Privacy Policy

Last Updated: 21 March 2026

1. Introduction

Forci Web Consulting Ltd. ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website https://forci.com (the "Website").

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

We are the data controller for personal data collected through this Website. Our full contact details are provided at the end of this policy.

3. Personal Data We Collect

A. Information you provide directly

Contact Data: Name, email address, phone number (when you fill out contact forms)
Communication Data: Messages and inquiries you send to us
Marketing Data: Your preferences for receiving marketing communications

B. Information collected automatically

Technical Data: IP address, browser type and version, time zone setting, operating system
Usage Data: Information about how you use our website, pages viewed, click patterns
Location Data: Approximate geographic location based on IP address

We do not collect special categories of personal data (e.g., health, racial origin, political opinions).

4. How We Use Your Personal Data

Purpose	Data Categories	Legal Basis	Retention Period
To respond to your inquiries	Contact, Communication	Legal obligation (Art. 6(1)(c) GDPR) - Accounting Act, Tax-Procedural Code	5 years from last communication
To send marketing communications	Contact, Marketing	Consent (Art. 6(1)(a) GDPR)	Until consent withdrawn
To analyze website performance	Technical, Usage	Legitimate interests (Art. 6(1)(f) GDPR)	Per analytics provider policies
To optimize marketing & advertising	Technical, Usage, Marketing	Consent (Art. 6(1)(a) GDPR) via cookie banner	Per provider policies
To ensure website security	Technical	Legitimate interests (Art. 6(1)(f) GDPR)	6 months
To comply with legal obligations	All categories	Legal obligation (Art. 6(1)(c) GDPR)	As required by law

5. Analytics, Marketing and Third-Party Services

We may use various third-party services to enhance our website functionality and user experience:

Categories of Services

Analytics Tools

Purpose: Understanding website usage, traffic patterns, and user behavior
Types of data: Page views, session duration, traffic sources, anonymous usage statistics
Examples: Google Analytics, Mouseflow (session replay & heatmaps), or similar analytics platforms

Session Replay & Heatmap Services

Provider: Mouseflow ApS
Purpose: Recording anonymized user sessions (mouse movements, clicks, scrolls, form interactions) to understand usability issues and improve site experience
Types of data: Mouse movements, clicks, scroll depth, page interactions, anonymized form inputs
Important: Mouseflow automatically masks sensitive fields (passwords, credit cards). No keystrokes in password fields are recorded.
Privacy Policy: https://mouseflow.com/legal/privacy-policy/

Marketing & Automation Platforms

Purpose: Lead management, email marketing, customer relationship management
Types of data: Contact information submitted via forms, interaction history
Examples: HubSpot, Mailchimp, or similar marketing platforms

Advertising & Retargeting Services

Purpose: Displaying relevant ads, measuring ad effectiveness, remarketing
Types of data: Browsing behavior, conversion events, anonymized identifiers
Providers: Meta Pixel (Facebook/Instagram), LinkedIn Insight Tag
Meta Pixel: Tracks page views and conversion events to measure ad effectiveness and enable retargeting on Facebook and Instagram. Privacy Policy: https://www.facebook.com/privacy/policy/
LinkedIn Insight Tag: Tracks conversions, retargets website visitors, and provides demographic insights about site traffic. Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Visitor Identification Services

Purpose: Anonymous company identification to understand which businesses visit our website
Providers: Leadfeeder (Dealfront), RB2B (Retention.com)
Types of data: IP address, browsing behavior, company-level identification
Disclosure: When you visit our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout
GDPR Opt-Out: https://www.rb2b.com/rb2b-gdpr-opt-out

AI-Powered Services

Purpose: Enhanced customer support, content recommendations, service optimization
Types of data: Interactions and queries (no personal data unless voluntarily provided)
Important: We do not use AI for automated decision-making about individuals

Note on AI Processing:

AI tools are configured with privacy-preserving settings
Your personal data is not used to train AI models
We maintain human oversight of all AI-assisted interactions
AI is used only to enhance service quality, not for automated decision-making about you

6. Data Recipients and Sub-processors

We may share your data with:

Service Providers (Sub-processors)

Cloudflare, Inc. - Website security and performance
Google Cloud EMEA Ltd. - Email services (Google Workspace)
Hetzner Online GmbH - Website hosting (EU-based)

All sub-processors are bound by data processing agreements and appropriate safeguards.

Full list available at: https://forci.com/trust/subprocessors

7. International Data Transfers

Your data may be transferred outside the EEA to:

United States: For analytics services

Safeguards in place:

EU-U.S. Data Privacy Framework
Standard Contractual Clauses
Technical measures (encryption)

8. Your Rights

Under GDPR, you have the right to:

Access your personal data (Art. 15)
Rectify inaccurate data (Art. 16)
Erase your data (Art. 17)
Restrict processing (Art. 18)
Data portability (Art. 20)
Object to processing (Art. 21)
Withdraw consent at any time (Art. 7)

To exercise these rights, email: [email protected]

Response time: Within 30 days (may extend to 60 days for complex requests).

9. Data Security

We implement appropriate technical and organizational measures:

SSL/TLS encryption
Access controls
Regular security assessments
Employee training on data protection
Incident response procedures

10. Cookies

We use cookies to enhance your experience. See our Cookie Policy for details.

Our cookie consent approach varies by your location:

EU/EEA, UK, and Switzerland: All non-essential cookies require your explicit consent before activation. A cookie consent banner is displayed on your first visit.
United States (California): Cookies are activated by default. You may opt out of cookies used for advertising purposes via the "Do Not Sell My Info" link in the website footer, in accordance with the California Consumer Privacy Act (CCPA/CPRA).
Other regions: Cookies are activated by default. You may manage your preferences via your browser settings.

Your location is determined by your IP address using Cloudflare's geolocation service. No personal data is collected or stored as part of this determination.

10a. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know what personal information we collect, use, disclose, and sell or share
Right to Delete your personal information
Right to Opt Out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising
Right to Correct inaccurate personal information
Right to Limit Use of sensitive personal information (we do not collect sensitive personal information)
Right to Non-Discrimination for exercising your privacy rights

What we "sell" or "share": We share personal information (as defined under CCPA/CPRA) with advertising partners through tracking technologies for ad measurement and cross-context behavioral advertising. This includes:

Meta Pixel (Facebook/Instagram) — browsing behavior, conversion events
LinkedIn Insight Tag — page views, demographic insights

How to opt out: Click the "Do Not Sell or Share My Info" link in the website footer. This will allow you to disable marketing cookies, which stops data sharing with advertising partners.

Global Privacy Control (GPC): We honor the Global Privacy Control signal. If your browser sends a GPC signal, we treat it as a valid opt-out request for the sale or sharing of your personal information.

To exercise any other California privacy rights, email: [email protected]

We will respond to verifiable consumer requests within 45 days.

11. Children's Privacy

Our Website is not intended for children under 16. We do not knowingly collect personal data from children.

12. Complaints

You have the right to lodge a complaint with the supervisory authority:

Bulgarian Commission for Personal Data Protection (CPDP)

Website: https://www.cpdp.bg
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Email: [email protected]

13. Changes to This Policy

We may update this policy periodically. Changes will be posted here with an updated revision date.

14. Contact Information

Data Controller:
Forci Web Consulting Ltd.

UIC: 201682762
Address: Bulgaria, Sofia 1517, zh.k. Suhata reka, bl. 52, vh. G, et. 6, ap. 18
Email: [email protected]
Phone: +44 20 3823 6724 (UK) | +1 212 470 8464 (US)
Managing Director: Grigor Yosifov