Last updated: 8 May 2026.
This Privacy Policy describes how sibeling d.o.o. ("the Company", "we") collects, uses, stores and protects personal data of visitors to sibeling.com (the "Site") and of business contacts. Processing is carried out in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Croatian law.
1. Data controller
sibeling d.o.o., Republic of Croatia.
Privacy contact: info@sibeling.com
2. Data we collect
- Inquiry data — name, company, email, phone and message content you voluntarily provide via our contact form or email.
- Business communication data — information exchanged when preparing quotations, concluding and performing contracts (e.g. company ID, billing details, project contacts).
- Technical data — IP address, browser and device type, language settings and basic server logs generated for security and proper operation of the Site.
- Cookie data — see our Cookie Policy.
We do not collect special categories of personal data, nor do we knowingly collect data of children under 16 years of age.
3. Purposes and legal bases
- Responding to inquiries and business communication — pre-contractual steps at your request (Art. 6(1)(b) GDPR) or legitimate interest (Art. 6(1)(f)).
- Conclusion and performance of contracts — Art. 6(1)(b) GDPR.
- Compliance with legal obligations (accounting, tax) — Art. 6(1)(c) GDPR.
- Site security and operation — legitimate interest (Art. 6(1)(f) GDPR).
4. Retention period
- inquiries that do not result in a contract — up to 12 months from last communication;
- contractual and accounting documentation — within statutory periods (at least 11 years for accounting documents);
- server logs — typically up to 12 months.
5. Recipients
We do not sell or share personal data for marketing purposes. Data may, to the extent necessary, be accessed by our employees, IT/hosting providers (as processors), accounting and legal advisors, and competent authorities where required by law.
6. International transfers
Data is processed within the EEA whenever possible. Any transfer outside the EEA is subject to appropriate safeguards under the GDPR (e.g. Standard Contractual Clauses).
7. Your rights
You have the right to access, rectification, erasure, restriction, data portability, objection, withdrawal of consent at any time, and to lodge a complaint with the Croatian supervisory authority (AZOP, azop.hr). To exercise your rights, contact info@sibeling.com. We respond within one month.
8. Security
We implement reasonable technical and organisational measures (HTTPS, access controls, system updates, staff training) to protect data from unauthorised access, loss or disclosure.
9. Automated decision-making
We do not carry out automated decision-making, including profiling, with legal effects.
10. Changes
We may update this Policy from time to time. The current version is always available on this page with the date of the last update.
Frequently asked questions
The controller is sibeling d.o.o., established in the Republic of Croatia. Privacy contact: info@sibeling.com.
Name, company, email, phone and message content — only the data you voluntarily provide.
Inquiries that do not result in a contract are kept for up to 12 months from the last communication. Contractual and accounting records are kept within statutory periods.
Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with the Croatian supervisory authority (AZOP).
We do not sell or share data for marketing. Access may be granted to employees, IT/hosting providers (as processors), accounting and legal advisors, and authorities where required by law.