Back to Home

Privacy Policy

GDPR Compliant

Last updated: February 23, 2026

1. Data Controller

The data controller responsible for your personal data is:

Star Gaze d.o.o.

Gračanska Cesta 102, 10000 Zagreb, Croatia

Email: [email protected]

As a company registered in the Republic of Croatia, a member state of the European Union, we are fully subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Croatian Act on the Implementation of the General Data Protection Regulation (NN 42/18).

2. Personal Data We Collect

We collect and process the following categories of personal data:

CategoryData TypesLegal Basis
Contact InformationName, email address, phone number, company nameConsent (Art. 6(1)(a)) / Contract performance (Art. 6(1)(b))
Inquiry DataService interest, project description, budget range, messagesContract performance (Art. 6(1)(b))
Payment DataBilling address, VAT ID, payment transaction recordsContract performance (Art. 6(1)(b)) / Legal obligation (Art. 6(1)(c))
Technical DataIP address, browser type, device information, cookiesLegitimate interest (Art. 6(1)(f))
Chat DataMessages sent via our AI chat widgetConsent (Art. 6(1)(a))

3. Purpose of Processing

We process your personal data for the following purposes:

  • To respond to your inquiries and provide requested information about our services
  • To enter into and perform service agreements
  • To issue invoices and process payments
  • To comply with legal and tax obligations under Croatian and EU law
  • To improve our website and services through anonymized analytics
  • To send service-related communications (not marketing, unless you opt in)
  • To provide AI-powered chat support on our website

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Inquiry data: 12 months from last contact, unless a business relationship is established
  • Contract and payment data: 11 years from the end of the contract (Croatian tax law requirement)
  • Chat data: 30 days, then automatically deleted
  • Technical/analytics data: 26 months (anonymized)

5. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of Access (Art. 15): You may request a copy of all personal data we hold about you.
  • Right to Rectification (Art. 16): You may request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): You may request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Right to Restriction (Art. 18): You may request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format.
  • Right to Object (Art. 21): You may object to processing based on legitimate interest.
  • Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.

6. Data Sharing and Transfers

We do not sell your personal data. We may share your data with:

  • Payment processors: PayPal and Zagrebačka banka for payment processing
  • Cloud service providers: For hosting and data storage (EU-based or with adequate safeguards under GDPR Chapter V)
  • AI service providers: For powering our chat widget (data is processed in accordance with data processing agreements)
  • Legal authorities: When required by Croatian or EU law

For any data transfers outside the EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.

7. Cookies

Our website uses the following types of cookies:

  • Strictly Necessary Cookies: Required for the website to function (session management, authentication). No consent required.
  • Analytics Cookies: Used to understand how visitors interact with our website. Deployed only with your consent.

You can manage your cookie preferences through your browser settings at any time.

8. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS/SSL), access controls, regular security assessments, and secure data storage. In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by Art. 33 GDPR, and affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Art. 34 GDPR).

9. Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically. Material changes will be communicated to active clients via email.

11. Contact and Supervisory Authority

For any privacy-related questions or to exercise your rights:

Data Controller

Star Gaze d.o.o.

Gračanska Cesta 102, 10000 Zagreb, Croatia

Email: [email protected]

Supervisory Authority

Agencija za zaštitu osobnih podataka (AZOP)

Selska cesta 136, 10000 Zagreb, Croatia

Website: azop.hr