We Use Cookies

We use cookies and similar technologies to improve your experience, analyze traffic, and personalize content. You can customize your settings or accept all cookies.

NORVEXALITHARA

Privacy Policy

Last updated: January 15, 2026.

Norvexalithara d.o.o. (hereinafter: "we", "us" or the "Company") is committed to protecting the privacy of its users. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679 — and applicable legislation of the Republic of Croatia.

1. Data Controller

The controller of your personal data is: Norvexalithara d.o.o. Ulica grada Vukovara 271, 10000 Zagreb, Croatia OIB: 47821693054 Email: privacy@norvexalithara.com

2. Data We Collect

We collect the following categories of personal data: • Identification data: name, surname, email address • Communication data: content of messages sent via the contact form • Technical data: IP address, browser type, operating system, device information • Usage data: pages visited, time of visit, navigation patterns • Cookies and similar technologies: according to settings you selected through our consent system

3. Purpose and Legal Basis

We process your data based on: • Consent (Art. 6(1)(a) GDPR) — for analytics cookies, advertising technologies, and personalization • Legitimate interest (Art. 6(1)(f) GDPR) — for platform functionality improvement and security • Contract performance (Art. 6(1)(b) GDPR) — for communication with users utilizing our services • Legal obligation (Art. 6(1)(c) GDPR) — for compliance with HANFA and CNB regulatory requirements

4. Data Sharing with Third Parties

We may share your data with: • Google LLC — through Google Analytics 4 and Google Ads, with Google Consent Mode v2 applied • EU-based hosting service providers • Regulatory authorities — when legally required We do not sell your personal data to third parties.

5. Data Transfers Outside EU/EEA

In cases of data transfer outside the European Economic Area (e.g., to Google LLC in the USA), we rely on Standard Contractual Clauses (SCC) approved by the European Commission and appropriate additional safeguards.

6. Data Retention Period

We retain personal data only as long as necessary to fulfill the purpose for which it was collected: • Contact form data: 12 months from last communication • Analytics data: 26 months • Legally required data: per applicable regulations (up to 11 years for financial documentation)

7. Your Rights

Under the GDPR, you have the right to: • Access — request access to your personal data • Rectification — correct inaccurate or incomplete data • Erasure — request deletion of data ("right to be forgotten") • Restriction — restrict how we use your data • Portability — receive your data in a machine-readable format • Objection — object to processing based on legitimate interest • Withdraw consent — at any time, without affecting the lawfulness of prior processing To exercise your rights, contact us at: privacy@norvexalithara.com

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3), regular security audits, and access control based on the principle of least privilege.

9. Right to Complain

If you believe the processing of your personal data violates the GDPR, you have the right to file a complaint with the Personal Data Protection Agency (AZOP): Personal Data Protection Agency Selska cesta 136, 10000 Zagreb www.azop.hr

10. Changes to This Policy

We reserve the right to amend this Privacy Policy. All changes will be published on this page with an updated date. We recommend regularly checking this page.