Last updated: September 3, 2025
CAD-ING d.o.o.
Zrinskih i Frankopana 1, 42000 Varaždin, Croatia
Company Registration Number: 42972946178
Email: info@cad-ing.hr
This Privacy Policy explains how we process personal data when you visit our website and communicate with us. It is written clearly and concisely in accordance with the General Data Protection Regulation (GDPR).
1) Who we are and how to contact us
Data Controller: CAD-ING d.o.o., Zrinskih i Frankopana 1, 42000 Varaždin, Croatia, Company Identification Number (OIB) 42972946178
Privacy contact: info@cad-ing.hr
2) What data we process and why
a) Website visits (server logs)
When you visit our website, our server automatically records technical logs: IP address, date and time, URLs of visited pages, referrer URL (address of the page you came from), and browser/device type.
Purpose: security, abuse detection, and fault diagnosis.
Legal basis: legitimate interest (Article 6(1)(f) GDPR).
Retention period: maximum 90 days, after which data is automatically deleted.
Recipients: hosting service provider (data processor) in the EU.
b) Contact (email / contact form / phone)
When you send us an inquiry, we process the data you provide (e.g., name and surname, email address, phone number, message content).
Purpose: communication and response to your inquiry; preparation and/or execution of contracts.
Legal basis: legitimate interest for communication with potential and existing clients and/or contract or pre-contractual measures (Article 6(1)(b) or (f) GDPR).
Retention period: up to 12 months after communication ends, or according to legal retention requirements if a business relationship is established (typically 3-7 years depending on document type in accordance with accounting laws and other regulations).
Recipients: service providers (website hosting and email) as our data processors in the EU.
Transfer security: emails are transmitted via TLS/HTTPS encrypted connections when supported on both server-to-server and client-to-server connections.
c) Analytics (Google Analytics 4) – only with consent
We use Google Analytics 4 (GA4) for visit statistics, but only with your consent through our cookie banner. GA4 processes data about website usage (visited pages, events, approximate geolocation at city level, device and browser type). IP addresses are not stored as we apply IP anonymization.
Purpose: analysis of aggregated visits and content improvement.
Legal basis: consent (Article 6(1)(a) GDPR). Without consent, analytics are not loaded.
Recipient/processor: Google Ireland Ltd. (Ireland). Possible data transfers outside the EU occur with appropriate safeguards (e.g., Standard Contractual Clauses – SCCs).
Withdrawing consent: you can change cookie settings at any time via the “Manage cookies” / “Change consent” link in the page footer.
3) Cookies
We use necessary cookies for proper website functionality. Analytics and marketing cookies (e.g., GA4) are activated only after your consent through the banner. You can change cookie settings at any time via the link in the footer.
4) Who we share data with
We share data only with trusted data processors (e.g., website hosting, email, analytics) and only to the extent necessary for service provision. We do not sell personal data to third parties.
Website hosting provider: Orbis d.o.o. (Croatia). Our website is hosted on servers in the European Union.
5) Where data is processed
Data is primarily processed in the European Union. If necessary transfers outside the EU/EEA occur (e.g., by analytics providers), appropriate safeguards are applied (e.g., SCCs – Standard Contractual Clauses).
6) Data security
The connection between your browser and our website is protected by HTTPS/TLS encryption. Data access is restricted to authorized persons and data processors according to the principle of least privilege. We regularly conduct system security checks.
7) Your rights
You have the right to request access, rectification, erasure, restriction of processing, portability, and to object to processing. You can send requests to info@cad-ing.hr. We will typically respond within 30 days.
If you believe your rights have been violated, you have the right to lodge a complaint with the supervisory authority: AZOP – Personal Data Protection Agency (www.azop.hr).
8) Children and automated decision-making
We do not target children nor do we conduct automated decision-making, including profiling, that produces legal effects concerning you.
9) Policy changes
We may periodically update this Policy. New versions take effect from publication on this page with the updated date indicated.