Privacy Policy

Last Updated: 18 June 2025

1. Introduction

Forci Web Consulting Ltd. ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://forci.com (the "Website").

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

We are the data controller for personal data collected through this Website. Our full contact details are provided at the end of this policy.

3. Personal Data We Collect

A. Information you provide directly

  • Contact Data: Name, email address, phone number (when you fill out contact forms)
  • Communication Data: Messages and inquiries you send to us
  • Marketing Data: Your preferences for receiving marketing communications

B. Information collected automatically

  • Technical Data: IP address, browser type and version, time zone setting, operating system
  • Usage Data: Information about how you use our website, pages viewed, click patterns
  • Location Data: Approximate geographic location based on IP address

We do not collect special categories of personal data (e.g., health, racial origin, political opinions).

4. How We Use Your Personal Data

PurposeData CategoriesLegal BasisRetention Period
To respond to your inquiriesContact, CommunicationLegal obligation (Art. 6(1)(c) GDPR) - Accounting Act, Tax-Procedural Code5 years from last communication
To send marketing communicationsContact, MarketingConsent (Art. 6(1)(a) GDPR)Until consent withdrawn
To analyze website performanceTechnical, UsageLegitimate interests (Art. 6(1)(f) GDPR)Per analytics provider policies
To optimize marketing & advertisingTechnical, Usage, MarketingConsent (Art. 6(1)(a) GDPR) via cookie bannerPer provider policies
To ensure website securityTechnicalLegitimate interests (Art. 6(1)(f) GDPR)6 months
To comply with legal obligationsAll categoriesLegal obligation (Art. 6(1)(c) GDPR)As required by law

5. Analytics, Marketing and Third-Party Services

We may use various third-party services to enhance our website functionality and user experience:

Categories of Services

Analytics Tools

  • Purpose: Understanding website usage, traffic patterns, and user behavior
  • Types of data: Page views, session duration, traffic sources, anonymous usage statistics
  • Examples: Google Analytics, Microsoft Clarity, or similar analytics platforms

Marketing & Automation Platforms

  • Purpose: Lead management, email marketing, customer relationship management
  • Types of data: Contact information submitted via forms, interaction history
  • Examples: HubSpot, Mailchimp, or similar marketing platforms

Advertising & Retargeting Services

  • Purpose: Displaying relevant ads, measuring ad effectiveness, remarketing
  • Types of data: Browsing behavior, conversion events, anonymized identifiers
  • Examples: Facebook Pixel, LinkedIn Insight Tag, Google Ads, or similar advertising tools

AI-Powered Services

  • Purpose: Enhanced customer support, content recommendations, service optimization
  • Types of data: Interactions and queries (no personal data unless voluntarily provided)
  • Important: We do not use AI for automated decision-making about individuals

Note on AI Processing:

  • AI tools are configured with privacy-preserving settings
  • Your personal data is not used to train AI models
  • We maintain human oversight of all AI-assisted interactions
  • AI is used only to enhance service quality, not for automated decision-making about you

6. Data Recipients and Sub-processors

We may share your data with:

Service Providers (Sub-processors)

  1. Cloudflare, Inc. - Website security and performance
  2. Google Cloud EMEA Ltd. - Email services (Google Workspace)
  3. Hetzner Online GmbH - Website hosting (EU-based)

All sub-processors are bound by data processing agreements and appropriate safeguards.

Full list available at: https://forci.com/trust/subprocessors

7. International Data Transfers

Your data may be transferred outside the EEA to:

  • United States: For analytics services

Safeguards in place:

  • EU-U.S. Data Privacy Framework
  • Standard Contractual Clauses
  • Technical measures (encryption)

8. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7)

To exercise these rights, email: privacy@forci.com

Response time: Within 30 days (may extend to 60 days for complex requests).

9. Data Security

We implement appropriate technical and organizational measures:

  • SSL/TLS encryption
  • Access controls
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

10. Cookies

We use cookies to enhance your experience. See our Cookie Policy for details.

11. Children's Privacy

Our Website is not intended for children under 16. We do not knowingly collect personal data from children.

12. Complaints

You have the right to lodge a complaint with the supervisory authority:

Bulgarian Commission for Personal Data Protection (CPDP)

  • Website: https://www.cpdp.bg
  • Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
  • Email: kzld@cpdp.bg

13. Changes to This Policy

We may update this policy periodically. Changes will be posted here with an updated revision date.

14. Contact Information

Data Controller:
Forci Web Consulting Ltd.

  • UIC: 201682762
  • Address: Bulgaria, Sofia 1517, zh.k. Suhata reka, bl. 52, vh. G, et. 6, ap. 18
  • Email: privacy@forci.com
  • Phone: +359 887 189 697
  • Managing Director: Grigor Yosifov
Privacy Policy | Forci