Last updated: May 7, 2026
This Privacy Policy explains in detail how CYBER SECURITY d.o.o. (“CYBER SECURITY”, “we”, “us”, or “our”) collects, uses, stores, protects, and processes personal data when you visit and use the website https://cyber-security.hr (“Website”), communicate with us, or use any of our services.
Protecting the confidentiality, integrity, and availability of personal data is one of our core business principles. As a company specialized in cybersecurity and information security services, we apply industry best practices and appropriate technical and organizational measures to ensure that personal data is processed lawfully, transparently, and securely in accordance with the General Data Protection Regulation (GDPR) and applicable Croatian legislation.
By using our Website, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
The controller responsible for processing your personal data is:
CYBER SECURITY d.o.o. Majstorska 5 10000 Zagreb Croatia
E-mail: info@cyber-security.hr
If you have any questions regarding this Privacy Policy, your personal data, or the manner in which your information is processed, you may contact us at any time using the contact information above.
You also have the right to lodge a complaint with the competent supervisory authority:
Croatian Personal Data Protection Agency (AZOP) E-mail: azop@azop.hr
2. What Personal Data We Collect
The categories of personal data we collect depend on the way you interact with our Website and services. We aim to collect only the data necessary for the specific purpose of processing.
a) Information You Provide Voluntarily
When you contact us through contact forms, e-mail communication, event registrations, business inquiries, or other communication channels, we may collect information such as:
- Full name
- Company or organization name
- Job title or role
- E-mail address
- Telephone number
- Content of your inquiry or communication
- Any additional information you voluntarily provide
This information is used solely for the purpose of responding to your inquiry, establishing business communication, providing requested services, or fulfilling contractual obligations.
We encourage users not to submit sensitive personal data unless strictly necessary.
b) Information Collected Automatically
When you access or browse our Website, certain technical and usage-related information may be collected automatically in order to ensure secure operation of the Website, improve performance, and better understand visitor interactions.
This may include:
- IP address
- Browser type and browser version
- Device type and operating system
- Screen resolution and device identifiers
- Language and regional settings
- Referring websites or URLs
- Pages visited and navigation paths
- Date and time of access
- Session duration and interaction behavior
- Technical logs and diagnostic information
Such information is primarily used for:
- Website administration
- Security monitoring and incident prevention
- Detection of malicious or unauthorized activity
- Statistical analysis and service improvement
- Performance optimization
Although this data usually does not directly identify an individual, certain identifiers may still be considered personal data under GDPR.
3. Purpose and Legal Basis of Processing
We process personal data only where there is a valid legal basis under applicable data protection laws.
Depending on the context, we may process personal data for the following purposes:
| Purpose of Processing | Legal Basis |
|---|---|
| Responding to inquiries and requests | Legitimate interest / Pre-contractual measures |
| Providing cybersecurity and consulting services | Contractual necessity |
| Website administration and security | Legitimate interest |
| Monitoring website performance and analytics | Consent (where required) |
| Marketing communication and newsletters | Consent |
| Compliance with legal obligations | Legal obligation |
| Protection of legal rights and prevention of abuse | Legitimate interest |
When we rely on legitimate interest as a legal basis, we carefully assess and balance our interests against the rights and freedoms of data subjects.
We do not process personal data for purposes incompatible with those described in this Privacy Policy.
4. Marketing Communication
With your explicit consent, we may occasionally send you:
- News about our services
- Information about cybersecurity trends and events
- Educational materials and publications
- Invitations to webinars, conferences, or workshops
- Promotional or marketing content related to our business activities
Marketing communication will only be sent where legally permitted or where you have provided consent.
You may withdraw your consent or unsubscribe at any time by:
- Clicking the unsubscribe link included in e-mails
- Contacting us directly at info@cyber-security.hr
We do not sell, lease, or disclose personal data to third parties for their own marketing purposes.
5. Cookies and Tracking Technologies
Our Website uses cookies and similar technologies to improve functionality, analyze usage, and enhance user experience.
Cookies are small text files stored on your device when you visit a website. Some cookies are essential for proper operation, while others help us understand how visitors use our Website.
We may use:
- Essential cookies required for technical functionality
- Analytical cookies for traffic statistics and performance analysis
- Marketing and remarketing cookies
- Security-related cookies for fraud prevention and protection
Cookies may help us:
- Recognize returning visitors
- Remember user preferences
- Analyze traffic patterns
- Improve Website performance and usability
- Deliver more relevant content and advertisements
Where required by law, non-essential cookies are activated only after obtaining your consent through the cookie banner or preference settings.
You may disable cookies through your browser settings, although some parts of the Website may not function properly as a result.
6. Analytics and Third-Party Services
To improve our services and maintain Website functionality, we may cooperate with carefully selected third-party providers.
These providers may process limited personal data strictly on our behalf and in accordance with contractual data protection obligations.
Google Analytics
We use Google Analytics to better understand how visitors use our Website.
Google Analytics helps us analyze:
- Number of visitors
- User behavior and navigation
- Traffic sources
- Website performance
- Popular content and pages
The information collected is generally aggregated and used for statistical and analytical purposes.
Google Ads and Remarketing
We may use Google Ads and remarketing technologies to display relevant advertisements to users who have previously visited our Website.
Remarketing technologies may use cookies to:
- Measure advertising effectiveness
- Display relevant advertisements across other websites
- Optimize advertising campaigns
Users may manage advertising preferences through:
Hosting and Technical Providers
Our Website infrastructure may be hosted and maintained by external service providers that support:
- Website hosting
- Security monitoring
- Backup and recovery
- Technical maintenance
- Infrastructure availability
Such providers may process technical and system-related information necessary for operation and security purposes.
7. Sharing of Personal Data
We treat personal data as confidential and do not disclose it to unauthorized third parties.
However, personal data may be shared when necessary with:
- IT and hosting providers
- Cloud and infrastructure providers
- Analytics and marketing providers
- External consultants or professional advisers
- Regulatory or governmental authorities where legally required
All third-party providers are contractually obligated to:
- Process data only according to our instructions
- Implement appropriate security measures
- Maintain confidentiality
- Comply with GDPR requirements
We do not transfer personal data to third parties for unrelated commercial purposes.
8. International Transfers of Personal Data
Some third-party service providers may process personal data outside the European Economic Area (EEA).
Where international data transfers occur, we implement appropriate safeguards to ensure that personal data remains adequately protected, including:
- European Commission Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Additional technical and organizational safeguards where appropriate
We continuously assess our providers to ensure compliance with applicable privacy and security standards.
9. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, including:
- Duration of contractual relationships
- Compliance with legal obligations
- Accounting and tax requirements
- Resolution of disputes
- Enforcement of legal claims
When retention is no longer necessary, personal data is securely deleted, anonymized, or destroyed using appropriate methods.
Backup copies containing personal data may remain temporarily stored until automatic deletion cycles are completed.
10. Security of Personal Data
As a cybersecurity-focused company, we place particular emphasis on the protection of information and personal data.
We implement appropriate technical and organizational security measures designed to protect personal data against:
- Unauthorized access
- Accidental loss
- Alteration or destruction
- Misuse
- Disclosure
- Cybersecurity threats
Security measures may include:
- Access control mechanisms
- Encryption technologies
- Security monitoring and logging
- Network and infrastructure protection
- Regular security updates and maintenance
- Internal security procedures and staff awareness
Despite all reasonable safeguards, no electronic transmission or storage system can be guaranteed to be completely secure. Therefore, users should also take appropriate precautions when using internet services.
11. Your Rights Under GDPR
In accordance with applicable data protection laws, you may exercise the following rights:
- Right of access to personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
We will respond to legitimate requests within the timeframes prescribed by applicable law.
To exercise your rights, please contact us at: info@cyber-security.hr
12. External Platforms and Social Media
Our Website may contain links to external websites, social media platforms, or third-party services.
If you interact with such platforms (for example LinkedIn or other social networks), those providers may independently collect and process your personal data according to their own privacy policies.
We encourage users to review the privacy policies of all third-party platforms they use.
13. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time in order to reflect:
- Changes in applicable laws and regulations
- Technological developments
- Changes to our services or business operations
- Security improvements or organizational changes
The most recent version of the Privacy Policy will always be available at:
We encourage users to periodically review this page to remain informed about how we process and protect personal data.
14. E-Learning Platform and Moodle LMS
As part of our educational and cybersecurity awareness services, we may provide access to online learning environments and training platforms based on the Moodle Learning Management System (LMS).
When using the e-learning platform, we may process additional categories of personal data necessary for the delivery and administration of online courses, training programs, certifications, and learning activities.
Such data may include:
- User account information
- Full name and contact information
- Username and login credentials
- Course enrollment data
- Learning progress and activity records
- Quiz and examination results
- Certificates and course completion records
- Communication within the learning platform
- Technical access logs and session information
The purpose of processing this data includes:
- Providing access to educational content
- Managing user accounts and authentication
- Monitoring course participation and progress
- Issuing certificates and training confirmations
- Improving educational services and platform functionality
- Ensuring platform security and preventing unauthorized access
Access to the e-learning platform is restricted to authorized users only.
We implement appropriate technical and organizational security measures to protect user accounts and educational records, including access controls, authentication mechanisms, logging, and system monitoring.
Learning records and training-related information may be retained for the duration necessary to:
- Maintain evidence of completed training,
- Fulfill contractual or regulatory obligations,
- Support cybersecurity compliance and audit requirements,
- Resolve disputes or technical issues.
Users are responsible for maintaining the confidentiality of their login credentials and for notifying us immediately in case of suspected unauthorized access to their account.