← Back to homeENDEHRSQ

Privacy Policy

Last updated: 26 May 2026

1. Who is responsible

The controller for the processing of your personal data is HERTE PROJEKT d.o.o., Ulica Janka Vukovića 9, 10000 Zagreb, Croatia. For any privacy question, write to privacy@herte-projekt.com.

2. What we collect

We keep data collection to a minimum. We process:

  • Contact form: your name, email address, an optional business name, your message and any files you choose to attach. These are delivered to us by email through Google Workspace / Gmail.
  • Analytics: only if you consent, Google Analytics (via Firebase) sets cookies and collects pseudonymous usage data, such as the pages you view, your approximate location and your device and browser, to help us understand how the site is used. It loads only after you accept, and not at all if you decline.
  • Local browser storage: your language preference and a record of your consent choice (whether you accepted or declined analytics). This stays on your device and never reaches our servers.
  • Server access logs: IP address, request time, user-agent and the requested URL, kept for 30 days for security and reliability, then deleted.

3. Legal bases

  • Contact form: Art. 6(1)(b) GDPR (steps taken prior to a contract) and Art. 6(1)(f) GDPR (our legitimate interest in answering enquiries).
  • reCAPTCHA: Art. 6(1)(a) GDPR (your consent) and § 25(1) TDDDG. Google reCAPTCHA loads only after you accept in the cookie banner (the same choice that controls analytics) and only on first interaction with the contact form. If you decline, no reCAPTCHA cookies or scripts are loaded and the form is protected by a hidden honeypot field instead. You can withdraw consent any time using the “Cookie settings” link in the site footer.
  • Analytics: Art. 6(1)(a) GDPR (your consent).
  • Hosting and logs: Art. 6(1)(f) GDPR (our legitimate interest in a secure, working website).

4. Service providers

We use the following processors, all configured for EU processing (region europe-west1) unless stated otherwise:

  • Firebase Hosting & Cloud Functions (Google): serving the site and handling the contact form.
  • Google Workspace / Gmail (Google Ireland Limited): delivering contact emails; mail may transit the US.
  • Google reCAPTCHA: spam protection for the contact form; loads when you start using the form, to tell humans from bots.
  • Google Analytics / Firebase Analytics (Google Ireland Limited): measuring how the site is used; loaded only with your consent. Data may transit the US.

5. International transfers

Where data is transferred outside the EU/EEA, we rely on the EU Standard Contractual Clauses (Module 2, Commission Decision 2021/914) and, for US providers, the EU-US Data Privacy Framework (Decision 2023/1795).

6. How long we keep it

  • Contact messages: 24 months, or until your enquiry is resolved.
  • Server access logs: 30 days.
  • Browser storage: until you clear it or withdraw consent.

7. Your rights

Under the GDPR you may request access to the personal data we hold about you (Art. 15), correction (Art. 16), deletion (Art. 17) and portability (Art. 20), and you may withdraw consent at any time (Art. 7(3)). Write to privacy@herte-projekt.com and we will respond within 30 days.

Questions or concerns? If anything on this site raises a privacy or legal issue, email us at privacy@herte-projekt.com — we'd rather hear about it. You also have the right to complain to a supervisory authority (see §9 below).

8. Cookies and similar technologies

We use your browser's local storage to remember your language preference and your consent choice; these values stay on your device and are never shared.

With your consent, we use Google Analytics (provided by Google via Firebase) to understand how the site is used. It sets cookies and collects pseudonymous usage data such as pages viewed, approximate location, and device and browser type. Analytics loads only after you accept in the consent banner; if you decline, no analytics cookies are set. Legal basis: your consent (Art. 6(1)(a) GDPR) and § 25(1) TDDDG. You can withdraw consent at any time using the “Cookie settings” link in the site footer (which reopens the banner) or by clearing site storage. Google may process this data; see https://policies.google.com/privacy. We use no advertising or social-media cookies.

See our Cookie Policy for the detail.

9. Complaints

You may lodge a complaint with the Croatian Personal Data Protection Agency (AZOP, azop.hr) or with the supervisory authority in your country.