Privacy Policy
- Privacy policy scope
This Privacy Policy applies to data processing carried out by EVNISOFT Ltd, with its registered office in Sofia, Bulgaria (from now on referred to as "EVNISOFT").
EVNISOFT aims to protect visitors' privacy to this website and will collect and process personal data only by the provisions of this Privacy Policy.
This Privacy Policy specifies the categories of personal data EVNISOFT collects through the website evnisoft.com and the EVNIVERSE platform series.
Any questions regarding the processing of personal data can be directed to the email address privacy@evnisoft.com.
EVNISOFT reserves the right to change this Privacy Policy at any time and within the limits permitted by law, without prior notice, to comply with legal obligations and to improve its services for you. Therefore, we recommend that you regularly review this Privacy Policy.
- What personal data do we process?
Personal data are defined by the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) as "any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier." In simpler terms, personal data refers to any information about you that allows you to be identified. Personal data includes obvious information such as your name and contact details, but it also encompasses less obvious information such as identification numbers, electronic locations, and other online identifiers.
This section outlines the general categories of personal data we may process, the purposes for which we may process personal data and the legal bases for processing. Depending on how you use our website, we may collect some or all of the following personal data:
- Personal data
Personal data, including your name, surname, and email address, will be collected if you use our registration forms, contact forms, or the platform itself. These data will be processed lawfully, fairly, and transparently. When collecting data, we will adhere to explicit, legitimate, and incompatible with the original purpose purposes. We will collect only the minimum necessary data and will keep them accurate and up to date. The data will not be retained longer than necessary, and appropriate measures will be taken to protect it from unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Usage data
We may process data regarding your use of our website, such as the type and version of your browser, IP address, geographical location, referral source, duration of the visit, page views, website navigation paths, and data about the timing, frequency, and pattern of your website use. The source of this usage data is our analytics system. We may use this data to analyze the usage of the website. Our legal basis for processing this data is our legitimate interests: monitoring and improving the services provided by our website. However, we will seek your consent when collecting usage data through non-essential cookies.
- Request data
We can process any information in your request related to our company or services ("request data"). The purpose of processing request data may include scheduling a demonstration, offering, marketing, and selling the relevant services. Our legal basis for this processing is our legitimate interest.
- Notification data
When subscribing to our email notifications and/or newsletters ("notification data"), the information you provide may be processed to send you the relevant messages and newsletters. Our legal basis for this processing is your consent, which you can withdraw at any time using the "unsubscribe" link.
- What are my rights?
We adhere to your rights under GDPR, which include:
- The right to be informed about the collection and use of your data. Our Privacy Statement provides the necessary information, but you can contact us with additional questions.
- The right to access the personal data we hold.
- The right to request correction of your data if it is inaccurate or incomplete.
- The right to request the deletion of your data, also known as the "right to be forgotten."
- The right to restrict the processing of your data.
- The right to object to the processing of your data.
- The right to data portability allows you to obtain and reuse your data for various purposes in various services.
- The right not to be subject to automated decision-making and profiling.
If we process your data based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before the withdrawal.
Legal requirements can exercise these rights by sending a letter to EVNISOFT at the following email address: privacy@evnisoft.com.
Suppose you believe that our processing of your personal information violates data protection laws. In that case, you must complain to the data protection supervisory authority. You can do this in the EU Member State where you usually reside, where you believe the violation has occurred. However, we would appreciate it if you first contact us to resolve any issues.
- Transfer of personal data
4.1. Use of data processors
As the data controller, we may use a data processor to process personal data. The data processor is an individual or legal entity that processes your data at our request and on our behalf. The data processor is responsible for maintaining the security and confidentiality of personal data and will always act according to our instructions. We may engage a data processor for various purposes, including hosting, administration, marketing, analysis, and communication.
4.2. Disclosure of personal data to third parties
In addition to the personal information mentioned in this section, we may disclose your data when it is necessary to comply with a legal obligation or to protect your vital interests or those of another person. We may disclose your data when it is required to establish, exercise, or defend legal claims, whether in a judicial, extrajudicial, or administrative process.
If you provide your consent on our website, your data and cookies may be sent to Google for personalized and analytical purposes. For more information, we recommend reviewing Google's privacy and terms of use on their website.
- International data transfer
We will store your information within the European Economic Area (EEA), which includes all EU member states, Norway, Iceland, and Liechtenstein. This ensures that your data will be fully protected by data protection laws and regulations, including the General Data Protection Regulation (GDPR) or equivalent standards required by law.
In some cases, however, we may need to store or transfer some of your data to countries outside the EEA, referred to as "third countries," which may not have the same level of data protection as the EEA. To ensure the same level of protection for your data, we will take additional measures, including the following:
a) We will transfer your data to third countries for which the European Commission has determined that they have adequate data protection. For more information, please visit the European Commission's website.
b) We will use special contracts with external third parties that the European Commission has approved for the transfer of personal data to third countries. These contracts will require the same level of data protection as required by data protection laws.
- Data retention period
We will only retain your data for as long as necessary, considering the purposes for which they were initially collected. Your data will be kept until you delete your profile or as required by law. The following retention periods apply to the storage of your data:
- Personal data
The General Data Protection Regulation (GDPR) requires that personal data be retained only for as long as necessary for the purposes for which they were collected. We understand that the retention period for personal data should be determined based on the purposes for which they were collected, and we ensure that this is always the case. Our data retention policies and procedures are developed in accordance with the GDPR's requirements for limited retention periods for personal data. We regularly delete or destroy data that is no longer necessary.
- Inquiries data
In this section, we may retain your data when it is necessary to comply with a legal obligation that applies to us or to protect the vital interests of you or another individual.
- Third-Party Websites
Our website may contain hyperlinks to third-party websites and information about them. We do not have control over these third-party websites and are not responsible for their privacy policies.
This data protection policy is effective from July 20, 2023.