Privacy Policy

How we collect, use and protect your personal data.

1. Introduction

This Privacy Policy explains how ADISOFT, owned by Adi Žepčan (hereinafter „we", „us", „Data Controller") collects and processes your personal data when you visit our website adisoft.hr, submit an inquiry via the contact form, or use our services.

Processing is carried out in accordance with EU Regulation 2016/679 (GDPR) and applicable national data protection regulations.

2. Data Controller

The Data Controller is:

  • Name: ADISOFT, owned by Adi Žepčan
  • Registered address: Đuba 22 B, 52470 Umag, Croatia
  • OIB (Croatian tax ID): 31626799290
  • Email: info@adisoft.hr
  • Phone: +385 95 999 4444

For any questions regarding the processing of your personal data, please contact us at: info@adisoft.hr

3. Data we collect

We only collect data that we need:

  • Inquiry and communication data: name and surname, email address, phone number, company name, message content.
  • Client data: information required for the conclusion and performance of the contract, preparation of offers and invoices (company name, VAT/tax ID, address, contact person).
  • Technical data: IP address, device and browser type, date and time of visit, pages viewed — collected automatically through server logs and analytics.
  • Cookies: see section 5.

We do not request or process special categories of personal data (health, religious, biometric, etc.).

4. Purposes and legal bases of processing

We process your data for the following purposes and on the following legal bases under Article 6 of the GDPR:

  • Responding to inquiries and preparing offers — pre-contractual measures and our legitimate interest (Art. 6(1)(b) and (f)).
  • Conclusion and performance of service contracts — performance of a contract (Art. 6(1)(b)).
  • Accounting and tax obligations — legal obligation (Art. 6(1)(c)).
  • System security and prevention of misuse — our legitimate interest (Art. 6(1)(f)).
  • Newsletter or marketing — exclusively with your explicit consent (Art. 6(1)(a)), which you may withdraw at any time.

We do not carry out automated decision-making or profiling that would produce legal or similarly significant effects on you.

5. Cookies

Our website uses the following categories of cookies:

  • Strictly necessary cookies — required for the basic operation of the website (session, security, language preferences, consent settings). Set without consent based on our legitimate interest. Retention: until the end of the session or up to 12 months.
  • Analytics cookies — used to understand how the website is used (number of visitors, page popularity, traffic sources). Set only with your consent via the cookie banner. We currently use: Google Analytics 4. Retention: up to 14 months.
  • Marketing cookies — set only with your explicit consent, used for displaying relevant advertisements. Retention: up to 12 months.

You may withdraw your consent at any time via the cookie settings on our website. You can also control cookies through your web browser settings.

6. Retention periods

We retain data for as long as necessary for the purposes for which it was collected, or as required by law:

  • Inquiry and contact form data: up to 2 years from last contact.
  • Accounting and contractual documentation (invoices, offers, contracts): 11 years from the end of the year to which they relate, in accordance with the Croatian Accounting Act.
  • Other client data (business communication, project records): for the duration of the contractual relationship and up to 5 years thereafter, or shorter if no longer actively used.
  • Server logs: up to 30 days.
  • Data processed on the basis of consent: until consent is withdrawn.

7. Data recipients

We do not sell your data to third parties. We may share it with carefully selected data processors with whom we have concluded data processing agreements:

  • hosting and cloud infrastructure providers (SETCOR d.o.o.),
  • email service providers (SETCOR d.o.o.),
  • analytics and marketing tool providers (see section 5),
  • accounting service providers,
  • IT support providers,
  • competent authorities, where required by law.

8. Transfer of data outside the EU

Some of our data processors may be located outside the European Economic Area (e.g. the United States). In such cases, data transfer takes place under appropriate safeguards in accordance with the GDPR — Standard Contractual Clauses (SCCs) of the European Commission, adequacy decisions, or certifications such as the EU-US Data Privacy Framework.

9. Your rights

Under the GDPR, you have the right to:

  • access your personal data,
  • rectify inaccurate or incomplete data,
  • erasure („right to be forgotten"), under the conditions set out in the GDPR,
  • restriction of processing,
  • data portability,
  • object to processing based on legitimate interest,
  • object to processing for direct marketing purposes, at any time,
  • withdraw consent at any time, where processing is based on consent.

You may submit a request to exercise your rights to info@adisoft.hr. We will respond within 30 days of receiving the request, with the possibility of extension by an additional 60 days in case of complex or numerous requests, of which you will be informed in due time.

10. Right to lodge a complaint

If you believe that we are processing your personal data in violation of applicable regulations, you have the right to lodge a complaint with a supervisory authority.

In Croatia, the competent authority is the Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, email: azop@azop.hr, web: azop.hr.

You may also lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or place where you believe the infringement occurred.

11. Data security and technical implementation

We implement reasonable technical and organisational protection measures — traffic encryption (HTTPS), controlled access to systems, regular backups, and software updates — to reduce the risk of unauthorised access, loss, alteration or disclosure of data.

All fonts, icons and other static resources are served from our own server (self-hosted). We do not load Google Fonts or other external resources that would transmit your IP address to third parties without your consent.

12. Amendments to this Policy

We may update this Privacy Policy from time to time to align with legal or business changes. The current version is always published on this page together with the date of the last amendment. We will notify you of material changes in an appropriate manner.