Privacy Policy

01General provisions

This Privacy Policy ("Policy") describes the ways in which the akademskosavjetovanje.eu website collects, uses, stores, and protects users' personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR") and the Croatian Act on the Implementation of the General Data Protection Regulation (OG 42/2018).

By accessing the website, submitting a consultation request through the contact form, or communicating with us in any other way, you confirm that you have read, understood, and accepted this Privacy Policy.

02Data controller

The controller of personal data collected through this website is:

For any questions regarding the processing of your personal data, exercising your rights, or filing complaints, feel free to contact us at the email address provided.

03What personal data we collect

We collect only the personal data you voluntarily provide or that are necessary to provide our services, which include:

3.1. Data entered through the contact form

• Full name (optional)
• Email address (required)
• Phone number (required)
• Study level (required)
• Field or area of study (optional)
• Faculty or educational institution (optional)
• Description of your situation and consultation needs (required)

3.2. Automatically collected technical data

• The user's IP address
• Browser type and version (user-agent)
• Date and time of visit
• Pages visited within our domain
• Anonymized on-site behavior data (via Google Analytics, with your consent)

3.3. Subsequent communication

If, after your initial consultation request, you continue communicating with us by email, phone, or other means, we keep records of that communication solely to provide the requested services and to fulfill any legal obligations.

04Purposes and legal bases obrade

We process your personal data solely for the following clearly defined purposes and on the basis of the appropriate legal bases:

1. Providing academic mentoring and consulting services — legal basis: performance of a contract or taking steps at the data subject's request prior to entering into a contract (Art. 6(1)(b) GDPR).
2. Responding to consultation requests submitted through the contact form or email — legal basis: legitimate interest (Art. 6(1)(f) GDPR).
3. Sending notifications related to the status of your request or service — legal basis: performance of a contract (Art. 6(1)(b) GDPR).
4. Statistical analysis and improvement of functionality of the website — legal basis: user consent (Art. 6(1)(a) GDPR).
5. Fulfilling legal obligations — legal basis: legal obligation of the controller (Art. 6(1)(c) GDPR).

05Retention period podataka

We retain personal data only as long as necessary to fulfill the purpose for which it was collected, or in accordance with applicable legal deadlines:

• Data from consultation requests without a concluded contract: a maximum of 12 months from the last communication.
• Data on a concluded service: 6 years from the completion of the service (due to potential legal and tax obligations).
• Technical site access logs (server logs): a maximum of 90 days.
• Statistical data (Google Analytics): in accordance with our retention settings (typically 26 months).

After the stated periods expire, the data is permanently deleted or anonymized.

06Sharing data with third parties

We do not sell, rent, or exchange your personal data with third parties for marketing purposes.

Data may be shared only in the following limited cases:

• Technical service providers — e.g. the hosting provider, email service provider, statistics service providers (Google LLC). We have appropriate data processing agreements in place with these entities.
• Legal and regulatory obligations — when we are legally required to provide data to competent authorities (courts, the public prosecutor's office, tax and other authorized institutions).
• With your explicit consent — in all other cases we will request your explicit consent before any transfer of data.

07Transfer of data outside the European Union

Most processing of personal data takes place within the European Union. If, for certain technical services (e.g. Google Analytics), data is transferred to third countries, such transfer is carried out solely in accordance with GDPR provisions, through standard contractual clauses approved by the European Commission, or on the basis of other appropriate safeguards.

08Your rights

In accordance with the GDPR, as a data subject you have the following rights:

• Right of access — you can request confirmation of whether your personal data is being processed and, if so, obtain access to that data.
• Right to rectification — you can request the correction of inaccurate or the completion of incomplete personal data.
• Right to erasure ("right to be forgotten") — you can request the deletion of your personal data in the circumstances prescribed by the GDPR.
• Right to restriction of processing — you can request the restriction of processing under certain conditions.
• Right to data portability — you can request that we provide your personal data in a structured, commonly used, and machine-readable format.
• Right to object — you can object to the processing of your data based on our legitimate interests.
• Right to withdraw consent — you can withdraw consent you have given at any time, without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint with the supervisory authority — the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, www.azop.hr.

To exercise any of these rights, contact us at info@akademskosavjetovanje.eu. We will respond to your request within a maximum of 30 days of receipt.

09Security of personal data

We implement appropriate technical and organizational measures to protect personal data, including:

• Data access only by authorized persons bound by confidentiality;
• An encrypted connection (HTTPS/SSL) for transferring all data between your device and our servers;
• Regular security updates to systems;
• Protection against unauthorized access through firewalls and access control;
• Data backups stored in secure systems;
• Limiting the number of form submission attempts (rate limiting) to prevent abuse.

Although we take reasonable protective measures, no method of transmission over the internet is absolutely secure. If you notice or suspect unauthorized access to data, please notify us immediately.

10Cookies (cookies)

Our website uses cookies to enable basic functionality and improve the user experience. Detailed information about the types of cookies, their purposes, and how you can manage cookie settings is available in our separate Cookie Policy.

11Minors

Our services are not intended for persons under 16 years of age. We do not knowingly collect personal data from minors without the explicit consent of a parent or legal guardian. If we determine that a minor's data has been collected without appropriate consent, we will delete such data without delay.

12Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy at any time, for example to align with legislative changes or a changed manner of data processing. The amended version of the Policy takes effect on the day it is published on this website, and the date of the last change is always stated in the document header.

We recommend that you check this page periodically to stay informed of any changes. If the changes are significant, we will additionally notify you in an appropriate manner.