Privacy policy

The privacy of our website's users is of utmost importance to us, and we've developed this Privacy Policy to clarify how we collect, process, disclose, and use your personal information. As the Data Controller, Ignit Group d.o.o. ensures that data collection is conducted for specific and clearly defined purposes, limited to what is necessary to fulfill those purposes. We retain personal data only as long as needed to achieve these objectives, always collecting information lawfully and fairly, with the awareness or consent of the data subject whenever appropriate. Reasonable safeguards protect personal data against loss, theft, unauthorized access, disclosure, copying, use, or modification. Additionally, we provide our clients with clear information about the policies and practices related to personal data management.

Privacy and Processing Information

Ignit Group d.o.o., headquartered in Zagreb, Republic of Croatia (address: Roberta Frangeša Mihanovića 9, registration number MBS: 081444894, Personal Identification Number (OIB): HR64847933989), is the designated Data Controller responsible for personal data protection in accordance with the Official Gazette 42/18 (hereinafter referred to as the "Company"). As the personal data Controller, Ignit Group d.o.o. (referred to as the "Controller") is committed to safeguarding the privacy and confidentiality of personal data provided by Users through electronic forms on the website within the ignit.group domain (hereinafter "ignit.group"). The Data Protection Officer for Ignit Group d.o.o., Matija Puskar, can be reached via email at privacy@ignit.group. for any privacy-related inquiries. With careful selection and application of appropriate technical and organizational measures, the Controller ensures the secure processing of personal data, granting database access solely to authorized personnel. The Controller also safeguards personal data from unauthorized access and processing that may conflict with applicable regulations. Visitors to ignit.group are free to browse subpages without submitting personal data.

Grounds for processing personal data

The Controller processes personal data in compliance with applicable law, particularly with Regulation (EU) 2016/679 (GDPR), which governs the protection of individuals regarding data processing and the free movement of such data. Personal data are processed for several purposes:

  • To respond to inquiries submitted through contact forms available on the ignit.group website, including interactive sections on each subpage (under GDPR Article 6(1)(f));
  • To send marketing content, such as event information, business updates, newsletters, or eBooks, based on user consent (Article 6(1)(a));
  • For recruitment purposes, including:
    • Establishing and maintaining contact with candidates regarding submitted applications, based on the candidate’s request before a contract (Article 6(1)(b)),
    • Conducting recruitment processes, either as required by the Labor Code or with the candidate’s consent for additional information (Article 6(1)(a)),
    • Including the candidate’s application in future recruitment with their consent (Article 6(1)(a));
  • To connect with customers upon request to prepare tailored service and product offers (Article 6(1)(b));
  • To enhance website functionality and content based on user needs, generate aggregated statistics, and ensure service security and quality, which aligns with the Controller's legitimate interests (Article 6(1)(f));
  • To pursue or defend against potential claims (Article 6(1)(f));
  • To analyze event participant statistics, with the legitimate purpose of improving activities (Article 6(1)(f)).

While providing personal data is voluntary, failure to do so may limit certain functionalities, such as contract completion, service usage, or access to marketing content. Users should avoid submitting third-party data to the Controller; however, if such data are provided, the User must confirm having obtained consent from those third parties for data transfer to the Controller.

Scope of processing of personal data

The Controller processes personal data only to the extent necessary for specific purposes. When a User sends a message through the contact form, the data processed may include the User's email address, phone number, and any additional information voluntarily provided in the message. For sending newsletters, commercial and business updates, and e-books, the Controller processes the User's name, surname, email address, and phone number. In recruitment, the data processed includes the email address from which the application was sent and any details provided in the application form. To prepare offers tailored to the User's needs, the Controller uses data such as the User's name, surname, email address, phone number, and other information shared in the contact form message. Additionally, IP addresses are collected during internet connections for technical purposes related to server administration and to support website functionality and customization.

The Controller does not make automated decisions based on the data collected from Users.

Data retention period

Personal data will be retained only as long as necessary to fulfill the specific purpose for which it was provided or to ensure regulatory compliance. Data collected to answer questions via the contact form will be stored for no longer than 12 months following the last communication. For marketing activities, including newsletters, business information, and e-books, data will be retained until the User withdraws consent. In recruitment, personal data will be processed for the duration of the recruitment process; if the candidate consents to future recruitment purposes, data will be kept until consent is withdrawn, up to a maximum of 24 months from the date consent was given. Data gathered to prepare a personalized offer for products or services will be retained for the duration of negotiations, then for 12 months from the last contact, or, if an agreement is reached, may be incorporated into the Controller's customer database to facilitate contract execution.

Recipients of personal data

User's data may be shared with entities legally authorized to receive it, including judicial authorities as required by law. Additionally, personal data may be transferred to entities collaborating with the Controller under appropriate agreements, such as selected marketing agencies and partners that provide technical services, including IT system and website development and maintenance.

Rights of persons

Users are required to provide complete, accurate, and up-to-date information. Any user whose personal data is processed by the Controller has the right to access, correct, delete, or restrict processing of their data, as well as to transfer their data. Users may also object to data processing based on the Controller's legitimate interest or withdraw consent (where consent is the basis of processing) without affecting the lawfulness of prior processing. These rights can be exercised by submitting a request with the user's name and email address to privacy@ignit.group. Users also have the right to appeal to the supervisory authority if they believe data processing violates GDPR regulations.

To unsubscribe from communications, select the "Unsubscribe" button at the bottom of any received email, adjust email preferences by deselecting unwanted email types, and confirm the changes. Alternatively, users can unsubscribe by contacting us at privacy@ignit.group.

Cookie policy

Ignit Group d.o.o. collects data in server logs solely for service administration, and these data are not shared with third parties. In line with standard practices, HTTP requests to the server are stored, and resources viewed are identified by their URLs. The log data collected includes the public IP address of the device initiating the request, the user station name (if available via HTTP protocol), user name provided during authorization, the time of the request, the first line of the HTTP request, the HTTP response code, the number of bytes sent by the server, the URL of the page visited prior (if accessed via a link), browser details, and any errors encountered in executing HTTP transactions.

This information is not linked to specific individuals browsing the Controller’s site. To ensure high service quality, the Controller periodically reviews log files to identify frequently visited pages, the browsers used, and any site structure issues. Collected logs are stored for 24 months as support material for site administration, allowing the creation of statistical reports without identifying website visitors.

The website uses cookies for various functions:

  • Security cookies to detect misuse of authentication,
  • "Performance" cookies for gathering information on website usage.

Cookies do not process or store personal data, do not enable user identification, and do not alter browser or device settings.

Transfer of data to third countries

The level of personal data protection outside the European Economic Area (EEA) varies from that guaranteed under European law (GDPR). Ignit Group d.o.o. transfers personal data to third countries outside the EEA only when necessary to fulfill business purposes, such as using IT tools provided by entities in those countries. Such transfers occur only if the third country ensures an adequate level of data protection, which may be confirmed by:

  • A relevant decision from the European Commission affirming adequate protection of personal data in that country,
  • The use of European Commission-approved standard contractual clauses when no such decision exists,
  • Implementation of binding corporate rules that have been approved by the competent supervisory authority.

Amendments to the Privacy Policy

The Company reserves the right to amend this Policy at any time without giving any special notice to the persons concerned. For this reason, it is recommended to all interested parties to regularly review the Website content of the Company for information on the updated content of this Policy.