What data we collect and how

We collect personal data only when you voluntarily submit it via the contact form or direct communication (email, phone). Typically:

• full name,
• email address,
• phone number (if provided),
• message content and (where relevant) the product/service of interest.

We do not obtain data from other sources, and we do not use automated decision-making or profiling.

Purposes of processing

We process your data to:

• respond to your inquiry and maintain communication,
• prepare an offer and/or take steps prior to entering into a contract,
• keep records and comply with legal obligations (e.g., accounting).

Legal bases

According to Art. 6. of GDPR-a, our legal bases are:

• contract / pre-contractual steps: when you request an offer or information,
• consent: if you explicitly ask us to contact you again or to keep data longer than usual,
• legal obligation: where retention is required by law,
• legitimate interests: system protection, record-keeping of communications, misuse prevention.

Recipients and processors

Data is processed within our organizational and technical environment. Where necessary, it may be accessible to trusted service providers (hosting, email, IT maintenance) acting as processors under a data processing agreement and in compliance with GDPR. We do not sell your personal data.

Transfers outside the EEA

We do not transfer data outside the EEA unless necessary for communication or hosting. If such transfers occur, we apply appropriate safeguards (e.g., Standard Contractual Clauses).

Retention

We keep contact-form data until your inquiry is resolved or until the end of legally required retention periods if a business relationship follows. If no cooperation follows, we delete the data within a reasonable period after the communication ends, unless you have provided consent for longer retention or other legal grounds apply.

Your rights

You may request:

• access to your data,
• rectification of inaccuracies or completion of incomplete data,
• erasure ("right to be forgotten"),
• restriction of processing,
• data portability,
• objection to processing based on legitimate interests.

Where processing is based on consent, you may withdraw consent at any time (does not affect prior lawful processing).

To exercise your rights, contact info@grginic.com. You also have the right to lodge a complaint with the Croatian DPA (AZOP): www.azop.hr

Security

We implement technical and organizational security measures (access controls, secure configurations). No system is completely secure; please use communication channels responsibly.

Cookies & analytics

This Privacy Policy primarily covers personal data collected via the contact form.

This website does not generally use cookies, but may use them for analytical purposes (tracking website traffic). In that case, we may use third-party cookies, or analytics software (hosting provider, Google Analytics, etc.), and their privacy and cookie policies are covered by their separate documents over which we have no influence. In that case, as a rule, anonymized data is collected that cannot identify a specific person. If we use different cookies or analytics, we will describe this in a separate Cookie Policy and publish it on our website.

Changes to this Policy

We may update this Policy from time to time. The new version applies from the date it is published on our website.