Privacy Policy

Last updated: 15 January 2026

This Privacy Policy describes how noventoria.top d.o.o. ("we", "our", or "us") collects, uses, and protects your personal information when you visit our website noventoria.top and use our services.

Data Controller Information

The data controller for your personal information is:

• Company: noventoria.top d.o.o.
• Address: Jurišićeva ulica 7, 10315 Zagreb, Croatia
• Registration Number: 769458132
• VAT Number: HR76854931529
• Email: [email protected]
• Phone: +385 14985978

Data We Collect

The data we collect includes personal information that you provide to us directly and information that is automatically collected when you use our website. We collect the following types of personal data:

Information You Provide

• Name and contact details when you submit enquiry forms
• Email address and phone number for communication purposes
• Organisation information and professional details
• Messages and correspondence you send to us
• Service preferences and requirements

Automatically Collected Information

• IP address and location data
• Browser type and version
• Operating system and device information
• Pages visited and time spent on our website
• Referral sources and website navigation patterns

How We Use Your Information

We use your personal data for the following purposes, and how we use your information depends on your relationship with us and the services you require:

• Service Provision: To respond to your enquiries and provide our learning experience design services
• Communication: To contact you regarding your requests, projects, and service updates
• Website Improvement: To analyse website usage and improve user experience
• Legal Compliance: To comply with legal obligations and protect our legitimate interests
• Marketing: To send relevant information about our services (with your consent)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for marketing communications
• Contract Performance: To fulfil our contractual obligations to you
• Legitimate Interest: For business operations and website analytics
• Legal Obligation: To comply with applicable laws and regulations

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Service Providers: Third-party vendors who help us operate our business
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers, acquisitions, or asset sales

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Privacy Policy. Data retention periods vary based on the type of information and the purpose for which it was collected:

• Contact Information: Retained for 3 years after last contact
• Project Data: Retained for 7 years for legal and business purposes
• Website Analytics: Retained for 26 months (Google Analytics default)
• Marketing Data: Until consent is withdrawn or 2 years of inactivity

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL encryption for data transmission
• Secure server infrastructure
• Access controls and authentication
• Regular security assessments
• Staff training on data protection

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for countries with equivalent data protection standards
• Certification schemes and codes of conduct

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable law, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local supervisory authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.