Privacy Policy

Last updated: 15 January 2026

Introduction

This Privacy Policy explains how bioluxor d.o.o. ("we", "us", "our") collects, uses, and protects your personal information when you visit our website, use our services, or interact with us. We are committed to protecting your privacy and ensuring transparency in our data handling practices.

Data Controller Information

The data controller for your personal information is:

  • Company: bioluxor d.o.o.
  • Address: Držićeva ulica 79, 10405 Zagreb, Croatia
  • Registration Number: 251436798
  • VAT Number: HR25749685342
  • Email: privacy@bioluxor.top
  • Phone: +385 16111036

Data Collection

We collect personal data that you provide to us directly and information that is collected automatically when you use our website and services. The data we collect includes:

Information You Provide

  • Contact information (name, email address, phone number)
  • Professional information (job title, organisation, industry)
  • Communication preferences and marketing consents
  • Any information you provide in enquiry forms, emails, or other communications
  • Account information if you register for our services

Information Collected Automatically

  • Website usage data (pages visited, time spent, click patterns)
  • Technical information (IP address, browser type, device information)
  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Analytics data to improve our website and services

How We Use Your Information

We use of your data is based on legitimate interests, contractual necessity, or your explicit consent. We use your personal information for the following purposes:

  • To provide and improve our educational analytics services
  • To respond to your enquiries and provide customer support
  • To send you information about our services that may be of interest to you
  • To comply with legal obligations and protect our legitimate interests
  • To analyse website usage and improve user experience
  • To prevent fraud and ensure the security of our systems
  • To fulfil contractual obligations and deliver requested services

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

  • Consent: Where you have given explicit consent for specific processing activities
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legitimate Interests: Where we have a legitimate business interest that does not override your rights
  • Legal Obligation: Where we are required by law to process your data

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

  • With service providers who help us operate our business (subject to confidentiality agreements)
  • With professional advisers (lawyers, accountants, consultants) as necessary
  • To comply with legal obligations or respond to lawful requests from authorities
  • To protect our rights, property, or safety, or that of others
  • In connection with a business transfer, merger, or acquisition

International Data Transfers

As we are based in Croatia (EU), your data is primarily processed within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations. Our data retention periods are:

  • Contact and enquiry information: 3 years from last contact
  • Customer account data: Duration of relationship plus 7 years for legal compliance
  • Website analytics data: 26 months
  • Marketing data: Until you withdraw consent or 2 years of inactivity
  • Legal and compliance records: As required by applicable law

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Data Portability: Request transfer of your data to another organisation
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at privacy@bioluxor.top or +385 16111036. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Staff training on data protection and security
  • Incident response and breach notification procedures

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your personal data, please contact us:

  • Privacy Officer: privacy@bioluxor.top
  • Phone: +385 16111036
  • Post: bioluxor d.o.o., Držićeva ulica 79, 10405 Zagreb, Croatia
  • Business Hours: Monday - Friday: 10:00 - 19:00 CET

Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority if you believe we have not handled your personal data in accordance with applicable law. In Croatia, this is the Croatian Personal Data Protection Agency (AZOP).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Children's Privacy

Our services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Automated Decision-Making

We may use automated processing and profiling techniques as part of our educational analytics services. When we engage in automated decision-making that produces legal effects or similarly significant effects, we will inform you and provide information about the logic involved, as well as your right to request human intervention or challenge the decision.