1. Who We Are

The data controller is: Bonfero s.r.o., Ječná 5849/43, 586 01 Jihlava, ID: 19910860, Czech Republic
Contact email: info@bonfero.com
This Policy explains what personal data we process, for what purpose, how we protect it, and what rights you have.

2. What Data We Process

As part of operating the Bonfero System and website, we may process the following data:
• Name and surname
• Email address
• Phone number
• IP address and cookies (when visiting the website)
• Data you enter into the Bonfero System
• Technical data on service usage (e.g., date and time of access, device or browser type)

3. Why We Process Personal Data

We process your data solely for the following purposes:
• Handling bookings and providing services through the Bonfero System
• Communicating regarding bookings or inquiries
• Improving the functionality of the system and website
• Fulfilling legal obligations (e.g., accounting records)

4. Legal Basis for Processing

We process your data based on:
• Performance of a contract (service booking),
• Legitimate interest (system security, responding to inquiries, preventing misuse, or protecting legal claims),
• Legal obligation (e.g., retention of billing data),
• Or your consent, where required (e.g., for booking reminders).

5. Who Has Access to the Data

Your personal data may be accessed only by entities involved in operating the System or ensuring legal obligations. These include in particular:
• Hosting and IT service providers,
• Email or communication service providers,
• Accountants or tax advisors,
• Or public authorities if legally required.

We are happy to provide you with a specific list of these entities upon request.
All these entities are required to protect personal data in accordance with applicable legal regulations and are bound by contractual confidentiality.

6. How Long We Store Data

We retain your data only for as long as necessary:
• To fulfill the contract and manage bookings (during cooperation),
• Or according to statutory periods (e.g., 10 years for accounting documents).

After the retention period defined by the purpose of processing or legal obligations expires, the personal data will be deleted or anonymized.

7. What Are Your Rights

As a data subject, under the GDPR you have the following rights:
• Right to access personal data,
• Right to correct inaccurate or incomplete data,
• Right to erase personal data (“right to be forgotten”),
• Right to restrict processing,
• Right to data portability,
• Right to object to processing.

If the processing of personal data is based on your consent, you have the right to withdraw this consent at any time without affecting the legality of the processing prior to its withdrawal.
To exercise your rights, please contact us at the email address provided at the beginning of this policy.

8. Data Security

We protect your personal data through technical and organizational measures that comply with current legal requirements and security standards.
Security measures include, in particular, controlled data access, encrypted data transmission, regular system updates, and strict permission settings. Access to personal data is granted only to authorized persons who are bound by confidentiality and trained in data protection.

9. Use of Cookies

Our website may use cookies to ensure basic functionality and analytics. More information can be found in our separate Cookie Policy.

10. Contacting the Supervisory Authority

Your rights regarding data protection are protected by law. If at any time you wish to contact the supervisory authority, you can reach out to:
Office for Personal Data Protection (ÚOOÚ), www.uoou.cz.