Modern Digital Accounting,
Tax & Advisory

Legal Information

Company

CHIRIEN finance s. r. o.
Registered office: Dunajská 2330/58, 811 08 Bratislava - Staré Mesto, Slovak Republic
Company ID (IČO): 57 282 501
Registration: Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 193049/B
Tax ID (DIČ): 2122646746
The company is not a VAT payer.

Statutory body

Directors: Mgr. Lukáš Steiniger, Martin Horváth
Each director acts independently on behalf of the company.

Contact

E-mail: info@chirien.com
Phone SK: +421 910 979 919 (Mgr. Lukáš Steiniger), +421 903 705 196 (Martin Horváth)
Phone CZ: +420 601 007 014 (Mgr. Lukáš Steiniger)

Fees

The Company provides its services for a fee. The amount of the fee and contract terms are always agreed upon in advance before the service is provided, based on mutual agreement of both contracting parties.

Legal and tax advisory

CHIRIEN finance s. r. o. does not provide legal services and tax advisory directly under a granted license, but cooperates with the following law firms in providing legal and tax services:

• For the territory of the Slovak Republic: STEINIGER | law firm, s.r.o., registered office: Ružinovská 42, 821 03 Bratislava, Slovak Republic, Company ID: 47 238 135, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 80481/B. The company is a VAT payer. VAT ID: SK2023484177.

• For the territory of the Czech Republic: STEINIGER | law firm, s.r.o., registered office: Národní 37, 110 00 Prague - Staré Město, Czech Republic, Company ID: 060 96 476, registered in the Commercial Register of the Municipal Court in Prague, File No.: C 276050. The company is not a VAT payer. VAT ID and Tax ID: CZ06096476.

Whistleblowing

The person responsible for receiving, investigating, handling and recording reports in accordance with Act No. 54/2019 Coll. on the protection of whistleblowers and on amendments to certain acts as amended ("Whistleblower Protection Act") is Mgr. Lukáš Steiniger – responsible person.

Reports of anti-social activity may be submitted:

• orally in person

• in writing to the registered office of the company

• by email to: lukas.steiniger@chirien.com

• or directly to the authorities competent to receive reports, which are, in accordance with § 2(g) of the Whistleblower Protection Act, the Office for the Protection of Whistleblowers, the prosecution service or the administrative authority competent to conduct proceedings on an administrative offence that constitutes a serious anti-social activity under § 2(d)(3) and (4) of the Whistleblower Protection Act, or the relevant institution, body, office or agency of the European Union.

The whistleblower may request protection under § 3, § 5 and § 12 of the Whistleblower Protection Act in criminal proceedings, administrative offence proceedings, or may request the suspension of the effectiveness of an employment law action.

Confidentiality and information security

The relationship between us and our clients is built on mutual trust. We are aware that in providing accounting, payroll and tax services, clients entrust us with sensitive data concerning their business, financial situation, business relationships and internal processes. We consider the protection of this information to be one of the fundamental pillars of our activities.

We undertake to maintain confidentiality regarding all facts we learn in connection with the provision of our services. This obligation applies to all our employees, associates and partners who participate in the provision of services, and continues even after the termination of the contractual relationship with the client. Information obtained in the course of our activities is not disclosed to third parties without the express prior consent of the client, unless otherwise required by law.

The legal order of the Slovak Republic provides for exceptions to the duty of confidentiality in exhaustively defined cases. These are primarily situations where:

• a statutory notification or reporting obligation arises towards public authorities (e.g. tax offices, law enforcement authorities or the financial intelligence unit),

• breaching confidentiality is necessary to prevent the commission of a criminal offence or to avert damage of a greater extent,

• the obligation to disclose certain information arises directly from special legal regulations (e.g. the Tax Administration Act, the Accounting Act, the Act on Protection against the Legalization of Proceeds of Criminal Activity).

Even in these cases, we approach the disclosure of information with maximum caution and to the extent strictly limited to what the law requires.

Prevention of money laundering and terrorist financing (AML/CFT)

As an entity providing accounting, tax and payroll services, we are subject to obligations arising from Act No. 297/2008 Coll. on the protection against the legalization of proceeds of criminal activity and on the protection against the financing of terrorism as amended (hereinafter the "AML Act"), as well as the relevant legal acts of the European Union, including Directive of the European Parliament and of the Council (EU) 2015/849 as amended.

Client identification and verification

In cases defined by law, we are obliged to exercise due diligence in relation to the client, which includes in particular:

• verification of the identity of the client and their representatives based on the presentation of identity documents,

• identification of the ownership and management structure of the client, in the case of a legal entity,

• identification and verification of the ultimate beneficial owner in accordance with applicable legislation,

• determination of the purpose and intended nature of the business relationship or transaction,

• ongoing monitoring of the business relationship including verification of transactions carried out.

The scope and depth of due diligence depends on the level of risk associated with the specific client, business relationship or transaction, in accordance with the risk-based approach principle.

Reporting obligations

If, in the course of our activities, we identify an unusual business transaction within the meaning of the AML Act, we are obliged to report this fact to the Financial Intelligence Unit of the National Criminal Agency of the Presidium of the Police Force. This statutory obligation takes precedence over our contractual and statutory duty of confidentiality. At the same time, we are not permitted to inform the affected person or any third party about the filing of such a report.

Despite the existence of these statutory obligations, the protection of the confidentiality of our clients' information remains our primary goal. We breach confidentiality exclusively to the extent defined by law and only when this obligation clearly arises from applicable legal regulations.

Internal protection system (compliance program)

In order to properly fulfil our obligations in the area of AML/CFT, we have developed and implemented in our internal processes a comprehensive program of our own activities aimed at the prevention of money laundering and terrorist financing. This program includes in particular:

• written internal regulations and guidelines establishing procedures for client identification, risk assessment and recognition of unusual business transactions,

• designation of a responsible person for the fulfilment of AML/CFT obligations,

• a system of regular education and training of employees in the area of prevention,

• mechanisms for ongoing evaluation of the effectiveness of implemented measures.

These standards are an integral part of the new client onboarding process and are applied throughout the entire duration of the business relationship.

Data protection and information technology security

The security of data entrusted to us by our clients is of fundamental importance to us. In processing, storing and transmitting this data, we use modern technological solutions designed to provide a high level of protection against unauthorized access, leakage, loss or misuse.

Technical and organizational measures

We continuously invest in securing our IT infrastructure and internal processes. Key measures we implement include:

• deployment of current hardware and software security solutions including data encryption, secure communication and regular system updates,

• cooperation with specialized external IT security providers who ensure ongoing auditing and optimization of our security measures,

• implementation of internal security guidelines and process standards binding on all employees, associates and business partners,

• regular education and training of employees in the area of cybersecurity, data protection and recognition of security threats,

• implementation of access rights and control mechanisms governing access to sensitive data on the "need-to-know" principle.

Personal data protection

The processing of personal data of our clients, their employees and business partners is governed by Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data (GDPR) and Act No. 18/2018 Coll. on personal data protection as amended. Detailed information on personal data processing, legal bases for processing, rights of data subjects and other related matters can be found in the separate section Privacy Policy.

Privacy Policy

1. Data Controller Identification

The controller of personal data is CHIRIEN finance s. r. o., registered office: Dunajská 2330/58, 811 08 Bratislava - Staré Mesto, Slovak Republic, Company ID: 57 282 501, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 193049/B (hereinafter the "Controller").

The Controller provides accounting, payroll, tax and economic advisory services for business entities and natural persons – entrepreneurs in the Slovak Republic, the Czech Republic and abroad.

Contact details

• Email: info@chirien.com

• Phone: +421 910 979 919, +421 903 705 196, +420 601 007 014

• Websites: www.chirien.sk, www.chirien.cz, www.chirien.com

The Controller is committed to the protection of personal data and the privacy of all data subjects. This Privacy Policy provides comprehensive information about what personal data we process, why we process it, on what legal basis, how long we retain it and what rights you have as a data subject.

2. Declarations and Guarantees of the Controller

The Controller undertakes to:

• never sell or commercially exploit personal data obtained from data subjects for the benefit of any third parties without the express written consent of the data subject;

• limit the scope of processed personal data to the minimum necessary to achieve the purpose of processing;

• ensure the secure disposal of personal data without delay after the purpose of processing has ended, unless otherwise required by law;

• adopt appropriate technical, organisational and personnel measures to ensure the protection of personal data in accordance with Articles 25 and 32 of the GDPR;

• not carry out automated individual decision-making or profiling within the meaning of Article 22 of the GDPR;

• in the event of a personal data breach posing a high risk to the rights and freedoms of data subjects, inform the data subject in accordance with Article 34 of the GDPR.

The Controller, as a business entity providing accounting, payroll and tax services, is obliged to maintain confidentiality regarding all facts learned in connection with the performance of its activities, including information constituting personal data. The Controller guarantees data subjects an enhanced level of discretion through the contractual liability of its employees and associates for breach of confidentiality.

3. Purposes, Legal Bases and Scope of Personal Data Processing

The Controller processes personal data of data subjects for the following purposes:

3.1. Provision of Accounting, Payroll and Tax Services

• Purpose: bookkeeping, payroll processing, tax advisory and related economic services for the Controller's clients

• Legal basis: performance of a contract (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR) – in particular Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax, Act No. 222/2004 Coll. on VAT, Act No. 461/2003 Coll. on Social Insurance, Act No. 580/2004 Coll. on Health Insurance, the Labour Code

• Scope of data: name, surname, title, date of birth, birth number (if necessary), address of permanent/temporary residence, nationality, ID card/passport number, banking details, payroll data, tax identifiers, health and social insurance data, contact details

• Data subjects: clients (natural persons – entrepreneurs), employees of clients, statutory bodies and contact persons of clients

• Retention period: for the duration of the contractual relationship and subsequently 10 years after its termination (in accordance with accounting and tax regulations)

3.2. Contractual Documentation and Business Relationship

• Purpose: conclusion and performance of contracts, invoicing, communication with clients

• Legal basis: performance of a contract (Art. 6(1)(b) GDPR), legitimate interest (Art. 6(1)(f) GDPR)

• Scope of data: name, surname, title, job position, email, phone number, address, company ID, tax ID, bank account, signature

• Retention period: for the duration of the contract and 10 years after its termination

3.3. Contact Form and Communication via the Website

• Purpose: handling your request submitted through the contact form or email communication

• Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR) – handling your enquiry

• Scope of data: name, email address, message subject, message content

• Retention period: maximum 12 months from the last communication, unless a longer period is required for another purpose

3.4. Compliance with Statutory Obligations

• Purpose: fulfilment of obligations arising from tax, accounting, labour law and anti-money laundering regulations

• Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR)

• Applicable legislation: Act No. 431/2002 Coll. on Accounting, Act No. 595/2003 Coll. on Income Tax, Act No. 222/2004 Coll. on VAT, Act No. 297/2008 Coll. on Prevention of Money Laundering, Act No. 311/2001 Coll. (the Labour Code) and other special regulations

3.5. Marketing Communication

• Purpose: sending information about news, professional articles and the Controller's services (newsletter)

• Legal basis: consent of the data subject (Art. 6(1)(a) GDPR)

• Scope of data: email address, possibly name and surname

• Retention period: for the duration of consent, maximum 5 years from its granting, unless revoked earlier

You may revoke any consent to the processing of personal data at any time, free of charge, by sending an email request to info@chirien.com. The revocation of consent does not affect the lawfulness of processing carried out prior to its revocation.

3.6. Website Operation

• Purpose: ensuring website functionality, traffic analysis and improving user experience

• Legal basis: legitimate interest (Art. 6(1)(f) GDPR) for necessary cookies; consent (Art. 6(1)(a) GDPR) for analytics cookies

• Scope of data: IP address (anonymised), date and time of access, browser type, operating system, navigation behaviour data

• Retention period: according to cookie category – details are set out in the Cookie Policy

4. Recipients and Processors of Personal Data

The Controller may engage the following trusted partners as processors pursuant to Article 28 of the GDPR when processing personal data:

• IT service provider – for the purpose of managing and maintaining IT systems and IT security;

• web hosting provider (WebHouse s. r. o. / SETUP.sk) – for the purpose of operating the Website;

• cloud service provider – for the purpose of secure data storage and processing.

The Controller may also be obliged to provide personal data without the data subject's consent to the following third parties:

• tax offices and the Financial Directorate of the Slovak Republic;

• the Social Insurance Agency and health insurance companies;

• law enforcement authorities;

• courts of the Slovak Republic;

• the Labour Inspectorate;

• the Financial Intelligence Unit of the National Criminal Agency under the conditions of Act No. 297/2008 Coll.;

• other public authorities pursuant to the relevant special legislation.

4.1. Partner Law Firm

The Controller cooperates with the law firm STEINIGER | law firm, s. r. o., registered office: Ružinovská 42, 821 03 Bratislava, Slovak Republic, Company ID: 47 238 135, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 80481/B and STEINIGER | law firm, s.r.o., registered office: Národní 37, 110 00 Prague - Staré Město, Czech Republic, Company ID: 060 96 476, registered in the Commercial Register of the Municipal Court in Prague, File No.: C 276050, which provide tax and legal services to the Controller's clients. Where necessary, personal data may be provided to these partner law firms, which act as independent controllers of personal data.

5. Cross-border Transfer of Personal Data

The Controller does not primarily transfer personal data to third countries outside the European Economic Area (EEA).

In connection with the operation of the Website, data may be transferred to third countries through the Google Analytics service. Google LLC ensures an adequate level of personal data protection through standard contractual clauses approved by the European Commission and other safeguards in accordance with Article 46 of the GDPR.

6. Use of Cloud Services

The Controller may use cloud services (IaaS, SaaS) for the secure storage and processing of data. When selecting cloud service providers, the Controller ensures:

• the use of only verified and security-certified providers;

• the conclusion of contracts guaranteeing service availability (SLA) and personal data protection pursuant to Article 28(3) of the GDPR;

• minimisation of risks associated with data transfers to third countries;

• the use of proprietary data storage and modern IT infrastructure where possible.

7. Source of Personal Data

We obtain personal data primarily directly from the data subject or from their client (legal or natural person) who has a contractual relationship with the Controller. Personal data may also originate from publicly available sources, official registers and documentation provided by the client.

8. Privacy Protection When Using the Website

8.1. Cookies

The Controller's websites (www.chirien.sk, www.chirien.cz, www.chirien.com) use cookies. Detailed information about cookie types, their purpose and management options can be found in the separate "Cookie Policy" document, available on our Website.

The Controller uses necessary (technical) cookies and analytics cookies (Google Analytics 4). Analytics cookies are loaded only after the website visitor has given explicit consent through the cookie banner.

8.2. Google Analytics

The Controller uses the Google Analytics 4 service by Google LLC for website traffic analysis. This service processes anonymised data about visitor behaviour. The IP address is anonymised before being stored.

Google Analytics is loaded only after the visitor actively consents to analytics cookies through the relevant banner. Without this consent, no analytics cookies are stored and no data is transmitted to Google.

Google Analytics data collection can be prevented by rejecting analytics cookies in the cookie banner or by installing the "Google Analytics Opt-out Browser Add-on" browser plugin.

More information about data processing by Google can be found at: https://policies.google.com/privacy

8.3. Social Networks

The Controller's websites may contain links to the Controller's profiles on social networks (e.g. LinkedIn). By clicking on these links, data subjects will be redirected to external websites operated by third parties. The Controller has no influence on the processing of personal data by the operators of these social networks. We recommend familiarising yourself with the privacy policies of the respective social networks.

9. Data Subject Rights

In connection with the processing of your personal data, you have the following rights:

• Right of access (Art. 15 GDPR) – the right to obtain confirmation as to whether your personal data is being processed and, if so, to access it, including information about the purpose of processing, categories of data and recipients;

• Right to rectification (Art. 16 GDPR) – the right to have inaccurate personal data corrected or incomplete data supplemented;

• Right to erasure (Art. 17 GDPR) – the right to request the erasure of personal data if it is no longer necessary for the purpose for which it was collected, or if consent has been withdrawn;

• Right to restriction of processing (Art. 18 GDPR) – the right to request the restriction of processing under certain legally defined conditions;

• Right to data portability (Art. 20 GDPR) – the right to receive personal data in a structured, commonly used and machine-readable format;

• Right to object (Art. 21 GDPR) – the right to object to the processing of personal data based on the legitimate interest of the Controller;

• Right to withdraw consent – if processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to its withdrawal;

• Right to lodge a complaint – the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic, Park one Building, Námestie 1. mája 18, 811 06 Bratislava, Slovak Republic, www.dataprotection.gov.sk.

You may exercise your data subject rights in writing to the Controller's registered office or electronically to the email address info@chirien.com. The Controller may request identity verification. Each request will be processed no later than one month from its receipt. The exercise of data subject rights is free of charge.

10. Contact Person for Personal Data Protection

The Controller has designated a contact person for the supervision of personal data processing, whom you may contact for any questions or requests regarding personal data protection:

Mgr. Lukáš Steiniger

Email: lukas.steiniger@chirien.com

Address: CHIRIEN finance s. r. o., Dunajská 2330/58, 811 08 Bratislava, Slovak Republic

11. Final Provisions

This Privacy Policy is effective from 20 March 2026. The Controller reserves the right to update this Policy periodically depending on changes in legal regulations or changes in personal data processing. The current version will always be published on the Controller's Website.

This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Act No. 18/2018 Coll. on Personal Data Protection and on amendments to certain acts.

Effective from: 20 March 2026

Approved by: Mgr. Lukáš Steiniger, Director

Cookie Policy

1. Introduction

CHIRIEN finance s. r. o., registered office: Dunajská 2330/58, 811 08 Bratislava - Staré Mesto, Slovak Republic, Company ID: 57 282 501, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 193049/B (hereinafter the "Operator") operates the websites www.chirien.sk, www.chirien.cz and www.chirien.com (hereinafter the "Website").

This Cookie Policy explains what cookies are, what types of cookies our Website uses, what purposes they serve and how you can manage your cookie preferences.

The use of cookies is in compliance with Regulation (EU) 2016/679 of the European Parliament and Council (GDPR), Act No. 18/2018 Coll. on personal data protection and Act No. 452/2021 Coll. on electronic communications.

2. What are cookies

A cookie is a small text file that a website stores on your computer or mobile device when you browse it. Cookies allow a website to retain information about your actions and preferences for a certain period of time, so you do not have to re-enter them.

2.1. Classification of cookies by duration

• Session cookies – are automatically deleted when you close your browser. They exist only for the duration of your visit.

• Persistent cookies – remain stored on your device for a certain period (from several months to years) or until you manually delete them.

2.2. Classification of cookies by origin

• First-party cookies – are set directly by the website you are visiting.

• Third-party cookies – are set by third-party services integrated into the website (e.g. Google Analytics).

3. Cookies used on our Website

3.1. Necessary (technical) cookies

These cookies are essential for the basic functioning of the Website. Without them, it would not be possible to ensure the basic functionality of the site. These cookies do not process any personal data and cannot be deactivated.

Legal basis: legitimate interest of the Operator (Art. 6(1)(f) GDPR) and § 109(8) of Act No. 452/2021 Coll. on electronic communications.

3.2. Analytics cookies

Analytics cookies help us understand how visitors use our Website. They collect anonymized statistical data that allow us to improve the content and functionality of the site.

Important: Analytics cookies are loaded only after your active consent ("Accept all" or enabling analytics cookies in Settings). Without consent, no analytics cookies are stored and Google Analytics is not loaded.

Legal basis: consent of the data subject (Art. 6(1)(a) GDPR).

The visitor's IP address is automatically anonymized in Google Analytics 4 before being stored.

4. How we obtain consent

On your first visit to the Website, an informative cookie banner appears, offering you the following options:

• Accept all – you consent to all types of cookies including analytics;

• Reject – only necessary cookies are activated, analytics cookies are not loaded;

• Settings – a panel opens allowing you to individually configure cookie categories (necessary – always active, analytics – optional).

Your choice is stored in the cookie_consent file in JSON format for a period of 365 days. After this period expires, you will be asked again to express your preferences.

At any time during your visit, you can change your cookie settings by clicking the gear icon in the bottom-left corner of the Website.

5. Managing cookies in your browser

In addition to managing cookies through our cookie banner, you can also control and delete cookies directly in your browser settings:

• Google Chrome: Settings → Privacy and Security → Cookies

• Mozilla Firefox: Settings → Privacy and Security → Cookies and Site Data

• Apple Safari: Preferences → Privacy → Manage Website Data

• Microsoft Edge: Settings → Cookies and Site Permissions → Manage and Delete Cookies

• Opera: Settings → Privacy and Security → Cookies

Please note that completely blocking or deleting cookies may affect the functionality of the Website, as well as many other websites.

6. Opting out of Google Analytics data collection

In addition to rejecting analytics cookies through our cookie banner, you can also prevent Google Analytics data collection by installing the official browser add-on:

Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

More information about how Google processes data can be found at: https://policies.google.com/privacy

7. Changes to the Cookie Policy

The Operator reserves the right to update this Policy periodically, particularly in the event of changes to legal regulations or changes in cookie processing. The current version will always be published on the Operator's Website.

8. Contact

If you have any questions regarding the use of cookies on our Website, you can contact us:

Email: info@chirien.com

Address: CHIRIEN finance s. r. o., Dunajská 2330/58, 811 08 Bratislava, Slovak Republic

Web: www.chirien.sk | www.chirien.cz | www.chirien.com

Effective from: March 20, 2026

Approved by: Mgr. Lukáš Steiniger, Director

Terms of Use

1. General Provisions

The domains chirien.sk, chirien.cz and chirien.com (each individually referred to as the "Website") are operated by CHIRIEN finance s. r. o., with registered office at Dunajská 2330/58, Bratislava – Staré Mesto 811 08, Slovak Republic, Company ID: 57 282 501, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 193049/B (hereinafter referred to as the "Company"). Every user of the Website is required to read these terms before using the Website. By using this Website, the user accepts these terms in full. If you do not agree with these terms, you must not use this Website.

2. Website Content

The information on this Website is intended to provide users with the most important information about the Company and its services. Although we always make every effort to provide current and accurate information, the content of this Website is provided on an "as is" basis, without any warranty of completeness, accuracy or timeliness. The Company reserves the right to change, modify or remove any content of the Website at any time without prior notice.

3. Copyright and Intellectual Property

All content on the Website, including text, graphics, logos, icons, images and software, is the property of the Company and is protected by applicable intellectual property laws. Any unauthorized use, copying, reproduction or distribution of the Website content without the prior written consent of the Company is prohibited.

4. Limitation of Liability

The Company shall not be liable for any direct, indirect, incidental, consequential or special damages arising in connection with the use or inability to use the Website. The content of the Website does not constitute professional advice — for accounting, tax or economic advisory, please contact us directly. The Company is not responsible for the content of third-party websites linked from the Website.

5. Third-Party Links

The Website may contain links to third-party websites or services. The Company has no control over the content, privacy policies or practices of any third-party websites or services and assumes no responsibility for them.

6. Governing Law

These terms shall be governed by and construed in accordance with the laws of the Slovak Republic. Any disputes arising from the use of the Website shall be resolved by the competent courts of the Slovak Republic.

7. Contact

If you have any questions regarding these terms, please contact us at info@chirien.com.