Privacy Policy

Last updated: 25 June 2026

This Privacy Policy explains how ANCVAJ s. r. o., company ID (IČO) 56 298 731, [DOPLNIŤ: DIČ / IČ DPH], registered office at Lúčna 1014/9, 014 01 Bytča, Slovakia ("we", "us", "our"), processes your personal data when you use mindelund.com (the "Mindelnut" service; the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and Slovak data protection law (Act No. 18/2018 Coll.).

1. Data controller

The data controller for your personal data is:

ANCVAJ s. r. o.

Lúčna 1014/9, 014 01 Bytča, Slovakia

Company ID (IČO): 56 298 731 — registered in the Commercial Register of the District Court Žilina, section Sro, insert No. 85196/L

[DOPLNIŤ: DIČ / IČ DPH]

Email: helpdesk@mindelund.com

Data Protection Officer (DPO): not appointed — contact us at helpdesk@mindelund.com

2. What personal data we process

| Category | Examples | Source |

|----------|----------|--------|

| Account data | Email address, chosen language, account creation date | You |

| Authentication data | Magic-link tokens, login timestamps, IP address | You / automatic |

| User content | Pet photos, pet names, dates, epitaphs, stories | You |

| Payment data | Purchase records, amount, status; card details are processed by our payment provider, not stored by us | You / payment provider |

| Technical data | IP address, browser/device type, cookies (see Cookie Notice) | Automatic |

| Communications | Emails you send us, support requests | You |

We do not intentionally collect special-category (sensitive) personal data. Please do not include such data in photos or text.

3. Purposes and legal basis

| Purpose | Legal basis (GDPR Art. 6) |

|---------|---------------------------|

| Creating and managing your account; passwordless login | Performance of a contract (Art. 6(1)(b)) |

| Hosting and displaying your memorials and photos | Performance of a contract (Art. 6(1)(b)) |

| Processing payments for premium features | Performance of a contract (Art. 6(1)(b)); legal obligation for accounting (Art. 6(1)(c)) |

| Security, fraud prevention, maintaining the Service | Legitimate interests (Art. 6(1)(f)) |

| Sending service emails (e.g. magic links, transactional notices) | Performance of a contract (Art. 6(1)(b)) |

| Marketing emails, if any | Consent (Art. 6(1)(a)) — withdrawable at any time |

| Non-essential cookies/analytics | Consent (Art. 6(1)(a)) |

| Complying with legal/accounting obligations | Legal obligation (Art. 6(1)(c)) |

4. Processors and recipients

We use the following categories of processors, who act on our instructions under data processing agreements:

• Hosting / cloud infrastructure: Contabo GmbH, Aschauer Straße 32a, 81549 Munich, Germany (EU) — stores account data, photos and database.
• Email provider (SMTP): Webglobe, s. r. o. (`mail.webglobe.sk`), Slovakia (EU) — sends magic-link and transactional emails.
• Analytics (consent only): Google Ireland Ltd. — Google Analytics 4 (Ireland, EU). Measures aggregated use of the Service (IP anonymised, advertising signals off). No analytics cookies are stored without consent (Consent Mode v2).
• Payment provider: Stripe Payments Europe, Ltd. (Ireland, EU) — processes payments and card data. Note: payments are currently in test (MOCK) mode and will be enabled later; until then no real payment data is processed via Stripe.

We do not sell your personal data. We may disclose data where required by law or to protect our legal rights.

5. International transfers

Our main processors are located in the EU/EEA. Where a processor (or its sub-processor) carries out a transfer outside the EU/EEA, such transfer is safeguarded by an adequacy decision or EU Standard Contractual Clauses. Details available on request at helpdesk@mindelund.com.

6. Retention

• Account and user content: retained while your account is active; you can delete it at any time via the "Delete account" feature (right to erasure), unless longer retention is legally required.
• Payment/accounting records: retained for the period required by Slovak accounting law (Act No. 431/2002 Coll.), generally 10 years. Audit records of purchases and candle/credit movements are retained for accounting and legitimate-interest purposes beyond the log-data period below.
• Authentication/log data (login tokens, sessions, security logs): retained for security for a maximum of 3 months, then automatically deleted.

7. Your rights

Under the GDPR you have the right to: access your data; rectification; erasure ("right to be forgotten"); restriction of processing; data portability; objection to processing based on legitimate interests; and to withdraw consent at any time (without affecting prior processing).

To exercise these rights, contact helpdesk@mindelund.com. We will respond within one month.

8. Right to complain

As the controller is a Slovak company, the competent supervisory authority is:

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR)

Hraničná 12, 820 07 Bratislava, Slovakia

Website: https://dataprotection.gov.sk

You may also complain to the supervisory authority in your EU country of residence. Danish users may also contact the Danish authority Datatilsynet (https://www.datatilsynet.dk).

9. Security

We apply appropriate technical and organisational measures (e.g. encryption in transit, access controls) to protect your data. No system is completely secure; please keep your email account secure since login relies on it.

10. Children

The Service is not directed at children under 16. If you believe a child has provided us personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy. Material changes will be communicated by email or in-app, and the "Last updated" date will be revised.

12. Contact

ANCVAJ s. r. o. — Lúčna 1014/9, 014 01 Bytča, Slovakia — Email: helpdesk@mindelund.com — DPO: not appointed (contact us at helpdesk@mindelund.com)