GeoMyth Privacy Policy
Last updated: 31 May 2026
This Privacy Policy explains how GEO MYTH DOO BEOGRAD (NOVI BEOGRAD) processes personal data of website visitors, subscribers to future updates, users of online tests, persons who send us enquiries or book consultations, and representatives of clients and counterparties. This Policy is prepared for geomythic.com and related GeoMyth services.
Navigation
1. Who we are
The controller of personal data is GEO MYTH DOO BEOGRAD (NOVI BEOGRAD), PIB 113999490, MB 21955922, registered address: BULEVAR MIHAJLA PUPINA 10I, 11070, BEOGRAD (NOVI BEOGRAD), Srbija.
Website: https://geomythic.com
Contact email for personal data matters: contact@geomythic.com
In this Policy, the terms «GeoMyth», «we», «us» and «our» refer to the legal entity identified above.
2. Who this Policy applies to
This Policy applies when you visit geomythic.com, send us an enquiry through a form or by email, leave your email address for future news or updates, book a consultation, take an online test, or interact with us in connection with a potential or active project.
If a separate project, NDA, service agreement or data processing agreement contains special rules for project data or confidential data, those special terms apply together with this Policy. In case of conflict, the contractual terms prevail for the relevant project.
3. GeoMyth roles: controller and processor
In most cases related to the website, forms, update subscriptions, online tests, consultation bookings, business correspondence and preparation of commercial offers, GeoMyth acts as a controller of personal data, meaning that it determines the purposes and main means of processing.
In certain client projects, GeoMyth may process personal data on the documented instructions of a client. In that situation, the client may act as controller and GeoMyth as processor. The specific role is determined by the relevant agreement, NDA, data processing agreement or written client instructions.
4. What data we may process
We process only the data necessary for the relevant purpose. Depending on how you interact with us, this may include:
|
Data category
|
Examples
|
|---|---|
|
Contact data
|
name, email, phone number, job title, company, country or other information you provide in a form or email
|
|
Business information
|
content of the enquiry, service interest, project description, professional context, company or work site information
|
|
Website form data
|
fields completed by you in Forms, submission date and time, and the page from which the enquiry was sent
|
|
Update subscription data
|
email address left by you to receive future GeoMyth news, technical materials or updates
|
|
Online test data
|
contact details if requested before the test, answers to questions, result/assessment category, date and time of submission
|
|
Technical data related to tests
|
IP address related to a test submission, retained for 1 day for security and spam-prevention purposes; limited technical metadata may also be processed
|
|
Consultation booking data
|
name, email, selected meeting date and time, and any information you voluntarily provide in the booking description
|
|
Client project files
|
geological databases, spreadsheets, reports, maps, models, QA/QC files, correspondence, file metadata and details about authors/signatories where contained in client documents
|
|
Website technical data
|
limited server and infrastructure logs, necessary technical cookies or session storage, information about website operation, security and errors
|
|
Contractual, accounting and legal data
|
data required for contracts, invoices, tax or accounting records, claims handling and protection of GeoMyth rights
|
We do not ask you to submit special categories of personal data through ordinary website forms, such as health data, political opinions, religion, biometric data or other sensitive data. Please do not include such information in forms, calendar bookings or messages unless this has been agreed in advance and is objectively necessary for a specific project.
5. How we obtain data
- directly from you when you submit a form, take a test, book a consultation, subscribe to future updates or email us;
- from your employer, client, partner or another person you represent, where data is provided in a business context;
- from client project files where such files are provided to us after an NDA, agreement or protected access has been arranged;
- automatically through the website and its infrastructure, for example through necessary technical cookies, browser session storage, server logs, security tools and backups.
6. Why we process data and on what basis
We process personal data only where there is an applicable legal basis. Depending on the situation, the basis may be consent, steps taken before entering into a contract, performance of a contract, compliance with a legal obligation, or GeoMyth legitimate interests.
.
|
Purpose of processing
|
Data
|
Legal basis
|
|---|---|---|
|
Responding to a contact or service enquiry
|
contact data, message, business context
|
pre-contractual steps; legitimate interest
|
|
Preparing an offer and discussing services
|
contact and business data, project description
|
pre-contractual steps; legitimate interest
|
|
Managing prospective B2B leads
|
contact data and business communication history
|
legitimate interest
|
|
Receiving an email address for future news or updates
|
email address
|
consent
|
|
Online tests and preliminary assessments
|
contact details, answers, test result
|
consent; legitimate interest
|
|
Test security and spam prevention
|
IP address for 1 day, limited technical metadata
|
legitimate interest
|
|
Booking and conducting consultations
|
name, email, meeting time, booking details
|
pre-contractual steps; legitimate interest
|
|
Client file exchange and project performance
|
project files, metadata, business correspondence
|
contract; pre-contractual steps; legitimate interest
|
|
Website operation, security and backups
|
technical data, logs, database copies
|
legitimate interest
|
|
Accounting, tax and legal records
|
contractual, payment and accounting data
|
legal obligation; contract; legitimate interest
|
|
Protecting rights and handling disputes
|
communication, contractual and project records
|
legitimate interest
|
7. Website forms
The website uses contact, service enquiry and newsletter/update interest forms. Data submitted through these forms may be stored in the WordPress/10Web website database and duplicated by email to contact@geomythic.com so that we can respond to enquiries and manage requested communication.
In the current configuration, these forms do not send data to a CRM, automated mailing service, Google Sheets, Zapier/Make, webhooks or other external marketing integrations.
IP address storage in public website forms is disabled where this setting is available. However, limited technical data may still be processed by hosting, security tools or server infrastructure for website operation, troubleshooting, spam prevention and protection against abuse.
IP address storage in Elementor forms is disabled where this setting is available. However, limited technical data may be processed by hosting, security tools or server infrastructure for website operation and protection against abuse.
8. Email address for future news and updates
If you leave your email address in a newsletter or update form, we store that address for possible future GeoMyth communications, such as company news, technical materials or information about relevant services. In the current website configuration, no automated mass-mailing service is used; the address enters the same website database and email notification workflow as other forms.
You may withdraw your consent to receive such messages at any time by contacting us at contact@geomythic.com. If we introduce a separate mailing service in the future, we will update this Policy and add an appropriate unsubscribe mechanism.
9. Online tests and preliminary assessments
GeoMyth may provide online tests and preliminary diagnostic tools on the website, implemented through website-based assessment tools and displayed on the website, including through pop-up windows. When you take a test, we may process your contact details, answers, test result, submission date and time, and limited technical metadata.
The IP address related to a test submission is retained for 1 day for security and spam-prevention purposes. Test answers and results are retained for up to 6 months, unless longer retention is required in connection with an active business relationship, project, legal obligation or protection of rights.
Online test results are preliminary and informational only. They do not constitute a formal technical audit, professional opinion, legally significant decision or substitute for individual expert consultation.
Based on the current website configuration, GeoMyth does not make decisions that are solely automated and that produce legal or similarly significant effects for a user. An automatic test result category is used only as an informational and navigation function.
10. Consultation booking through Google Calendar
The website may use an embedded Google Calendar tool or a similar Google tool for booking consultations. When you book a meeting, Google may process booking data and technical data according to its own terms and policies. GeoMyth receives the information necessary to arrange and conduct the meeting: name, email, meeting time and any information you voluntarily provide in the booking.
Please do not include confidential project information, client files or sensitive personal data in the booking description. Project materials are exchanged through a separate protected channel after prior agreement.
.
11. Client file exchange and project data
GeoMyth may provide protected client file exchange functionality for project materials. Such access is not public and is provided only after prior contact, an NDA, a service agreement or other agreed access conditions.
Client files may include geological databases, reports, models, maps, assay tables, QA/QC data, correspondence, file metadata and other materials. Such files may contain personal data of client employees, consultants or representatives, such as author names, email addresses, signatures, job titles or information embedded in document metadata.
Project files are used only for agreed project purposes. Access is provided only to authorised GeoMyth persons or project participants who need such access. Retention and deletion of client files are determined by the NDA, service agreement, project instructions or applicable legal requirements.
12. Cookies and similar technologies
In its current configuration, the GeoMyth website does not intentionally use analytics, advertising or marketing cookies. The website check identified only limited technical cookies or browser storage necessary for website operation, interface compatibility, forms, security or user experience.
For example, WordPress may use a session cookie to check whether the browser can correctly display emojis or similar interface elements. Such technical cookies are not used for advertising, profiling or cross-site tracking.
If we introduce Google Analytics, Google Tag Manager, Meta Pixel, LinkedIn Insight Tag, Hotjar, Microsoft Clarity, advertising pixels, remarketing or other non-essential technologies in the future, we will update this Policy and, where required by law, request consent before using them.
13. Hosting, database and third-party providers
The GeoMyth website operates on WordPress/10Web infrastructure. The website database and website files are hosted through 10Web infrastructure; the selected website storage region is Belgium. Access to the database and administrative infrastructure is restricted.
We may use third-party providers only to the extent necessary for website operation, communication, meeting booking, project file storage, backups, security and service delivery. Such providers may act as processors or independent controllers depending on the specific service and its terms of use.
|
Provider / tool
|
Role
|
|---|---|
|
10Web
|
hosting, WordPress infrastructure, website database
|
|
Website form and assessment tools
|
receiving contact requests, service enquiries, newsletter/update interest and online assessment submissions
|
|
Website display and user-interface tools
|
operating website pages, forms, pop-up elements and related user-interface functionality
|
|
Google Calendar
|
consultation booking
|
|
Google Drive / Google Workspace / Google Drive API
|
protected exchange of client files and project materials
|
|
Domain registrar
|
domain registration and management
|
|
Corporate cloud drive / backup storage
|
storage of database backups with restricted access
|
|
Email provider
|
receiving form notifications and business correspondence through contact@geomythic.com
|
|
Technical maintenance and security tools
|
website maintenance, performance, troubleshooting, spam prevention and security support
|
We may maintain a more detailed internal list of service providers and processors for compliance and security purposes. This list may be updated from time to time as our website infrastructure and business processes change.
14. International data transfers
GeoMyth is registered in Serbia. However, some providers, including hosting, cloud, calendar and file services, may store or process data in Serbia, the European Economic Area or other countries. The selected storage region for the website is Belgium, but individual Google services and other large providers may use global infrastructure.
If personal data is transferred outside the country where it was originally obtained, we seek to use applicable legal transfer mechanisms and organisational safeguards, such as contractual terms, provider terms, adequacy decisions, standard contractual clauses or other permitted mechanisms where required
15. Backups
Data stored in the website database may be included in database backups. Backups are used only for security, website recovery and business continuity. They are stored on a corporate drive with restricted access.
If data is deleted from the active website database, it may temporarily remain in backup copies until the relevant backup rotation cycle ends. We aim to limit backup retention to a reasonable period, generally up to 90 days, unless longer retention is required for recovery, security, legal obligations or protection of rights.
16. Retention periods
We retain personal data no longer than necessary for the purposes of processing, unless longer retention is required by law, contract, accounting or tax requirements, protection of rights or dispute resolution.
|
Data category
|
Retention period
|
|---|---|
|
Spam and irrelevant form submissions
|
deleted immediately or during manual cleanup
|
|
Contact and service enquiries that do not become projects
|
up to 12 months
|
|
Active or prospective B2B leads
|
up to 24 months from the last meaningful communication
|
|
Email address for future news or updates
|
until consent is withdrawn; if there is no active communication, such records may be deleted as no longer relevant
|
|
IP address related to a website-based assessment tools test submission
|
1 day
|
|
Consultation booking data
|
usually up to 12 months after the meeting or cancellation, unless the communication becomes a project or active B2B contact
|
|
Client project files
|
according to the NDA, service agreement, project instructions or applicable legal requirements
|
|
Contractual, accounting and tax documents
|
for the period required by applicable law and contractual requirements
|
|
Database backups
|
until the backup rotation cycle ends; generally up to 90 days unless otherwise required
|
|
Technical and security logs
|
for the period necessary for website operation, security, diagnostics and incident investigation, in accordance with infrastructure and provider settings
|
We may delete data earlier than the periods listed above if it is no longer needed, if it is spam or irrelevant, if the user submits a justified deletion request, or if manual database cleanup shows that further retention is unnecessary.
17. How we protect data
We apply reasonable technical and organisational safeguards, taking into account the nature of the data, the purposes of processing and available resources. Such safeguards may include restricted administrative access, use of secure hosting infrastructure, storage of backups on a corporate drive with limited access, controlled access to Google Drive, password- or token-based protection for client file exchange pages, website and plugin updates, and manual data deletion management.
No method of transmission or storage is absolutely secure. Therefore, we do not guarantee absolute security, but we seek to use proportionate measures to reduce risks of unauthorised access, loss, alteration or disclosure of data.
18. Your rights
Depending on applicable law and the specific situation, you may have the following rights regarding your personal data:
- the right to receive information about how we process your data;
- the right to correct inaccurate or incomplete data;
- the right to request deletion of data;
- the right to restrict processing;
- the right to object to processing based on legitimate interests;
- the right to withdraw consent where processing is based on consent;
- the right to data portability, where applicable;
- the right to lodge a complaint with a competent supervisory authority.
Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Some rights may be limited where data retention is necessary for compliance with law, contract, accounting, protection of GeoMyth rights or the rights of third parties.
.
19. How to exercise your rights
To exercise your rights or ask a question about personal data, contact us at contact@geomythic.com. In your request, it is helpful to specify which right you wish to exercise, which data or processing your request concerns, and how we should contact you.
We may request additional information to verify your identity, protect your data and prevent unauthorised disclosure. We will respond to requests without undue delay and within the time limits required by applicable law.
20. Complaints and supervisory authority
If you believe that your personal data rights have been violated, you may first contact us at contact@geomythic.com so that we can review the matter.
Because GeoMyth is registered in Serbia, the main supervisory authority is the Commissioner for Information of Public Importance and Personal Data Protection / Poverenik za informacije od javnog znacaja i zastitu podataka o licnosti. Official website: https://www.poverenik.rs.
If your situation is subject to the law of another jurisdiction, you may also have the right to contact the competent supervisory authority of that jurisdiction.
21. Children and minors
The GeoMyth website and services are not directed to children. We do not intentionally seek to collect personal data from minors. If you believe that a minor has provided us with personal data without appropriate permission, please contact us and we will take reasonable steps to review the matter and, where appropriate, delete the data.
22. Changes to this Policy
We may update this Policy if the website, services used, data processing practices, legal requirements or internal GeoMyth procedures change. The current version is published on geomythic.com with the last updated date.
If changes are material, we will try to notify users in an appropriate manner, for example through the website or by email where we have such contact details and such notification is appropriate.
