Privacy Policy

Last updated: 15th January 2026

Introduction

Vyrnoxa d.o.o. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website vyrnoxa.world or use our services.

Data Controller Information

The data controller responsible for your personal information is:

Vyrnoxa d.o.o.
Ozaljska ulica 121
23757 Zadar, Croatia
Registration Number: 378521469
VAT Number: HR37852165498
Email: privacy@vyrnoxa.world
Phone: +385 233 344 204

Data We Collect

We may collect and process the following categories of personal data about you:

  • Contact Information: Name, email address, telephone number, postal address, and company details when you contact us or request our services.
  • Website Usage Data: Information about how you use our website, including IP address, browser type, operating system, referring URLs, pages visited, and time spent on pages.
  • Communication Records: Records of correspondence when you contact us via email, phone, or contact forms.
  • Professional Information: Business-related information relevant to our services, including company details, industry sector, and service requirements.
  • Technical Data: Device information, cookies, and similar tracking technologies as described in our Cookie Policy.

How We Use Your Information

We use the personal data we collect for the following purposes based on legitimate business interests and legal obligations:

  • Service Provision: To provide our finance risk and legal consideration services, respond to enquiries, and manage client relationships.
  • Communication: To communicate with you about our services, respond to your requests, and provide customer support.
  • Website Improvement: To analyse website usage patterns, improve our website functionality, and enhance user experience.
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations in Croatia and the EU.
  • Business Operations: To maintain business records, conduct internal administration, and manage our professional services.
  • Marketing: With your consent, to send you information about our services and industry updates that may be of interest to you.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent: Where you have given clear consent for specific processing activities.
  • Contract Performance: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legitimate Interests: Where we have legitimate business interests that are not overridden by your privacy rights.
  • Legal Obligation: Where processing is necessary to comply with legal obligations.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We may share your personal information in the following circumstances:

  • Service Providers: With trusted third-party service providers who assist us in operating our website and providing our services, subject to appropriate data protection agreements.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with any merger, sale of assets, or acquisition of our business.
  • Protection of Rights: To protect our rights, property, safety, or that of our clients or others.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Contact Enquiries: 3 years from last contact for potential business development purposes.
  • Client Records: 7 years after the end of our professional relationship for legal and regulatory compliance.
  • Website Analytics: 26 months for Google Analytics data.
  • Marketing Data: Until you withdraw consent or opt out of marketing communications.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: To request copies of your personal data.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Erasure: To request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: To request limitation of processing in certain situations.
  • Right to Data Portability: To receive your data in a structured, machine-readable format.
  • Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

Privacy Officer
Email: privacy@vyrnoxa.world
Phone: +385 233 344 204
Address: Ozaljska ulica 121, 23757 Zadar, Croatia

Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) if you believe we have not handled your personal data in accordance with applicable law. Contact details are available at azop.hr.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the updated policy on our website with a new "last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.

Governing Law

This Privacy Policy is governed by Croatian law and the General Data Protection Regulation (GDPR). Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Croatia.