Privacy Policy

Introduction

garlendivo.top d.o.o. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect information when you visit our website garlendivo.top or use our services.

We are the data controller for the personal information we process about you. Our registered office is located at Zvonimirova ulica 46, 21457 Split, Croatia, with registration number 258741963.

Data Collection

We collect and process personal data that you provide directly to us and information that is automatically collected when you visit our website. The data we collect includes:

Information You Provide

• Contact details (name, email address, phone number)
• Company or organisation information
• Communication preferences
• Enquiry details and messages you send to us
• Any other information you choose to provide

Information Automatically Collected

• IP address and browser information
• Device and operating system details
• Website usage data and navigation patterns
• Referral sources and exit pages
• Time and date of visits

How We Use Your Information

We use the personal data we collect for legitimate business purposes. How we use your information depends on how you interact with our services:

Primary Uses

• Responding to your enquiries and providing customer support
• Delivering our data governance implementation services
• Managing client relationships and project communications
• Processing and fulfilling service requests
• Improving our website functionality and user experience

Secondary Uses

• Sending relevant business communications and updates
• Conducting market research and service improvement
• Compliance with legal obligations
• Protecting our rights and preventing fraud

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Legitimate Interest: For business operations, service improvement, and marketing communications
• Contract Performance: To fulfil our contractual obligations when providing services
• Consent: Where you have explicitly agreed to specific processing activities
• Legal Obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information in the following circumstances:

• With trusted service providers who assist in our business operations
• When required by law or to respond to legal process
• To protect our rights, property, or safety
• In connection with business transfers or mergers
• With your explicit consent for specific purposes

International Data Transfers

As we operate within the European Union, your personal data is primarily processed within the EU. If we transfer data outside the EU, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Specific retention periods include:

• Contact form submissions: 3 years from last contact
• Client project data: 7 years after project completion
• Marketing communications: Until you unsubscribe or withdraw consent
• Website analytics data: 26 months
• Legal and compliance records: As required by applicable law

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request information about your personal data we process
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Where processing is based on consent

To exercise any of these rights, please contact us using the details provided in the contact section below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection principles
• Incident response and breach notification procedures

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of material changes by posting the updated policy on our website with a new effective date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding privacy matters, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law. In Croatia, this is the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka).