Privacy Policy

1. Data Controller

The controller of personal data is:

DUDO Software s. r. o.
Dlhé diely I 6A
841 03 Bratislava
Slovak Republic
Company ID No.: 56 907 290
E-mail: info@dudosoftware.com
(hereinafter referred to as the “Controller”)

The Controller processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the applicable legal regulations of the Slovak Republic.

 

2. Scope of Processed Data

The Controller processes only data necessary for providing the DUDO Calculator 6th Generation service.

Account Data

  • first and last name
  • e-mail address
  • billing information (e.g., company name, address, Company ID, Tax ID, VAT ID)

These data are processed for the purposes of registration, account management, communication, and invoicing.

 

Technical Data

  • IP address
  • system logs
  • cookies and online identifiers

These data are processed for the purposes of ensuring functionality, security, and protection of the Service, as well as for analytical purposes.

 

Data Entered into the Calculator

  • biometric parameters
  • age
  • sex
  • internal case identifier

The Service is not intended for processing directly identifiable personal data of patients (e.g., name, personal identification number, address). The User is obliged not to enter any data enabling direct identification of a patient. The Controller shall not be liable for violations of data protection regulations caused by improper use of the Service by the User. The User acts as an independent data controller with respect to patient data and bears full responsibility for its lawful processing.

 

3. Purposes and Legal Bases for Processing

Personal data are processed for the following purposes:

Provision of the Service

Legal basis: performance of a contract pursuant to Article 6(1)(b) GDPR

The data are necessary for account registration, access to the Service, and provision of calculations.

 

Invoicing and Accounting

Legal basis: compliance with a legal obligation pursuant to Article 6(1)(c) GDPR

Data are processed for accounting purposes and fulfillment of tax obligations.

 

Security and Protection of the System

Legal basis: legitimate interest pursuant to Article 6(1)(f) GDPR

Processing is necessary to protect the Service against misuse, fraud, or unauthorized access.

 

Marketing Communication

Legal basis: consent pursuant to Article 6(1)(a) GDPR

Marketing messages (e.g., updates, service news) are sent only based on granted consent, which may be withdrawn at any time.

 

4. Cookies and Online Advertising

The following tools may be used on the website:

  • Google Tag Manager
  • Google Analytics
  • Meta Pixel

These tools are used for analytical purposes and for measuring the effectiveness of online advertising. The tools are activated only after consent is granted via the cookie banner. The User may modify or withdraw their consent at any time through cookie settings.

 

5. Data Retention Period

Personal data are retained only for the period necessary to fulfill the purpose of processing.

  • Account data: for the duration of the user account and thereafter for the period required by accounting and tax regulations
  • Logs and calculations: 24 months
  • Marketing data: until withdrawal of consent

After the retention period expires, data are deleted or anonymized.

 

6. Rights of the Data Subject

In accordance with GDPR, the data subject has the right:

  • to access personal data
  • to rectification of inaccurate data
  • to erasure of personal data
  • to restriction of processing
  • to data portability
  • to object to processing based on legitimate interest
  • to withdraw consent at any time

If the data subject believes their rights have been violated, they have the right to lodge a complaint with:

The Office for Personal Data Protection of the Slovak Republic.

 

7. Transfer of Data to Third Parties

Personal data may be disclosed to:

  • payment service providers (Merchant of Record, e.g., Paddle)
  • IT and cloud service providers
  • accounting or legal advisors

Transfers of data outside the European Union may take place only under conditions established by GDPR (e.g., standard contractual clauses).

 

8. Data Security

The Controller has implemented appropriate technical and organizational measures to protect personal data against loss, misuse, or unauthorized access.