Privacy Policy

Introduction

NextWaveify d.o.o. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website nextwaveify.world or use our regulatory compliance services. We are the data controller responsible for your personal data and are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data We Collect

The data we collect includes personal information you provide directly to us and information automatically collected when you use our website. We collect the following types of personal data:

• Contact information: name, email address, phone number, company name, and postal address
• Communication data: messages, enquiries, and correspondence you send to us
• Website usage data: IP address, browser type, device information, pages visited, and time spent on our website
• Cookie data: preferences and settings stored through cookies and similar technologies
• Business information: details about your organisation and regulatory compliance requirements

How We Use Your Information

We use your personal data for the following purposes and on the following legal bases:

• Service provision: To provide regulatory compliance services and respond to your enquiries (legal basis: contract performance and legitimate interests)
• Communication: To communicate with you about our services, updates, and important notices (legal basis: contract performance and legitimate interests)
• Website improvement: To analyse website usage and improve our online services (legal basis: legitimate interests)
• Marketing: To send you information about our services where you have consented (legal basis: consent)
• Legal compliance: To comply with legal obligations and regulatory requirements (legal basis: legal obligation)
• Security: To protect our website and services from fraud and security threats (legal basis: legitimate interests)

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

• Service providers who assist us in delivering our services (e.g., IT support, analytics providers)
• Professional advisors such as lawyers, accountants, and consultants
• Regulatory authorities where required by law
• Google Analytics and Google Ads for website analytics and marketing purposes

We do not sell your personal data to third parties. All data sharing is conducted in accordance with GDPR requirements and appropriate safeguards.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Typically, we retain contact and communication data for up to 7 years after our last interaction, website usage data for up to 2 years, and cookie data according to the specific cookie retention periods outlined in our Cookie Policy. We regularly review and delete data that is no longer necessary.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Request transfer of your data to another organisation
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. We ensure that such transfers are protected by appropriate safeguards, including adequacy decisions by the European Commission or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this Privacy Policy periodically.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local data protection authority if you believe we have not handled your personal data in accordance with applicable laws.