Privacy Policy
Effective Date: 05.01.2025
Last Updated: 30.05.2025
This Privacy Policy describes how MISS obrt za usluge, located at Kolhiđanska ulica 10, 52100 Pula, Croatia ("Concepta Digital", "we", "us", or "our") collects, uses, stores, and protects your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, "GDPR") and the Croatian Law on the Implementation of the GDPR.
1. Important Information and Who We Are
This Privacy Policy outlines how we process your personal data when you visit our website, interact with us, use our services, or communicate through any channels. Our services are not directed to individuals under the age of 18, and we do not knowingly collect data relating to children.
Data Controller:
MISS obrt za usluge
OIB: 93489071882
Kolhiđanska ulica 10, 52100 Pula, Croatia
Email: [email protected]
2. Types of Personal Data We Collect
We may collect and process the following categories of personal data:
Identity Data: Full name, title, date of birth, gender
Contact Data: Email address, telephone number, mailing address
Financial Data: Payment details, bank account or card information
Transaction Data: Records of services provided, payments, and invoices
Technical Data: IP address, login data, browser type/version, time zone settings, operating system, device identifiers
Usage Data: Website usage patterns, clicks, navigation, session duration
Profile Data: User preferences, service history, feedback, and survey responses
Marketing Data: Communication preferences, engagement with campaigns
We may also collect anonymised and aggregated statistical data for analytics that does not directly or indirectly identify you.
3. How We Collect Your Data
We collect data through the following means:
Direct Interactions: When you fill out forms, request services, subscribe to communications, or contact us by phone, email, or chat
Automated Technologies: As you interact with our site, technical data may be collected automatically through cookies, server logs, and similar technologies
Third Parties: CRM & automation: GoHighLevel Scheduling: Calendly Automation: Zapier, Make.com and Whatsapp Business Advertising and analytics: Meta (Facebook), Google Business operations: Stripe, Notion, ClickUp
We may also consult publicly accessible sources, such as commercial registries and company databases.
4. Legal Bases and How We Use Your Personal Data
We process your personal data under the following legal bases:
Contractual necessity: To perform a contract with you or take pre-contractual steps
Legitimate interest: For business operations, service improvement, fraud prevention, marketing (except where consent is required)
Legal obligation: To comply with tax, accounting, or regulatory requirements
Consent: When legally required, e.g., for marketing communications or cookies
Typical purposes include:
a) Delivering and managing services
b) Processing payments and accounting
c) Responding to inquiries and support requests
d) Sending updates, offers, or marketing materials
e) Analyzing website performance and improving user experience
f) Protecting our systems, detecting fraud, and enforcing terms
5. Direct Marketing
We may send you relevant content and promotional offers if:
You have used our services or requested information
You have opted in to receive communications
You have not opted out
You can withdraw your consent or opt out at any time by clicking "unsubscribe" in our emails or contacting [email protected].
We do not sell or share your personal data with third parties for their independent marketing purposes without explicit consent.
6. Sharing Your Personal Data
We may share your personal data with:
Service Providers: GoHighLevel, Calendly, Zapier, Stripe, Google, Meta, Notion
IT, hosting, and infrastructure partners: for system and data management
Professional advisors: legal, tax, and accounting consultants
Regulators and legal authorities: if required by law
Business transfers: in connection with mergers, acquisitions, or asset sales
All partners are contractually bound to respect data privacy and act in accordance with GDPR.
7. International Data Transfers
Some service providers may process data outside the EEA. In these cases, we ensure adequate safeguards are in place:
The country has an EU adequacy decision
Standard Contractual Clauses (SCCs) approved by the European Commission
Other mechanisms permitted under GDPR
We continuously monitor international transfer compliance.
8. Data Security
We employ a combination of technical and organizational measures to secure personal data, including:
HTTPS encryption and SSL certificates
Access controls and authentication
Secure data storage and encrypted backups
Regular software updates and security patches
Only authorized personnel with a business need can access your data.
9. Data Retention
We keep your data only as long as necessary for the intended purpose, including:
Service delivery and account management
Fulfilling legal and financial obligations (typically 6 years)
Handling disputes, audits, or investigations
When retention is no longer justified, we securely delete or anonymize the data.
10. Your Rights Under GDPR
You have the following rights:
Access: Obtain a copy of your personal data
Rectification: Correct inaccurate or incomplete data
Erasure: Request deletion where appropriate
Restriction: Limit processing in specific scenarios
Objection: Object to processing based on legitimate interests or for marketing
Portability: Receive your data in a machine-readable format
Withdraw consent: At any time, if processing is based on consent
To exercise your rights, email: [email protected]. Identity verification may be required.
We aim to respond within 30 days.
11. Complaints and Supervisory Authority
If you believe your data rights have been violated, you can lodge a complaint with:
Croatian Personal Data Protection Agency (AZOP)
Website: https://azop.hrEmail: [email protected]
Phone: +385 1 4609 000
We strongly encourage you to contact us first at [email protected] to resolve any concerns informally.
12. Policy Updates
We regularly review this Privacy Policy. Updates will be published on our website and take effect immediately unless stated otherwise. We encourage you to check this page periodically.
13. Third-Party Link
Our website may link to third-party platforms. We are not responsible for their data handling practices. Please review their respective privacy policies before submitting any personal data.
Last reviewed on 26.06.2025.