Privacy Policy

1. Introductory Provisions

1. Before using the Accountit application (hereinafter referred to as the “Application”), you are obliged to familiarize yourself with the Terms of Use (hereinafter referred to as the “Terms”) and with this Privacy Policy (hereinafter referred to as the “Policy”), which govern the rules for the collection, processing, and use of your personal data. This Policy forms an integral part of the Terms, and all concepts and definitions used herein have the same meaning as in the Terms.
2. By using the Application, you consent to providing the company Vixen Tech s. r. o., with its registered office at Jelenia 1, 811 05 Bratislava, Company ID No.: 55 516 904 (hereinafter referred to as the “Controller”), with truthful, accurate, and up-to-date personal data, and you agree to update such data as necessary.

2. Purpose and Legal Basis for Personal Data Processing

1. The Controller acts as the data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and Section 5 letter (o) of Act No. 18/2018 Coll. on the Protection of Personal Data.
2. Personal data are processed for the purpose of providing the service that enables the management and analysis of personal finances through the Application, in particular for the purpose of:
   • creating and maintaining your user account,
   • ensuring the functionality of the Application,
   • providing user support,
   • personalizing content and recommendations.
3. The legal basis for processing is the performance of a contract pursuant to Article 6(1)(b) GDPR.

3. Scope of Processed Personal Data

1. The following personal data are necessary to conclude the contract and create a user account:
   • email address,
   • login credentials,
   • language version and currency used in the Application,
   • data concerning the subscription or type of user account.
2. The provision of additional personal data is voluntary, and the scope of processed data depends on the functions of the Application you choose to use.

4. Financial Data and Account Synchronization

1. When using the function for tracking and budgeting personal finances, the Controller will process the financial data you enter into the Application, in particular:
   • income and expense data,
   • transaction categories and notes,
   • set budgets and financial goals.
2. If you activate the payment account synchronization feature, the Controller also processes:
   • access credentials to the payment account,
   • transaction data (amount, description, note, date, currency),
   • account identification data (account number, account name, balance, currency, account type).

5. Profiling

1. As part of personal data processing, the Controller may use profiling to analyze and predict aspects related to marital status, housing, education, property relations, and user behavior, in order to provide personalized recommendations and features. Such profiling does not result in automated decision-making that would produce legal effects or significantly affect you within the meaning of Article 22 GDPR.

6. Retention Period of Personal Data

1. Personal data will be processed and stored for the duration of the contractual relationship, i.e., until you delete your account or until you or the Controller terminate the contract for the use of the Application.
2. After the termination of the contractual relationship, certain data may continue to be stored in accordance with special legal regulations (in particular, the AML Act, the Accounting Act, and tax legislation).

7. Sending of Marketing Communications

1. By using the Application, you acknowledge that the Controller, as the personal data controller, may process your email address obtained during registration for the purpose of direct marketing, specifically to send commercial messages and updates concerning the Application and its services.
2. The legal basis for such processing is the Controller’s legitimate interest under Article 6(1)(f) GDPR, consisting of promoting its own services in accordance with Act No. 452/2021 Coll. on Electronic Communications.
3. The Controller may use your email address until you unsubscribe. You may unsubscribe at any time by clicking the “unsubscribe” link in the relevant email or by another method indicated in the message.

8. Processing of Personal Data for Marketing Purposes

1. Based on your consent to the processing of personal data pursuant to Article 6(1)(a) GDPR, the Controller may process your personal data for marketing purposes, particularly for:
   • audience creation and ad targeting,
   • personalization of advertising offers,
   • sending personalized marketing notifications and recommendations.
2. Personal data will be processed for marketing purposes until consent is withdrawn, which you may do at any time directly in your Application account settings.
3. Within marketing processing, the Controller may use profiling to analyze or predict aspects relating to your marital status, housing, education, employment, property relations, and economic situation, as well as your behavior, in order to provide you with the most relevant advertising offers. Such profiling does not result in automated decision-making with legal effects or similarly significant consequences.

9. Service Improvement and Development

1. By using the Application, you acknowledge that the Controller may also process your personal data on the basis of a legitimate interest under Article 6(1)(f) GDPR, for the purpose of improving, testing, and developing the functions of the Application, including data anonymization and the creation of statistical reports.
2. Whenever possible, the Controller will use only anonymized or pseudonymized data.
3. Personal data will be processed only for the necessary period, but no longer than until the termination of the contractual relationship between you and the Controller.
4. Profiling may be used within these legitimate interests for the purpose of analyzing and predicting aspects related to your behavior, economic situation, or the way you use the Application, solely for the purpose of improving its functionality. Even in this case, automated decision-making with legal effects on the user does not occur.

10. Recipients of Personal Data and Transfer to Third Countries

1. The Controller may authorize processors (third parties) to process personal data on its behalf, solely for the purposes set out in this Policy, based on a written personal data processing agreement pursuant to Article 28 GDPR.
2. The Controller does not sell, transfer, or otherwise disclose personal data to third parties without your consent unless required by law or necessary for the exercise of legal claims. The sharing of personal data with other users of the Application is fully under your control.
3. The processors that the Controller may use include, in particular:
   • Google Commerce Limited, 70 Sir John Rogerson’s Quay, 2 Dublin, Ireland
   • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
   • Meta Platforms, Inc. (Facebook), 1601 Willow Road, Menlo Park, CA 94025, USA
   • Apple Inc., One Apple Park Way, Cupertino, California, USA.

11. Rights of the Data Subject

1. In connection with the processing of personal data, you as a data subject have all rights under Articles 12 to 22 of Regulation (EU) 2016/679 (GDPR), in particular:
   • Right of access to personal data under Article 15 GDPR – i.e., the right to obtain confirmation as to whether your personal data are being processed and, if so, to access such data and information on their processing.
   • Right to rectification under Article 16 GDPR – if data are inaccurate or incomplete, you have the right to request their correction or completion.
   • Right to erasure (“right to be forgotten”) under Article 17 GDPR – if there is no longer a legal reason for their processing.
   • Right to restriction of processing under Article 18 GDPR – for example, if you contest the accuracy of the data or the processing is unlawful.
   • Right to data portability under Article 20 GDPR – the right to receive your personal data that you have provided to the Controller in a structured, commonly used, and machine-readable format and to transmit them to another controller without hindrance from the Controller.
   • Right to object under Article 21 GDPR – particularly against processing based on legitimate interest (e.g., service improvement and development) or for direct marketing purposes, including profiling.
2. If technically feasible, you have the right to request that the Controller transfers your personal data directly to another controller.
3. The data subject may exercise their rights electronically via the Controller’s email address or in writing to its registered office.
4. If you believe that the processing of your personal data is contrary to the GDPR or to Section 100 of Act No. 18/2018 Coll. on the Protection of Personal Data, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic.

12. Payment Data and Bank Connection

1. If you make payments through the Application, information about your payment card and other payment data are not stored by the Controller but are processed exclusively by third parties – payment intermediaries (e.g., Stripe, PayPal, or others).
2. If you use the synchronization feature with your payment account, the login credentials for your internet banking are used only manually upon your input and are not stored by the Controller or processors unless you voluntarily choose to save them.

13. Location Data

1. Certain features of the Application may access your current location data (e.g., GPS coordinates or similar device location information).
2. Disabling location services may limit or disable the operation of some features of the Application.

14. Social Media Login

1. The user may also register via their Facebook or Google account, if supported by the Application. By using this option, you grant the Controller consent to process the personal data necessary for authentication and for creating your user account.
2. If you choose to anonymize your data and later link your account with Facebook, Google, or your bank account, anonymized data may become associated with data that directly identify you.

15. Technical Data

1. The Controller may process technical data such as information about your mobile device, operating system, internet connection, and Application usage. The purpose of this processing is to ensure service quality, enhance user experience, and analyze the Application’s performance.
2. Technical data are anonymized and stored separately from personal data; therefore, they cannot be retroactively linked to a specific person.

16. Cookies

1. The Application uses cookies – small data files stored on your device that allow certain information to be remembered and improve the user experience. Cookies may contain personal data.
2. Cookies are used primarily for:
   • remembering user settings,
   • security purposes,
   • analyzing Application usage,
   • targeted advertising.
3. The user may block or delete cookies through their browser or device settings; however, blocking cookies may limit the functionality of the Application.

17. Security of Personal Data Processing

1. Personal data are processed in electronic form on secure servers with firewall protection and physical security measures. The Controller’s database servers are located within the European Union.
2. The transmission of personal data takes place through encrypted connections. The Controller and its data processors use standard technical and organizational measures in accordance with Article 32 GDPR.
3. Despite the Controller’s best efforts, complete security of data transmission or storage cannot be guaranteed.

18. Contact Information

1. For any questions related to the protection or processing of personal data, you may contact the Data Protection Officer via email: alex@vixentech.co, Vixen Tech s. r. o., with its registered office at Jelenia 1, 811 05 Bratislava, Company ID No.: 55 516 904.
2. Data subjects may also use the above address to submit requests for the exercise of their rights under this Policy or under the GDPR.