Privacy Policy
Privacy Policy
Effective date: 17 February 2026
This Privacy Policy (the “Policy”) explains how IT Gale s.r.o. processes personal data when you visit and use our websites www.itgale.eu and www.itgale.com (the .com domain is a mirror of .eu), and when you contact us about website development and related services. This Policy is written to meet the baseline standard of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). For cookies and similar technologies, additional rules may apply under the EU ePrivacy framework as implemented in each EU/EEA country; details are provided in our separate Cookie Policy.
Our websites are intended for users aged 18+. We do not intentionally collect personal data from persons under 18. If we learn that we have processed personal data of a person under 18, we will take reasonable steps to delete or anonymise such data.
1. Controller details
Controller: IT Gale s.r.o. (Slovak company)
Registered address: Plynárenská 17561/3B, 821 09 Bratislava – Ružinov, Slovak Republic
Company ID (IČO): 56186339
Tax ID (DIČ): 2122228768
Email: info@itgale.com
Phone: +421 220 400 922 (SK) / +420 910 922 522 (CZ)
To exercise your GDPR rights or ask privacy questions, please contact us at info@itgale.com with the subject “GDPR”.
Data Protection Officer (DPO): We are not legally required to appoint a DPO. If this changes, we will update this Policy accordingly.
2. What this Policy covers
This Policy applies to personal data processing carried out through:
- our websites www.itgale.eu and www.itgale.com,
- our contact form “Describe your project” (and its language equivalents),
- our online chat (Botpress),
- telephone calls (including call recording via Retell AI),
- email communication (Google Workspace / Gmail), and
- our CRM used to manage enquiries (Salesforce).
We do not send marketing newsletters. We use advertising and analytics tools only in the scope permitted by your cookie choices (see Cookie Policy).
3. Categories of personal data we process
- Identification data: name (if provided).
- Contact data: email address, phone number; optionally company name (if provided).
- Enquiry and communication content: your project description and messages sent via forms, chat, email, or phone.
- Chat data (Botpress): chat transcripts; name/email/phone if you provide them; IP address; approximate geolocation and technical identifiers (depending on tool settings).
- Call and call recording data (Retell AI): voice, call content, phone number, call time/duration, technical metadata; and, where enabled, call transcript and/or automated analysis.
- Technical and usage data: IP address, device and browser data, access logs, timestamps, URLs, referrer, diagnostic and security-related data.
- Cookies and similar identifiers: cookie IDs and advertising/analytics identifiers, depending on your cookie consent choices.
4. How we collect personal data
- Directly from you: when you submit the “Describe your project” form, use the chat, call us, or email us.
- Automatically: when you browse our websites, certain technical data and logs are processed for security, stability, and proper operation.
- Via cookies and similar technologies: where you allow them (for non-essential categories) or where they are strictly necessary.
5. Purposes, legal bases, and retention
Below is an overview of our core processing activities. We process personal data only to the extent necessary for the purposes described.
| Processing activity | Purpose | Typical data | Legal basis (GDPR) | Typical retention |
|---|---|---|---|---|
| “Describe your project” form (enquiry) | Handle your enquiry, communicate with you, prepare an offer and proposal | Name, email, phone, project description, optional company; IP and technical data | Art. 6(1)(b) (steps prior to entering into a contract) and/or Art. 6(1)(f) (legitimate interest in responding to and documenting enquiries) | Typically up to 24 months after last communication, unless longer retention is necessary |
| Checkbox in the form (pre-ticked) | Confirmation/acknowledgement related to submitting the enquiry (not newsletter marketing) | Technical record of submission and checkbox state | Primarily Art. 6(1)(b) and/or Art. 6(1)(f); where consent is required (e.g., optional cookies), we request it separately via cookie controls | Stored together with the enquiry (typically up to 24 months after last communication) |
| Online chat (Botpress) | Answer questions and handle requests related to website/project creation | Chat transcript; optional contact details; IP; approximate geolocation and technical data (depending on settings) | Art. 6(1)(b) and/or Art. 6(1)(f) | Typically up to 12 months after last interaction, unless longer retention is necessary |
| Phone calls and call recording (Retell AI) | Handle enquiries, document requirements, improve communication quality, security, and dispute handling | Voice recording, call content, phone number, technical metadata; optional transcript/analysis | Art. 6(1)(f) (legitimate interest in documentation, quality, and dispute prevention/defence) and/or Art. 6(1)(b) | Recordings typically up to 6 months, unless longer retention is necessary (e.g., dispute/claim) |
| Email communication (Google Workspace / Gmail) | Respond to requests, prepare offers, communicate about projects | Email address, message content, attachments you send, communication identifiers | Art. 6(1)(b) and/or Art. 6(1)(f) | Typically up to 24 months after last communication, unless longer retention is necessary |
| CRM (Salesforce) | Store and manage leads/enquiries, communication history, case/request management | Contact details, communication content, internal notes about the enquiry | Art. 6(1)(b) and/or Art. 6(1)(f) | Typically up to 24 months after last interaction; if a contract is concluded, according to contract and legal retention needs |
| Website hosting and infrastructure (Vercel) | Deliver the website, performance and stability, prevent abuse, cybersecurity | IP address, access logs, technical identifiers, diagnostic data | Art. 6(1)(f) (legitimate interest in secure and reliable operation) | Logs typically up to 6 months (or shorter depending on configuration); longer if needed for incident investigation |
| Analytics & advertising (Google Analytics, Google Ads, Meta Ads) | Measure website usage, improve the website, measure campaign performance, and remarketing (if enabled) | Cookie IDs, usage data, device/browser data, advertising identifiers | Art. 6(1)(a) (consent) for non-essential cookies/trackers; strictly necessary cookies based on Art. 6(1)(f) | According to cookie settings and the retention periods described in the Cookie Policy and tool configurations |
| Legal claims and compliance | Protect our rights, enforce/defend legal claims, handle disputes, comply with legal obligations | Relevant communications, logs, enquiry records, call recordings (if needed) | Art. 6(1)(f) and, where applicable, Art. 6(1)(c) | For the duration of the claim and limitation periods (typically 3–4 years; longer where justified) |
6. Recipients and processors
Personal data is processed by authorised personnel of the Controller and by our service providers acting as processors where applicable. We share personal data only on a need-to-know basis and with appropriate contractual safeguards (including data processing agreements under Art. 28 GDPR where relevant).
- Vercel, Inc. – hosting, edge infrastructure, logs, performance delivery.
- Google (Google Workspace/Gmail; Google Analytics; Google Ads) – email services; analytics and advertising measurement (subject to consent for cookies where required).
- Meta (Meta Ads and related measurement technologies) – campaign measurement and remarketing (subject to consent for cookies where required).
- Salesforce – CRM for managing enquiries/leads and communications.
- Botpress – online chat service provider.
- Retell AI – telephony/call automation and call recording provider.
- Telecom operators – call routing/telecommunications services (typically acting as independent controllers under their own terms).
- Public authorities – where required by law or a binding legal request.
7. International transfers
Some of our providers are established outside the European Economic Area (EEA) and/or use global infrastructure, which may result in transfers of personal data to third countries (notably the United States and/or Canada). Where international transfers occur, we ensure an adequate level of protection using one or more of the following mechanisms (depending on the provider and the specific setup):
- Adequacy decisions (e.g., EU–US Data Privacy Framework for certified organisations, where applicable; or adequacy decisions for specific transfers).
- Standard Contractual Clauses (SCC) under Art. 46 GDPR, together with supplementary measures where required.
- Binding Corporate Rules (BCR) where a provider relies on them.
You may request additional information about the transfer mechanism applicable to a specific provider by contacting us at info@itgale.com (subject: “GDPR”), to the extent we are able to share such details.
8. Cookies and similar technologies
We use cookies and similar technologies for essential website operation, analytics, and advertising/remarketing (where enabled). We do not include the full cookie notice text here. Please refer to our separate Cookie Policy available on this domain: Cookie Policy.
Cookie categories (brief):
- Strictly necessary – required for core functionality and security.
- Analytics – helps us understand website usage and improve it (e.g., Google Analytics), typically only after you consent.
- Marketing – helps measure ads and enable remarketing (e.g., Google Ads, Meta Ads), only after you consent.
You can withdraw or adjust your cookie preferences at any time through our cookie settings (if available on the website) and/or your browser settings.
9. Call recording notice
Calls to our numbers may be recorded. We inform you at the start of the call, or at the latest before recording begins. If you do not wish to be recorded, you may end the call and contact us by email at info@itgale.com.
We use recordings primarily to handle enquiries, document requirements, improve communication quality, and protect against and manage disputes. We do not use call recordings for newsletter marketing.
10. Your rights under GDPR
Depending on the circumstances, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR) (where applicable)
- Right to object to processing based on legitimate interests (Art. 21 GDPR)
- Right to withdraw consent at any time (Art. 7 GDPR) (where processing is based on consent, e.g., non-essential cookies)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
11. How to exercise your rights
Please send your request to info@itgale.com with the subject “GDPR”. To help us locate your data, include information about how you contacted us (e.g., “I submitted the Describe your project form” or “I used the chat”). We may need to verify your identity before responding.
We generally respond without undue delay and within one month, as required by GDPR (this period may be extended in certain cases permitted by GDPR).
12. Right to lodge a complaint
If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in your EU/EEA country of habitual residence, place of work, or the place of the alleged infringement. As the Controller is established in Slovakia, the relevant supervisory authority in Slovakia is:
Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic
Email: statny.dozor@pdp.gov.sk
13. Security measures
We implement appropriate technical and organisational measures to protect personal data, including access controls (need-to-know), secure transmission (TLS/HTTPS), logging and monitoring, backups, and contractual safeguards with vendors. However, no method of transmission or storage is fully secure.
14. Automated decision-making
We do not carry out automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Art. 22 GDPR. Our chat or call automation may use automated processing to respond to enquiries and support communication, but it is not used for decisions with legal or similarly significant effects.
15. Changes to this Policy
We may update this Policy from time to time, especially if our technologies or legal requirements change. The current version is always available on the website. The effective date is stated at the top of this Policy.
16. Cookie Policy link
Please read our Cookie Policy here: /cookie-policy