Privacy Policy
This Privacy Policy contains information about how we process your personal data in the context of the website https://www.evidyn.ai (the "Website").
We believe that the responsible use of personal data supports business growth and builds strong relationships between partners, consumers, and brands. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact.
globalsoft d.o.o. ("globalsoft", "we", "us" or "our") is a company established under the laws of Bosnia and Herzegovina and headquartered in Široki Brijeg, at Pobijenih franjevaca 25.
The term "you" refers to a natural person (an individual) whose personal data globalsoft collects and processes.
This Policy, among other things, covers the following topics:
- information about your rights and our obligations;
- transparency regarding how we collect, use and process your personal data;
- commitments regarding the protection of your personal data; and
- commitments on how we facilitate the exercise of your rights and respond to your questions.
This Privacy Policy applies when we act as the data controller with respect to the personal data of our website visitors. Most personal data is collected through our Website, whether you submit a contact form or contact us in any other way.
Relevant legislation
Bosnia and Herzegovina – Law on Personal Data Protection ("Official Gazette of BiH", No. 12/25).
How do we collect and use personal data?
The data we collect
We use and process your personal data only where necessary to manage and provide our business services, fulfil our legal obligations, and provide a functional website, content, and services. We carefully consider our use of personal data, and below you can find details on how we protect your privacy.
When you contact us regarding our products and services or when we seek new business opportunities
What personal data do we collect?
- your name and surname;
- contact details (e.g. email address and phone number);
- business details (e.g. company name); and
- any other information you choose to provide, depending on the nature of our communication.
How do we collect it?
Directly from you when you register on our Website to learn more about our business and services (e.g. through the "Schedule an Assessment" contact form) or when you provide us with your contact details while requesting additional information.
Purpose of collection, legal basis and use
We collect and use this data to:
- communicate with you;
- answer your questions;
- determine whether you or your organisation are interested in future cooperation; and
- provide adequate support during pre-sales and procurement processes.
These activities represent our legitimate interest in conducting our business. Where you are our contractual counterpart, we process your personal data because it is necessary for the performance of a contract or for taking steps prior to entering into a contract.
Retention period
Personal data collected for this purpose will be deleted three (3) years after our last communication unless we enter into a business agreement with you or your organisation.
When you visit our Website
What personal data do we collect?
Through cookies, we may collect:
- your IP address;
- browser type and related information;
- pages visited and browsing sequence; and
- information on whether you are a new or returning visitor.
How do we collect it?
Directly from you when you browse our Website through cookies placed in your browser. Cookies may be:
- necessary (technical) cookies, which are placed automatically; or
- marketing cookies, which are placed only after obtaining your consent.
Purpose of collection, legal basis and use
We collect and use this data to maintain and improve our Website and business operations.
When doing so, we rely on:
- our legitimate interest to ensure the functioning of the Website (necessary technical cookies); or
- your consent (marketing cookies).
Retention period
Retention periods depend on the specific types of cookies used. Please refer to our Cookie Policy for more information.
You may withdraw your consent at any time by contacting: info@globalsoft.co
Your Rights
Right of Access
You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, access to such data, including a copy thereof.
Right to Rectification
You have the right to obtain without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data.
Right to Erasure
You have the right to obtain the erasure of your personal data without undue delay where the processing is unlawful or where other legal grounds for erasure apply under applicable legislation.
Right to be Forgotten
You have the right to request the erasure of your personal data without undue delay where the data are no longer necessary for the purposes for which they were collected, where you withdraw the consent on which the processing is based, where you object to the processing, or where the data have been unlawfully processed.
Right to Restriction of Processing
You have the right to obtain restriction of processing where:
- you contest the accuracy of the personal data;
- the processing is unlawful and you oppose erasure and request restriction instead;
- the data is no longer required for processing purposes but is required by you for the establishment, exercise or defence of legal claims; or
- you have objected to processing pending verification of overriding legitimate grounds.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit that data to another controller without hindrance.
Right to Object
You have the right to object to the processing of your personal data at any time by contacting: info@globalsoft.co
Right Not to Be Subject to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Personal Data Breach Notification
We maintain appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures are regularly reviewed and updated in line with technological developments.
It is our policy to act fairly and proportionately when notifying affected individuals of personal data breaches. In accordance with the GDPR, where a breach occurs that may pose a risk to the rights and freedoms of individuals, the competent data protection authority will be notified within 72 hours. Such incidents are handled in accordance with our Security Incident Management Procedure, which defines the entire process for resolving security incidents.