Privacy Policy

Introduction

This Privacy Policy explains how zenqorvexa.top d.o.o. ("we", "us", or "our") collects, uses, and protects your personal information when you visit our website zenqorvexa.top or use our services. We are committed to protecting your privacy and handling your personal data in accordance with the General Data Protection Regulation (GDPR) and Croatian data protection laws.

We act as the data controller for the personal information we collect about you. Our registered office is located at Tkalčićeva ulica 122, 10087 Zagreb, Croatia.

Data We Collect

When you visit our website or use our services, we may collect the following types of personal data:

• Contact Information: Name, email address, phone number, and postal address when you contact us or request our services
• Business Information: Company name, fitness studio details, and business requirements when you enquire about our consulting services
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referral sources
• Communication Data: Records of your correspondence with us, including emails, phone calls, and meeting notes
• Cookie Data: Information collected through cookies and similar technologies as detailed in our Cookie Policy

We only collect personal data that is necessary for the purposes outlined in this privacy policy and with your consent where required by law.

How We Use Your Information

We use your personal data for the following purposes, based on legitimate business interests, contractual necessity, or your consent:

• Service Provision: To provide our fitness studio consulting services, including profit margin analysis and business optimisation
• Communication: To respond to your enquiries, provide customer support, and send service-related communications
• Business Operations: To manage our client relationships, process payments, and maintain business records
• Website Improvement: To analyse website usage, improve our services, and enhance user experience
• Marketing: To send you information about our services, industry insights, and promotional materials (only with your consent)
• Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements

We process your personal data on the legal basis of legitimate interests for business operations, contract performance for service delivery, and consent for marketing communications.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our website, conducting business, or servicing you (e.g., web hosting, email services)
• Legal Requirements: When required by law, legal process, or to protect our rights, property, or safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality agreements
• Consent: When you have given explicit consent for specific sharing purposes

All third-party service providers are required to maintain the confidentiality and security of your personal information.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our retention periods are as follows:

• Client Data: Retained for the duration of our business relationship and up to 7 years after termination for accounting and legal purposes
• Marketing Data: Retained until you withdraw consent or for up to 3 years of inactivity
• Website Analytics: Typically retained for 26 months in Google Analytics
• Legal Documents: Retained as required by Croatian law and business regulations

After the retention period expires, we will securely delete or anonymise your personal data unless longer retention is required by law.

Your Rights

Under GDPR and Croatian data protection law, you have the following rights regarding your personal data:

• Right of Access: Request access to your personal data and information about how we process it
• Right to Rectification: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain situations
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided in the contact section below. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security
• Secure backup and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

We primarily process your personal data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules or certification schemes

We will inform you of any international transfers and the safeguards in place to protect your data.

Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please contact us:

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) if you believe we have not handled your personal data in accordance with applicable law.