Privacy Policy

Introduction

This Privacy Policy explains how varnexolti.top d.o.o. ("we," "our," or "us") collects, uses, and protects your personal information when you visit our website varnexolti.top or use our enterprise customer experience management services. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

As the data controller, we are responsible for ensuring that your personal data is processed lawfully, fairly, and transparently. This policy provides comprehensive information about our data practices and your rights regarding your personal information.

Data Controller Information

The data controller for your personal information is:

Data Collection

We collect various types of information to provide and improve our services. The data we collect includes information you provide directly to us, information collected automatically through your use of our website, and information from third-party sources where applicable.

Information You Provide

When you interact with our website or services, you may provide us with personal information including:

• Contact information (name, email address, phone number)
• Company information (organisation name, job title, industry)
• Communication preferences and requirements
• Messages and correspondence through our contact forms
• Information provided during consultations and demonstrations

Automatically Collected Information

We automatically collect certain information when you visit our website, including:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, click patterns)
• Technical information (screen resolution, referral sources)
• Cookie and tracking technology data

How We Use Your Information

We use the personal data we collect for specific, legitimate purposes that align with our business operations and your expectations. Our use of your data is based on legal grounds including consent, legitimate interests, and contractual necessity.

Primary Uses

We use of your data for the following purposes:

• Responding to your enquiries and providing customer support
• Delivering our enterprise customer experience management services
• Scheduling and conducting platform demonstrations
• Sending relevant business communications and updates
• Improving our website functionality and user experience
• Complying with legal obligations and regulatory requirements

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: Where you have given clear consent for specific processing activities
• Legitimate interests: For business operations that do not override your privacy rights
• Contract: To fulfil our contractual obligations to you
• Legal obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, including types of cookies we use and how to manage them, please refer to our comprehensive Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in specific circumstances and with appropriate safeguards in place.

Service Providers

We may share information with trusted third-party service providers who assist us in operating our website and delivering our services, including:

• Website hosting and technical infrastructure providers
• Analytics and performance monitoring services
• Customer support and communication platforms
• Professional advisors (legal, accounting, consulting)

Legal Requirements

We may disclose your information when required by law or in response to valid legal processes, including:

• Court orders or legal proceedings
• Regulatory investigations or compliance requirements
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods are based on the nature of the information and the purposes for which it is processed.

Retention Periods

• Contact form submissions: Retained for 3 years from last contact
• Website analytics data: Retained for 26 months
• Marketing communications: Until you unsubscribe or withdraw consent
• Customer service records: Retained for 7 years for business and legal purposes
• Legal and compliance records: Retained as required by applicable law

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data. We are committed to facilitating the exercise of these rights and will respond to your requests within the required timeframes.

Your Rights Include

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Request transfer of your data to another organisation
• Right to object: Object to processing based on legitimate interests or direct marketing
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis

Exercising Your Rights

To exercise any of these rights, please contact us using the information provided below. We may need to verify your identity before processing your request to ensure the security of your personal data.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures are designed to provide a level of security appropriate to the risk of processing your personal data.

Security Measures

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Employee training on data protection practices
• Incident response and breach notification procedures

International Data Transfers

As a Croatia-based company operating within the European Economic Area (EEA), we primarily process your data within the EEA. Any transfers outside the EEA are conducted with appropriate safeguards in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are designed for business use and are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your privacy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out to us using the following contact information:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates applicable data protection law. In Croatia, the relevant supervisory authority is the Croatian Personal Data Protection Agency (AZOP).