Home Privacy Policy

Privacy Policy

How Xenviloq collects, uses, and protects your personal data.

Last Updated: 2 March 2026

1. Controller Identity

The data controller responsible for your personal data is Xenviloq, with its registered office at Slogin-Kula ul. 1, 51000 Rijeka, Croatia. You may contact us regarding data protection matters at info@xenviloq.com or by telephone at +385 51 355 311.

2. Scope of This Policy

This Privacy Policy applies to personal data collected through the website xenviloq.com (the "Site"), including through the contact form, and to personal data provided during the course of consulting engagements. It does not apply to data collected by third-party websites that may be linked from this Site.

3. Legal Basis for Processing

We process personal data on the following legal bases under Regulation (EU) 2016/679 (GDPR) and the Croatian Act on Implementation of the General Data Protection Regulation (NN 42/2018):

  • Contractual necessity: Processing required to enter into or perform a consulting agreement with you.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as responding to enquiries and improving our services, where these interests are not overridden by your rights.
  • Consent: Where you have given specific, informed consent, for example for the use of non-essential cookies.
  • Legal obligation: Processing required to comply with applicable Croatian and EU law.

4. Categories of Personal Data Collected

We may collect the following categories of personal data:

  • Contact data: Name, email address, telephone number, and postal address when provided through the contact form or during a consulting engagement.
  • Project data: Information about your building project that you choose to share with us for the purpose of obtaining consulting services.
  • Technical data: IP address, browser type, operating system, referring URLs, and pages visited, collected automatically through server logs and, where consented to, analytics cookies.
  • Cookie data: Information stored in cookies on your device, as described in our Cookie Policy.

5. Purposes of Processing

We process your personal data for the following purposes:

  • Responding to enquiries submitted through the contact form.
  • Providing technical consulting services as agreed.
  • Administering and improving the Site.
  • Complying with legal and regulatory obligations applicable in Croatia and the EU.
  • Analysing Site usage to understand how visitors interact with our content (where analytics cookies are consented to).

6. Data Retention

We retain personal data for no longer than is necessary for the purposes for which it was collected:

  • Contact form enquiries that do not result in a consulting engagement are retained for up to 12 months.
  • Data related to consulting engagements is retained for the duration of the engagement and for a period of 5 years thereafter, in accordance with Croatian statutory limitation periods.
  • Technical and analytics data is retained for up to 24 months.

7. Data Sharing and Transfers

We do not sell your personal data. We may share personal data with:

  • Service providers who assist us in operating the Site (such as web hosting providers), under data processing agreements that ensure appropriate protection.
  • Professional advisors (such as legal or accounting professionals) where necessary for our business operations, subject to confidentiality obligations.
  • Competent authorities where required by applicable law.

We do not transfer personal data outside the European Economic Area without appropriate safeguards in place.

8. Your Rights

Under GDPR, you have the following rights in relation to your personal data:

  • Right of access: To obtain confirmation of whether we process your data and to receive a copy.
  • Right to rectification: To have inaccurate data corrected.
  • Right to erasure: To have your data deleted where there is no longer a legal basis for processing.
  • Right to restriction: To restrict processing in certain circumstances.
  • Right to data portability: To receive your data in a structured, machine-readable format.
  • Right to object: To object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@xenviloq.com. We will respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include encrypted data transmission (HTTPS), access controls, and regular security reviews of our systems.

10. Cookies

Our use of cookies is described in detail in our Cookie Policy. You can manage your cookie preferences at any time through the cookie settings panel accessible from the cookie banner.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date of the most recent revision is shown at the top of this page. We encourage you to review this page periodically.

12. Contact

For any questions or concerns about this Privacy Policy or our data processing practices, please contact us at info@xenviloq.com or in writing at Slogin-Kula ul. 1, 51000 Rijeka, Croatia.