1. Introduction
We are MATSUKO s.r.o., a company having its registered office at Tomášiková 17, 040 01 Košice - Sever district, Slovakia, incorporated under company ID number 35 886 498 (the “Company” or “we” or “MATSUKO”) and we have developed a family of cybersecurity training applications named TORA AI - Cybersecurity Training 1, TORA AI - Cybersecurity Training 2 and TORA AI - Cybersecurity Training 3 (collectively referred to as the “Applications”), available on our website www.matsuko.com.
This Privacy Policy applies equally to all of the Applications listed above, which share identical data processing practices, data categories, retention periods and security measures. Any reference to the “Application” in singular form in this Policy shall be understood as a reference to any and all of the Applications.
Please read this Privacy Policy (the “Policy”) carefully before you start to use the Application. This Policy is applied when the data processing refers to data subjects in the European Union, also by the Regulation (EU) 2016/679 of the European Parliament and the Council, General Data Protection Regulation (GDPR) and is also governed by the laws of the State of California, in particular, by the California Consumer Privacy Act (CCPA).
Our goal is to protect privacy, confidential information and personal data entrusted to us. We are committed to ensure appropriate security and use of personal data.
This policy gives you information about the way we treat your personal data (sometimes referred to as "personally identifiable information" or "PII") and explains how we collect, use, process, disclose and secure information and personal data obtained from users including information we collect when you visit our websites or our services. It also tells you about your rights and choices with respect to your information, and how you can contact us in case you have any questions or concerns.
2. Information about collection and use
Who is the data controller of your personal data?
The data controller is generally a person who, alone or together with others, determines the purposes and decides how personal data will be processed. MATSUKO is the data controller of personal data. In other words, we determine the purposes and means of the processing of that personal data.
How do we collect personal data?
We obtain your personal data directly from you. Mostly from filled-in forms, mutual communication or agreements. We can also obtain personal data from third parties we cooperate with, which are entitled to access and process your personal data, and from publicly accessible sources or social or other online platforms.
List of processing activities
Collection of customers for the Early Access Program.
– The purpose of the processing is to collect, analyse and store personal data about potential customer within early access program via link to a web form on the company web page www.matsuko.com. Processing of the data is within internal tools and early access program customers are categorized into groups and prioritized based on owned VR/AR/MR device, mobile phone and experience with XR.
– We are processing personal data - Early access customer information (name, company, position, e-mail, time zone), Early access customer hardware (type of phone, XR glasses, ...) - of Early access program potential customers.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 1 year. We are sharing and transferring data using a selection of 3rd party software tools such as online Web form tools, Analytic tools, CRM tools, Service desk tools, and in cooperation with approved External developers, Shareholders, State regulators.
XR Cybersecurity Training delivered through the Application
-The purpose of the processing is to deliver interactive XR cybersecurity training (e.g. phishing recognition, social engineering, password hygiene, secure remote work, incident response), to authenticate users, track lesson progress, scores and completion, and to issue certificates of completion.
– We are processing personal data - User account information (name, e-mail, organisation, role), Training activity data (modules completed, time spent, quiz answers, scores, certificates issued), Device and technical data (headset model, Application version, IP address, language settings, diagnostic logs) - of users of the Applications.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 1 year. We are sharing and transferring data through MATSUKO’s front-end and back-end infrastructure of the Applications, hosted servers, CRM tools, Service desk tools, and in cooperation with approved External developers, Shareholders, State regulators.
Collection of testimonials.
— The purpose of the processing is to collect, analyse and share user testing feedback/testimonials that are collected during product presentation at various conferences, presentation and marketing activities via 3rd party technology tools. Communication of collected testimonials to advertise is done via website, social media and printed materials.
– We are processing personal data - Visitor and user information (name, company, position, photo, video, age group), Visitor hardware used for testing (type of phone, XR glasses...) - of Visitors and users during user testing.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 3 years. We are sharing and transferring data through suitable 3rd party software tools, Social networks (Facebook, Instagram, Twitter, YouTube, and others), and in cooperation with approved website management agencies (Web developer), Marketing Agencies, Shareholders, State regulators.
Direct marketing.
— The purpose of the processing is to collect and use contact information for distribution and providing information as a part of direct marketing, e.g. newsletters, product updates, marketing newsletters within approved and specialized communication tools and platforms.
— We are processing personal data of clients and those who are interested in the service such as full name, e-mail address, phone number, address.
— Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 3 years. We are sharing and transferring data through selected CRM tools and Marketing tools and in cooperation with approved Professional consultants and advisers, Shareholders, State regulators.
All types of cookies on the webpage www.matsuko.com.
— The purpose of the processing is to transmit or facilitate the transmission of the message over the network or, if absolutely necessary for the operator as an information society service provider, to provide the information society service explicitly requested by the website user. Analytical cookies allow the operator to recognize and count the number of users and obtain information about how the website is used (e.g. which pages the user opens most often and whether the user receives error messages from some sites). This helps the operator to improve the way its website page works, for example, so that the user can easily find what he is looking for.
– We are processing personal data - Log data (your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details), Device data (device type, operating system, unique device identifiers, device settings, and geo-location data - of website visitors/users.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - consent of the person concerned with retention period adjusted for a specific cookie. We are sharing and transferring data in cooperation with professional consultants and advisers who are bound by a legal and/or contractual obligation of confidentiality; website management company; social media companies that use 3rd party cookies and entities to which the controller provides personal data by law.
What are the purposes and legal basis for processing of personal data?
We will process your personal data lawfully, fairly and in a transparent manner. We collect and process information about you only where we have a legal basis to do so, which includes: consent for a specific purpose, the performance of an agreement, compliance with a legal obligation, or satisfying a legitimate interest that is not overridden by your data protection interests.
How long do we process personal data?
MATSUKO keeps personal data only for a limited time as predefined in the list of processing activities above. Once this period has expired, or upon a valid user deletion request, we will permanently delete or anonymize your data using secure procedures.
How do we secure processed personal data?
We take appropriate technical, physical, legal and organizational measures to protect personal information from unauthorized loss, misuse, alteration, or destruction. If you have any reason to believe that your communications with us are no longer secure, please notify us immediately via email address privacy@matsuko.com.
Transfers to third parties
We will not share your personal information with other individuals or organizations without your permission, except when applicable by law or required by our data processors to deliver the services. We will provide you with the full list of processors upon your request.
3. What are your rights?
We make sure the processing of all personal data is done properly and safely. Regardless of your geographic location, all data subject rights outlined below, including the right to deletion, are freely available to all users globally, without discrimination, and cannot be unduly restrictive.
How to request data deletion
If you are a user of our VR applications, such as TORA AI, Cybersecurity Training, or our services, and you wish to request the absolute deletion of your user account, training activity data, progress, or any other collected personal data, you can do so freely at any time by contacting us via email at privacy@matsuko.com. Upon receiving your email, we will erase your data from our active databases and servers without undue delay.
Every user is globally entitled to the following:
The right to erasure (deletion) - You have the right to request that MATSUKO erases your personal data from our systems. This right can be exercised at any time, without geographic restrictions or undue delays.
The right to access - You have the right to request MATSUKO for copies of your personal data.
The right to rectification - You have the right to request that MATSUKO corrects any information you believe is inaccurate. You also have the right to request MATSUKO to complete information you believe is incomplete.
The right to restrict processing - You have the right to request that MATSUKO restricts the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to MATSUKO’s processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that MATSUKO transfers the data that were collected to another organization, or directly to you, under certain conditions.
4. Privacy policy of other website
MATSUKO may contain links or connections to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy policies, content, or practices of any third-party websites. We encourage you to read the terms and conditions and privacy policy of each third-party service you visit.
5. Changes to our privacy policy
At our discretion, we may change our Policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If we make a significant change to this Policy, such as changing a lawful base, we will ask you to re-consent to the amended Policy.This privacy policy was last updated on 21st May 2026.
6. Policy questions and enforcement
In case of any questions or when exercising your rights under relevant data protection legislation please contact us via email address privacy@matsuko.com or standard post service within our address:
MATSUKO s.r.o.
Tomášiková 17,
040 01 Košice, Sever district,
Slovakia.
In any event, you always have the right to lodge a complaint with the Slovak regulator in charge of protecting personal information: https://dataprotection.gov.sk/uoou/ or via address:
Úrad na ochranu osobných údajov SR
Hraničná 12,
820 07 Bratislava
Slovak republic
We are MATSUKO s.r.o., a company having its registered office at Tomášiková 17, 040 01 Košice - Sever district, Slovakia, incorporated under company ID number 35 886 498 (the “Company” or “we” or “MATSUKO”) and we have developed a family of cybersecurity training applications named TORA AI - Cybersecurity Training 1, TORA AI - Cybersecurity Training 2 and TORA AI - Cybersecurity Training 3 (collectively referred to as the “Applications”), available on our website www.matsuko.com.
This Privacy Policy applies equally to all of the Applications listed above, which share identical data processing practices, data categories, retention periods and security measures. Any reference to the “Application” in singular form in this Policy shall be understood as a reference to any and all of the Applications.
Please read this Privacy Policy (the “Policy”) carefully before you start to use the Application. This Policy is applied when the data processing refers to data subjects in the European Union, also by the Regulation (EU) 2016/679 of the European Parliament and the Council, General Data Protection Regulation (GDPR) and is also governed by the laws of the State of California, in particular, by the California Consumer Privacy Act (CCPA).
Our goal is to protect privacy, confidential information and personal data entrusted to us. We are committed to ensure appropriate security and use of personal data.
This policy gives you information about the way we treat your personal data (sometimes referred to as "personally identifiable information" or "PII") and explains how we collect, use, process, disclose and secure information and personal data obtained from users including information we collect when you visit our websites or our services. It also tells you about your rights and choices with respect to your information, and how you can contact us in case you have any questions or concerns.
2. Information about collection and use
Who is the data controller of your personal data?
The data controller is generally a person who, alone or together with others, determines the purposes and decides how personal data will be processed. MATSUKO is the data controller of personal data. In other words, we determine the purposes and means of the processing of that personal data.
How do we collect personal data?
We obtain your personal data directly from you. Mostly from filled-in forms, mutual communication or agreements. We can also obtain personal data from third parties we cooperate with, which are entitled to access and process your personal data, and from publicly accessible sources or social or other online platforms.
List of processing activities
Collection of customers for the Early Access Program.
– The purpose of the processing is to collect, analyse and store personal data about potential customer within early access program via link to a web form on the company web page www.matsuko.com. Processing of the data is within internal tools and early access program customers are categorized into groups and prioritized based on owned VR/AR/MR device, mobile phone and experience with XR.
– We are processing personal data - Early access customer information (name, company, position, e-mail, time zone), Early access customer hardware (type of phone, XR glasses, ...) - of Early access program potential customers.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 1 year. We are sharing and transferring data using a selection of 3rd party software tools such as online Web form tools, Analytic tools, CRM tools, Service desk tools, and in cooperation with approved External developers, Shareholders, State regulators.
XR Cybersecurity Training delivered through the Application
-The purpose of the processing is to deliver interactive XR cybersecurity training (e.g. phishing recognition, social engineering, password hygiene, secure remote work, incident response), to authenticate users, track lesson progress, scores and completion, and to issue certificates of completion.
– We are processing personal data - User account information (name, e-mail, organisation, role), Training activity data (modules completed, time spent, quiz answers, scores, certificates issued), Device and technical data (headset model, Application version, IP address, language settings, diagnostic logs) - of users of the Applications.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 1 year. We are sharing and transferring data through MATSUKO’s front-end and back-end infrastructure of the Applications, hosted servers, CRM tools, Service desk tools, and in cooperation with approved External developers, Shareholders, State regulators.
Collection of testimonials.
— The purpose of the processing is to collect, analyse and share user testing feedback/testimonials that are collected during product presentation at various conferences, presentation and marketing activities via 3rd party technology tools. Communication of collected testimonials to advertise is done via website, social media and printed materials.
– We are processing personal data - Visitor and user information (name, company, position, photo, video, age group), Visitor hardware used for testing (type of phone, XR glasses...) - of Visitors and users during user testing.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 3 years. We are sharing and transferring data through suitable 3rd party software tools, Social networks (Facebook, Instagram, Twitter, YouTube, and others), and in cooperation with approved website management agencies (Web developer), Marketing Agencies, Shareholders, State regulators.
Direct marketing.
— The purpose of the processing is to collect and use contact information for distribution and providing information as a part of direct marketing, e.g. newsletters, product updates, marketing newsletters within approved and specialized communication tools and platforms.
— We are processing personal data of clients and those who are interested in the service such as full name, e-mail address, phone number, address.
— Processing is based on Art. 6 par. 1 letter a) of GDPR - Consent of the person concerned with retention period 3 years. We are sharing and transferring data through selected CRM tools and Marketing tools and in cooperation with approved Professional consultants and advisers, Shareholders, State regulators.
All types of cookies on the webpage www.matsuko.com.
— The purpose of the processing is to transmit or facilitate the transmission of the message over the network or, if absolutely necessary for the operator as an information society service provider, to provide the information society service explicitly requested by the website user. Analytical cookies allow the operator to recognize and count the number of users and obtain information about how the website is used (e.g. which pages the user opens most often and whether the user receives error messages from some sites). This helps the operator to improve the way its website page works, for example, so that the user can easily find what he is looking for.
– We are processing personal data - Log data (your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details), Device data (device type, operating system, unique device identifiers, device settings, and geo-location data - of website visitors/users.
– Processing is based on Art. 6 par. 1 letter a) of GDPR - consent of the person concerned with retention period adjusted for a specific cookie. We are sharing and transferring data in cooperation with professional consultants and advisers who are bound by a legal and/or contractual obligation of confidentiality; website management company; social media companies that use 3rd party cookies and entities to which the controller provides personal data by law.
What are the purposes and legal basis for processing of personal data?
We will process your personal data lawfully, fairly and in a transparent manner. We collect and process information about you only where we have a legal basis to do so, which includes: consent for a specific purpose, the performance of an agreement, compliance with a legal obligation, or satisfying a legitimate interest that is not overridden by your data protection interests.
How long do we process personal data?
MATSUKO keeps personal data only for a limited time as predefined in the list of processing activities above. Once this period has expired, or upon a valid user deletion request, we will permanently delete or anonymize your data using secure procedures.
How do we secure processed personal data?
We take appropriate technical, physical, legal and organizational measures to protect personal information from unauthorized loss, misuse, alteration, or destruction. If you have any reason to believe that your communications with us are no longer secure, please notify us immediately via email address privacy@matsuko.com.
Transfers to third parties
We will not share your personal information with other individuals or organizations without your permission, except when applicable by law or required by our data processors to deliver the services. We will provide you with the full list of processors upon your request.
3. What are your rights?
We make sure the processing of all personal data is done properly and safely. Regardless of your geographic location, all data subject rights outlined below, including the right to deletion, are freely available to all users globally, without discrimination, and cannot be unduly restrictive.
How to request data deletion
If you are a user of our VR applications, such as TORA AI, Cybersecurity Training, or our services, and you wish to request the absolute deletion of your user account, training activity data, progress, or any other collected personal data, you can do so freely at any time by contacting us via email at privacy@matsuko.com. Upon receiving your email, we will erase your data from our active databases and servers without undue delay.
Every user is globally entitled to the following:
The right to erasure (deletion) - You have the right to request that MATSUKO erases your personal data from our systems. This right can be exercised at any time, without geographic restrictions or undue delays.
The right to access - You have the right to request MATSUKO for copies of your personal data.
The right to rectification - You have the right to request that MATSUKO corrects any information you believe is inaccurate. You also have the right to request MATSUKO to complete information you believe is incomplete.
The right to restrict processing - You have the right to request that MATSUKO restricts the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to MATSUKO’s processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that MATSUKO transfers the data that were collected to another organization, or directly to you, under certain conditions.
4. Privacy policy of other website
MATSUKO may contain links or connections to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy policies, content, or practices of any third-party websites. We encourage you to read the terms and conditions and privacy policy of each third-party service you visit.
5. Changes to our privacy policy
At our discretion, we may change our Policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. If we make a significant change to this Policy, such as changing a lawful base, we will ask you to re-consent to the amended Policy.This privacy policy was last updated on 21st May 2026.
6. Policy questions and enforcement
In case of any questions or when exercising your rights under relevant data protection legislation please contact us via email address privacy@matsuko.com or standard post service within our address:
MATSUKO s.r.o.
Tomášiková 17,
040 01 Košice, Sever district,
Slovakia.
In any event, you always have the right to lodge a complaint with the Slovak regulator in charge of protecting personal information: https://dataprotection.gov.sk/uoou/ or via address:
Úrad na ochranu osobných údajov SR
Hraničná 12,
820 07 Bratislava
Slovak republic
