Get in touch
Orqentrax

Privacy Policy

Last updated: 1 February 2026

This Privacy Policy describes how ORQENTRAX j.d.o.o. ("Orqentrax", "we") collects, uses and protects personal data of users who visit orqentrax.com or contact us via the form. The document is aligned with Regulation (EU) 2016/679 (GDPR), the Croatian Act Implementing the GDPR (OG 42/18) and the 2026 guidance of the Croatian Personal Data Protection Agency (AZOP).

1. Controller

The data controller is ORQENTRAX j.d.o.o., Ulica grada Vukovara 269G, 10000 Zagreb, VAT HR47218903655. For any data-related question contact us at privacy@orqentrax.com.

2. What data we collect

We only collect the data you directly provide through the contact form: full name, email address and the content of your message. Additionally, based on your consent in the cookie banner, we collect technical signals through Google Consent Mode v2 — browsing identifier, device type, browser language and an approximate city-level location.

3. Purposes and legal basis

We process your data to reply to enquiries (legitimate interest), to analyse site usage in order to improve content (consent) and to display advertising inside the Google Ads ecosystem (consent). We do not use automated decision-making or profiling that produces legal effects.

4. Retention

Messages sent through the form are kept for no longer than 24 months after the last communication, after which they are permanently deleted. Marketing cookies expire after a maximum of 13 months in line with the European Data Protection Board's recommendation.

5. Recipients

Data is not sold to third parties. Access is limited to authorised Orqentrax personnel and to our processors: email provider (Google Workspace, EU), hosting provider (Hetzner Online GmbH, Germany) and Google Ireland Limited for analytics and ads. Standard processing agreements are in place with all of them.

6. Transfers outside the EEA

When data is transferred outside the European Economic Area, we apply the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914) along with additional technical safeguards, including encryption in transit and at rest.

7. Your rights

At any time you may exercise the rights of access, rectification, erasure, restriction, data portability and objection. Consent can be withdrawn at any time without negative consequences. You may also lodge a complaint with the Croatian supervisory authority — AZOP, Selska cesta 136, Zagreb.

8. Security

We apply organisational and technical safeguards, including TLS 1.3 encryption, two-factor authentication for all administrative access and regular review of access rights. In the event of a personal data breach that may create risk to user rights, we will notify AZOP within 72 hours.

9. Changes to this Policy

We may update this Policy from time to time in order to reflect new legislation or practice. The date of the last update is always shown at the top of the document. Material changes will be communicated via a banner on the site.