Information on the processing of personal data pursuant to General Data Protection Regulation (EU) 2016/679
This Privacy & Cookie Policy describes how VISION COMPLIANCE d.o.o. processes your personal data. Before reading in detail, here are the key points:
Pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR), we inform you that the controller of your personal data is:
| Field | Value |
|---|---|
| Company Name | VISION COMPLIANCE d.o.o. |
| Legal Form | Limited Liability Company |
| Registered Address | Ulica Republike Austrije 23, 10000 Zagreb, Republic of Croatia |
| OIB (Tax ID) | 82941998009 |
| MBS (Registration No.) | 05256968 |
| Registry Court | Commercial Court in Zagreb |
| Business Activity | 70.22 – Management consultancy activities |
| Year of Establishment | 2020 |
| contact@visioncompliance.eu | |
| Website | www.visioncompliance.eu |
For all questions regarding the processing of your personal data, exercising your rights, or complaints, you may contact us at: contact@visioncompliance.eu. We undertake to respond to each inquiry within 30 days of receipt.
This Privacy & Cookie Policy applies to:
This policy does not apply to third-party websites to which we may link. We recommend reading the privacy policies of those websites before providing them with your personal data.
When processing your personal data, we comply with the following regulations:
Depending on how you interact with us, we may collect different categories of personal data. Below are all categories of data we may process:
In accordance with the principle of lawfulness under Article 5 of GDPR, we process personal data exclusively on the basis of one of the legal grounds set out in Article 6 of GDPR. Below are all processing purposes and corresponding legal bases:
When you send us an inquiry via contact form, email, or telephone, we process your data to respond to your inquiry and provide you with the requested information.
When you enter into a contract with us for the use of our consulting services, we process your data for the performance of the contract.
With your explicit consent, we may send you newsletters with news about regulatory changes, professional articles, and information about our services.
We use analytical tools to understand how visitors use our website and identify areas for improvement.
With your consent, we use marketing cookies to track the effectiveness of our advertising campaigns on platforms such as Google Ads, Facebook, and LinkedIn.
We may process your data when necessary to fulfill legal obligations to which we are subject, including accounting, tax, and regulatory requirements.
In limited cases, we may process your data on the basis of our legitimate interests, where those interests do not override your fundamental rights and freedoms.
We do not sell your personal data or share it with third parties for marketing purposes without your explicit consent. We may share data with the following categories of recipients, solely to the extent necessary to achieve processing purposes and with appropriate safeguards:
| Provider | Location | Purpose | Safeguards |
|---|---|---|---|
| Vercel Inc. | USA | Website hosting, CDN, serverless functions | Standard Contractual Clauses (SCC) |
| SendGrid (Twilio Inc.) | USA | Transactional email delivery, contact form processing | Standard Contractual Clauses (SCC) |
| Sentry (Functional Software Inc.) | USA | Application error tracking, performance diagnostics | Standard Contractual Clauses (SCC) |
The following service providers process data only with your cookie consent:
| Provider | Location | Purpose | Safeguards |
|---|---|---|---|
| Google LLC (Analytics, Ads, Tag Manager) | USA | Website analytics, conversion measurement, tag management | Standard Contractual Clauses (SCC) |
| Meta Platforms Inc. | USA | Facebook Ads pixel – advertising effectiveness measurement | Standard Contractual Clauses (SCC) |
| LinkedIn Corporation | USA | LinkedIn Insight Tag – conversion tracking from LinkedIn ads | Standard Contractual Clauses (SCC) |
| Provider | Location | Purpose | Safeguards |
|---|---|---|---|
| Cybot A/S (Cookiebot) | Denmark (EU) | Cookie consent management, consent logging | Processing within EU/EEA |
In cases provided by law, we may disclose your data to:
Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. When transferring personal data to third countries, we ensure an adequate level of protection through the following mechanisms:
For transfers to the USA, we use Standard Contractual Clauses (SCC) adopted by the European Commission through Implementing Decision (EU) 2021/914. These clauses ensure that data recipients in third countries provide a level of protection equivalent to that in the EU.
In addition to SCCs, we apply supplementary measures in accordance with EDPB recommendations:
You have the right to request a copy of the Standard Contractual Clauses and information about additional safeguards by contacting us at contact@visioncompliance.eu.
In accordance with the storage limitation principle under Article 5 of GDPR, we retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Below are specific retention periods:
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
| Contact form and email communication data | 2 years from last communication | Legitimate interest (Art. 6.1.f GDPR) |
| Newsletter subscriptions | Until consent withdrawal + 30 days for technical processing | Consent (Art. 6.1.a GDPR) |
| Contractual data and business documentation | Duration of contract + 10 years | Legal obligation (Accounting Act, General Tax Act) |
| Invoices and financial documentation | 11 years from issuance | Legal obligation (Art. 10 Accounting Act) |
| Analytics data (Google Analytics) | 14 months | Consent (Art. 6.1.a GDPR) |
| Cookie consent data | 12 months from consent | Legal obligation to prove consent |
| Data for defense of legal claims | Until expiration of limitation periods (5-10 years) | Legitimate interest (Art. 6.1.f GDPR) |
Upon expiration of the above periods, data is permanently deleted or anonymized so that you can no longer be identified.
Under GDPR, you have the following rights regarding the processing of your personal data. All rights may be exercised free of charge, and we will respond to your request without undue delay, and no later than within 30 days.
You have the right to obtain confirmation as to whether we process your personal data and, if so, access to that data and the following information: purposes of processing, categories of data, recipients, retention period, your rights, source of data, existence of automated decision-making.
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you have the right to have incomplete personal data completed.
You have the right to obtain the erasure of personal data concerning you if:
You have the right to obtain restriction of processing if:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller. This right applies where processing is based on consent or contract and is carried out by automated means.
You have the right to object to the processing of your personal data based on legitimate interest, including profiling. In case of objection, we will no longer process your data unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.
If processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You may withdraw consent by sending an email to contact@visioncompliance.eu or by clicking the unsubscribe link in the newsletter.
If you believe that the processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority:
To exercise any of the above rights, contact us at:
Please include your name, email address, and a clear description of which right you wish to exercise. We may request additional information to verify your identity. We will respond to your request within 30 days. In case of complex requests or a large number of requests, this period may be extended by an additional 60 days, of which we will inform you.
Our website uses cookies and similar technologies to ensure functionality, analyze traffic, and, with your consent, for marketing purposes. This section explains in detail the types of cookies we use and how you can manage them.
Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow the website to 'remember' your actions and preferences over a period of time, so you do not have to re-enter them each time you visit the site or navigate from one page to another.
On your first visit to our website, you will see a cookie consent banner. You may choose to:
You can change your settings at any time by clicking 'Cookie Settings' in the footer or by deleting cookies in your browser settings.
We use the following cookie categories on our website:
These cookies are essential for basic website functionality and cannot be disabled. They are set only in response to actions made by you which amount to a request for services, such as setting privacy preferences, logging in, or filling in forms. You can set your browser to block these cookies, but then some parts of the site may not work properly. These cookies do not store personally identifiable information.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| CookieConsent | Cookiebot (Cybot A/S) | Stores user's cookie consent status for the current domain. Necessary for GDPR compliance. | 12 months | HTTP cookie |
| NEXT_LOCALE | Vision Compliance | Stores user's preferred language version of the site (HR/EN). | 12 months | HTTP cookie |
| __cf_bm | Cloudflare | Cloudflare Bot Management – distinguishes humans from bots to protect the site. | 30 minutes | HTTP cookie |
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and how visitors move around the site. All data these cookies collect is aggregated and anonymous. If you do not allow these cookies, we will not know when you visited our site.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _ga | Google Analytics | Registers a unique ID used to generate statistical data about how the visitor uses the website. | 14 months | HTTP cookie |
| _ga_* | Google Analytics | Used to maintain session state and track user interactions on the site. | 14 months | HTTP cookie |
| _gid | Google Analytics | Registers a unique ID used to generate statistical data about how the visitor uses the website. | 24 hours | HTTP cookie |
| _gat | Google Analytics | Used to throttle request rate to Google Analytics servers. | 1 minute | HTTP cookie |
These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They do not directly store personal information but are based on uniquely identifying your browser and device. If you do not allow these cookies, you will experience less targeted advertising.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| _gcl_au | Google Ads | Used to store and track conversions from Google Ads. | 90 days | HTTP cookie |
| _gac_* | Google Ads | Contains campaign information for the user. | 90 days | HTTP cookie |
| _fbp | Meta (Facebook) | Used to store and track visits across websites for Facebook Ads. | 90 days | HTTP cookie |
| _fbc | Meta (Facebook) | Stores the last click from a Facebook ad (fbclid parameter). | 90 days | HTTP cookie |
| li_sugr | Used to identify browser for off-LinkedIn tracking. | 90 days | HTTP cookie | |
| bcookie | LinkedIn Browser ID cookie to identify device accessing LinkedIn. | 1 year | HTTP cookie | |
| lidc | LinkedIn Data Center cookie for server selection optimization. | 24 hours | HTTP cookie | |
| UserMatchHistory | LinkedIn Ads ID synchronization. | 30 days | HTTP cookie |
The security of your personal data is of utmost importance to us. We implement appropriate technical and organizational measures to protect data from unauthorized access, loss, destruction, or disclosure.
Despite all measures, no system is 100% secure. If a personal data breach occurs that may result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR. If you notice any suspicious activity related to your data, please contact us immediately at contact@visioncompliance.eu.
Pursuant to Article 22 GDPR, we inform you that on our website we do NOT use automated decision-making that would produce legal effects or significantly affect you. We do not create user profiles for the purpose of automated decision-making. The analytical and marketing tools we use (with your consent) serve exclusively to measure aggregate statistics and optimize advertising, without making individual automated decisions.
Our website and services are intended exclusively for business users and persons over 18 years of age. We do not knowingly collect personal data from children under 18 years of age. If you are a parent or guardian and learn that a child has provided us with personal data without your consent, please contact us immediately at contact@visioncompliance.eu. We will take all reasonable steps to delete such data from our systems.
Our website may contain links to third-party websites that are not under our control. This Privacy Policy applies exclusively to our website (visioncompliance.eu). We are not responsible for the privacy policies or practices of other websites. We recommend reading the privacy policy of each website you visit.
We reserve the right to amend this Privacy & Cookie Policy at any time. All changes will be posted on this page with a new 'Effective date' and version number. In case of significant changes affecting your rights, we will notify you by email (if you are subscribed to the newsletter) or a prominent notice on the website. We recommend periodically reviewing this page to stay informed of any changes.
If you have any questions, comments, or requests regarding this Privacy & Cookie Policy or the way we process your personal data, please contact us:
| Contact Details | |
|---|---|
| Company Name | VISION COMPLIANCE d.o.o. |
| Address | Ulica Republike Austrije 23, 10000 Zagreb, Republic of Croatia |
| contact@visioncompliance.eu | |
| Website | www.visioncompliance.eu |
Monday – Friday: 09:00 – 17:00 (CET/CEST)
We undertake to respond to each inquiry regarding personal data protection within 30 days of receipt.
© 2025 VISION COMPLIANCE d.o.o. Sva prava pridržana.