top of page

Terms & Conditions – Data Processing Agreement

Last Updated: 01-10-2025

​

1. Introduction

These Terms & Conditions (“Terms”) govern access to and use of the Go Bonoos Business Portal (“Portal”), operated by Basaamad Co, registered in Denmark under CVR number 36612266 (“we,” “our,” “us”).

The Portal is a B2B, web-based subscription service that enables registered businesses to receive and respond to discount requests initiated by consumers of the separate Bonoos application. The Portal is not aimed at consumers.

By creating an account and/or purchasing a subscription, you (“you,” “your,” “Customer,” “Business”) agree to these Terms. If you do not agree, you must not use the Portal.

​

By using the Portal on behalf of a company, you represent that you have authority to bind that company and that these Terms apply to the company as Customer.

​

The Portal and its related services must not be used to create, host, advertise, or process any product, material, or communication containing or promoting sexual or adult content, alcohol, tobacco, recreational drugs, weapons, or any other restricted items under applicable law or platform policies (including Apple App Store and Google Play).

---------------------------------

​

2. Scope of Service

  • The Portal allows your business to:

    • Receive, review, and respond to discount requests from Bonoos App users.

    • Manage offers, counteroffers, or declines.

    • Access analytics and reporting tools where available.

  • We do not guarantee any particular number or quality of discount requests.

  • We are not responsible for the outcome of transactions between your business and consumers.

You agree not to upload or list prohibited or restricted product categories such as adult or sexual materials, alcohol, tobacco, vaping, controlled substances, weapons, ammunition, explosives, or violent or discriminatory content. Any such listings may be removed without notice.

You will not (and will not permit anyone to): (a) use the Portal in breach of law (including consumer, marketing, export-control, sanctions, anti-bribery, or privacy laws); (b) upload unlawful, misleading, or infringing content; (c) attempt to reverse engineer, copy, or create derivative works of the Portal; (d) interfere with security or integrity of the service; (e) send spam or abusive communications via the Portal; (f) misrepresent discounts, prices, availability, or redemption rules.

---------------------------------

 

​3. Our Limited Role

We are a facilitation platform only. We:

  • Do not sell, supply, or deliver products or services to consumers.

  • Do not verify the accuracy, legality, or validity of consumer requests or your offers.

  • Are not responsible for ensuring that discounts, voucher codes, or promotions are honored.

  • Do not mediate disputes between your business and consumers.

  • Do not provide legal, tax, accounting, or compliance advice; any guidance in the Portal or documentation is for general information only.

We may remove or disable access to content or data that violates applicable law, advertising standards, or platform policies on prohibited products.

---------------------------------

​

4. Service Availability; Support; Beta

The Portal is provided without any service-level commitment or uptime warranty unless expressly agreed in a signed order. Maintenance windows or outages may occur without liability. We may offer preview/beta features “as is”; they may be changed or withdrawn at any time and are excluded from warranties and liability caps to the maximum extent permitted by law.

​---------------------------------

​

5. Eligibility

To use the Portal, you must:

  • Be a legally registered business, organization, or sole proprietorship.

  • Have authority to bind your business to contracts.

  • Provide accurate, up-to-date information during signup and maintain it thereafter.

We may reject or terminate accounts for businesses engaged in or promoting restricted or illegal goods or services.

---------------------------------

​

6. Subscription Plans

  • The Portal operates on a subscription model.

  • Subscription fees, billing cycles, and included features are described on our website or within the Portal at the time of purchase.

  • All fees are stated exclusive of applicable taxes (e.g., VAT), unless otherwise indicated.

  • We may change prices or plan features by giving at least 30 days’ prior notice by email or in-product message. Changes apply from the next renewal; you may cancel before renewal to avoid the change.

---------------------------------

​​

7. Payments

​​Payments are collected via our designated payment processor (e.g., Wix Payments or Stripe). You authorize automatic, recurring charges to your selected payment method for each billing period and all applicable taxes and government charges. You are responsible for all taxes related to your subscription, excluding our income taxes. Failed or disputed payments may result in suspension or termination and may incur collection costs.

---------------------------------

​

8. Cancellation & Termination

Your Cancellation

  • You may cancel your subscription at any time via the Portal account settings or by contacting our support team.

  • Cancellation takes effect at the end of the current billing cycle; no refunds are provided for partial periods unless required by law.

Our Termination Rights
We may suspend or terminate your account immediately if you:

  • Breach these Terms.

  • Fail to pay subscription fees.

  • Use the Portal for unlawful purposes.

​

We may also suspend the Portal immediately to address security, fraud, or compliance risks.
Upon termination, access ceases and sections intended to survive (including Intellectual Property, Confidentiality, Limitation of Liability, Indemnification, Governing Law) will continue to apply.

---------------------------------

​​

9. Data Processing Agreement (DPA)

Because we process personal data of consumers on your behalf, our Data Processing Agreement forms part of these Terms.

  • By accepting these Terms, you also accept the DPA.

  • The DPA specifies:

    • Our roles as Data Processor and your role as Data Controller.

    • Security measures in place.

    • List of approved sub-processors (e.g., Supabase, Vercel, Wix, Stripe).

    • Data transfer safeguards if applicable.

For business contact data of your staff used to manage the account (e.g., admin users), we act as independent controller; for consumer data you send to or retrieve from the Portal, we act as processor as defined in the DPA.

---------------------------------

​​

10. Your Responsibilities as a Business User

You agree to:

  • Use the Portal only for lawful business purposes.

  • Respond to consumer requests promptly and professionally.

  • Ensure that offers and discounts you provide are accurate, lawful, and not misleading.

  • Comply with all applicable laws (e.g., consumer protection, advertising standards).

  • Ensure that no product or offer you upload or manage through the Portal involves adult, sexual, violent, or otherwise restricted content or products.

  • Comply with advertising and age-restriction laws for all markets where you use the service.

  • Maintain compliance with Apple App Store, Google Play, and local consumer-protection rules.

---------------------------------

​

11. Intellectual Property

  • All content, software, and branding in the Portal are owned by us or our licensors.

  • You may not copy, modify, or redistribute Portal content except as expressly allowed under these Terms.

---------------------------------

​

12. Privacy & Data Protection

​​We process personal data in accordance with GDPR. Our Privacy Policy – Go Bonoos Business Portal explains how we process account and usage data as independent controller, including for security, support, billing, and analytics using de-identified or aggregated data. Where we process consumer data on your instructions, the DPA applies.

We may send account, transactional, and service messages. Marketing emails are sent only with your consent and include an unsubscribe option.

---------------------------------

​

13. Confidentiality

Both parties agree to keep each other’s confidential information secure and not disclose it to third parties, except as required by law. Each party may disclose the other’s confidential information to legal or regulatory authorities where required by law, after giving notice where lawful to do so.

---------------------------------

​

14. Limitation of Liability

To the fullest extent permitted by law: (a) we are not liable for indirect, incidental, special, punitive, exemplary, or consequential damages, loss of profits, revenue, goodwill, or data, even if advised of the possibility; (b) our aggregate liability arising out of or related to the Portal, these Terms, or the DPA, whether in contract, tort, or otherwise, is limited to the amounts actually paid by you for the Portal in the six (6) months immediately preceding the event giving rise to the liability; and (c) we have no liability for claims caused by third-party services, your instructions, your misuse, or events beyond our reasonable control. Nothing limits liability that cannot be limited by law.

We are not liable for any action taken to remove, block, or report prohibited or restricted content or for any resulting loss of data or business opportunity.

---------------------------------

​

15. Indemnification

You agree to indemnify and hold harmless Basaamad Co, its affiliates, officers, and employees from any claims, damages, or costs arising from:

  • Your breach of these Terms.

  • Your violation of applicable laws.

  • Any dispute between you and a consumer.

We shall have the right to control the defense and settlement of any indemnified claim. You will not settle any matter imposing obligations on us without our prior written consent.

---------------------------------

​

16. Force Majeure

We are not liable for delays or failures caused by events beyond our reasonable control, including natural disasters, internet outages, or legal restrictions.

---------------------------------

​

17. Third-Party Services

The Portal may interoperate with third-party services (e.g., payment processors, email/SMS gateways, hosting). We are not responsible for third-party services; their terms and privacy notices apply. Enabling a third-party service constitutes your authorization for us to exchange relevant data with that service.

---------------------------------

​

18. Governing Law & Jurisdiction

These Terms are governed by Danish law.
Disputes will be resolved exclusively in the courts of Denmark, unless mandatory law in your jurisdiction requires otherwise.

The United Nations Convention on Contracts for the International Sale of Goods does not apply.

---------------------------------

​

19. Changes to These Terms

We may update these Terms from time to time. Material changes will be notified via the Portal or by email before they take effect. Continued use of the Portal after changes constitutes acceptance.

If you materially object to a change that adversely affects you and it is not required by law, you may terminate before the effective date and we will refund any prepaid, unused fees for the remainder of the term.

Material updates related to legal or platform-compliance requirements (e.g., content restrictions or data-processing obligations) may take effect immediately where necessary to maintain compliance.

---------------------------------

20. Miscellaneous

Notices. We may provide notices by email to your admin contact or in-product.
Assignment. You may not assign these Terms without our prior written consent; we may assign to an affiliate or in connection with a merger or asset transfer.
Severability; Waiver. If a provision is unenforceable, the remainder remains in effect; failure to enforce is not a waiver.
Order of Precedence. If there is a conflict, a signed order or addendum prevails over these Terms, which prevail over online documentation.

---------------------------------

​

21. Contact Information

​

Basaamad Co

Ståbyvej 22, 2740 Skovlunde

support@gobonoos.com

 

---------------------------------

---------------------------------

 

 

Annex 1 – Data Processing Agreement (DPA)

​

Last Updated: 01-10-2025

1. Parties

This Data Processing Agreement (“DPA”) is entered into between:

Data Controller: The business customer using the Go Bonoos Business Portal (“Customer,” “Controller”)
Data Processor: Basaamad Co, registered in Denmark under CVR number 36612266 (“Processor,” “we,” “us”)

For business contact and account data of the Customer’s staff, Basaamad Co acts as independent controller. For consumer data processed through the Portal on Customer’s instructions, Basaamad Co acts as processor.

This DPA forms part of the Go Bonoos Business Portal Terms & Conditions and is effective for the duration of your subscription.

---------------------------------

​

2. Purpose

The Processor will process personal data on behalf of the Controller for the sole purpose of providing the Go Bonoos Business Portal service, which enables businesses to receive and respond to discount requests from consumers using the Bonoos mobile app.

---------------------------------

​

3. Roles of the Parties

  • Controller: Determines the purposes and means of processing personal data.

  • Processor: Processes personal data on behalf of the Controller and in accordance with the Controller’s documented instructions.

---------------------------------

​

4. Nature of Processing

Categories of Data Subjects:

  • Consumers using the Bonoos mobile application to send requests to the Controller.

Types of Personal Data:

  • Contact details (name, email address, phone number if provided).

  • Request details (requested product/service, requested discount, timestamps).

  • Technical metadata (IP address, device information if available).

  • Optional identifiers supplied by the Controller (e.g., internal customer IDs) and voucher/offer metadata.

Processing Activities:

  • Receiving and storing discount requests.

  • Making requests available to the Controller through the Portal.

  • Transmitting responses from the Controller to the consumer.

  • Providing support, analytics, and logging.

  • Generation and storage of voucher codes when initiated by Customer; fraud-prevention checks; creation of aggregated, de-identified analytics.

The Processor will not intentionally process any special-category or prohibited-content data such as sexual material, drug-related information, or references to restricted goods. The Controller must not upload such data.

---------------------------------

​

5. Controller Instructions

The Processor will process personal data only:

  • In accordance with these Terms and this DPA.

  • As necessary to provide the Portal services.

  • As required by applicable law (in which case Processor will notify Controller unless prohibited by law).

​​Processor will promptly inform Controller if, in Processor’s opinion, an instruction violates GDPR; Processor may refuse to execute unlawful instructions.

---------------------------------

​

6. Security Measures

The Processor will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Data encryption in transit and at rest.

  • Access controls with role-based permissions.

  • Regular security patching and vulnerability testing.

  • Backup and recovery procedures.

  • Encryption keys and secrets stored separately with restricted access; audit logging of administrative actions; least-privilege access reviews.

A high-level description of current technical and organizational measures (TOMs) is available on request and may be updated without reducing overall security.

​Automated or manual controls may be used to detect and prevent processing of unlawful or prohibited content.

---------------------------------

​

7. Confidentiality

The Processor will ensure that all persons authorized to process personal data are bound by confidentiality obligations.

---------------------------------

​

8. Sub-Processors

​The following sub-processors are currently engaged. The list may be updated from time to time as described in this Section.


Supabase (database & authentication; EU/US; SCCs),
Vercel (web hosting; EU/US; SCCs),
Wix (marketing site hosting; EU/US; SCCs),
Stripe or Wix Payments (payment processing; EU/US; PCI DSS + SCCs),
OneSignal and Resend as Email/SMS/Push Gateway providers (notifications; EU/US; SCCs).

​

​We do not sell personal data to third parties.

​

​Controller authorizes the sub-processors listed in the Sub-Processor Registry (including Supabase, Vercel, Wix, payment processors, and email/SMS/Push gateway providers such as OneSignal and Resend). Processor may add, replace, or remove sub-processors by posting an updated list and notifying Controller (email or in-product). Controller may object on reasonable, documented grounds related to data protection within 15 days of notice; if unresolved, Controller may terminate the affected services and receive a pro-rata refund of prepaid, unused fees. Processor remains responsible for sub-processors’ performance.

---------------------------------

​

9. International Data Transfers

If personal data is transferred outside the EU/EEA, the Processor will ensure appropriate safeguards such as:

  • Adequacy decisions by the European Commission.

  • Standard Contractual Clauses (SCCs).

Where SCCs apply, the parties agree the 2021 EU SCCs (controller-to-processor / processor-to-processor modules as appropriate) with Denmark as the governing law for SCCs and the supervisory authority being the Danish DPA. Annexes may be populated by reference to this DPA and the TOMs.

---------------------------------

​

10. Data Subject Rights

The Processor will assist the Controller in fulfilling requests from data subjects under GDPR, including:

  • Access requests

  • Rectification requests

  • Deletion requests

  • Objections to processing

  • Data portability requests

Such assistance may be subject to reasonable reimbursement if the request is burdensome. Processor may charge reasonable costs for excessive, unfounded, or repetitive requests as permitted by GDPR Art. 12(5).

---------------------------------

​

11. Data Breach Notification

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach.
The notification will include:

  • Nature of the breach

  • Categories and approximate number of data subjects affected

  • Likely consequences

  • Measures taken or proposed to address the breach

Notification does not constitute an admission of fault or liability.

---------------------------------

​

12. Return or Deletion of Data

Upon termination or written request, Processor will delete Customer Personal Data within 90 days unless law requires retention. Before deletion, Controller may request a standard export once within that period. Backups will be overwritten in the ordinary course of business.

---------------------------------

​

13. Audits

No more than once in any 12-month period, Controller may audit Processor’s compliance by (a) reviewing a current independent third-party security report or certification (e.g., SOC 2, ISO/IEC 27001) made available under NDA, and (b) if reasonably necessary, conducting a focused onsite or remote audit of relevant records upon 30 days’ prior written notice. Audits must minimize disruption, occur during normal business hours, and are at Controller’s expense. Findings are Processor Confidential Information.

---------------------------------

​

14. Liability

Each party’s liability under this DPA is subject to the limitations set out in the main Terms & Conditions. Free or beta features are provided as is and excluded from any indemnities and liability to the maximum extent permitted by law.

---------------------------------

​

15. Governing Law and Jurisdiction

This DPA is governed by Danish law, and any disputes shall be resolved in the courts of Denmark, unless otherwise required by mandatory law.

---------------------------------

​

16. Contact

​

Basaamad Co

Ståbyvej 22, 2740 Skovlunde

support@gobonoos.com

---------------------------------

---------------------------------

 

 

Annex 2 – Prohibited Content and Use

Businesses may not use the Go Bonoos Portal to manage or promote:

  • Adult or sexually explicit products or services

  • Alcohol, tobacco, vaping, or drug-related products

  • Weapons, ammunition, or explosives

  • Violent, hateful, or discriminatory material

  • Illegal or restricted goods or any content breaching applicable platform or advertising laws

Violations may result in immediate suspension or permanent termination.

bottom of page