GDPR Art. 28 — list of third parties that touch personal data, their role, jurisdiction, and DPA status.
| Name | Service | Country | Data shared | DPA |
|---|---|---|---|---|
| Anthropic PBC | Translations (guest instructions, phrase templates), demand forecast | USA | Booking metadata, no PII (proxied via EU-hosted server) | DPA signed [PLACEHOLDER_DATE] |
| Google Cloud (Vision API) | OCR — passport / ID-card text extraction | EU (eu-vision.googleapis.com) | ID document images (transient, never stored) | DPA signed [PLACEHOLDER_DATE] |
| Hetzner Online GmbH | Server hosting, encrypted backups (Storage Box) | Germany | All system data at rest | DPA signed [PLACEHOLDER_DATE] |
| [ACCOUNTANT COMPANY NAME] | Bookkeeping | Slovak Republic | Invoices, expenses | Contract-based |
Pre detaily o spracúvaní osobných údajov pozrite ochranu osobných údajov / For details on data processing see the privacy notice.