Privacy Policy

Lockpoint d.o.o. is the data controller for personal data processed through this website and in connection with our services. Registered name: LOCKPOINT d.o.o. Registered address: Cesta dr. Franje Tuđmana 887, 21217, Kaštel Štafilić, Croatia OIB (company tax number): 63775515542 Court registration number (MBS): 060501154 Registered court: Trgovački sud u Splitu Contact for data protection matters: hello@lockpoint.hr

We collect personal data only in the following circumstances: Contact form submissions: When you contact us via the website we collect your full name, company name, work email address, the service you are enquiring about, and the content of your message. Email correspondence: If you contact us directly by email, we retain that correspondence including any personal data it contains. Technical logs: Our hosting provider processes standard server logs (IP address, browser type, pages viewed, timestamps) for security and availability purposes. We do not use these logs to identify individual visitors. We do not use analytics tools, advertising trackers, or third-party cookies. We do not collect special category data.

Contact form and email enquiries: We process your data on the basis of our legitimate interests (Art. 6(1)(f) GDPR) — specifically, to respond to business enquiries and assess whether we can provide the services you are asking about. Our interest in doing so does not override your rights, as the data collected is limited, directly relevant to your request, and handled with strict confidentiality. Client engagements: Where an engagement proceeds, data is processed on the basis of performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR) and, where applicable, compliance with legal obligations (Art. 6(1)(c) GDPR). Technical logs: Processed on the basis of our legitimate interests in operating a secure and reliable website (Art. 6(1)(f) GDPR).

We use personal data submitted through the contact form solely to: — Respond to your enquiry — Prepare a proposal or scope of work if appropriate — Maintain a record of our correspondence We do not use your data for marketing purposes, do not add you to any mailing list without your explicit agreement, and do not sell, rent, or share your personal data with third parties except as described below.

We share personal data only with the following categories of processors, under contractual data processing terms: Hosting provider: Our website is hosted on servers located in the European Union. Standard server logs are processed by our hosting provider solely for technical operation. Email infrastructure: Enquiry submissions are delivered via email through our own mail server at lockpoint.hr, hosted within the EU. No personal data is transferred to sub-processors outside the European Economic Area. If this changes, we will update this policy and ensure adequate transfer safeguards (such as Standard Contractual Clauses) are in place.

Contact form enquiries that do not lead to an engagement: retained for up to 12 months from the date of last contact, then deleted. Data relating to client engagements: retained for the duration of the engagement plus 7 years, in accordance with Croatian accounting and commercial law obligations (Zakon o računovodstvu). Technical server logs: retained for up to 90 days for security diagnostics, then automatically deleted. After the applicable retention period, data is securely deleted or anonymised.

As a data subject, you have the following rights: Right of access (Art. 15): You may request a copy of the personal data we hold about you. Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data. Right to erasure (Art. 17): You may request deletion of your personal data where there is no lawful basis for continued processing. Right to restriction (Art. 18): You may request that we restrict processing of your data in certain circumstances. Right to data portability (Art. 20): You may request your data in a structured, machine-readable format. Right to object (Art. 21): You have the right to object at any time to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights. Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing. To exercise any of these rights, email hello@lockpoint.hr. We will respond within 30 days. We may ask you to verify your identity before processing the request.

If you believe we have not handled your personal data lawfully, you have the right to lodge a complaint with the Croatian supervisory authority: Agencija za zaštitu osobnih podataka (AZOP) Selska cesta 136, 10000 Zagreb, Croatia Web: www.azop.hr Email: azop@azop.hr You may also lodge a complaint with the supervisory authority in your country of residence or place of work if you are located outside Croatia.

This website uses only strictly necessary cookies required for it to function. No analytics, advertising, or third-party tracking cookies are set. You can verify this using your browser's developer tools. We do not use Google Analytics, Meta Pixel, or any similar tracking technology. No consent banner is shown because no non-essential cookies are placed.

We apply the same security discipline we advise our clients to adopt: encrypted communications in transit (HTTPS/TLS), access controls, minimum necessary data collection, and defined retention and deletion procedures. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the AZOP within 72 hours of becoming aware (GDPR Art. 33) and, where the risk is high, notify affected individuals without undue delay (GDPR Art. 34).

We review this policy at least annually and whenever our data processing activities change materially. The updated version will be published at this URL with a revised effective date. For significant changes, we will take reasonable steps to inform you if we hold your contact details.