Privacy Policy

Last updated: 15 January 2026

Data Controller Information

This privacy policy explains how hydroloktk d.o.o. ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services. We are the data controller responsible for your personal data under the General Data Protection Regulation (GDPR).

Data Controller:
hydroloktk d.o.o.
Zvonimirova ulica 39
21180 Split, Split-Dalmatia
Croatia
Registration Number: 253674198
VAT Number: HR25631479852

Data We Collect

We collect personal data that you voluntarily provide to us when you contact us through our website, request information about our services, or engage with our business. The data we collect includes:

  • Contact Information: Your name, email address, phone number, and company details when you submit enquiries through our contact forms
  • Communication Data: The content of messages you send to us, including any attachments or additional information you choose to share
  • Technical Information: Your IP address, browser type, device information, and website usage data collected through cookies and similar technologies
  • Newsletter Data: Your email address if you subscribe to our newsletter or updates

How We Use Your Information

We process your personal data for the following purposes based on legitimate interests and consent:

  • Service Provision: To respond to your enquiries, provide information about our risk monitoring services, and deliver requested consultations
  • Communication: To maintain correspondence with you regarding your business requirements and our services
  • Business Development: To understand client needs and improve our service offerings in enterprise operational risk monitoring
  • Legal Compliance: To comply with applicable laws and regulations in Croatia and the European Union
  • Marketing: To send you relevant information about our services, with your consent, which you may withdraw at any time

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Legitimate Interests: For business communication, service improvement, and maintaining client relationships
  • Consent: For marketing communications and non-essential cookies
  • Contract Performance: When processing is necessary for providing our services
  • Legal Obligation: When required by Croatian or EU law

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to third parties except in the following circumstances:

  • Service Providers: We may share data with trusted third-party providers who assist in operating our website and conducting our business, provided they agree to maintain confidentiality
  • Legal Requirements: When disclosure is required by law, court order, or governmental authority
  • Business Protection: To protect our rights, property, or safety, or that of our clients or others

International Data Transfers

As we operate within the European Union, your data is primarily processed within the EU/EEA. Any transfers to countries outside the EU/EEA will be conducted in accordance with GDPR requirements, including appropriate safeguards such as adequacy decisions or standard contractual clauses.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

  • Contact Enquiries: Retained for up to 3 years after last contact
  • Business Communications: Retained for the duration of the business relationship plus 7 years for legal and regulatory compliance
  • Marketing Data: Retained until you withdraw consent or unsubscribe
  • Website Analytics: Anonymised data retained for up to 26 months

Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of Access: You can request copies of your personal data
  • Right of Rectification: You can request correction of inaccurate or incomplete data
  • Right of Erasure: You can request deletion of your personal data under certain circumstances
  • Right to Restrict Processing: You can request limitation of how we process your data
  • Right to Data Portability: You can request transfer of your data to another organisation
  • Right to Object: You can object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure data transmission protocols, access controls, and regular security assessments.

Contact Information

If you have questions about this privacy policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out using the following contact information:

Privacy Contact:
Email: privacy@hydroloktk.live
Phone: +385 218247426
Post: hydroloktk d.o.o., Zvonimirova ulica 39, 21180 Split, Croatia

Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) if you believe we have not handled your personal data in accordance with applicable data protection laws.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website with a revised "last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Children's Privacy

Our services are directed towards businesses and professional entities. We do not knowingly collect personal data from individuals under the age of 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.