Privacy Policy

Privacy Policy

As privacy is important, this Privacy Policy is based on the General Data Protection Regulation (GDPR). It explains what personal data is collected through this website, for what purposes it is used, how it is protected, and what rights users have.

EVOLUTA d.o.o. collects and processes personal data only when necessary and to the extent required for providing the service, fulfilling a contract, or complying with legal obligations. Data is not sold, lent, or disclosed.

Data Controller

The data controller is:

EVOLUTA d.o.o.
Vukovarska 19, HR-52440 Poreč – Parenzo, Croatia
E-mail: info@evoluta.hr | Tel: +385 99 836 7145
VAT ID: 30445497225 | Company ID: 05364132

What data may be collected

Depending on how the website is used and services are purchased/booked, the following data may be collected:

  • first and last name
  • email address and phone number
  • invoicing details (e.g., address; company details where applicable)
  • order/booking details (selected service, date/time, number of persons, notes)
  • payment details (transaction status and transaction reference data; without storing full card number and security codes)
  • newsletter-related data (email and, if entered, first and last name)
  • technical data (e.g., IP address, device/browser data, cookies – depending on settings)

Purposes of processing and legal bases

Personal data is processed for the following purposes:

  • contract performance and service provision (booking/purchase, confirmations, communication, service organization)
  • pre-contractual measures (inquiries, appointment scheduling, offers upon user request)
  • fulfillment of legal obligations (accounting and tax obligations, invoicing)
  • legitimate interest (system security, prevention of misuse, basic website analytics and service improvement)
  • consent (newsletter/marketing messages, when consent is given; consent can be withdrawn at any time)

Card payments

For online card payments, the authorized payment system Monri (payment gateway) is used. Card data is entered in the secure environment of the payment service provider and is not stored on EVOLUTA d.o.o. servers. EVOLUTA d.o.o. does not have access to the full card number or CVC/CVV.

Certain transactions may require additional authentication (e.g., 3-D Secure / Strong Customer Authentication), in accordance with the rules of card schemes and the issuing bank.

Data recipients (processors)

Data may be shared exclusively when necessary for providing the service, and only with trusted partners (processors), for example:

  • IT/hosting partners (maintenance, security, storage)
  • payment service providers (Monri) for transaction processing
  • newsletter platform (Mailchimp), if the user is subscribed to the newsletter
  • accounting/administrative partners (legal obligations)
  • partners involved in service delivery (to the extent necessary for booking fulfillment)

All partners may process data exclusively according to the instructions of EVOLUTA d.o.o. and with an obligation of confidentiality.

Newsletter (Mailchimp)

The Mailchimp platform is used for sending newsletters. Newsletters are sent only to users who have given their consent. Unsubscription is possible at any time via the unsubscribe link in each message or by sending a request to info@evoluta.hr.

Transfers to third countries

Mailchimp may process data outside the European Economic Area (EEA). When this occurs, the transfer is carried out with appropriate safeguards in accordance with GDPR (e.g., standard contractual clauses), and only when necessary for providing the service.

Retention periods

Data is retained for as long as necessary for the purposes of processing, including statutory retention periods for documentation, and is then deleted or anonymized, unless there is a lawful basis for longer retention.

  • order/booking data: during fulfillment and a reasonable period thereafter for inquiries/complaints
  • invoices and business documentation: in accordance with statutory periods
  • newsletter data: until consent withdrawal/unsubscription
  • technical data (logs): reasonably limited period for security and diagnostics

User rights

The user has the right to:

  • request access to personal data
  • request correction of inaccurate data
  • request data deletion (when conditions are met)
  • request restriction of processing
  • object to processing when it is based on legitimate interest
  • request data portability (where applicable)
  • withdraw consent at any time (if processing is based on consent)

To exercise these rights, a request can be sent to: info@evoluta.hr.

Supervisory authority

If the user believes that data is not being processed lawfully, they have the right to file a complaint with the competent authority: Croatian Personal Data Protection Agency (AZOP).

Cookies

The website may use cookies for functionality, security, and improving user experience. Non-essential cookies (e.g., analytics/marketing) are used only with consent, if a consent management mechanism is implemented. Cookie settings can also be managed through internet browser settings.

Contact

For all questions related to privacy and personal data:

EVOLUTA d.o.o.
Vukovarska 19, HR-52440 Poreč – Parenzo, Croatia
E-mail: info@evoluta.hr | Tel: +385 99 836 7145