Privacy Policy

1. Scope of the Privacy Policy

This Privacy Policy applies to the processing of data carried out by EVNISOFT EOOD, with its headquarter in Sofia, Bulgaria (hereinafter referred to as “EVNISOFT”).

EVNISOFT is committed to protect the privacy of the visitors to this website and will collect and process personal data only by the provisions of this Privacy Policy.

This Privacy Policy aims to specify the categories of personal data that EVNISOFT collects through the website and the EVNIVERSE platform series.

Any questions regarding the processing of personal data can be addressed by email to

EVNISOFT reserves the right to amend this Privacy Policy at any time and to the extent permitted by law, without prior notice, to comply with legal obligations and/or improve its services to you. Therefore, we recommend that you regularly familiarize yourself with this Privacy Policy.

2. What personal data do we process?

Personal data is defined by the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) as “any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier.” In simple terms, personal data refers to any information about you that allows you to be identified. Personal data includes obvious information such as your name and contact details, but it also encompasses less obvious information such as identification numbers, electronic location data, and other online identifiers.

In this section, we have outlined the general categories of personal data that we may process, the purposes for which we may process personal data and the legal bases for processing. Depending on how you use our website, we may collect some or all of the following personal data:

  • Personal Data

Personal data, including name, surname, and email, will be collected if you use our registration forms, contact forms or the platform itself. This data will be processed lawfully, fairly, and transparently. The purpose of data collection will be explicit, legitimate, and not incompatible with the initial purpose. Only the minimum necessary data will be collected, and it will be kept accurate and up to date. The data will not be stored for longer than necessary, and appropriate security measures will be implemented to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

  • Usage Data

We may process data regarding your use of our website, such as your browser type and version, IP address, geographical location, referral source, visit duration, page views, website navigation paths, and data about the timing, frequency, and pattern of your website usage. The source of this usage data is our analytics tracking system. We may use this data to analyze the usage of the website. Our legal basis for processing this data is our legitimate interests: monitoring and improving the services provided by our website. However, we will seek your consent when collecting usage data through non-essential cookies.

  • Query Data

We may process any information included in a query you send us related to our company or services (“query data”). The purpose of processing the query data may include scheduling a demonstration, offering, marketing, and selling the relevant services. The legal basis for this processing is our legitimate interest.

  • Notification Data

The information you provide to us when subscribing to our email notifications and/or newsletters (“notification data”) may be processed to send the respective notifications and/or newsletters. The legal basis for this processing is your consent, which you can withdraw at any time using the “unsubscribe” link.

3. What are my rights?

We are committed to respect your rights under the GDPR, which include:

  • The right to be informed about the collection and use of your data. Our Privacy Notice provides the necessary information, but you can always contact us if you have further questions.
  • The right to access the personal data that we hold.
  • The right to request correction of your data if it is inaccurate or incomplete.
  • The right to request the erasure of your data is also known as the “right to be forgotten.”
  • The right to restrict the processing of your data.
  • The right to object to the processing of your data.
  • The right to data portability, which allows you to receive and reuse your data for your purposes across different services.
  • The right not to be subject to automated decision-making and profiling.
  • If we process your data based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before the withdrawal.

These rights can be exercised by the legal requirements by sending a letter to EVNISOFT at the following email address:

If you believe that the processing of your personal information by us violates data protection laws, you have the lawful right to complain to the supervisory authority for data protection. You can do this in the EU member state where you usually reside, work, or where the alleged violation has taken place. However, we would appreciate it if you would first contact us to address any concerns you may have.

4. Transfer of Personal Data

4.1. Use of Data Processors

As the data controller, we can engage a data processor who will process personal data on our behalf. The data processor is a natural or legal person who processes your data at our request and on our behalf. The data processor is responsible for maintaining the security and confidentiality of personal data and will always act by our instructions. We may engage a data processor for various purposes, including hosting, administration, marketing, analysis, and communication.

4.2. Disclosure of Personal Data to Third Parties

In addition to the disclosure of personal data mentioned in this section, we may disclose your data when necessary to comply with a legal obligation or to protect your vital interests or those of another person. We may also disclose your data when necessary for the establishment, exercise, or defense of legal claims, whether in a judicial, extrajudicial, or administrative proceeding.

If you give your consent on our website, your data and cookies may be sent to Google for personalized and analytical purposes. For more information, we recommend reviewing Google’s privacy and terms website.

5. International Data Transfers

We will store your data within the European Economic Area (EEA), which includes all EU member states, Norway, Iceland, and Liechtenstein. This ensures that your data will be fully protected by data protection laws and regulations, including the GDPR, or equivalent standards as required by law.

However, in some cases, it may be necessary for us to store or transfer some of your data to countries outside the EEA, also known as “third countries,” which may not have the same level of data protection laws as the EEA. To ensure that your data is protected in the same way, we will take additional measures, including the following:

a) We will transfer your data to third countries for which the European Commission has determined that they have adequate levels of data protection. For more information, please visit the website of the European Commission.

b) We will use special contracts with external third parties that have been approved by the European Commission for the transfer of personal data to third countries. These contracts will require the same level of data protection as required by data protection laws.

6. Data Retention Period

We will only store your data for as long as necessary, considering the purposes for which it was originally collected. Your data will be kept until you delete your profile or as required by law. The following retention periods apply to the storage of your data:

  • Personal Data

The GDPR requires that personal data should only be retained for as long as necessary for the purpose for which it was collected. We understand that the retention period for personal data should be determined based on the purpose for which it was collected, and we ensure that this is always the case. Our data retention policies and procedures are designed to meet the GDPR’s requirement for limited retention periods of personal data, and we reliably delete or destroy data that is no longer necessary. By complying with the GDPR’s rules on data retention, we protect our customer’s data and ensure that we avoid potential financial sanctions and reputational damage that may arise from non-compliance.

  • Data from Inquiries

In this section, we may retain your data when it is necessary to comply with a legal obligation that applies to us or to protect your vital or the vital interests of another individual.

7. Third-Party Websites

Our website may include hyperlinks to third-party websites and information about them. We do not have control over and are not responsible for third parties privacy policies and practices.

This data protection policy is current and valid as of 15 June 2023.