Evolveum’s Privacy Policy

Last modified: March 2026

This privacy policy explains how Evolveum s.r.o. (“Evolveum“, “we“, “us” or “our“) collects, uses, stores and protects personal data when you visit and use our website, interact with our products or services, or otherwise provide personal data to us.

We take the confidentiality and security of the personal data we process very seriously and process personal data in accordance with applicable data protection law, in particular Regulation (EU) 2016/679 (the General Data Protection Regulation, “GDPR“).

1. WHO PROCESSES YOUR PERSONAL DATA?

The controller responsible for the processing of your personal data is: Evolveum s.r.o., Vendelínska 109, Lozorno 900 55, Company ID (IČO): 46296859

2. WHY WE PROCESS YOUR PERSONAL DATA?

We process personal data for the following main purposes:

Providing our products and services — to deliver services or products you have requested (e.g., delivery of software, support, billing and invoicing).
Managing contractual relationships — to communicate with customers, partners and suppliers and to perform our business agreements.
Compliance with our legal obligations — to fulfil duties arising from accounting, tax, employment and other applicable laws.
Protection and security — to protect our website, IT systems, business operations and users, including fraud prevention, troubleshooting and the exercise or defence of legal claims.
Improvement of our website and services — to analyse usage, ensure functionality and enhance user experience.
Marketing communications — to send newsletters and other information about our activities where permitted by law or based on your consent. You may opt out at any time via each individual marketing communication or by email gdpr@evolveum.com.
Human resources and employment administration — to manage your participation in the recruitment process. With your consent, we may also keep and use your data after the recruitment process ends to consider you for similar job opportunities in the future.

3. WHAT PERSONAL DATA DO WE PROCESS?

We process only personal data that is necessary for the purposes described above. The scope of processed personal data depends on your relationship with Evolveum.

Communication content during the job interview process.
In the case of successful candidates, data provided in the onboarding questionnaire required for the preparation of the employment contract and for fulfilling our legal obligations.

Website visitors

Website visitors are individuals who access Evolveum’s websites for information without registration.
Usage data collected automatically, including IP address, cookies, server log files (access date/time, visited pages and success status, referring URL, browser type/version).

Customers

Customers are organizations or entities that purchase, license, or use Evolveum’s products and services, such as support subscriptions, customization, consulting, or implementation projects. In this context, we process personal data of individuals acting on behalf of such customers (e.g., contact persons, administrators, project managers, billing contacts or other authorised representatives).
Identification and contact details.
Account, order, invoicing, and payment-related data.
Usage data of our services, such as IP address, cookies, device and browser information and logs.
Communication content, including emails and support communications, where lawful and proportionate.
Company and business-related information, including company name, position, and business contact details.

Community members

Community members are individuals registered or actively participating in Evolveum’s online communities such as midPoint users, developers, mailing list subscribers, forum contributors, and other engaged members of the project’s ecosystem.
Identification and contact details.
Usage data of our services, such as IP address, cookies, device and browser information and logs.
Communication content, including emails and mailing lists communications, where lawful and proportionate.

Business Partners and Suppliers

Business Partners and Suppliers are individuals acting on behalf of Evolveum’s contractual partners, vendors, or service providers, whose personal data is processed in the context of establishing, managing, or fulfilling contractual or business relationships.
Identification and contact details of contact persons.
Company and business-related information, including role and business contact details.
Records related to contractual relationships, communications, and performance of contractual obligations.

Job Applicants

Identification and contact details such as name, title, postal address, e-mail address, telephone number.
Data provided in CVs, cover letters, and other documents submitted during the recruitment process. With your consent, we may also retain your data for participation in future recruitment processes.

We do not collect more personal data than necessary for the purposes stated.

4. LEGAL BASIS FOR PROCESSING

We process personal data only where there is a valid legal basis, which may include:

Performance of a contract with you or to take steps at your request before entering into a contract.
Compliance with a legal obligation to which we are subject (e.g., tax, accounting and employment law).
Legitimate interests pursued by Evolveum (e.g., security, fraud prevention, improvement of services, direct marketing), provided these interests are not overridden by your rights and freedoms. Where processing is based on legitimate interests, you have the right to object – see Section 9.
Consent, where you have freely given specific, informed and unambiguous consent for one or more specific purposes; you may withdraw such consent at any time in the same manner in which it was given or by email gdpr@evolveum.com.

5. WHO HAS ACCESS TO YOUR PERSONAL DATA?

Access to your personal data within Evolveum is limited to employees and authorised persons who need such data to perform their job duties and are bound by confidentiality obligations.

Where necessary, we may share personal data with carefully selected third parties in the following categories:

Recruitment platforms — which we use to receive and manage job applications. In this context, personal data may be exchanged between Evolveum and the respective platform for the purpose of administering the recruitment process.
Courier and logistics partners — for the delivery of physical goods or documents.
Professional advisers — such as lawyers, accountants or auditors, where disclosure is necessary to comply with legal obligations or to protect our legitimate interests.
IT and other service providers — such as providers managing our IT systems, devices, infrastructure, or other outsourced services. They process personal data strictly on our instructions and under contractual safeguards.
Social media platforms (e.g., LinkedIn) — where you choose to interact with our profiles. In such cases, we process personal data that you make available to us (such as comments, reactions or messages). Please note that the respective social media platform acts as an independent controller of your personal data under its own privacy policy and processes your personal data independently of Evolveum.

These third parties act either as our processors (processing personal data on our documented instructions) or as independent controllers, depending on the nature of the relationship. Where required, we ensure that appropriate contractual safeguards are in place.

In very limited circumstances we may be required to disclose personal data to public authorities (e.g., law enforcement, tax authorities) where required by law.

6. TRANSFERS OUTSIDE THE EU/EEA

Our philosophy is to avoid disclosing your personal data outside the EU/EEA. However, in exceptional cases where such transfers are necessary, we ensure that appropriate safeguards are in place. These may include Standard Contractual Clauses adopted by the European Commission, adequacy decisions, or other lawful transfer mechanisms, to protect your rights.

If you would like information about the specific transfers and safeguards that apply to your personal data, please contact us at gdpr@evolveum.com.

7. HOW LONG DO WE RETAIN PERSONAL DATA?

We retain personal data only for as long as necessary for the purposes for which it was collected, taking into account contractual, statutory and regulatory requirements. In general:

Data processed for the provision of services and contractual purposes is retained for the duration of the contractual relationship and for a reasonable period thereafter to comply with legal obligations and to protect our legitimate interests (for example, for disputes) — commonly a retention period of up to 3 years after the end of active use, unless otherwise specified in applicable law or contractual terms.
Data processed on the basis of consent (e.g., marketing consents) are retained for a period of up to 10 years, unless consent is withdrawn earlier.
Data required to be retained by law (e.g., accounting records, tax documents, employment records) are retained for the statutory period required by applicable law.
Data processed during the recruitment (selection) process are retained for the duration of the recruitment process and for up to 6 months thereafter. With your consent, we may retain your data for consideration in future recruitment processes for up to 2 years. Data of successful candidates collected during recruitment and onboarding are retained in accordance with applicable employment and labour law requirements.

If you would like more detailed information about the specific retention periods applicable to your personal data, please contact us at gdpr@evolveum.com.

8. IS THE PROVISION OF PERSONAL DATA MANDATORY?

Providing personal data to us is generally voluntary. However, in some cases the provision of personal data is necessary in order to provide the requested service or to comply with a legal obligation (for instance, payroll or invoicing). Failure to provide mandatory information may prevent us from entering into or performing a contract with you.

9. YOUR RIGHTS

Under the GDPR you have the following rights in relation to your personal data (subject to certain legal limitations):

Right of access — you can request confirmation whether we process your personal data and obtain a copy of the data we hold about you.
Right to rectification — you can request corrections to inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) — you can request deletion of personal data where legal grounds permit.
Right to restriction of processing — you can request limitation of the processing of your data in certain circumstances.
Right to data portability — where processing is based on consent or contract and carried out by automated means, you can request transfer of your personal data to another controller.
Right to object — you can object to processing based on legitimate interests (including profiling) and to direct marketing at any time.
Right to withdraw consent — where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, please contact us at gdpr@evolveum.com. We may ask you to verify your identity to protect your data. We will respond to requests to exercise your data subject rights without undue delay and in any event within one month of receipt (extensions up to two further months where necessary, with notice).

You also have the right to lodge a complaint with the supervisory authority in Slovakia (Úrad na ochranu osobných údajov SR) or, if applicable, the supervisory authority of your habitual residence. Template of the application can be found at the website: Proposal to initiate proceedings on personal data protection.

10. COOKIES

Our website uses cookies to improve usability and to analyse traffic on our website. Cookies are small text files placed on your device by your browser. You can manage and disable cookies through your browser settings, but disabling certain cookies may affect the functionality of the website.

For detailed information about the cookies we use, their purposes and retention periods, please consult our Cookie Policy.

11. AUTOMATED DECISION-MAKING AND PROFILING

We do not carry out automated decision-making (including profiling) that produces legal or similarly significant effects about you, unless we inform you separately and obtain any required consent.

12. SECURITY MEASURES

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage. Such measures include access controls, encryption where appropriate, logging, backups and staff training.

13. MARKETING COMMUNICATIONS

Where we rely on consent to send marketing communications, you can opt out at any time by following the unsubscribe link in our communications or by contacting gdpr@evolveum.com.

Where we rely on our legitimate interest for direct marketing, you have the right to object to such processing at any time. You may exercise this right either at the time you provide your personal data or in each individual marketing communication, by using the unsubscribe link.

14. EXTERNAL LINKS

Our website may contain links to other websites. Please note that Evolveum does not exercise control over the processing of personal data or the data collection practices of third-party sites accessible through these links. These external sites operate as independent controllers and are governed by their own privacy statements. If you have questions regarding the data protection procedures of linked websites, we recommend that you contact those entities directly.

15. CONTACT DETAILS

If you have any questions about this privacy policy or our processing of your personal data, please contact:
E-mail: gdpr@evolveum.com

16. CHANGES TO THIS POLICY

We may update this privacy policy from time to time to reflect changes in our processing activities or legal requirements. The date of last revision is set out at the top of this document.

Name	Provider	Purpose	Expiry	More information
PHPSESSID	Evolveum s.r.o.	Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.	When you close your browser
moove_gdpr_popup	Evolveum s.r.o.	When this Cookie is enabled, these Cookies are used to save your Cookie Setting Preferences. You can enable or disable your Cookie Settings on our website at anytime via Cookie Settings.	1 year	Read more
wordpress_test_cookie	Evolveum s.r.o.	Tests that the browser accepts cookies.	Session	Read more
wp-settings-[user_id]	Evolveum s.r.o.	Used to preserve user’s wp-admin settings	1 year	Read more
wordpress_[hash]	Evolveum s.r.o.	On login, WordPress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/	Session	Read more
wordpress_logged_in_[hash]	Evolveum s.r.o.	Remember User session	Session	Read more
wordpress_sec_[hash]	Evolveum s.r.o.	This cookie is used to store your authentication details. Its use is limited to the admin console area, /wp-admin/	Session	Read more
wp-postpass_[hash]	Evolveum s.r.o.	This cookie is used to grant access to password protected areas of the site.	10 days
wp-settings-time-[user_id]	Evolveum s.r.o.	The number on the end is your individual user ID from the user’s database table. This is used to customize your view of admin interface, and possibly also the main site interface.	1 year	Read more

Name	Provider	Purpose	Expiry	More information
woocommerce_cart_hash	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
woocommerce_items_in_cart	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
wp_woocommerce_session_[hash]	Evolveum s.r.o.	Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.	2 days	Read more
tk_ai	Evolveum s.r.o.	Stores a randomly-generated anonymous ID. This is only used within the dashboard (/wp-admin) area and is used for usage tracking, if enabled.	Session	Read more
comment_author_{HASH} comment_author_email_{HASH} comment_author_url_{HASH}	Evolveum s.r.o.	When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment.	These are set to expire a little under one year from the time they’re set.	Read more