Privacy Policy

Last updated: January 30, 2026

This Privacy Policy explains how TiM d.o.o. (“we”, “us”) collects and processes personal data when you visit our website or contact us.

1) Data Controller

Controller: TiM d.o.o.
Address: Otrovanec 97, 33405, Otrovanec, Croatia
Privacy contact email: tim.tkalcec@gmail.com

2) What data we collect

2.1 Data you provide

When you submit our contact form, we collect:

  • Name
  • Email address
  • Phone number (optional)
  • Location (optional)
  • Message content

We do not accept file attachments via the contact form.

2.2 Data collected automatically

When you browse the website, we may collect:

  • IP address and request data (server/security logs)
  • Device and browser information
  • Usage data (pages viewed, interactions, timestamps) via analytics tools (where enabled)

3) Purposes and legal bases (GDPR)

We process personal data for:

3.1 Responding to contact requests

Purpose: To respond to your message and communicate with you.
Legal basis: Legitimate interests (GDPR Art. 6(1)(f)) and, where applicable, taking steps at your request prior to entering a contract (Art. 6(1)(b)).

3.2 Security and abuse prevention

Purpose: To protect the website and forms from spam, abuse, and security threats.
Legal basis: Legitimate interests (Art. 6(1)(f)).

3.3 Website analytics (Google Analytics 4)

Purpose: To understand website usage and improve performance and content.
Legal basis: Consent (Art. 6(1)(a)) where required (e.g., for analytics cookies/identifiers in the EU).

4) Cookies and consent

We use a cookie banner to manage preferences. Where required, analytics will run only after you give consent.

You can change or withdraw your consent at any time via Cookie Settings (available in the cookie banner and/or website footer).

5) Service providers (processors)

We use the following providers to operate the website and handle messages:

  • Hosting: Hetzner (Germany)
  • Contact form delivery: Postmark (email delivery service)
  • Analytics: Google Analytics 4 (GA4)
  • Spam protection: Google reCAPTCHA

6) International data transfers

Some providers may process data outside the European Economic Area (EEA), depending on their infrastructure. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) and other measures offered by providers.

7) Data retention

We keep personal data only as long as necessary for the purposes above:

  • Contact form messages: 24 months
  • Server/security logs: 30 days
  • Analytics (GA4): 14 months (per our analytics retention settings)

8) Sharing of data

We do not sell personal data. We share data only with:

  • The service providers listed above (as necessary to provide website functionality and communication)
  • Authorities or advisors where required by law or to protect our rights

9) Your rights

You may have the right to:

  • Access your data
  • Correct inaccurate data
  • Delete your data
  • Restrict processing
  • Object to processing (where based on legitimate interests)
  • Data portability (where applicable)
  • Withdraw consent (where processing is based on consent)

To exercise your rights, contact us at tim.tkalcec@gmail.com.

10) Complaints

You can also lodge a complaint with the Croatian data protection authority (AZOP).

11) Security

We apply appropriate technical and organizational measures to protect personal data.

12) Changes to this policy

We may update this policy from time to time. The “Last updated” date shows when changes were made.