Effective date: 2026-04-09
Privacy Policy
This Privacy Policy explains how Bytegix, s.r.o. ("we", "us", "our") collects, uses, and protects your personal data when you visit https://bytegix.com or otherwise interact with us. We follow Regulation (EU) 2016/679 (GDPR) and the Slovak Personal Data Protection Act No. 18/2018 Coll.
1. Data Controller
The data controller responsible for processing your personal data is:
- Name: Bytegix, s.r.o.
- Registered address: Pod hájom 1366/167, 018 41, Slovenská republika
- Company ID (IČO): 55588891
- Tax ID (DIČ): 2122050667
- VAT ID (IČ DPH): SK2122050667
- Registered with: Okresný súd Trenčín, Obchodný register, oddiel: Sro 45593/R
- Contact email: [email protected]
We have not appointed a Data Protection Officer (DPO) because we do not meet the criteria of GDPR Art. 37. For any privacy questions, contact us at [email protected].
2. Personal data we collect
a) Information you provide directly
- Contact form submissions: name, email address, and message content.
- Email correspondence: any information you choose to share with us by email.
b) Collected automatically (server-side)
When you visit our site, our servers process basic HTTP request metadata for security, performance monitoring, and error diagnostics:
- Requested URL, HTTP method, response status, and response time.
- User-agent string and approximate referrer.
- Server-generated trace and request identifiers.
Client IP addresses are stripped from telemetry before it is exported to Azure Application Insights. We do not retain raw IP addresses on our servers.
c) Collected only with your consent (analytics)
If you accept analytics cookies in our cookie banner, the following providers process limited usage data on our behalf:
- Google Analytics 4 — anonymized page views, country-level location, referral source, device type, and aggregated session metrics.
- Azure Application Insights (browser SDK) — page views and session aggregates linked only to a randomly generated identifier.
3. Purposes of processing
- Responding to your enquiries submitted through the contact form or by email.
- Operating, securing, and maintaining the availability of bytegix.com.
- Detecting, investigating, and preventing security incidents and abuse.
- Measuring aggregate site traffic so we can improve content and performance (only with your consent).
- Complying with our legal obligations.
4. Legal basis for processing
- Consent — GDPR Art. 6(1)(a). For analytics cookies and the client-side Application Insights SDK. You may withdraw consent at any time via the Cookie Settings link in the footer.
- Performance of a contract or pre-contractual steps — GDPR Art. 6(1)(b). For handling enquiries that lead to a service relationship.
- Legitimate interest — GDPR Art. 6(1)(f). For server-side error monitoring with masked IP addresses, security logging, fraud prevention, and basic correspondence with prospective clients. Our legitimate interest is to operate a secure and reliable website. You may object to this processing at any time.
- Legal obligation — GDPR Art. 6(1)(c). For records we are required to keep under tax, accounting, or other applicable law.
5. Recipients and processors
We share personal data only with the processors required to operate the site. Each processor is bound by a Data Processing Agreement that meets the requirements of GDPR Art. 28.
| Processor | Role | Location of processing |
|---|---|---|
| Microsoft Ireland Operations Ltd. (Azure) | Hosting, server-side telemetry (Application Insights), email delivery (Azure Communication Services) | Azure West Europe (Netherlands) |
| Google Ireland Ltd. | Google Analytics 4 — only if you accept analytics cookies | European Union, with sub-processors in the United States |
We never sell personal data and we do not share it with advertising networks.
6. International transfers
Personal data is processed primarily within the European Economic Area (EEA). Where any of our processors transfer data outside the EEA — most notably Google Analytics, whose parent company is based in the United States — the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs) of 4 June 2021 and the supplementary technical and organizational measures required following the CJEU Schrems II ruling.
You can request a copy of the relevant safeguards from [email protected].
7. Retention periods
| Category | Retention |
|---|---|
| Contact form correspondence | Up to 24 months from the last interaction, then deleted unless a contract is signed |
| Server-side telemetry (Azure Application Insights) | 30 days |
| Client-side analytics (Google Analytics 4) | Up to 14 months for user-level data; aggregated reports retained indefinitely |
| Cookie consent record (browser cookie) | 6 months from your last decision |
| Records required by law (e.g. accounting) | For the period required by the applicable law (typically 10 years) |
8. Your rights
Under GDPR you have the following rights with respect to your personal data:
- Right of access — Art. 15. Obtain confirmation of whether we process your data and request a copy.
- Right to rectification — Art. 16. Have inaccurate or incomplete data corrected.
- Right to erasure — Art. 17. Have your data deleted where one of the conditions in Art. 17(1) applies.
- Right to restriction — Art. 18. Restrict processing in the cases listed in Art. 18(1).
- Right to data portability — Art. 20. Receive your data in a structured, machine-readable format.
- Right to object — Art. 21. Object to processing based on legitimate interest, including profiling.
- Right to withdraw consent — Art. 7(3). Withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint — Art. 77. File a complaint with the supervisory authority: Úrad na ochranu osobných údajov SR, https://dataprotection.gov.sk.
To exercise any of these rights, contact us at [email protected]. We respond within one month of receiving the request, with a possible extension of two further months for complex requests.
10. Security measures
We apply appropriate technical and organizational measures to protect personal data, including:
- HTTPS with HSTS preload and modern TLS configuration on every request.
- Content Security Policy and other hardened HTTP security headers.
- Server-side IP masking on telemetry before it leaves our infrastructure.
- Least-privilege access controls on Azure resources, secrets stored in Azure Key Vault.
- Regular dependency and infrastructure updates.
11. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you (GDPR Art. 22).
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The current version is always available at this URL with the effective date shown at the top. Material changes will be announced on the site for at least 14 days before they take effect.
13. Contact
For any privacy-related question, including the exercise of your GDPR rights, contact us at [email protected] or by post at Pod hájom 1366/167, 018 41, Slovenská republika.