Privacy Policy

1. Who We Are

Lux Tech d.o.o.
Leskovački brijeg 2
10257 Hrvatski Leskovac, Croatia
OIB (Tax ID): 47034854402
Email: info@lux-tech.hr
Phone: +385 91 457 5757

We take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your personal data when you contact us through our website.

2. What Data Do We Collect?

When you submit our contact form, we collect:

• Name — required
• Email address — required
• Company/Organization — optional
• Message — required
• Technical metadata: timestamp, your browser/device information (User-Agent)

We do not use cookies for advertising or cross-site tracking. To understand how our site is used, we use Cloudflare Web Analytics — a privacy-friendly, cookieless tool that records aggregated, anonymous statistics (such as page views, referring sites, country, and device type). It does not use cookies, does not store your IP address, and cannot identify you personally.

3. Why Do We Collect This Data?

We use this information to:

• Respond to your inquiry and provide you with the information you requested
• Contact you to schedule a consultation or discuss your project
• Understand your business needs and requirements
• Keep a record of our communications

Legal basis: Your explicit consent (GDPR Article 6.1.a) — you explicitly consent when you check the privacy agreement checkbox before submitting the form.

4. How Long Do We Keep Your Data?

We retain your contact form data for 12 months from the date of submission. After 12 months, the data is automatically deleted from our database.

If we begin a business engagement with you, we may retain relevant project data for the duration of our engagement plus 2 additional years for legal/accounting purposes. We will discuss data retention separately in that case.

5. Where Is Your Data Stored?

Your contact form data is stored in:

• Google Cloud Firestore (Database service provided by Google LLC)
• Location: European Union data centers
• Encryption: Data is encrypted in transit (TLS) and at rest

Data Processing Agreement: Google operates as a data processor under the standard EU Data Processing Agreement. See Google's Data Processing Terms.

6. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct any inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Withdraw Consent: Withdraw your consent for us to process your data at any time

To exercise any of these rights, email us at info@lux-tech.hr with "GDPR Request" in the subject line, and we will respond within 30 days.

7. How Do We Protect Your Data?

• Your data is only accessible to Lux Tech personnel who need it to respond to your inquiry
• No automated decision-making or profiling
• Data is encrypted in transit (HTTPS) and at rest in Google Cloud
• We do not sell or share your data with third parties
• Access is restricted by role-based permissions

8. Do We Share Your Data?

No. We do not sell, trade, or share your personal data with third parties, except:

• Google Cloud: Your data is stored on Google's infrastructure (they process it but cannot use it for their own purposes)
• Legal requirement: If required by law, court order, or government authority (we will notify you unless prohibited)

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page with an updated "Last updated" date. Your continued use of the contact form constitutes acceptance of the updated policy.

10. Questions or Concerns?

If you have questions about how we handle your data or wish to exercise your GDPR rights:

• Email: info@lux-tech.hr
• Subject line: "Privacy Inquiry" or "GDPR Request"
• Response time: We aim to respond within 5 business days