Legal

Privacy Policy

Last updated: 12 June 2026

This Privacy Policy explains how SpikeIT ("we", "us") collects, uses and protects personal data when you visit spikeit.eu or contact us, in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR").

01Data Controller

This website, spikeit.eu, is operated under the SpikeIT brand from Zagreb, Croatia. For all matters relating to personal data, you can reach the operator directly at:

Email: info@spikeit.eu

Company registration details will be published on this page upon incorporation.

02What data we collect

We deliberately keep data collection to a minimum.

Contact by email. When you write to us, we receive your name, email address and the contents of your message. We use this solely to respond to your enquiry and, where it leads to an engagement, to prepare and perform a contract.
Technical data. Our hosting provider may automatically log basic technical information (IP address, browser type, pages visited) for security and operational purposes.

We do not use advertising trackers, analytics profiling or marketing cookies on this website.

03Legal basis for processing

Art. 6(1)(b) GDPR — processing necessary to take steps at your request prior to entering into a contract, or to perform a contract.
Art. 6(1)(f) GDPR — our legitimate interest in operating a secure and functional website and responding to business enquiries.

04How long we keep your data

Email correspondence is retained only as long as necessary for the purpose it was provided for. Where an enquiry leads to a business relationship, related records are kept for the duration of that relationship and any statutory retention periods under Croatian and EU law (e.g. accounting regulations). Enquiries that do not lead to an engagement are deleted within a reasonable period.

05Who has access to your data

Your data is not sold or shared for marketing purposes. It may be processed on our behalf by carefully selected service providers — such as our email and hosting providers — bound by data processing agreements and, where applicable, located within the EU/EEA or covered by appropriate safeguards under Chapter V of the GDPR.

06Cookies

This website does not set marketing or analytics cookies. Any cookies that may be present are strictly necessary for the website to function (for example, those set by our hosting infrastructure) and do not require consent under applicable law.

07Your rights

Under the GDPR you have the right to:

access the personal data we hold about you (Art. 15);
request rectification of inaccurate data (Art. 16);
request erasure of your data (Art. 17);
request restriction of processing (Art. 18);
object to processing based on legitimate interest (Art. 21);
data portability, where applicable (Art. 20).

To exercise any of these rights, contact us at info@spikeit.eu. You also have the right to lodge a complaint with a supervisory authority — in Croatia, the Agencija za zaštitu osobnih podataka (AZOP), www.azop.hr.

08Security

As a security-focused consultancy, we apply the same standards to ourselves that we recommend to our clients: encrypted communication, access controls and the principle of least privilege across our systems.

09Changes to this policy

We may update this Privacy Policy from time to time. The current version will always be available on this page, with the date of the last revision indicated above.

Reminder Once your company is registered, update section 01 with the legal entity name, registered address and OIB, and have the final text reviewed by a legal professional. This template is provided for convenience and does not constitute legal advice.