designated for GDPR and DSA matters.
10.2 If you have any questions regarding privacy or wish to exercise your rights, please contact the Operator at: info@horecon.app.
10.3 If the Operator has appointed a Data Protection Officer (DPO), their contact details will be provided on the Platform and/or on the Operator's website.
XI. iOS/Apple Specifics
11.1 If the User uses the application on an iOS device, the Operator may process technical identifiers necessary for the functioning of the application and security purposes, in particular the device/application identifier (e.g. IDFV or a similar identifier), the push token for delivering notifications (APNs), and technical logs.
11.2 If the Operator offers Sign in with Apple, it may process data provided by the User and/or Apple to the extent of the chosen sign-in method (e.g. email address or anonymised relay email).
11.3 If the Operator uses analytical or marketing SDKs that are subject to consent, consent is obtained in the standard manner via the Platform's consent settings and/or system mechanisms (e.g. display of a tracking permission request, where applicable).
11.4 For the purposes of publishing the application on the Apple App Store, the Operator has published this Privacy Policy at a publicly accessible URL (Privacy Policy URL).
XII. Changes to This Document
The Operator may update this document, in particular if the scope of services, technologies, or applicable laws change. The current version is always published on the Platform.