Privacy Policy

Galileo d.o.o. ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you visit the SyncID website at syncid.syncr.one.

This policy applies exclusively to the SyncID website. The SyncID application itself is deployed on-premise within our customers' local area networks (LANs) and processes data entirely on their own infrastructure. Data processing within the application is governed by each customer's own data processing policies and agreements.

1. Data Controller

2. Information We Collect

2.1 Website Analytics

We may collect anonymized usage data to understand how visitors interact with our website. This may include pages visited, time spent on pages, referring URLs, browser type, device type, and approximate geographic location (country/region level). This data is aggregated and cannot be used to identify individual visitors.

2.2 Contact Form Submissions

If you contact us through our website or via email, we collect the information you voluntarily provide, such as your name, email address, company name, and message content. This information is used solely to respond to your inquiry.

2.3 Technical Data

Our web servers automatically collect standard log data, including your IP address, browser type and version, operating system, and the date and time of your visit. This data is used for security monitoring and maintaining the website's technical infrastructure.

3. SyncID Application Data

The SyncID application is on-premise software deployed within our customers' own local networks. All employee data, biometric data, attendance records, and device management data processed by the application resides entirely on the customer's own infrastructure. Galileo d.o.o. does not have access to, collect, or process any data handled by the SyncID application in production environments.

Customers deploying SyncID are responsible for their own compliance with applicable data protection regulations, including GDPR, regarding the processing of employee personal data and biometric data through the application.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Legitimate interest (Art. 6(1)(f) GDPR) — for website analytics and security monitoring, where our interest in understanding website usage and maintaining security does not override your rights and freedoms.
• Consent (Art. 6(1)(a) GDPR) — for optional contact form submissions and any cookies beyond those strictly necessary for website functionality.
• Contract performance (Art. 6(1)(b) GDPR) — for processing inquiries related to potential business engagements.

5. Data Retention

Contact form submissions and related correspondence are retained for as long as necessary to fulfill the purpose for which they were collected, typically no longer than 24 months after your last interaction with us. Analytics data is retained in aggregated, anonymized form and does not constitute personal data. Server logs are retained for a maximum of 90 days.

6. Data Sharing

We do not sell, trade, or rent your personal data. We may share data with trusted third-party service providers who assist us in operating our website (e.g., hosting providers, analytics services), but only to the extent necessary and under appropriate data processing agreements. These providers are contractually obligated to protect your data and may only process it on our behalf.

7. Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — request your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at info@galileo.ba. We will respond to your request within 30 days.

8. Cookies

This website may use cookies and similar technologies to ensure proper functionality and to collect anonymized analytics data. Strictly necessary cookies do not require consent. For any non-essential cookies, we will obtain your consent before placing them on your device. You can manage your cookie preferences through your browser settings at any time.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: