Last updated: 8 May 2026.

This Privacy Policy describes how sibeling d.o.o. ("the Company", "we") collects, uses, stores and protects personal data of visitors to sibeling.com (the "Site") and of business contacts. Processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Croatian law.

1. Data controller

The controller of personal data is:
sibeling d.o.o.
Registered office: Republic of Croatia
Privacy contact email: info@sibeling.com

2. Data we collect

• Inquiry data — name, company, email, phone and message content you voluntarily provide via our contact form or email.
• Business communication data — information exchanged when preparing quotations, concluding and performing contracts (e.g. company ID, billing details, project contacts).
• Technical data — IP address, browser and device type, language settings and basic server logs generated for security and proper operation of the Site.
• Cookie data — see our Cookie Policy.

We do not collect special categories of personal data, nor do we knowingly collect data of children under 16 years of age.

3. Purposes and legal bases

• Responding to inquiries and business communication — pre-contractual steps at your request (Art. 6(1)(b) GDPR) or legitimate interest (Art. 6(1)(f)).
• Conclusion and performance of contracts — Art. 6(1)(b) GDPR.
• Compliance with legal obligations (accounting, tax) — Art. 6(1)(c) GDPR.
• Site security and operation — legitimate interest (Art. 6(1)(f) GDPR).

4. Retention period

We keep data for as long as necessary to achieve the purpose for which it was collected, or for as long as required by statutory retention periods:

• inquiries that do not result in a contract — up to 12 months from last communication;
• contractual and accounting documentation — within statutory periods (at least 11 years for accounting documents);
• server logs — typically up to 12 months.

5. Recipients

We do not sell or share personal data for marketing purposes. Data may, to the extent necessary, be accessed by:

• our employees and associates involved in handling inquiries or contracts;
• IT and hosting service providers (as processors, based on a contract);
• accounting and legal advisors, within statutory obligations;
• competent authorities where required by law.

6. International transfers

Data is processed within the EEA whenever possible. Any transfer outside the EEA is subject to appropriate safeguards under the GDPR (e.g. Standard Contractual Clauses).

7. Your rights

Under the GDPR, you have the right to:

• access your data and information about processing;
• rectification of inaccurate or incomplete data;
• erasure of data (“right to be forgotten”), where the conditions are met;
• restriction of processing;
• data portability in a structured, commonly used, machine-readable format;
• object to processing based on legitimate interest;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the supervisory authority — the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, azop.hr.

You can exercise your rights by sending a request to info@sibeling.com. We respond without undue delay and no later than within one month.

8. Security

We implement reasonable technical and organisational measures (HTTPS, access controls, system updates, staff training) to protect data from unauthorised access, loss or disclosure.

9. Automated decision-making

We do not carry out automated decision-making, including profiling, with legal effects.

10. Changes

We may update this Policy from time to time. The current version is always available on this page with the date of the last update.