Last updated April 22, 2026

Privacy Policy

Who we are

INIH Solutions d.o.o. ("we", "our", "INIH Solutions") is a Croatian company registered at Pavlenski put 7F, 10000 Zagreb. You can reach us at [email protected] for any questions about this policy or your data.

What we collect

When you submit our contact form, we collect:

• Your name
• Your email address
• The organization you represent
• The type of work you're inquiring about
• Whatever you choose to write in the brief description

We also receive standard technical data automatically, such as your IP address and browser user-agent. We use this only to mitigate spam and abuse. We don't run third-party analytics, marketing pixels, or behavioral tracking.

Why we collect it

We process this data to:

• Respond to your inquiry and continue the conversation if you'd like
• Maintain a record of who reached out and what we discussed, in case the engagement progresses

The legal basis is your legitimate interest in receiving a reply (when you fill out the form, you've initiated the contact) and, if you become a client, the performance of a contract.

We do not add your email address to any marketing list, newsletter, or promotional sequence. The only emails we send are direct replies to your inquiry and any subsequent conversation we have with you.

How long we keep it

We keep your form submission as long as the relationship is active — meaning we're still in conversation, working together, or you've expressed interest in working together later. After 3 years of no contact, we delete the submission.

If we've worked together formally, we keep transactional records for the period required by Croatian tax and contract law (currently 11 years for tax; statutory limitations periods for contracts).

Who we share it with

We share your data only with the service providers we use to operate the site and respond to you:

• Hosting provider — runs the website infrastructure
• Email provider — delivers our reply to you and our internal notification

These providers process the data on our behalf only and don't use it for their own purposes. We don't sell your data, and we don't share it with marketing or advertising platforms.

Where the data is stored

Our hosting provider operates data centers in the European Union. Form submissions and the database that holds them stay within the EU through our hosting infrastructure.

Our email provider operates globally and may process data in countries outside the EU/EEA, including the United States. These transfers are covered by the EU–US Data Privacy Framework adequacy decision and, where applicable, by Standard Contractual Clauses approved by the European Commission — meaning the recipient is required to apply protections equivalent to those required under EU law.

How we secure it

We apply the following technical and organisational measures to protect your data:

• The website is served over HTTPS at all times, so data submitted via the contact form is encrypted in transit.
• Access to the database that holds form submissions is restricted to authorised personnel only.
• Backups are encrypted at rest.
• Two-factor authentication is enabled on the email account that receives inquiries and on the code repositories that host the website.

If we ever become aware of a personal data breach affecting you, we'll notify the Croatian Personal Data Protection Agency (AZOP) within 72 hours of becoming aware, as required by GDPR Article 33, and notify you directly without undue delay if the breach is likely to result in a high risk to your rights.

Automated decisions

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you. Every reply you receive from us is written by a person.

Your rights

Under the GDPR and Croatian data-protection law, you have the right to:

• Access the data we hold about you
• Correct anything that's inaccurate
• Delete your data ("right to be forgotten")
• Restrict how we process it
• Receive a copy in a portable format
• Object to processing based on legitimate interest
• Lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr

To exercise any of these, just email [email protected]. We'll reply within 30 days.

Cookies

The site uses only essential cookies required to keep the site functional (a session cookie for the content management system, and standard cookies set by the underlying frontend framework). We don't use analytics cookies, marketing cookies, or third-party trackers, so we don't ask for cookie consent — none of them require it under EU rules.

If INIH Solutions is acquired

If INIH Solutions d.o.o. is sold, merged, or otherwise transferred to another organisation, your personal data will transfer with the business under the terms of this policy. The new owner will be required to honour these commitments. If they intend to materially change how your data is used, you'll be notified before that change takes effect, with the option to request deletion.

Changes to this policy

If we change this policy, we'll update the "last updated" date at the top of this page. Material changes (e.g., new categories of data, new processors) will also be communicated to anyone we have an active relationship with.