Privacy Policy

Introduction

SonicFront d.o.o. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, use our services, or interact with us. This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Collection

We collect and process various types of personal data depending on how you interact with our services. The data we collect includes information you provide directly to us, information we collect automatically when you use our website, and information we receive from third parties.

Personal Data We Collect:

• Contact information (name, email address, phone number, postal address)
• Business information (company name, job title, industry)
• Communication data (messages, enquiries, feedback)
• Technical data (IP address, browser type, device information)
• Website usage data (pages visited, time spent, user interactions)
• Marketing and communication preferences

How We Use Your Information

We process your personal data for various purposes based on different legal grounds under GDPR. How we use your information depends on the services you use and your relationship with us.

We use your personal data to:

• Provide and deliver our cost control and financial optimisation services
• Respond to your enquiries and provide customer support
• Process and fulfil service requests and contracts
• Send you important information about our services and policies
• Improve our website functionality and user experience
• Conduct market research and analysis to enhance our services
• Comply with legal obligations and regulatory requirements
• Detect and prevent fraud, security breaches, and other harmful activities

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. The legal bases we rely on include:

• Consent: Where you have given clear consent for specific processing activities
• Contract: Where processing is necessary for the performance of a contract with you
• Legal obligation: Where we must process data to comply with legal requirements
• Legitimate interests: Where processing is necessary for our legitimate business interests

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

• With service providers who assist us in operating our business (under strict confidentiality agreements)
• When required by law, legal process, or government request
• To protect our rights, property, or safety, or that of our users
• In connection with a business transaction (merger, acquisition, or sale)
• With your explicit consent for specific purposes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention periods vary depending on the type of data and the purpose for which it was collected. Generally, we retain contact and communication data for up to seven years after our last interaction, unless a longer retention period is required by law.

Your Rights

Under GDPR and other applicable data protection laws, you have several rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we process your data
• Right to data portability: Request transfer of your data to another service provider
• Right to object: Object to certain types of processing
• Right to withdraw consent: Withdraw consent for processing based on consent

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure data transmission, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

As we operate within the European Union, your personal data is primarily processed within the EU/EEA. If we need to transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other legally recognised transfer mechanisms.

Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to remove such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the information below:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws. In Croatia, the supervisory authority is the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka).