Last updated: 21 November 2025

These Privacy Rules apply to the websites:

• https://cor-net.net/ and its subdomains
• https://freedom.cor-net.net/

Data Controller

COR NET d.o.o.
Address: Kneza Višeslava 14, 88 000 Mostar, Bosnia and Herzegovina

Contact:

• Tel: +387 36 833 468
• E-mail: info@cor-net.net
• Web: https://cor-net.net/hr/

Company registration details:

• Registration number: 58-01-0103-14
• ID number: 4227838740005

EU Representative (Article 27 GDPR)

Company name: Softly d.o.o.
Address: Trondheimska 4D, 21000 Split, Republic of Croatia
E-mail: compliance@softlyst.eu

The Representative acts as a contact point for questions related to the processing of personal data of data subjects in the EU territory and in communication with competent supervisory authorities, on behalf of COR NET d.o.o.

By using our Websites, you confirm that you are familiar with this Privacy Policy and that you understand how we process your personal data.

I. Introduction and Legal Framework

At COR NET d.o.o., we place special emphasis on the protection and security of personal data of users, clients, job candidates, partners and visitors to our premises.

We process personal data:

• lawfully, fairly and transparently
• for specified, explicit and legitimate purposes
• in the minimum necessary scope
• with the application of appropriate technical and organisational security measures

Processing is carried out in accordance with:

• the Personal Data Protection Act of Bosnia and Herzegovina (“Official Gazette of BiH”, No. 12/2025 of 28 February 2025), harmonised with the General Data Protection Regulation (EU) 2016/679 (GDPR), and
• other applicable regulations.

This Privacy Policy applies exclusively to:

• visitors to our Websites (cor-net.net and freedom.cor-net.net)
• persons who contact us via online forms or e-mail
• candidates applying for job openings and the Internship programme
• visitors to our business premises (in relation to video surveillance)

The Websites are informational and presentation-only. We do not conduct online payments on the Websites, we do not collect card data and we do not directly process payment data via these sites. If we introduce online payments in the future, this Policy will be updated in a timely manner.

II. Data We Collect and Purposes of Processing

1. When you visit our Websites

Our system automatically collects certain technical data about each access to the Websites, which is temporarily stored in log files. This data may include:

• IP address of the device from which you access
• date and time of access
• URL of the visited page and files
• HTTP status code (e.g. 200, 404)
• volume of data transferred
• information about the browser and operating system
• previously visited page (referrer), if available

Purpose of processing:

• ensuring the technical functioning and security of the Websites
• detecting and preventing misuse (e.g. attempted attacks)
• analysing performance and improving content

Legal basis:

The legitimate interest of the controller (Article 8(1)(f) of the Personal Data Protection Act of BiH) – maintaining the security of IT systems and the quality of the service.

Data is stored for the period necessary for the above purposes and is then deleted or anonymised.

2. Cookies and Analytics Tools

On our Websites, we use:

• necessary (essential) cookies – for the basic functioning of the site, security and proper display of content
• non-essential analytical and/or marketing cookies – only with your explicit consent

Cookies are small text files that are stored on your device via your browser. They are used to:

• recognise the browser
• remember user settings (e.g. language)
• generate statistics of visits and user behaviour on the site
• improve functionality and content

Cookies that are necessary for functioning, security and accessibility are set automatically and cannot be switched off via our cookie management tool, but you can restrict them in your browser settings (with possible loss of functionality).

Analytical cookies and analytics tools

On the Websites, we may use a web analytics tool (e.g. a third-party solution or our own solution) to obtain information about:

• the number of visitors
• visited pages and time spent on them
• traffic sources (e.g. search engine, social networks, direct URL input)

Data is processed in the form of statistics and generally does not allow direct identification of individuals. The IP address may be shortened or pseudonymised in accordance with good data protection practice.

Legal basis for non-essential cookies and analytics:

Your consent (Article 8(1)(a) of the Personal Data Protection Act of BiH). We set analytical and similar cookies only if you actively enable them via the banner or cookie management tool.

Detailed information about specific types of cookies, their duration, purpose and providers can be found in our Cookie Policy, available at:
insertyourCookiePolicyURLhereinsert your Cookie Policy URL hereinsertyourCookiePolicyURLhere

3. Newsletter and Notifications

If you subscribe to our newsletter or request to receive notifications, we process:

• first and last name (if you provide it)
• e-mail address
• data on interaction with the newsletter (opens, clicks, etc., if technically enabled)

Purpose of processing:

• sending information on news in COR NET d.o.o.
• information about our products and services, events, trainings, etc.
• analysing the effectiveness of communication (to make content more relevant)

Legal basis:

Your consent (Article 8(1)(a) of the Personal Data Protection Act of BiH). You can withdraw your consent at any time.

Unsubscribing

You can unsubscribe from the newsletter:

• by clicking on the unsubscribe link at the bottom of each message, or
• by sending an e-mail to info@cor-net.net stating that you wish to unsubscribe and specifying the e-mail address at which you receive the newsletter.

After receiving your unsubscribe request, your e-mail will be removed from the mailing list as soon as reasonably possible, and the data will be deleted or anonymised, unless further retention is required by law (e.g. as proof of lawfulness of sending for a certain period).

4. When you apply for a job vacancy

If you apply for an open position or send us an open application, we collect and process the data you provide to us, such as:

• first and last name
• contact details (e-mail, phone number)
• CV (work experience, education, skills)
• cover letter and the content of your message
• references and other information you voluntarily provide
• interview notes and assessment of competencies (if an interview takes place)

Purpose of processing:

• assessing your suitability for a particular position
• communication during the selection process
• fulfilling legal and regulatory obligations in the field of labour and employment
• potential conclusion of an employment contract

Legal basis:

• Article 8(1)(b) – taking steps at your request prior to entering into a contract
• Article 8(1)(c) – compliance with our legal obligations
• Article 8(1)(f) – the legitimate interest of the controller (maintaining records of the selection procedure, protection against unfounded claims, etc.)

Your data is not shared with third parties for their marketing purposes.

If, after the completion of the recruitment process, you are not selected and you wish us to keep you in our talent pool, we will ask for your consent to retain your data for that purpose.

Retention period:

• candidate data is kept for a maximum of 2 years from the end of the selection process or for a shorter period if you withdraw your consent or request deletion
• if you sign an employment contract with us, data is retained in accordance with labour legislation and our internal acts (employee master records)

5. When you apply for the COR NET Internship

When applying for the Internship programme, we collect:

• first and last name
• e-mail address and phone number
• CV, information about education, skills and interests
• the content of your message and additional information you voluntarily provide

Purpose of processing:

• enabling participation in the Internship programme
• assessing your suitability and selecting candidates
• informing candidates about the next steps, dates and tasks

Legal basis:

Your consent (by applying for the Internship you voluntarily provide data for the stated purpose).

Retention period:

Data is kept for a maximum of 2 years or for a shorter period if you withdraw your consent or request deletion.

6. When you contact us via the “Get in touch” form or e-mail

If you contact us via an online form (e.g. “Get in touch”) or directly by e-mail, we may process:

• first and last name
• company name (if applicable)
• e-mail address
• phone number
• content of the message and any additional information you voluntarily provide
• technical metadata of the e-mail (time sent, intermediate mail servers, etc.)

Purpose of processing:

• responding to your enquiry
• providing the requested information
• establishing or developing business cooperation
• keeping a record of communication for the protection of our rights and interests

Legal basis:

• legitimate interest (Article 8(1)(f) – business communication, development of business relationships)
• in certain cases, Article 8(1)(b) – taking steps prior to entering into a contract, if the communication relates to an offer, contract or project

Retention period:

• if no cooperation is established – data is deleted within 30 days of the end of communication
• if cooperation is established – data becomes part of business documentation and is retained in accordance with accounting and other regulations and internal acts

7. Visitors to our business premises – video surveillance

The premises of COR NET d.o.o. may be covered by a video surveillance system for the purposes of:

• protection of persons
• protection of property
• prevention of unlawful acts and abuse

Visitors are informed about video surveillance by clearly displayed notices at the entrance to the premises.

Purpose of processing:

• protection of property and staff
• safety of visitors
• collection of evidence in the event of an incident

Legal basis:

The legitimate interest of the controller (Article 8(1)(f) of the Personal Data Protection Act of BiH).

The manner in which recordings are used and stored is regulated by an internal Decision on the establishment and operation of video surveillance. Appropriate technical and organisational measures are applied (restricted access, password protection, storage on protected servers, etc.).

Retention period:

Recordings are kept for a maximum of 30 days, after which they are automatically deleted, unless they are required for an official investigation or proceedings (in which case they are kept until the proceedings are completed).

III. Sharing of Personal Data

We share your personal data with third parties only when necessary and to the extent required in order to:

• provide and maintain our Websites and IT systems
• send newsletters and communications (if you have given consent)
• provide professional services (e.g. accounting, legal services)
• comply with legal obligations (tax and other authorities, courts, supervisory authorities)

Examples of categories of recipients:

• hosting and IT infrastructure service providers
• e-mail and newsletter solution providers
• external IT or marketing consultants
• accounting and legal advisors
• competent public authorities when required by law

All such recipients act either as processors or as independent controllers, depending on their role, and we conclude contracts with them (Data Processing Agreements – DPA) under which they undertake to:

• process data solely in accordance with our instructions
• keep data confidential
• apply appropriate security measures
• delete data when they are no longer needed

We may also share personal data when we are expressly required to do so by law (e.g. on the basis of a court order, a request from a supervisory authority, etc.).

If personal data is transferred outside Bosnia and Herzegovina (e.g. to other EU Member States or third countries), we ensure that:

• there is an adequate level of protection in accordance with the GDPR and the Personal Data Protection Act of BiH, and
• appropriate safeguards are in place (e.g. standard contractual clauses).

IV. Rights of Data Subjects

As a data subject (a person whose data is processed), you have the following rights:

Right of access – you may request confirmation as to whether we process your personal data and obtain a copy of the data as well as information about the processing.

Right to rectification – you may request the rectification of inaccurate or the completion of incomplete data.

Right to erasure (“right to be forgotten”) – you may request the deletion of data if they are no longer necessary for the purpose for which they were collected, if you have withdrawn consent or have lodged an objection and there are no overriding legitimate grounds for processing, or if there is a legal obligation to delete.

Right to restriction of processing – you may request restriction of processing while, for example, the accuracy of the data or the reasons for your objection are being verified.

Right to object – you have the right to object to processing based on legitimate interests. In such a case, we will reassess the reasons and, as a rule, stop processing, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.

Right to data portability – you have the right to request that the personal data you have provided to us be delivered to you in a structured, commonly used and machine-readable format and to have it transmitted to another controller, where technically feasible and where the processing is based on consent or a contract.

If your request is manifestly unfounded or excessive (e.g. frequent repetition), we are entitled to charge a reasonable fee or refuse to act on the request, in accordance with the law.

V. Automated Decision-Making and Profiling

On our Websites, we do not carry out automated decision-making or profiling that would, under the law, produce legal effects concerning you or similarly significantly affect you.

If we introduce such processes in the future, we will inform you in advance and ensure all rights to which you are entitled, including the right to human intervention.

VI. Withdrawal of Consent

Where processing is based on your consent (e.g. newsletter, non-essential cookies, storing data in the talent pool), you have the right to withdraw your consent at any time, without negative consequences.

Withdrawal may be made, for example:

• through the cookie settings on our Websites
• via the unsubscribe link in the newsletter
• by sending a message to info@cor-net.net

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After withdrawal, we will no longer process your data for that purpose, unless another legal basis for processing exists (in which case we will inform you, where applicable).

VII. “Do Not Track” (DNT) Signals

Our Websites currently do not support the “Do Not Track” (DNT) option offered by some browsers.

Regardless of that, we respect your choices expressed through:

• cookie settings on our Websites
• browser settings (blocking cookies, deleting cookies, etc.)
• marketing preference settings (e.g. unsubscribing from the newsletter)

VIII. Children

Our Websites and services are not intended for children.

We do not knowingly collect personal data from children. If we become aware that we have unintentionally collected personal data from a child, we will take steps to delete that data as soon as possible, unless there is a legal obligation to retain it.

If you believe that a child has provided us with their personal data, please contact us using the contact details provided in this Privacy Policy.

IX. Complaints, Questions and Requests

If you have any questions, requests or complaints related to the processing of personal data, you can contact us:

• E-mail: info@cor-net.net
• Via the contact form on our Website: https://cor-net.net/hr/
• Phone: +387 36 833 468
• Post: COR NET d.o.o., Kneza Višeslava 14, 88 000 Mostar, Bosnia and Herzegovina

We will respond to your enquiry within 30 days, unless the complexity and number of requests require a longer period, in which case we will inform you.

If you believe that your rights have been violated, you have the right to lodge a complaint with the Personal Data Protection Agency in Bosnia and Herzegovina:

• Address: Dubrovačka 6, 71000 Sarajevo
• Web: www.azlp.ba
• Tel: +387 33 726-250
• Fax: +387 33 726-251
• E-mail: azlpinfo@azlp.ba

Data Protection Officer:
Tel: +387 33 726-258
E-mail: szzp@azlp.ba

X. Personal Data Breach Notification

We apply appropriate technical and organisational measures to prevent:

• unauthorised access to personal data
• accidental loss, destruction or damage of data
• unauthorised disclosure or alteration of data

In the event of an incident that could lead to a personal data breach, we act in accordance with our internal Information Security Incident Management Procedure.

If it is likely that the breach will result in a risk to the rights and freedoms of individuals, we will:

• notify the competent supervisory authority within 72 hours, and
• notify affected individuals, where required by law.

XI. Technical and Organisational Measures

To protect personal data, we use, among others, the following measures:

• restricted physical access to premises and servers where data is stored
• access control (usernames, passwords, roles)
• firewall, antivirus and other security tools
• encryption and pseudonymisation, where applicable
• regular testing, evaluation and assessment of the effectiveness of measures
• contractual confidentiality obligations for employees and associates
• regular employee training on personal data protection and information security

XII. Changes to this Privacy Policy

We will periodically update this Privacy Policy to reflect:

• changes in our services
• changes in the legal framework
• results of risk assessments and security improvements

In the event of significant changes, we will inform you via our Websites, and we will state the date of “Last updated” at the top of the document.

We recommend that you review this Privacy Policy from time to time to stay informed about how we protect your personal data.