Privacy Policy

Privacy Policy

Last updated: 5 May 2026

EURO GRANT KONZALTING INTERNATIONAL D.O.O. (hereinafter “we”, “us”, “our”) is the owner and operator of the website zielinskacrobiz.eu (“the website”). This Privacy Policy explains how we collect, process, store, and protect personal data of our website visitors, clients, and contacts in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679 — “GDPR”) and the Croatian Act on the Implementation of the General Data Protection Regulation (OG 42/2018).

We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner. Please read this Policy carefully to understand our practices regarding your personal data.

1. Data Controller

The data controller responsible for processing your personal data is:

EURO GRANT KONZALTING INTERNATIONAL D.O.O.

Nazorova 7, 47 300 Ogulin

Republic of Croatia

E-mail: info@egk.hr

For any questions, requests, or complaints regarding this Privacy Policy or the processing of your personal data, you can contact us directly at the e-mail address above. The point of contact for data protection matters is Natalia Zielinska.

2. What Personal Data We Collect

Personal data is any information relating to an identified or identifiable natural person. We collect personal data only when you voluntarily provide it to us, for example when you:

  • Fill out a contact form on our website
  • Subscribe to our newsletter
  • Send us an e-mail or otherwise contact us
  • Engage our consulting services

The personal data we may collect includes: name and surname, e-mail address, phone number, company name, job title, and any information you choose to share with us in correspondence.

In addition, we automatically collect certain non-personal technical information when you visit our website, such as: IP address (which may be considered personal data under GDPR), browser type and version, operating system, pages visited, time spent on the site, referring website, and similar data. This information is collected through cookies and server logs — see our Cookie Policy for details.

3. Legal Basis for Processing

We process your personal data only when we have a valid legal basis under Article 6 of the GDPR. The applicable legal bases are:

  • Consent (Art. 6(1)(a) GDPR) — for newsletter subscriptions and non-essential cookies. You can withdraw your consent at any time
  • Performance of a contract (Art. 6(1)(b) GDPR) — for delivering our consulting services and pre-contractual communication
  • Legal obligation (Art. 6(1)(c) GDPR) — for fulfilling obligations under tax, accounting, and other applicable laws
  • Legitimate interest (Art. 6(1)(f) GDPR) — for ensuring website security, preventing fraud, and improving our services, where these interests are not overridden by your rights and freedoms

4. Purposes of Processing

We process your personal data for the following purposes:

  • Responding to inquiries and providing the requested information
  • Delivering our consulting services and managing the client relationship
  • Sending newsletters and marketing communications (only with your prior consent)
  • Improving our website, analyzing traffic, and tailoring content
  • Complying with legal, tax, and accounting obligations
  • Securing our website against unauthorized access and misuse

5. Data Sharing and Recipients

We do not sell, rent, or trade your personal data to third parties. We may share your personal data only with:

  • Service providers (data processors) acting on our behalf under data processing agreements — for example, hosting providers, e-mail service providers, and analytics tools
  • Public authorities when required by law (e.g., tax authorities, courts)

We do not engage in automated decision-making or profiling that produces legal effects on you.

6. International Data Transfers

Our website and data are hosted on servers located within the European Union (DigitalOcean, Amsterdam, Netherlands). We do not transfer your personal data outside the European Economic Area (EEA). If we ever needed to transfer data outside the EEA, we would do so only with appropriate safeguards in place (e.g., Standard Contractual Clauses approved by the European Commission).

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

  • Inquiry and contact data: up to 24 months from the date of last contact, unless a business relationship continues
  • Newsletter subscribers: until you withdraw your consent or unsubscribe
  • Client data: for the duration of the business relationship and up to 11 years afterwards (in line with Croatian accounting and tax retention requirements)
  • Website analytics data: up to 14 months (anonymized after this period)

After the retention period expires, your personal data is securely deleted or anonymized.

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access (Art. 15) — to obtain confirmation of whether we process your data and to receive a copy
  • Right to rectification (Art. 16) — to correct inaccurate or incomplete personal data
  • Right to erasure / “right to be forgotten” (Art. 17) — to request deletion of your data
  • Right to restriction of processing (Art. 18) — to limit how we use your data
  • Right to data portability (Art. 20) — to receive your data in a structured, machine-readable format and transfer it to another controller
  • Right to object (Art. 21) — to object to processing based on our legitimate interests or for direct marketing purposes
  • Right to withdraw consent (Art. 7(3)) — to withdraw your consent at any time, without affecting the lawfulness of processing prior to withdrawal
  • Right not to be subject to automated decision-making (Art. 22)

To exercise any of these rights, please contact us at info@egk.hr. We will respond to your request without undue delay and within one month at the latest, free of charge. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act.

9. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR or other applicable data protection laws, you have the right to lodge a complaint with the supervisory authority. In the Republic of Croatia, the competent supervisory authority is:

Croatian Personal Data Protection Agency (AZOP)

Selska cesta 136, 10 000 Zagreb

Website: www.azop.hr

E-mail: azop@azop.hr

10. Children’s Data

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe we may have collected such data, please contact us immediately and we will take steps to delete it.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit (HTTPS/TLS), access controls, regular security assessments, employee training, and secure backup procedures. We continuously review and update our security measures.

12. Notification of Personal Data Breach

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with Articles 33 and 34 of the GDPR.

We will not be required to notify you individually if:

  • We have implemented appropriate technical and organizational protection measures (such as encryption) that render the data unintelligible to unauthorized persons
  • We have taken subsequent measures to ensure the high risk is no longer likely
  • It would involve disproportionate effort, in which case we will use a public communication or similarly effective measure

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by e-mail or via a notice on our website.

14. Consent

By using our website, you confirm that you have read and understood this Privacy Policy. Where processing is based on your consent, you provide such consent through specific actions (e.g., subscribing to the newsletter, accepting cookies) and may withdraw it at any time.

15. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us:

EURO GRANT KONZALTING INTERNATIONAL D.O.O.

Nazorova 7, 47 300 Ogulin, Croatia

E-mail: info@egk.hr