Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

Okultis, obrt za trgovinu i usluge, vl. Nikola Gajski
Jurjevska ulica 31 A, Zagreb, Croatia
Email: info@okultis.com

2. Data We Collect

We collect and process the following types of personal data:

2.1 Contact Form Data

When you submit our contact form, we collect your name, email address, and message content. This data is used solely to respond to your enquiry.

2.2 Analytics Data

We use Google Analytics 4 (measurement ID: G-4X89M6MWM9) to understand how visitors use our website. This service collects anonymised usage data including pages visited, time spent on pages, device type, browser, approximate geographic location, and referral source. IP addresses are anonymised by default in GA4.

2.3 reCAPTCHA Data

We use Google reCAPTCHA v3 on our contact form to protect against spam and abuse. reCAPTCHA collects hardware and software information (such as device and application data) and sends it to Google for analysis.

2.4 Google Search Console

We use Google Search Console to monitor and maintain our website's presence in Google Search results. This service processes aggregated and anonymised search performance data.

3. Legal Basis for Processing

We process your personal data on the following legal bases under GDPR Article 6:

• Consent (Art. 6(1)(a)) — for the use of analytics cookies (Google Analytics) and spam-protection cookies (Google reCAPTCHA). These are only loaded after you accept cookies via our consent banner.
• Legitimate interest (Art. 6(1)(f)) — for basic website security and honeypot spam protection, which operate without cookies.
• Performance of a contract or pre-contractual measures (Art. 6(1)(b)) — for processing contact form submissions to respond to your enquiry.

4. Cookies & Tracking Technologies

Our website uses cookies and similar technologies:

• Google Analytics cookies (_ga, _ga_*) — used to distinguish users and sessions. These cookies expire after up to 2 years.
• Google reCAPTCHA cookies — used to assess whether requests come from humans or bots.

When you first visit our website, a cookie consent banner allows you to accept or reject non-essential cookies. If you reject cookies, Google Analytics and reCAPTCHA will not be loaded. Your preference is stored in your browser's local storage for 6 months, after which you will be asked again. You can also control cookies through your browser settings.

5. Third-Party Services

We use the following third-party services that may process your data:

• Google Analytics (Google LLC) — web analytics. Google Privacy Policy
• Google reCAPTCHA (Google LLC) — spam protection. Google Privacy Policy
• Google Search Console (Google LLC) — search performance monitoring. Google Privacy Policy
• Hostinger International Ltd. — website hosting on EU-based servers. Hostinger Privacy Policy

6. International Data Transfers

Some of our third-party service providers, notably Google LLC, are based in the United States. Data transferred to the US is protected under the EU-U.S. Data Privacy Framework, Standard Contractual Clauses (SCCs), and other appropriate safeguards as required by GDPR.

7. Data Retention

We retain personal data only for as long as necessary for the purposes described:

• Contact form data — retained for up to 1 year after your enquiry is resolved, then deleted.
• Analytics data — Google Analytics data is retained for 14 months, after which it is automatically deleted.
• reCAPTCHA data — processed in real-time and not stored by us.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — request a copy of your personal data we hold.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data.
• Right to restriction of processing — request limited processing of your data.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest.
• Right to withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@okultis.com. We will respond within 30 days.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP):

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
Phone: +385 1 4609 000
Website: azop.hr

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: info@okultis.com
Address: Jurjevska ulica 31 A, Zagreb, Croatia