Privacy Policy
This notice explains what data we collect, why we collect it, how we use it, how long we keep it, who we share it with, and what your rights are under the GDPR. It also includes our Cookie Policy.
Controller: Simplico Ltd., Osječka 6, HR-31400 Đakovo, Croatia
Website: https://simplico.agency
Privacy contact: hello@simplico.agency
Company IDs: OIB 29711764810 · EU VAT HR29711764810
Last update: 09/08/2025.
1) What data we collect
1.1 Data you provide
- Contact & inquiries: name, email, phone, company, message content.
- Newsletter/marketing: email and preferences (opt-in, unsubscribe logs).
- Sales & service delivery: billing, contract and project data.
- Recruitment: CV/resume, portfolio, application data, communications.
- Community interactions (if enabled): blog comments (name, email, IP, timestamp). Avoid posting sensitive data in public fields.
1.2 Data we collect automatically
- Website analytics & logs: IP, device/browser, pages viewed, time on page, referrer, basic diagnostics (errors, load times).
- Social media interactions: if you message us via LinkedIn/Instagram/Facebook/YouTube, we receive the data you make available on those platforms. Their processing is governed by their own privacy policies.
We do not intentionally collect special-category data or criminal-offence data via this website.
2) Why we use your data (purposes & legal bases)
- Responding to inquiries & pre-contract steps — legitimate interest / contract
- Providing services, support & billing — contract, legal obligation (tax/accounting), legitimate interest (service improvement, fraud prevention)
- Newsletter & marketing — consent (unsubscribe anytime). For similar services to existing clients: legitimate interest (opt-out anytime)
- Website analytics, performance & security — consent for non-essential cookies/analytics; legitimate interest for necessary cookies and basic logs
- Recruitment — legitimate interest and/or consent (for longer retention)
- Further compatible use — if we need to use data for a purpose compatible with the original one, we will assess compatibility and inform you where required.
We do not sell or rent your personal data.
3) Retention
- Inquiries: up to 12 months after last interaction
- Client/project & finance: contract term + statutory periods (typically 10 years for accounting records under Croatian law)
- Newsletter: until you unsubscribe (plus minimal suppression record)
- Recruitment: for the hiring process; with consent up to 2 years (otherwise sooner)
After expiry we delete or anonymize data.
4) Sharing & processors
We use carefully selected processors to help us run our business (hosting, CDN, email delivery, CRM/marketing tools, analytics, project and ticketing systems). These providers process data only on our instructions, under a data-processing agreement.
Typical categories of recipients:
- Hosting & infrastructure/CDN (website operation and security)
- Email & CRM/marketing tools (newsletter, forms, meeting booking)
- Analytics & diagnostics (aggregated usage metrics)
- Professional services (accounting, legal, auditing—where required)
We can provide an up-to-date list of processors on request at hello@simplico.agency.
We may also disclose data when required by law or to establish/exercise/defend legal claims.
If you interact with our social media profiles, those platforms process your data under their own policies.
5) International transfers
If data is transferred outside the EEA, we ensure safeguards such as an EU adequacy decision or Standard Contractual Clauses (SCCs) plus supplementary measures where needed. Details available on request.
6) Cookie Policy
6.1 What are cookies?
Small text files placed on your device to help the site function, remember choices, and understand usage. Similar technologies (local storage, pixels) may serve similar purposes.
6.2 How we use cookies
- Strictly necessary (always on): core functions (navigation, security, consent logs)
- Functional (consent-based): preferences (e.g., language)
- Analytics/marketing (consent-based): usage insights and, if enabled, ad measurement. We apply privacy-friendly settings (e.g., IP masking where available). Tools we may use with consent: Google Analytics, Meta Pixel, HubSpot (forms/analytics/CRM).
6.3 Managing your cookie choices
Use the cookie banner or Cookie settings (footer) to accept/reject non-essential cookies. Browser controls can also block/clear cookies (blocking necessary cookies may impair the site). GA opt-out: https://tools.google.com/dlpage/gaoptout
6.4 Typical cookies we may set
Names/durations can vary by provider/version. Non-essential cookies load only with your consent.
| Category | Example name(s) | Purpose | Provider | Expiry |
|---|---|---|---|---|
| Necessary | cookie_consent |
Stores your consent choices | Simplico | 6–12 months |
| Necessary | __cf_bm / similar |
Security/performance (CDN bot management) | CDN/host | Up to 30 min |
| Functional | lang |
Remembers language preference | Simplico | 1–6 months |
| Analytics | _ga, _ga_*, _gid |
Usage analytics (privacy-friendly settings) | Google Analytics | 1 day–24 months |
| Marketing/Analytics | _fbp (and related) |
Meta Pixel for ad measurement/retargeting | Meta Platforms | ~90 days |
| Functional/Analytics | hubspotutk, __hstc, __hssc, __hssrc |
Forms, session analytics & CRM | HubSpot | 30 min–13 months |
Full, current details (including any future marketing cookies) are available in Cookie settings.
7) Your rights
Under the GDPR you can:
- Access your data and get a copy
- Rectify inaccurate or incomplete data
- Erase your data (in certain cases)
- Restrict processing (in certain cases)
- Object to processing based on legitimate interests or to direct marketing
- Withdraw consent at any time (where processing relies on consent)
- Port your data in a machine-readable format (where applicable)
- Lodge a complaint with a supervisory authority
To exercise your rights, email hello@simplico.agency. We will respond within 30 days.
Requests are free of charge, but we may charge a reasonable fee or refuse to act on manifestly unfounded or excessive requests. We may ask for information to verify your identity.
Supervisory authority in Croatia: Croatian Personal Data Protection Agency (AZOP) – https://azop.hr/
8) Security
If a personal-data breach occurs, we will assess risk and notify the supervisory authority and, where required, affected individuals in line with GDPR timeframes.
Internally, we run production on a dedicated server rented from a trusted hosting provider. We operate under ISO/IEC 27001–aligned controls and apply the same requirements to all client projects. Core measures include access controls, least-privilege, encryption in transit, and monitoring.
No system is 100% secure, but we work to prevent, detect, and resolve incidents quickly.
9) Children
Our website/services are not directed to children under 16. If a child provided us data, contact us and we’ll delete it.
10) Third-party sites & links
Our site may link to third-party websites or embed third-party features (e.g., social widgets, videos). We do not control those sites or their privacy practices. Please review their privacy policies.
11) Changes
We may update this notice. We’ll post changes here and update the date. For material changes, we may provide additional notice.