This privacy policy describes how EKO ELEKTRO VOD d.o.o. (hereinafter referred to as "we", "us" or the "Company") collects, uses and protects the personal data of visitors to this website, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Croatian Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18).
1. Data Controller
The controller of personal data is:
EKO ELEKTRO VOD d.o.o.
Pavla Štoosa 10a, 10360 Zagreb, Croatia
OIB (Company ID): 35955468622
Email: ekoelektrovod@gmail.com
Phone: +385 98 38 97 97
For any questions regarding the protection of personal data, you may contact us at the email address provided above.
2. What Personal Data We Collect
This website collects the minimum scope of data necessary for its operation:
2.1 Contact Form
When you use the contact form on our website, we collect the data you voluntarily provide:
- Full name
- Phone number
- Type of inquiry
- Message content
The contact form operates via your email client (mailto:) — data is not stored on our server but is sent directly through your email application.
2.2 Communication via WhatsApp
If you contact us through the WhatsApp link on our website, communication takes place directly via the WhatsApp platform. Meta Platforms Ireland Limited processes such data in accordance with its own privacy policy. We do not store or control any data collected by WhatsApp.
2.3 Technical Data (Hosting)
This website is hosted on the Cloudflare Pages platform. Cloudflare automatically processes certain technical data in order to deliver content and protect against malicious traffic:
- IP address
- Browser type and version
- Operating system
- Date and time of access
- Requested page
This data is processed on the basis of a legitimate interest (Art. 6(1)(f) GDPR) to ensure the security and proper functioning of the website. Cloudflare, Inc. is a US-based company that provides appropriate safeguards for the transfer of data in accordance with the EU-U.S. Data Privacy Framework.
3. Cookies
This website itself does not set any cookies. Cloudflare, as the hosting provider, may set strictly necessary security cookies (e.g. __cf_bm) to protect against automated attacks and ensure the proper functioning of the website.
These cookies fall within the category of strictly necessary cookies, which are exempt from the requirement to obtain consent pursuant to Art. 5(3) of Directive 2002/58/EC (ePrivacy Directive).
We do not use analytics, marketing, or third-party tracking cookies.
4. Purpose and Legal Basis for Processing
| Activity | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Contact form | Responding to your inquiry | Art. 6(1)(b) — performance of a contract / pre-contractual measures |
| WhatsApp communication | Responding to your inquiry | Art. 6(1)(b) — performance of a contract / pre-contractual measures |
| Technical data (Cloudflare) | Security and functioning of the website | Art. 6(1)(f) — legitimate interest |
| Security cookies | Protection against malicious traffic | Art. 6(1)(f) — legitimate interest |
5. Disclosure of Data to Third Parties
We do not sell, trade, or otherwise transfer your personal data to third parties, except in the following cases:
- Cloudflare, Inc. — hosting service provider. Cloudflare may process technical data in accordance with its obligations as a data processor. More information: Cloudflare Privacy Policy.
- Meta Platforms Ireland Limited — only if you contact us via WhatsApp. More information: WhatsApp Privacy Policy.
- Legal obligation — if we are legally required to disclose data to competent authorities.
6. No Third-Party Content
This website does not load content from external servers. All fonts, icons, and stylesheets are hosted locally on the same server. This means that your browser does not send requests to third parties when visiting our website (except for the Cloudflare infrastructure that delivers the content).
7. Data Retention Period
We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected:
- Contact inquiries: data from communications is retained until the conclusion of the business relationship, or for a maximum of 2 years from the last contact, unless longer retention is required due to legal obligations.
- Technical data: Cloudflare automatically deletes access logs in accordance with its own data retention policies.
8. Your Rights
In accordance with the GDPR, you have the following rights with regard to your personal data:
- Right of access (Art. 15) — the right to request confirmation as to whether we process your data and to obtain access to such data.
- Right to rectification (Art. 16) — the right to request the correction of inaccurate data.
- Right to erasure (Art. 17) — the right to request the deletion of your data ("right to be forgotten").
- Right to restriction of processing (Art. 18) — the right to request restriction of processing in certain circumstances.
- Right to data portability (Art. 20) — the right to receive your data in a structured, commonly used format.
- Right to object (Art. 21) — the right to object to processing based on legitimate interest.
To exercise your rights, please contact us at: ekoelektrovod@gmail.com
You also have the right to lodge a complaint with the supervisory authority:
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, 10000 Zagreb
azop.hr
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- SSL/TLS encryption (HTTPS) for all communication with the website
- Cloudflare DDoS protection and Web Application Firewall (WAF)
- All website resources hosted locally (no third-party external requests)
- Security HTTP headers (Content-Security-Policy, HSTS, X-Frame-Options)
10. Changes to This Privacy Policy
We reserve the right to amend this privacy policy at any time. Any changes shall take effect upon publication on this page. We recommend that you periodically review this page to stay informed of any updates.
Date of last amendment: April 2026.