NSoft .d.o.o. („NSoft, “we,” “us” or “our”) is a company established under law of Bosnia and Herzegovina with the headquarter in Mostar, blajburških žrtava bb. NSoft d.o.o. treats the security of its personal data very seriously.
This Policy, beside other, covers these topics:
information about your rights and our obligations,
clarity about our dealings with you and transparency about how we collect and use your personal data,
commitments on how we protect your personal data,
commitments on how we will facilitate your rights and respond to your questions.
1.1. Relevant legislation
Bosnia and Herzegovina - Law on Personal Data Protection ("Official Gazette of BiH" No. 49/06 and 76/11)
General Data Protection Regulation Implementation Act
2. How do we use and collect personal data?
2.1. The Data we collect
We use and process your personal data only if necessary to manage and operate our business services, to fulfil our regulatory obligations, to provide a functional website, content, and services. We think carefully about our use of personal data, and below, you can find the details of what we do to protect your privacy.
a) Client relationship administration
Purpose- The purpose is to manage the client relationship, including the prevention of conflicts of interests, establish the client and new cases, provide advice, invoice as well as administer, manage and develop our business and services, operate and maintain our systems.
Data Subject- The client, including employees of the client
Category of Personal Data- Personal data such as name, title, address, telephone number and e-mail address, in some cases employee number, invoice information.
Retention Period- The personal data is deleted after 10 years, calculated from the end of the calendar year in which the client relationship is terminated, unless specific circumstances require a shorter or longer storage period in accordance with relevant legislation.
Legal ground- Legal ground for collecting and processing these personal data is Article 6. point 1(b) and c)
b) Fairs, networks and similar events at NSoft
Purpose- The purpose is to arrange, hold and evaluate courses, networks and similar events at NSoft.
Data Subject- The Participant.
Category of Personal Data- Personal data such as name, title, e-mail address, telephone number and organisation.
Retention Period- The personal data will be deleted after two years, calculated from the time of the network or event, unless specific circumstances require a shorter or a longer storage period in accordance with relevant legislation.
Legal ground- Legal ground for collecting and processing these personal data is Article 6. point 1 (a) and (b)
c) Visiting our Website
Purpose: The use of our Services is possible without providing your personal data to us. The main reasons why we collect and use data about our users are:
- to improve your experience on the Website
- to provide the services you signed up for, such as subscriptions,
- to create marketing analysis and send you communications when we have your permission or when permitted by law,
- to enable us to show advertising on our sites.
Data Subject: The visitor of NSoft.is website.
Category of Personal Data: Our system automatically registers every access to our Website and temporarily stores this information in a “log file.” Among the data saved in this context are in particular:
- IP-address of the accessing computer
- Name and URL of the accessed file,
- Date and time of the access,
- Access status/HTTP status code,
- Amount of data transferred for each transmission,
- Browser identification data.
Legal ground: Legal ground for collecting and processing these personal data is Article 6. point 1 (a) and (f)
d) When you contact us through contact form
Purpose: we will process your inquiries to provide you with information about the services we offer. This might include replying to your question or sending you invites to our events only if a person gives consent for this.
Data Subjects: Individuals who send inquiry to NSoft via contact form, email or other.
Category of Personal Data: Information about you, such as your name, address, age, gender, email address, and inquiry.
Retention Period: The personal data is deleted after two years, calculated from the time of the enquiry.
Legal ground: Legal ground for collecting and processing these personal data is Article 6. point 1 (a) and (f).
e) When you send job application
Purpose: we process these personal data to start the hiring process with you.
Data Subjects: Individuals who send job applications through form on a website.
Category of Personal Data: Information about you which you provide to us in CV such as name, address, age, gender, email address.
Retention Period: The personal data is deleted after two years, calculated from the time of submitting an application.
Legal ground: Legal ground for collecting and processing these personal data is Article 6. point 1 (a) and (b).
f) For Marketing activities
Purpose: we might use your information to send you marketing emails about our services or events that are similar or related to those you have previously received (or attended, in the case of events) if you opted in for this.
Category of Personal Data: Information about you which you provide to us through contact form
Legal ground: Legal ground for collecting and processing these personal data is Article 6 point 1 (a), (b) and (f).
Non-personal information we collect: When you use our website, we may use technologies like Google Analytics, Hotjar, Mailchimp or other third party tools to collect information about your visit to our website. In an essence, these tools provide us with the information on how you interact with our Website or Newsletter campaigns.
3. Your rights
We think it is important that you are able to control your personal information. According to relevant regulation, you have a following rights:
a) Right to Access
You have a right to obtain, from NSoft, confirmation as to whether or not personal data concerning you are being processed as well as access to the respective data. Including the issuance copy
b) Right to Rectification
You have a right to obtain from NSoft, without undue delay, the rectification of inaccurate personal data including the right to complete incomplete data.
c) Right to Erasure
You have a right to obtain from NSoft the erasure of your personal data without undue delay, if there is an issue with the underlying legality of the data processing.
d) Right to be forgotten
You have the right to obtain from the NSoft the erasure of personal data without undue delay and NSoft shall have the obligation to erase personal data without undue delay where applicable in accordance to the Article 17 GDPR.
e) Right to restriction of processing
You have the right to obtain from NSoft restriction of processing where one of the following applies:
- Accuracy of data is objected to by data subject.
- Unlawful processing and data subject objects erasure of data and requests restriction instead.
- Data no longer necessary for the purpose but required by data subject to the establishment, exercise or defense of legal claims.
- Objection to further processing, pending verification of legitimate grounds to override those of data subject.
f) Right to data portability
You have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the NSoft to which the personal data have been provided.
g) Right to object
You have the right to object to the processing you personal data at any time on the following address: firstname.lastname@example.org
h) Right against automated decision
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects.
4. Breach Notification
We maintain current technical measures to ensure data security protection, mostly to protect your personal data against risks during transmission and against third-party access. These measures will be updated according to the latest technical developments.
It is our policy and value to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours. This will be managed in accordance with our Information Security Incident Management Procedure which sets out the overall process of handling information security incidents and Personal Data Breach Notification Procedure which sets out the process of notification of relevant authorities and data subjects in the event of privacy breach.
Transient cookies are automatically deleted when you close your browser. This includes, in particular, the session cookies. This store a so-called session ID, which identifies user sessions in the browser.
Our legitimate interest is based on the purposes mentioned above to optimize Service use and improve your user experience.
5.1. Analytics tools- Google Analytic
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help analyze how you use the Services. The information generated by the cookie about your use of the Services will generally be transmitted to and stored by Google on servers in the United States.
In case IP-anonymization is activated on the Services, your IP address will be truncated within the area of member states of the European Union or other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the whole IP address be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the website’s operator to evaluate your use of the Website, compiling reports on Website activity, and providing other services for the website operator relating to website activity and internet usage.
The legitimate interests to use such data are that we use and analyze the respective data to improve our Services, such as understanding your services’ interests and requirements and personalizing your user experience.