Subjekt API
privacy

Privacy summary

Subjekt processes public registry business data and minimal request metadata for service reliability and abuse prevention.

Controller and contact

Controller: Subjekt operator. Public contact channel is published before production launch.

Purposes and legal bases

  • Business lookup and verification: GDPR Art. 6(1)(f) legitimate interests
  • Security logging and abuse prevention: GDPR Art. 6(1)(f)
  • Legal accountability workflows: GDPR Art. 6(1)(c)

Data sources

  • SK: RPO + Finančná správa export + RUZ fallback
  • CZ: ARES proxy context

Retention

Retention windows for logs and backups follow the compliance schedule maintained in repository governance docs.

Rights

Data subjects may request access, rectification, objection, restriction, and other rights as applicable by law.

Cross-border transfers and processors

Processor contracts and transfer safeguards are documented and reviewed as part of launch governance and ongoing compliance reviews.

Full artifacts are maintained under docs/superpowers/compliance/.