Privacy Policy

The Data Controller responsible for your personal data is:

Navica Services d.o.o.
Address: Zagreb, Croatia, Gornje Prekrizje 52A
Email: info@navicaservices.com
OIB: 73307186931

If you have any questions about this Policy or wish to exercise your privacy rights, please contact our Data Protection Officer (DPO) at:
📧 info@navicaservices.com

We collect personal data only to the extent necessary for the proper functioning of the Website and Services. Data may be collected directly from you or automatically through your interaction with our Website.

‍3.1. Data You Provide Directly:

— Contact information: name, email address, phone number (if provided voluntarily via contact forms).
— Subscription data: if you subscribe to newsletters or updates, we collect your name, email, and preferences.
— User-generated content: comments, feedback, or messages you submit.
— Survey or feedback responses: if you voluntarily participate in user surveys or polls.
— Job applications: where applicable, CVs and related documents you submit to us.

‍3.2. Data Collected Automatically:
‍When you visit our Website, we may automatically collect:

— Device data: type, model, operating system, browser, language settings, screen resolution.
— Log data: IP address, date/time of visit, pages viewed, referring URLs, and general geographic location (city/region level only).
— Cookies and tracking technologies: for analytics, performance measurement, and functionality.

‍3.3. Data from Third Parties:
‍We may receive limited personal data from:

— Email marketing providers or analytics platforms;
— Social media integrations (if you engage with our content on those platforms);
— Publicly available sources for business contact purposes.

We process your personal data for the following purposes and on the following legal bases under Articles 6 and 9 of the GDPR:

1. To operate and maintain the Website
— Legal Basis: Article 6(1)(f) – Legitimate interest
— Description: Ensuring proper functionality, availability, and performance of the Website

2. To respond to inquiries and contact requests
— Legal Basis: Article 6(1)(b) – Contractual necessity
— Description: Processing is required to respond to or fulfill your request

3. To send newsletters or updates
— Legal Basis: Article 6(1)(a) – Consent
— Description: You explicitly opt in to receive communications

4. To perform analytics and measure Website usage
— Legal Basis: Article 6(1)(f) – Legitimate interest
— Description: We analyze usage data to improve the Website and user experience

5. To comply with legal obligations
— Legal Basis: Article 6(1)(c) – Legal obligation
— Description: Compliance with Croatian or EU regulations, tax, or record-keeping

6. To prevent misuse or fraud
— Article 6(1)(f) – Legitimate interest
— Maintaining the security and integrity of our systems

We will not process personal data for purposes incompatible with the original collection purpose without your prior consent.

5.1. Our Website uses cookies, small text files stored on your device, to improve usability and analyze Website performance.
‍
5.2. Types of cookies we use:
— Necessary cookies: essential for core Website operation (cannot be disabled).
— Analytics cookies: measure visitor activity (e.g., Google Analytics).
— Functional cookies: remember user preferences such as language.
— Marketing cookies: track interactions with advertisements or affiliates (if applicable).
‍
5.3. You can manage cookie preferences through our Cookie Consent Tool or your browser settings.
‍
5.4. For more detail, please refer to our [Cookie Policy].

We use collected data to:
‍
— Provide access to Website content and functionality;
— Communicate with you in response to inquiries;
— Manage subscriptions and deliver newsletters;
— Conduct analytics and improve performance;
— Protect against unauthorized access or misuse;
— Comply with legal, regulatory, or security obligations.

We do not sell, lease, or trade your personal information to any third party.

7.1. We retain personal data only for as long as necessary to fulfill the purposes described above or as required by law.
‍
Typical retention periods:
— Contact inquiries: up to 12 months after last correspondence;
— Newsletter subscriptions: until you unsubscribe;
— Analytics data: anonymized or aggregated within 26 months;
— Legal or contractual records: as required under Croatian commercial and tax law.
‍
7.2. When data is no longer needed, it is securely deleted or anonymized.

We may share your personal data only under the following circumstances:
‍
— Service providers / Processors: trusted third parties (e.g., hosting, analytics, email delivery) who process data on our behalf under strict confidentiality agreements.
— Legal compliance: when required by Croatian authorities, courts, or EU institutions to comply with legal obligations.
— Corporate transactions: in case of mergers, acquisitions, or restructuring, provided the receiving party upholds equivalent data protection standards.
— Aggregated or anonymized data: for statistical or research purposes that do not identify individuals.

We do not transfer personal data for marketing resale or profiling purposes.

9.1. We primarily store and process data within the European Economic Area (EEA).
‍
9.2. If we transfer data outside the EEA (e.g., cloud services in the U.S.), such transfers occur only when:
— The European Commission has issued an adequacy decision; or
— Appropriate safeguards (e.g., Standard Contractual Clauses, binding corporate rules) are in place; or
— You have given explicit consent.
‍
9.3. You may request a copy of relevant safeguards by contacting us at the address provided above.

10.1. We implement technical and organizational measures appropriate to the level of risk, including:

— Data encryption (SSL/TLS) for all data in transit;
— Secure server environments and access control;
— Regular security monitoring and backups;
— Employee confidentiality obligations.
‍
10.2. While we strive to protect your data, no system is completely secure. You use the Website at your own risk.

As a Data Subject, you have the following rights under Articles 12–23 of the GDPR:

1. Right of access – to obtain confirmation whether we process your personal data and to access a copy.
2. Right to rectification – to correct inaccurate or incomplete personal data.
3. Right to erasure (“right to be forgotten”) – to request deletion of your personal data under certain conditions.
4. Right to restriction of processing – to limit processing when accuracy is contested or processing is unlawful.
5. Right to data portability – to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
6. Right to object – to object to processing based on legitimate interests, including direct marketing.
7. Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
8. Right to lodge a complaint – with a supervisory authority, particularly in your country of residence or where the alleged infringement occurred.

The competent supervisory authority in Croatia is:

‍Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
📧 azop@azop.hr
🌐 https://azop.hr

12.1. We do not engage in any automated decision-making, including profiling, that produces legal or similarly significant effects on individuals.
‍
12.2. If this changes in the future, we will provide clear prior notice and obtain explicit consent.

13.1. Our Website is not intended for use by children under 16 years of age.
‍
13.2. We do not knowingly collect personal data from minors.
‍
13.3. If you believe your child has provided us with personal data, please contact us immediately to have it deleted.

14.1. Our Website may contain links to third-party websites, plug-ins, or social media widgets.
‍
14.2. Clicking such links may allow third parties to collect or share data about you. We are not responsible for the privacy practices of those external sites.
‍
14.3. We encourage you to read their respective privacy policies.

15.1. We incorporate data protection principles into the development and design of our systems and services from the outset.
‍
15.2. Only data necessary for each specific purpose is collected and accessible to authorized personnel.

16.1. We may update this Policy from time to time to reflect changes in law, technology, or our data processing practices.
‍
16.2. The “Effective Date” at the top of this page indicates when the latest revision was published.
‍
16.3. Material changes will be communicated via notice on the Website or, if required, by email.

If you have any questions, concerns, or wish to exercise your data rights, please contact:

‍Navica Services d.o.o.
Address: Zagreb, Croatia, Gornje Prekrizje 52A
Email: info@navicaservices.com
OIB: 73307186931
Attn: Data Protection Officer

This Privacy Policy is governed by and construed in accordance with the laws of the Republic of Croatia, and any disputes shall be subject to the exclusive jurisdiction of the competent courts in Zagreb, without prejudice to your rights under GDPR to seek remedies before other competent authorities or courts within the European Union.