Privacy Policy

At NovaCitadel d.o.o., we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our financial planning services or visit our website.

Data Controller Information

NovaCitadel d.o.o. acts as the data controller for the personal information we process. We are a company registered in Croatia with registration number 945326478 and VAT number HR943562178, located at Savska cesta 19, 10634 Zagreb, Croatia.

Data We Collect

The data we collect includes personal information you provide to us directly and information we gather automatically when you use our services. We collect the following types of personal data:

• Contact Information: Name, email address, phone number, business address
• Business Information: Company name, position, industry, business registration details
• Financial Information: Financial statements, tax documents, business financial data (only when necessary for our services)
• Communication Data: Records of our communications, including emails, phone calls, and meeting notes
• Technical Information: IP address, browser type, device information, website usage data
• Marketing Data: Your preferences for receiving marketing communications and your engagement with our content

How We Use Your Information

We use the personal data we collect for specific business purposes. How we use your information depends on the services you use and your relationship with us. We use your data to:

• Provide financial planning and advisory services as requested
• Communicate with you about our services and respond to your enquiries
• Fulfil our contractual obligations and manage our business relationship
• Comply with legal and regulatory requirements
• Improve our services and develop new offerings
• Send you relevant marketing communications (with your consent)
• Analyse website usage to enhance user experience
• Prevent fraud and ensure the security of our systems

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our services and fulfil contractual obligations
• Legitimate Interests: Processing for our legitimate business interests, such as improving services and business operations
• Legal Compliance: Processing required to comply with legal obligations, including financial regulations
• Consent: Processing based on your explicit consent, particularly for marketing communications

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

• Service Providers: Trusted third-party providers who assist us in delivering our services
• Legal Requirements: When required by law, regulation, or legal process
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Professional Advisers: Lawyers, accountants, and other professional advisers as necessary

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Generally, we retain client data for seven years after the end of our business relationship, in accordance with financial services regulations. Marketing data is retained until you withdraw consent or request deletion.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) if you believe we have not handled your personal data in accordance with applicable data protection laws. Contact details for AZOP can be found at azop.hr.