Privacy Policy

Your privacy matters to us. Here we explain how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data Controller

The data controller for your personal data is:

Shinobi Apps
Sole proprietorship for computer programming (obrt)
Owner: Kristina Križan
OIB (Croatian tax ID): 58676285513
MBS: 98930478
Address: Šarengradska 8, 31000 Osijek, Croatia
Email: contact@shinobi-apps.hr
Web: shinobi-apps.hr

2. What Data We Collect

Contact form: When you contact us through the form on our website, we collect your name, company name (optional), email address, and message content.

Analytics: With your consent, we use Google Analytics to collect anonymised data about website usage (pages visited, visit duration, device type, country-level geographic location).

Server logs: Our server automatically records technical data including IP address, browser type, date and time of access, and the requested page. This data is used exclusively for security and diagnostics.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

  • Consent (Art. 6(1)(a)): For data collected through the contact form. You may withdraw your consent at any time.
  • Legitimate interest (Art. 6(1)(f)): For server logs necessary for the security and stability of our website.
  • Consent (Art. 6(1)(a)): For analytics cookies (Google Analytics), which are only activated after your explicit consent via the cookie banner.

4. Data Retention

  • Contact form data: Retained for a maximum of 2 years from last contact, after which it is permanently deleted.
  • Server logs: Automatically deleted after 90 days.
  • Google Analytics data: Retained according to Google's data retention settings (default 14 months).

5. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access - request access to the data we process about you
  • Right to rectification - request correction of inaccurate data
  • Right to erasure - request deletion of your data ("right to be forgotten")
  • Right to restriction - request restriction of processing in certain circumstances
  • Right to data portability - receive your data in a structured, machine-readable format
  • Right to object - object to processing based on legitimate interest

To exercise your rights, contact us at contact@shinobi-apps.hr. We will respond to your request within 30 days.

If you believe your rights have been violated, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP):

AZOP
Selska cesta 136, 10000 Zagreb, Croatia
Web: azop.hr
Email: azop@azop.hr

6. Cookies

Essential cookies: We only use technical cookies necessary for the website to function (e.g., storing language preference). These cookies do not require consent as they are necessary to provide the service you requested.

Analytics cookies: Google Analytics cookies are used only with your explicit consent. You can accept or reject cookies via the cookie banner displayed on your first visit. You can change your choice at any time.

You can control and delete cookies through your browser settings. Please note that blocking essential cookies may affect website functionality.

7. Third-Party Processors

To provide our services, we use the following third parties that process data on our behalf:

  • Google Analytics (Google LLC) - website analytics. Google processes anonymised website usage data. Google's Privacy Policy.
  • Hosting provider - data storage and website hosting. The server is located within the European Economic Area (EEA).

Appropriate data processing agreements in accordance with Article 28 of the GDPR have been concluded with all processors.

8. International Data Transfers

Google Analytics may transfer data to the United States. Google LLC participates in the EU-U.S. Data Privacy Framework, which ensures an adequate level of personal data protection in accordance with the European Commission's adequacy decision.

More information: dataprivacyframework.gov

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, destruction, or alteration, including:

  • SSL/TLS encryption for all website traffic
  • Regular software updates and security patches
  • Restricted access to personal data limited to authorised personnel only
  • Encrypted data backups
  • Firewall and intrusion detection systems

10. Contact for Privacy Matters

For any questions, requests, or complaints regarding the processing of your personal data, you can contact us:

Email: contact@shinobi-apps.hr
Subject: Personal Data Protection

We commit to responding to all enquiries within a reasonable timeframe, no later than 30 days from receiving the request.

Last updated: March 2026