Privacy Policy.
This page explains how Pravatti s.r.o. (operating the Virtualien brand, hereafter "we", "us", "Virtualien") handles personal data of website visitors, prospects, clients and individuals whose data we process through the marketing platforms we operate on behalf of our clients — including the Google Ads API.
Pravatti s.r.o.
Registered office: Vránskeho 228/51, 977 01 Brezno, Slovakia
Company ID (IČO): 55 724 914
Tax ID (DIČ): 2122069598
Registered in the Commercial Register of the Slovak Republic.
Contact: jakub@pravatti.sk
1. Scope
This Privacy Policy applies to:
- Visitors of virtualien.space.
- Prospective and active clients who contact us or engage our services.
- End-user and campaign data we access as a processor through advertising platforms (Google Ads, Meta, Microsoft Advertising, Seznam), analytics tools (Google Analytics 4, Google Tag Manager) and our internal tooling, when acting on behalf of our clients.
2. What data we collect
2.1 Website visitors
The Virtualien website is intentionally minimal. We do not run marketing cookies, behavioural tracking, pixels, or a consent management platform on this domain. We do not collect your name, email or IP for advertising purposes on this site.
The site is hosted on Vercel; Vercel may process basic request metadata (IP address, user agent, referrer) as part of delivering the site. See Vercel's privacy policy.
2.2 Prospects & clients
When you email us or engage our services, we process:
- Contact details (name, email, company, phone).
- Commercial correspondence (emails, messages, notes).
- Contractual and invoicing data (company registration data, billing address, payment details).
2.3 Data accessed via the Google Ads API and other advertising platforms
When you become our client and grant us access to your Google Ads account (typically through our Manager / MCC account, ID 638-048-0172), we access data stored in your Google Ads account in order to manage your campaigns. This includes:
- Account-, campaign-, ad-group-, keyword- and ad-level configuration and performance metrics.
- Search-term reports and audience / geographic performance data.
- Google Ads recommendations, change history and auction insights.
- Conversion tracking configuration and conversion events.
We may also access equivalent data in Meta Ads Manager, Microsoft Advertising, Seznam Sklik, Google Analytics 4 and Google Tag Manager on a per-client basis, based on permissions you grant us.
3. How we use data
- Operating our website and responding to inquiries — legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Entering into and performing client engagements — legal basis: contract (Art. 6(1)(b) GDPR).
- Managing advertising campaigns on client accounts — we act as a data processor on behalf of our clients; they remain the controller of the data in their ad platforms. Our role is to analyse performance, optimise campaigns, produce reports and execute authorised changes.
- Legal and tax obligations — legal basis: legal obligation (Art. 6(1)(c) GDPR).
4. Google Ads API data — specific commitments
Data we retrieve from the Google Ads API is used solely to manage the campaigns of the client whose account the data belongs to. Specifically:
- We do not sell, license, redistribute or otherwise make available Google Ads API data to any third party.
- We do not use Google Ads API data to train generative AI models or any other machine learning models.
- We do not combine data across unrelated clients for any cross-client analytics or benchmarking product.
- Our tooling is internal only — it is not a SaaS product, is not made available to external parties, and is operated locally by authorised Virtualien team members.
- All destructive API operations (budget changes, status changes) require explicit human-in-the-loop confirmation — no autonomous mutations.
- Credentials are stored locally on authorised team-member workstations; no API data is stored on external servers beyond short-lived rate-limit caches.
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Sharing & processors
We share personal data only with:
- Sub-processors we engage to deliver services — hosting (Vercel), email (Fastmail / Google Workspace, depending on the mailbox), accounting and invoicing software, and occasional specialist freelancers bound by written confidentiality and data-protection terms.
- Platforms where the client has granted us access (Google Ads, Meta, etc.) — we do not export client data out of these platforms except in the form of summarised reports delivered directly to the client.
- Authorities, where required by law.
6. International transfers
Some of our sub-processors (e.g. Vercel, Google) process data in the United States or other countries outside the EEA. Such transfers rely on the European Commission's adequacy decisions or on Standard Contractual Clauses (SCCs) concluded with the respective processors.
7. Retention
- Prospect correspondence: up to 24 months from last contact, unless a contract is entered into.
- Active-client data: for the duration of the engagement and up to 10 years afterwards for accounting and tax purposes, as required by Slovak law.
- Google Ads API data: retained only in local caches for short periods to comply with rate limits, and in reports delivered to the client; not retained for any purpose beyond the engagement.
8. Your rights (GDPR)
Subject to the conditions of the GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase data (where applicable).
- Restrict or object to processing.
- Data portability.
- Withdraw consent (where processing relies on consent).
- Lodge a complaint with the Slovak Data Protection Authority (Úrad na ochranu osobných údajov SR).
To exercise any of these rights, email jakub@pravatti.sk. If the data we hold about you originates from a Google Ads account belonging to our client, we will forward your request to the client, who is the data controller for that data.
9. Security
We apply reasonable technical and organisational measures to protect the data we process, including: strong device passwords and full-disk encryption on all team workstations, OAuth 2.0 for all platform access (no shared passwords where platforms support it), principle of least privilege on client accounts, and two-factor authentication on all Virtualien accounts.
10. Changes
We may update this Privacy Policy to reflect changes in our services or in applicable law. The effective date at the top of this page indicates when the policy was last revised. Material changes will be communicated to active clients directly.
11. Contact
For any privacy question, write to jakub@pravatti.sk.