This Privacy Policy explains what personal data ERM Creative s.r.o. (operating under the Istro Corp brand) collects when you visit istrocorp.com, why we collect it, and what your rights are under the EU General Data Protection Regulation (GDPR).
1. Who we are
ERM Creative s.r.o., operating under the Istro Corp brand, is the data controller for the personal data processed through this website. You can reach us at miroslav.petrik@istrocorp.com with any privacy-related questions.
2. What data we collect, and why
Contact form submissions
When you submit our contact form, we collect:
- Name — to address you personally in our reply
- Email address — required so we can respond
- Company — optional, helps us prepare a relevant response
- Phone — optional, only if you prefer phone contact
- Subject and message — the content of your inquiry
Legal basis: your consent (Art. 6(1)(a) GDPR) and our legitimate interest in responding to business inquiries (Art. 6(1)(f) GDPR).
Retention: we keep contact form submissions for as long as needed to handle your inquiry, plus up to 24 months for follow-up. After that, we delete them unless a contract is signed.
Cookies and analytics
We use two categories of cookies:
- Essential cookies — store your cookie-consent choice in your browser's local storage. Always active. No personal data is sent to us.
- Analytics cookies (optional) — Google Analytics 4, only loaded after you click "Accept all" on our cookie banner. We use it to understand which pages are most useful and improve the site. IP addresses are anonymized.
You can change your cookie choice at any time using the "Cookie settings" link in the footer.
Legal basis: your explicit consent (Art. 6(1)(a) GDPR).
Server logs
Our hosting provider may automatically log standard web-server data (IP address, browser type, page requested, timestamp) for security and operational reasons. These logs are kept short-term and are not used for marketing or profiling.
3. Who we share your data with
We do not sell your personal data and we do not share it for marketing. We may share data with:
- Our form processor — if we use a third-party service (e.g. Formspree, Netlify Forms) to deliver contact form submissions, your data passes through their infrastructure under their own privacy terms.
- Google Analytics — only if you opt in via the cookie banner. Data is processed by Google subject to their privacy terms.
- Authorities — only if legally required (e.g. response to a valid court order).
4. International transfers
Where data leaves the European Economic Area (e.g. Google Analytics processed in the US), we rely on Standard Contractual Clauses or equivalent safeguards as required by GDPR Chapter V.
5. Your rights under GDPR
You have the right to:
- Access — ask for a copy of the personal data we hold about you
- Rectification — correct any inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a structured, machine-readable format
- Object — to processing based on legitimate interest
- Withdraw consent — at any time, without affecting prior lawful processing
To exercise any of these rights, email miroslav.petrik@istrocorp.com. We respond within 30 days.
If you believe we've mishandled your data, you can lodge a complaint with the Slovak data protection authority: Úrad na ochranu osobných údajov SR.
6. Security
We use HTTPS encryption, follow current best practices for password management, and keep our software up to date. No system is 100% secure, but we take reasonable steps to protect your data.
7. Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top. Continued use of the site after changes means you accept the updated terms.
8. Contact us
Questions about this Privacy Policy or how we handle your data?
ERM Creative s.r.o. (Istro Corp)
Email: miroslav.petrik@istrocorp.com
Phone: +421 902 495 923
Slovakia · projects across the EU