Privacy Policy

1. Overview

devaDesign.eu respects your privacy and processes personal data responsibly.

This Privacy Policy explains what personal data is collected when you use this website, why it is collected, how it is used, and what rights you have under applicable data protection law, including the EU General Data Protection Regulation (GDPR).

The data controller for this website is DEVADESIGN, obrt za oblikovanje web-a, vl. Dejan Adamović (a sole proprietorship registered in Croatia).

Registered address: Save Jugo Bujkove 6, Rijeka
Contact: info@devadesign.eu

2. Personal data we collect

A) Data you provide voluntarily
When you contact us (form or email), we may collect:

  • name
  • email address
  • message content
  • any information you include in your enquiry

B) Technical data (cookies and analytics)
If you consent to analytics, the site may collect limited usage and device information via cookies and similar technologies (see sections 4 and 5).

3. Why we use your data and the legal bases

We process personal data only for the purposes below.

A) Handling enquiries and communication
Purpose: respond to your message and communicate with you about your enquiry.
Legal basis: legitimate interests (GDPR Art. 6(1)(f)) and, where relevant, steps prior to entering a contract (GDPR Art. 6(1)(b)).

B) Website operation and security
Purpose: keep the website functional and secure, prevent abuse, and troubleshoot issues.
Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

C) Analytics (Google Analytics 4), only with consent
Purpose: understand aggregated usage patterns and improve content and structure.
Legal basis: consent (GDPR Art. 6(1)(a)). Consent is managed via CookieYes, which can block non-essential scripts until consent is given.

We do not use your data for profiling or automated decision-making.

4. Cookies

This website uses cookies for:

  • strictly necessary functions (for example security and basic operation)
  • consent management (CookieYes stores your cookie preferences so the banner does not reappear unnecessarily)
  • analytics, only if you consent

You can change cookie settings at any time via the cookie banner or your browser settings. Disabling cookies may affect parts of the site.

5. Google Analytics 4 (GA4)

If you consent to analytics cookies, we use Google Analytics 4 to measure how the site is used and to improve it.

Google states that GA4 does not log or store IP addresses, and for EU users it drops IP addresses before logging via EU domains and servers.

GA4 user-level data retention can be configured (commonly 2 months or 14 months, depending on settings).

6. Service providers (processors)

We use providers to operate the website and deliver services. Where they process personal data on our behalf, they act as processors under GDPR and are required to process data under appropriate safeguards.

Hosting

  • Provider: Plus Hosting (plus.hr), Croatia
    Plus Hosting states its servers are located in a Croatian data centre.

Cookie consent management

  • Provider: CookieYes (cookie consent banner and consent handling)

Analytics

  • Provider: Google Analytics 4 (Google)

We do not sell or rent personal data.

7. International transfers

Some providers (notably Google) may process data outside the European Economic Area. Where this happens, transfers are made using recognised legal mechanisms (for example Standard Contractual Clauses) and other safeguards where required.

8. Embedded content and third-party websites

Some pages may include embedded content (for example videos or images) hosted on third-party platforms. These third parties may set cookies or collect data according to their own policies. devaDesign.eu does not control their privacy practices.

9. Data security

We apply reasonable technical and organisational measures to protect personal data. No online transmission or storage method is completely secure, and absolute security cannot be guaranteed.

10. Data retention

We retain personal data only as long as needed for the purpose it was collected for, or as required by law.

Typical examples:

  • enquiry correspondence: retained for as long as needed to handle the enquiry and follow-up, plus a limited period for record-keeping
  • consent records: retained as needed to demonstrate consent choices
  • analytics data: retained according to GA4 retention settings

11. Your rights (GDPR)

You have the right to:

  • access your personal data
  • correct inaccurate data
  • request deletion (where applicable)
  • object to processing based on legitimate interests
  • restrict processing in certain cases
  • request data portability (where applicable)
  • withdraw consent at any time (where processing is based on consent)

You also have the right to lodge a complaint with your supervisory authority. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).

Requests can be sent to: info@devadesign.eu

12. Changes to this policy

This Privacy Policy may be updated to reflect legal or technical changes. Updates will be published on this page.