Privacy policy

Company Privacy Notice – Geobiro Ltd

This Privacy Notice sets out how Geobiro Ltd(the Data Controller) collects and uses your personal data. When we refer to “we”, “us” “our” or “controller” in this Privacy Notice we mean Geobiro Ltd.

Our Privacy Notice is structured in a way for you to easily find the specific details of what we do with your personal data, depending on which processing activity you want to find out more about.

Part 1 of our Privacy Notice is information we must tell everyone regardless of your relationship with us. The remaining parts give specific information on how we use your personal data for each of the different processing activities we undertake.

PART 1 – GENERAL INFORMATION


Our contact details

Geobiro Ltd is the data controller for the personal data we process about you.

You can contact us regarding the use of your personal data via one of the following ways:

  • Postal Address: Pleha 2A, 88 400 Konjic, Bosnia and Herzegovina
  • Telephone: +387 61 542 490
  • Email: info@geobiro.ba
  • Website: Contact page/ click here: contact

Our Data Protection Officer contact details

We do not have a legal obligation under GDPR to appoint a Data Protection Officer, however members of our team and the Director(s) oversee our data protection compliance with the General Data Protection Regulation, the Data Protection Act 2018 and any other relevant privacy laws (e.g. the Privacy & Electronic Communication Regulations 2003). The various ways you can contact us to discuss any data protection issues or concerns are shown in the “Our contact details” section.

How we get your personal data

We obtain your personal data either directly from you or indirectly from third parties.

Directly
We obtain personal data directly from you, i.e. you have given your details to us, when you:

  • enquire about our services;
  • purchase any of our services;
  • contact us via email or contact form;
  • opt in to receive our newsletters;

Indirectly
We may sometimes obtain your personal data indirectly and from third party sources, these may include:

  • Information you have made publicly available;
  • Public directories;
  • Analytics providers;
  • Social platforms;

The legal basis to process your personal data

When gathering and using your personal data we must have a legal basis to do so – this is a requirement of data protection law.

The legal basis we rely on to process your personal data varies depending on the processing activity undertaken. The full details of the processing activities we undertake along with the legal basis we rely on to process your personal data are given in the specific Parts of this privacy notice.

We may sometimes have to process your personal data in order to comply with a legal/regulatory requirement. In these cases we will rely on the legal basis of “legal obligation” as the processing is necessary for us to fulfil our legal obligation to which we are subject to.

Your rights

Depending on the purpose and legal basis we rely on for processing your personal data, there are various rights available to you. You can:

  • Depending on the purpose and legal basis we rely on for processing your personal data, there are various rights available to you. You can:
  • ask us to rectify personal data we hold about you that you think is inaccurate. This right always applies regardless of the processing activity we undertake.
  • ask us to rectify personal data we hold about you that you think is inaccurate. This right always applies regardless of the processing activity we undertake.
  • ask us to restrict the processing of your personal data. This right only applies in specific circumstances.
  • object to the processing when we have relied on legitimate interest to undertake that processing activity and you believe we have infringed your rights.
  • transfer your personal data from us to another service provider or give it to you. This right only applies to personal data you have given to us and when the processing is based on your consent or contractual basis and the processing is automated.

We do not undertake any solely automated decision making, including profiling, about you.

To find out more about how to exercise your rights please refer to the guidance on the Information Commissioner’s Office website.

You do not need to pay a fee to us to exercise any of your rights. However, if your request is manifestly unfounded or excessive we are allowed to charge a reasonable fee or refuse the request.

We shall respond to a valid request within one month of receiving it.

If you wish to exercise one of your rights, please contact us via one of the methods shown in the “Our contact details” section.

How to make a complaint about us to the Information Commissioner’s Office

If you are not happy with how we are processing your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make

complaint to the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. For full details how to make a complaint please refer to their website.

Sharing your personal data with other businesses

We do not share, sell or rent your personal data to other businesses for them to use for their own marketing purposes.

We do not currently undertake any data sharing activities with other businesses (this includes both routine and ad-hoc data sharing). Should this change in the future we will update our privacy notice to reflect this processing activity. We will always comply with relevant data protection laws should we enter into any data sharing with another business.

Using data processors

We may use data processors to help us fulfil our services/delivery of goods to you.

If we use other business/es to process personal data on our behalf (they are known as data processors) to enable us to provide our services/delivery of goods to you we will ensure we have appropriate UK GDPR compliant contracts in place with each one.

The data processor is not allowed to do anything with your personal data other than what we have instructed them to do with it. They will not share your personal data with any other business apart from us, unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.

Our data processors may include but may not be limited to:

  • IT system providers;
  • IT servicing and maintenance providers;
  • Website host providers;
  • Email host providers;
  • Accountant;
  • Legal assistance;
  • HR service provider;
  • Marketing service provider(s);
  • Purchase payment provider(s);
  • Payroll provider;
  • Pension provider;
  • Benefits provider;
  • CRM provider(s);

Children’s information

As part of our marketing campaigns we may sometimes use photographs, names and ages of children supplied by parents’ on our social media platforms. We will only ever publish these with consent of the parent or guardian. No contact details are ever published.

Cookies

Google analytics Cookies:_ga

We use Google Analytics to carry out statistical analysis of page use, page interactions and paths through the Website to evaluate and develop our Website. This is known as ‘digital analytics’. We may also record certain information that customers provide during a Website purchase or other process.

This information allows us to understand individual behaviours and needs more accurately.For more information on how Google uses the data collected via this service, see here: http://www.google.com/policies/privacy/partners/

To opt out of being tracked via Google Analytics, you can also use Google’s opt-out browser add-on: https://tools.google.com/dlpage/gaoptout

Links to other websites

Our website may provide links to websites of other organisations. Our Privacy Notice does not cover how those organisations process your personal data when you visit their website. We advise you to read their Privacy Notices.

Changes to our Privacy Notice

We keep our Privacy Notice under review to ensure it remains accurate and up to date and we reserve the right to modify this policy at any time. Changes to this notice will be posted on our website and you should endeavour to review the notice frequently.

If you have any questions about our Privacy Notice, please contact us via one of the ways shown in the “Our contact details” section.

How do we get your personal data?

We generally gather your personal data directly from you when you either enquire about our services or enter into a contract with us to purchase one of our services.

However, we may also collect some personal data indirectly. Generally this is likely to come from your manager or another work colleague, for example, if we need details of who is attending our workshops.

Why do we need your personal data and which legal basis do we rely on for the processing?

We use your personal data to:

  • provide information, at your request, about the services we offer;
  • provide the service package you have purchased;
  • provide updates regarding the service we are providing to you; and
  • send you marketing information relating to our services in general and the work we do.

The legal basis we rely on for these purposes are:

Contractual obligation (GDPR Article 6(1)(b))
The services we provide to you are done so under contract when we are providing a service to you or with a view to entering into a contract with you when you enquire about our services.
We require certain information from you to enable us to fulfil our contractual obligation. If you are not able to provide all the information we need we may not be able to provide the service to you and the arrangement may need to be terminated.

Legitimate interests (GDPR Article 6(1)(f)
GDPR allows us to use legitimate interests for direct marketing purposes in certain circumstances. We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy.
The outcome of the balancing test justifies our use of legitimate interests for this purpose as it would not be an unreasonable expectation for anyone who either enquired about our services with a view to purchasing them, or is an existing customer using our services to receive information from us about our services.
This also complies with e-Privacy laws, currently the Privacy & Electronic Communication Regulations 2003, which governs how a business can undertake electronic direct marketing. We can rely on soft opt-in for “individual subscribers” for email marketing to prospective and existing customers. We do not need consent or soft opt-in for “corporate subscribers”.

We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter.

How long do we keep your personal data?

When we have concluded the provision of our service to you we will keep your data for a period of 6 years from the end of our accounting year before it is securely disposed.

Marketing contact details are held for as long as you want to remain on our marketing contact list.

Do we use any data processors?

Yes, we use the following data processors:

  • Distributors to distribute our merchandise on our behalf;
  • Sub-contractors;

IF YOU ARE A SUPPLIER OR CONTRACTOR


What personal data do we need?

For us to pay you for the service or goods you have provided to us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business. The personal data we are likely to need is:

  • Your business name;
  • The name (first and last name) of the person who we are liaising with at your business (in some cases this may be several staff members details);
  • Business postal address;
  • Business email address;
  • Business telephone number;
  • Business mobile number;
  • Bank details to enable payment to be made;
  • VAT number;

How do we get your personal data?

We obtain your data directly when we start to use your services or have purchased goods from you. We gather the relevant information from you to enable us to process payment to you for those services and goods.

We also obtain some data, such as your business name and contact details, indirectly from publicly available sources or recommendations from 3rd parties to enable us to contact you to enquire about the services and goods you provide prior to us making a purchase.

Why we need your personal data and the legal basis we rely on for the processing

We need your personal data to either enquire about the services or goods you provide that we may be interested in purchasing or to make a purchase. We then use your personal data to pay for those goods and services when you invoice us or to raise any queries about the payment.

The legal basis we rely on are:

Contractual obligation (GDPR Article 6(1)(b))
The services or goods you have provided to us are done so under contract or with a view to entering into a contract (i.e. we have asked you for a quote for the goods or to undertake the service for us).
We require certain information from you to enable us to fulfil our part of the pre-contractual and contractual obligations, e.g. we need to have certain
information to make the purchase and to process payment. If you are not able to provide all the necessary information for us to do this, we will not be able to purchase the goods or services you provide or be able to make payment once purchased.

Legal obligation (GDPR Article 6(1)(c))
We have a legal obligation to pay for any services or goods we have purchased.

Who do we share your personal data with?

Our Accountant will see personal data relating to suppliers and any payments we make.

How long do we keep your personal data?

We keep all financial data (which includes supplier information) for 6 years from the end of the financial year it relates to before it gets securely disposed.

Do we use any data processors?

Yes, we use the following data processors:

  • >Payment platforms including Quickbooks/Paypal/Stripe;
  • Hellosign;
  • Banking Authorities;
  • Accountants;

IF YOU APPLY FOR A JOB WITH US


What personal data do we need?

When you apply for a job with us you will need to provide some or all of the following information as part of the job application process:

  • Full name
  • Postal address
  • Telephone number
  • Mobile number
  • Email address
  • Equal opportunities information (which includes age, disability, gender, religion, sexual orientation, ethnic group, relationship status, caring responsibility) – voluntary
  • Education history
  • Qualifications
  • Employment history
  • Criminal convictions information
  • Whether you hold a UK work permit
  • References

Depending on where you get to in the recruitment stage will determine what personal data you will need to provide.

How do we get your personal data?

We collect information directly from you when you submit your application form or your CV to us for a job you are applying for.

We will also collect information about you from your referees as you progress along the recruitment process.

Why do we need your personal data and which legal basis do we rely on for the processing?

We need your personal data to be able to process your application for a job with us, which includes, but is not limited to:

  • assessing your suitability for the role applied for;
  • making a decision on whether your application progresses to the next stage of the recruitment process (sifting and shortlisting);
  • inviting you to interview or tests;
  • making a decision on whether or not to appoint you to the role applied for;
  • obtaining further information in order to carry out pre-employment checks if we make a conditional offer of employment to you;
  • gathering of information for equal opportunities monitoring; and
  • gathering of information for criminal conviction checks.

The legal basis we rely on to undertake our recruitment activities includes: Contractual obligation (GDPR Article 6(1)(b))
The processing of your job application is necessary in order for us to take steps at your request before entering into a possible employment contract with us.
We require certain information from you to enable us to fulfil our employment pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to process your application and consider you for one of our job vacancies.

Legal obligation (GDPR Article 6(1)(c))
We have certain obligations under employment law in relation to recruitment and selection and equal opportunities that we must comply with.
Processing for employment law (GDPR Article 9(2)(b))
Information you provide to us that relates to special category personal data, such as health, religious or ethnic information is necessary for our recruitment and selection purposes as it relates to our obligations in employment law.
Processing to assess working capacity (GDPR Article 9(2)(h))
We have certain obligations to assess your health in relation to your ability to work for us.

Do we use any data processors?

We do not use any data processors.

How long do we keep your personal data?

All unsuccessful candidate details are kept for 2 years from the end of the recruitment process they relate to.

Successful candidate details are transferred to their employment record and kept in line with our retention schedule.

This Privacy Notice was last updated 06.03.2024..