Privacy Policy

The service operator is Redimo, s. r. o. ("Redimo"), Píniová 12, 821 07 Bratislava, Company ID 46 509 852, Tax ID 2023420641, VAT ID SK2023420641, registered with the Municipal Court Bratislava III, section Sro, file 78868/B.

Public service contact is info@redimo.sk; security and privacy notices can be sent to dpo@redimo.sk or security@redimo.sk.

When personal data is processed inside Redimo UKS, the controller is primarily the organisation operating the membership (typically a homeowners' association, housing cooperative or community club). Redimo, s. r. o. acts in this relationship as a processor under Art. 28 GDPR and concludes a Data Processing Agreement (DPA) with the organisation.

Redimo has appointed a Data Protection Officer (DPO) to coordinate communications with data subjects and the Slovak Office for Personal Data Protection.

Email: dpo@redimo.sk. Postal address: same as the controller's registered seat — please mark envelopes "FAO DPO".

The DPO is bound by confidentiality and handles requests within statutory deadlines (typically within 30 days of receipt, with an extension of up to 60 days for complex cases under Art. 12(3)).

Membership and member registry — legal basis: contract performance and legal obligation under Slovak Acts 182/1993 and 83/1990, Art. 6(1)(b) and (c) GDPR.

Voting and resolutions — legal basis: legitimate interest of the controller and the organisation in the proper functioning of the body and decision transparency, Art. 6(1)(f) GDPR and Slovak Act 182/1993.

Financial records — legal basis: legal obligation under the Slovak Accounting Act 431/2002 and tax legislation, Art. 6(1)(c) GDPR.

Meter readings and utility billing — legal basis: contract performance and legal obligations under Slovak Acts 657/2004 and 250/2012, Art. 6(1)(b) and (c) GDPR.

Documents, announcements and member communication — legal basis: legitimate interest in keeping the community informed, Art. 6(1)(f) GDPR.

Platform operation, authentication, security logs — legal basis: legitimate interest in the security of the information system, Art. 6(1)(f) GDPR.

Cookies and similar technologies — strictly necessary cookies are processed under legitimate interest (Art. 6(1)(f)); functional, analytical and marketing cookies require prior consent under § 109 of Slovak Act 452/2021, Art. 6(1)(a) GDPR and CJEU C-673/17 Planet49.

Where the legal basis is legitimate interest under Art. 6(1)(f), the controller has carried out a Legitimate Interest Assessment (LIA). Conclusions are available on request from the DPO.

Identified legitimate interests: (a) integrity and security of the information system (audit logs, recording unauthorised access attempts); (b) internal community communication (newsletters, notices on adopted resolutions); (c) protection of legal claims of the controller and the organisation (delivery proofs).

The data subject has the right to object at any time to processing based on legitimate interest (Art. 21 GDPR) — see the section on data subject rights.

Personal data is shared only as necessary with the following categories: employees of the controller assigned to a specific agenda by role, statutory representatives of the organisation, the property manager designated by association resolution, the auditor and tax advisor (during inspections), public authorities (Office for Personal Data Protection, courts, police) within the scope of statutory obligations.

Processors (technical service providers) are listed in the up-to-date sub-processor register available at /legal/subprocessors. A written agreement under Art. 28 GDPR is in place with all of them.

Without explicit consent or other legal basis we do not pass personal data to any third party for marketing or other commercial purposes.

Primary operation of the Redimo UKS portal — including application containers, databases, file storage and operational backups — runs after migration on Redimo-owned infrastructure in Slovakia. Edge protection, TLS and cache may use Cloudflare European points of presence.

Redimo does not engage in planned transfers of personal data to third countries outside the EEA. If such a transfer becomes necessary (e.g. specialised support tooling), Standard Contractual Clauses (SCC) under Commission Decision (EU) 2021/914 will be applied together with a transfer impact assessment in line with the CJEU Schrems II judgment (C-311/18), including supplementary measures (encryption, pseudonymisation).

The current list of sub-processors and their locations is publicly available at /legal/subprocessors.

Member data of the SVB / club / association: throughout the membership and 10 years after its termination (statute of limitations § 397 of the Slovak Civil Code; archival of resolutions).

Accounting and tax records: 10 years after the end of the accounting period under § 35 of the Accounting Act 431/2002 and § 76 of the VAT Act 222/2004.

Voting records and minutes: 10 years under § 11 of Act 182/1993 on ownership of dwellings and non-residential premises.

Security and application logs: 18 months, then anonymised or deleted.

Audit logs of personal data processing (audit_event): 5 years to demonstrate compliance (Art. 5(2) GDPR — accountability principle).

Cookie usage records (consent log): 24 months; after that the data subject re-consents (Art. 7(1) GDPR — provability).

After the retention period expires we delete or anonymise data without undue delay; in case of pending court or administrative proceedings we keep them until the decision becomes final.

As a data subject you have the right of access (Art. 15), rectification (Art. 16), erasure / right to be forgotten (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), to object (Art. 21) and not to be subject to automated decision-making including profiling (Art. 22).

These rights can be exercised directly inside the application via /account/privacy ("My GDPR rights"), by email to dpo@redimo.sk or by post to the controller's seat.

Requests are handled free of charge within 30 days of receipt. In justified cases (complexity, number of requests) we may extend the deadline by another 60 days with notice (Art. 12(3) GDPR).

Where requests are manifestly unfounded or excessive, in particular due to repetitive character, we may charge a reasonable fee or refuse to act (Art. 12(5) GDPR).

You have the right to object at any time to processing of personal data concerning you that is based on legitimate interest (Art. 6(1)(f) GDPR), including profiling on those grounds.

Following an objection we will stop processing the data unless we demonstrate compelling legitimate grounds that override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.

An objection can be raised directly in the application section /account/privacy or by email to dpo@redimo.sk.

Redimo does not perform any automated decision-making with legal effects on you or similarly significantly affecting you, nor profiling within the meaning of Art. 22(1) GDPR.

All material decisions (membership approval, ownership share change, vote outcome) result from human review by an authorised representative of the organisation or by community members.

If automated decision-making is introduced in the future, data subjects will be informed in advance and will have the right to obtain human intervention, express their point of view and contest the decision.

If you believe that processing of your personal data infringes the GDPR or Slovak Act 18/2018, you have the right to lodge a complaint with a supervisory authority.

Competent authority: Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, phone +421 2 32 31 32 14, email statny.dozor@pdp.gov.sk, web https://dataprotection.gov.sk/.

Before lodging a complaint we recommend contacting our DPO at dpo@redimo.sk first — most matters can be resolved directly.

Provision of personal data is in some cases a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Specifically: data needed for SVB membership records (name, surname, dwelling address) is a statutory requirement under Slovak Act 182/1993 — failure to provide it means we cannot register the ownership relationship and run the association agenda.

Email contact for electronic delivery is a contractual requirement — without it we cannot deliver notices electronically and will use postal delivery.

Data for optional features (analytical cookies, push notifications) is voluntary — non-provision has no adverse consequences.

Most personal data is collected directly from data subjects when they register or use the portal (Art. 13 GDPR).

In some cases we obtain data indirectly (Art. 14 GDPR), in particular: from the organisation (SVB, manager, club) which uploads its membership list when initialising the platform; from public registers (Cadastre, Companies Register) to verify ownership relationships and statutory representatives.

Categories of data obtained this way: identification data (name, surname, date of birth as needed for verification), contact details, information on the ownership share.

If we obtain such data, we inform the data subject of the processing within a reasonable period and at the latest within one month of obtaining the data (Art. 14(3)(a) GDPR), having regard to the specific circumstances.

We may update this Privacy Policy in response to changes in legislation, technology, scope of processing or following decisions of supervisory authorities or courts.

Current version: 2.0, effective date: 26 April 2026.

For material changes (in particular extension of purposes, categories of data or list of sub-processors) we will inform you directly in the application at your next sign-in and/or by email at least 30 days before the change takes effect.

Version history and a list of changes is available on request from the DPO (dpo@redimo.sk).

This page is the public Privacy Notice for the Redimo UKS portal. Detailed purposes, legal bases, retention periods and data-subject rights are listed above in sections 1 to 14.

The organisation uses the portal as controller of its member data; Redimo acts as processor and technical service operator.

Production portal access is intended only for registered organisations, their members and authorised administrators. Users must use their own account, protect credentials and avoid entering data they are not authorised to process.

Public previews use fictional data only and do not create contractual access to a production tenant.

The organisation is responsible for the lawfulness of submitted data, correct role configuration and informing its members. Redimo provides technical and security measures, audit trail and processor documentation.

Specific commercial, billing and signing terms are part of the individual agreement or order with the organisation.

The Redimo UKS software, user interface, copy and documentation are protected by copyright and other intellectual-property rights of Redimo, s. r. o.

Organisation and member data remains owned by the relevant organisation or data subjects under applicable law and contractual documentation.