Privacy Policy

Last updated: May 2026.

1. Data Controller

The data controller is Ctrl Alt Grow d.o.o., Šibenska 19, 21000 Split, Croatia. VAT ID: HR39423858334. For any questions regarding personal data protection, contact us at info@ctrlaltgrow.hr.

2. What Data We Collect

We only collect data that you voluntarily provide through the contact form on our website:

  • Full name
  • Email address
  • Company name or website (optional)
  • Selected service
  • Content of your message

This website does not use cookies, analytics, tracking pixels, or any form of behavioral analytics or profiling. The hosting infrastructure processes standard request metadata for content delivery and security — see § 5 for details.

3. Legal Basis

We process your data based on legitimate interest (Art. 6(1)(f) GDPR) — specifically, to respond to your business inquiry and provide requested information about our services.

4. Purpose of Processing

We use your data solely to respond to your inquiries, provide information about our services, and potentially establish a business relationship. We never sell your data, use it for marketing campaigns, or share it with third parties for promotional purposes.

5. Third Parties and Data Transfers

Our website relies on the following third-party services for site operation and contact form processing:

  • Cloudflare (Cloudflare, Inc., United States) — CDN, hosting, and contact form processing via a Cloudflare Pages Function. As the TLS terminator and edge proxy, Cloudflare processes standard request metadata on every HTTP request: visitor IP address, User-Agent header, timestamp, requested URL, and response status. This data is used for content delivery, attack protection (WAF, rate-limiting), and short-term diagnostics — not for analytics or profiling.
  • Cloudflare Network Error Logging (NEL) — Cloudflare serves Report-To and NEL response headers that instruct browsers to report network errors (DNS, TLS, TCP, 5xx responses) to a Cloudflare telemetry endpoint. The sample rate is set to success_fraction: 0.0, which means successful requests never generate a report — only failures, and reports contain only technical fields (error type, IP addresses, HTTP status), no user identifier and no cookie. Purpose: edge reliability monitoring.
  • Google Workspace (Gmail API) (Google LLC, United States) — email delivery for the contact form. When you submit an inquiry through the contact form, the data is relayed from a Cloudflare Pages Function to the Google Gmail API, which delivers the message to our Gmail inbox. Form data is not stored on the server — it is relayed as email and then discarded. Google processes data within Google Workspace infrastructure under the Google Workspace DPA.

Data transfers outside the EU. Cloudflare (Cloudflare, Inc.) and Google (Google LLC) are based in the United States. Transfers of personal data rely on the European Commission's Standard Contractual Clauses (Implementing Decision 2021/914, Module 2 — controller to processor, under Art. 46 GDPR) incorporated in each provider's Data Processing Addendum, supplemented by both providers' certifications under the EU-US Data Privacy Framework.

6. Data Retention

Form data is not stored on our server — it is relayed as email and then discarded. We retain email messages for the duration of business communication and up to 1 year after its conclusion. After that, data is permanently deleted. Upon your request, we can delete your data sooner.

7. Your Rights

Under the GDPR (Articles 15–22), you have the following rights:

  • Right of access — request information about whether we process your personal data
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — request restriction of processing in certain cases
  • Right to data portability — receive your data in a structured format
  • Right to object — object to the processing of your data

To exercise any of these rights, contact us at info@ctrlaltgrow.hr. We will respond within 30 days.

8. Cookies and Local Storage

This website does not use cookies. We store only two technical items in your browser: your language preference (HR/EN) via localStorage, and a flag indicating the intro animation has been shown via sessionStorage. Both remain exclusively in your browser and are never sent to our or any other servers.

9. Right to Complain

If you believe that the processing of your personal data is not in compliance with the GDPR, you have the right to lodge a complaint with the supervisory authority:

Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
Web: azop.hr

10. Data Protection Officer and Automated Decisions

Data Protection Officer (DPO). We have not appointed a Data Protection Officer. Appointment of a DPO is not required under Art. 37 GDPR: our core activities do not involve systematic monitoring of individuals on a large scale or large-scale processing of special categories of personal data. For any privacy-related questions, contact us at info@ctrlaltgrow.hr.

Automated decisions and profiling. We do not engage in automated decision-making, including profiling, within the meaning of Art. 22 GDPR. Every interaction with you is based on human judgment.

11. Changes to This Policy

We may update this privacy policy from time to time. All changes will be published on this page with an updated date. We recommend checking this page periodically.

Back to homepage