Privacy Policy

How we collect, use, and protect your personal information

Last updated: 15 January 2026

1. Introduction

This Privacy Policy explains how trovemalira.top d.o.o. ("we," "us," or "our") collects, uses, and protects your personal information when you visit our website at trovemalira.top or use our fitness client engagement automation services. We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Data Controller Information

The data controller for your personal information is:

  • Company Name: trovemalira.top d.o.o.
  • Registration Number: 951378624
  • VAT Number: HR95823741652
  • Address: Masarykova ulica 149, 10234 Zagreb, Croatia
  • Email: [email protected]
  • Phone: +385 17407992

3. Data We Collect

We collect various types of personal data to provide and improve our services. The data collection includes information you provide directly to us and information we gather automatically when you use our website and services.

3.1 Information You Provide

  • Contact information (name, email address, phone number)
  • Business information (company name, business type, role)
  • Communication preferences and marketing consent
  • Messages and inquiries sent through our contact forms
  • Account information if you register for our services

3.2 Information We Collect Automatically

  • Website usage data (pages visited, time spent, navigation patterns)
  • Technical information (IP address, browser type, device information)
  • Cookie data and tracking information (with your consent)
  • Referral sources and marketing campaign data

4. How We Use Your Information

We use of your data is based on legitimate business interests, contractual necessity, and your consent where required. The specific ways how we use your information include:

  • Providing and maintaining our fitness automation services
  • Responding to your inquiries and providing customer support
  • Sending service-related communications and updates
  • Marketing our services (with your consent)
  • Improving our website and services through analytics
  • Ensuring security and preventing fraud
  • Complying with legal obligations

5. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent for marketing communications or cookies
  • Contract: To fulfil our obligations under service agreements
  • Legitimate Interest: For business operations, security, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

6. Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

  • Service providers who assist in delivering our services
  • Analytics and marketing platforms (Google Analytics, Google Ads)
  • Legal authorities when required by law
  • Business partners for integration purposes (with your consent)

8. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Specific retention periods include:

  • Contact inquiries: 3 years from last contact
  • Customer data: Duration of service agreement plus 7 years
  • Marketing data: Until consent is withdrawn
  • Website analytics: 26 months (Google Analytics default)

10. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for marketing or cookies

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments.

12. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without proper consent, we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date.

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

15. Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) if you believe we have not handled your personal data in accordance with applicable law.