Privacy Policy
Version effective as of: 29 June, 2026
This Privacy Policy (“Policy”) applies to your consent to the processing of personal data granted to bonet.systems, s.r.o., with its registered office at Binárium, Staré Grunty 18, 841 04 Bratislava – Karlova Ves, Slovak Republic, Company ID: 47 258 837, registered in the Commercial Register of the Municipal Court Bratislava III, Section: Sro, File No.: 111224/B (hereinafter referred to as “BONET”, “we”, “us”, or the “Controller”), for the purpose of enabling BONET to contact you, particularly, but not exclusively, by means of informational, educational, promotional and marketing materials, newsletters, and emails.
This Policy applies to both natural persons and legal entities, including commercial companies and other organizations. It reflects the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (“GDPR”), as well as the relevant provisions of Act No. 18/2018 Coll. on Personal Data Protection, as amended.
The company BONET is committed to respecting and protecting the personal data of all data subjects whose personal data it processes. This Policy provides information about the personal data we collect, the purposes for which we process it, the parties with whom it may be shared, your rights as a data subject, and how you may contact us regarding any questions related to personal data processing.
Should there be any changes concerning the processing of personal data, we will inform you by publishing an updated version of this Policy on our website at https://bonet.systems. We therefore recommend that you visit our website regularly and review the current version of this Policy.
The information collected about you will be processed only for as long as necessary to fulfil the purposes for which it was collected. Consent granted for the processing of personal data remains valid from the date it is provided until the expiration of a period of ten (10) years, unless you withdraw your consent earlier in accordance with this Policy and applicable legal requirements. We do not intend to process special categories of personal data, including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for the purpose of uniquely identifying a natural person, health data, or data concerning a person’s sex life or sexual orientation, unless explicit consent has been provided for such processing.
We implement appropriate technical and organizational measures to protect personal data against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction.
1. Data Controller
The controller and administrator of personal data is:
- Company name: bonet.systems, s.r.o.
- Registered office: Binárium, Staré Grunty 18, 841 04 Bratislava, Slovak Republic
- Company ID: 47258837
- VAT ID: SK2120277632
- Website: https://bonet.systems
- Email: support@bonet.sk
2. What Personal Data We Process and Why
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by reference to identifiers such as a name, email address, telephone number, or other identifying information.
We process personal data only when you contact us through the contact form available on our website. Personal data is processed only to the extent necessary and solely for specified, explicit, and legitimate purposes. This purpose is always defined prior to the collection of personal data, whereby this legitimate purpose could not be achieved without the processing of the personal data.
3. Purpose and Legal Basis of Processing
We process your personal data exclusively for the following purposes and based on the legal grounds pursuant to Article 6 of the GDPR.
We process your personal data based on the following legal grounds:
- Article 6(1)(a) GDPR - Consent: Consent is provided by a clear affirmative act, which is a free, specific, informed, and unambiguous expression of your agreement to the processing of your personal data.
- Article 6(1)(c) GDPR - Processing is necessary for compliance with our legal obligation: We may also process and archive your personal data because such an obligation arises for us directly from the law.
a) Handling inquiries via the contact form
- Legal basis: Legitimate interest of the controller (Article 6(1)(f) GDPR) and pre-contractual relationships (Article 6(1)(b) GDPR).
- Scope of data: First name, last name, email address, phone number, company name, subject of interest.
- Retention period: 3 years from the last communication or until withdrawal of consent, where applicable.
Consent provided for marketing purposes is voluntary. However, it is necessary for us to send you individualized product and service offers. Without such consent, we cannot provide you with individualized product and service offers.
b) Analytics and traffic measurement
- Legal basis: Consent of the data subject (Article 6(1)(a) GDPR).
- Tools: Google Analytics 4, Google Tag Manager, LinkedIn Insight Tag.
- Scope: Anonymized IP addresses, website behavior, demographic data, conversion measurement.
- Retention period: 26 months (GA4), 90 days (LinkedIn).
Detailed information on the use of cookies and the method of granting or withdrawing consent can be found in our Cookie Policy.
4. Recipients of Personal Data
Your personal data may be shared with the following categories of recipients:
- Google LLC (Google Analytics and Google Tag Manager), certified under the EU-US Data Privacy Framework
- LinkedIn Ireland Unlimited Company (LinkedIn Insight Tag), certified under the EU-US Data Privacy Framework
- Website hosting providers
- Relevant public authorities and government bodies, if required by law.
We do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes.
5. Transfers to Third Countries
Your personal data is transferred, processed, and stored on servers located in Germany and Slovak Republic.
Google LLC and LinkedIn Ireland Unlimited Company are certified participants in the EU-US Data Privacy Framework program, which guarantees an adequate level of protection when transferring personal data to the US in accordance with Article 45 of the GDPR.
We may outsource data processing to, or share data with, third parties located in countries other than your home country. In order to provide you with access to the website (if relevant in the given case and you access it), you acknowledge and agree that your personal data may be processed, transferred, and stored in other countries where you may not have the same rights as under local legislation.
Your personal data will not be transferred to countries that do not guarantee an adequate level of protection (hereinafter referred to as "third countries").
6. Rights of Data Subjects
As a data subject, you have the following rights under the GDPR:
- Right of access to personal data (Article 15 GDPR) - You have the right to request confirmation as to whether or not personal data concerning you is being processed, and if so, you have the right to access this personal data. You will be provided with a copy of the personal data undergoing processing.
- Right to rectification (Article 16 GDPR) - You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure — right to be forgotten (Article 17 GDPR) - You have the right to have your personal data erased and to cease its processing if:
a) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
b) you have withdrawn your consent or objected to the processing of personal data concerning you; or
c) the processing of your personal data does not comply with the Personal Data Protection Act for other reasons; or
d) the personal data must be erased for compliance with a legal obligation.
- Right to restriction of processing (Article 18 GDPR) - You have the right to obtain restriction of processing if:
a) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
c) we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims;
d) the data subject has objected to processing, pending the verification whether our legitimate grounds override those of the data subject.
If you have obtained restriction of processing, we will inform you before the restriction of processing is lifted.
- Right to data portability (Article 20 GDPR) - In the event that the processing of personal data is carried out by automated means, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, machine-readable, and interoperable format. At the same time, you have the right to request that we transmit your personal data to a controller of your choice.
In this context, we inform you that we are not responsible for how you process the personal data or how the company receiving the personal data processes it. Data portability does not automatically lead to the erasure of data from our systems, nor does it affect the original retention period applicable to the transmitted data.
- Right to object to processing (Article 21 GDPR) - You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you.
- Right to withdraw consent - You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Please send requests to exercise your rights electronically to: support@bonet.sk and include "Personal Data Protection" in the subject line; or by mail to the address of the Controller's registered office: bonet.systems, s.r.o., Binárium, Staré Grunty 18, 841 04 Bratislava – mestská časť Karlova Ves, or in person at the address of the Controller's registered office. We will respond to the request within 30 days.
All your other rights and obligations of BONET when processing your personal data, even if not explicitly stated in this Policy, are governed by the law and the GDPR, which BONET strictly complies with.
You also have the right to file a complaint if you believe that we are processing your personal data in violation of applicable legal regulations, by contacting the state authority supervising personal data protection. This is the Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov SR), Galvaniho Business Centrum III, Galvaniho 7/B, 821 04 Bratislava, Slovak Republic, tel.: +421 2 3231 3214, www.dataprotection.gov.sk, email: statny.dozor@pdp.gov.sk, zodpovednaosoba@pdp.gov.sk.
7. Data Security
We apply appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or destruction, including SSL/TLS encryption, access rights management, and regular security audits.
However, despite our security measures and efforts to secure your information, no 100% security of any electronic transmission over the Internet or information storage technology can be guaranteed, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not defeat our security and improperly collect, access, steal, or modify your data. Although we will do our best to protect your personal data, transmission of personal data to and from our services is at your own risk. You should only access the website within a secure environment.
8. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. We will notify you of any changes by publishing an updated version on our website with a new effective date.
9. Contact Information
Questions or comments regarding this Privacy Policy may be addressed to: support@bonet.sk or by post to BONET's registered office address as the Data Controller specified in Section 1 of this document.
This Privacy Policy is available at https://bonet.systems/privacy-policy/.