Last updated: May 10, 2026
Effective date: May 10, 2026

1. Data Controller

This Privacy Policy describes how:

ZOCH, obrt za poslovne usluge, vl. Fabio Zoch
Fontera 2F, 52210 Rovinj, Croatia
E-mail: info@sunny.hr
Phone: +385 99 275 4186

(hereinafter referred to as “we”, “us”, “our”, or the “Data Controller”) collects, uses, processes, and protects personal data of users visiting the website:

sunny.hr

By using this website, you acknowledge that you have read and understood this Privacy Policy.

2. Personal Data We Collect

We may collect the following personal data:

  • first and last name
  • e-mail address
  • phone number (if voluntarily provided)
  • content of inquiries or messages
  • IP address and technical device information
  • data collected through cookies and analytics tools

We do not intentionally collect special categories of personal data unless voluntarily provided by the user.

3. Purpose and Legal Basis of Processing

We process your personal data only where there is a lawful basis under the General Data Protection Regulation (GDPR).

Processing is based on:

a) Performance of a contract or steps prior to entering into a contract

We use personal data for:

  • responding to inquiries
  • providing services
  • communication with users and clients

b) Legitimate interest

We may process data for:

  • website security
  • fraud and abuse prevention
  • system administration
  • improving service quality
  • maintaining communication records

c) Consent

Where required, such as for marketing cookies, newsletters, or marketing communication, processing is based on your consent, which may be withdrawn at any time.

d) Legal obligations

Certain data may be retained to comply with:

  • accounting and tax obligations
  • legal requests from public authorities

4. Sharing of Personal Data

We do not sell or disclose your personal data to third parties except where necessary to provide our services or where required by law.

Your data may be shared with:

  • hosting providers
  • IT and website administrators
  • analytics providers (e.g. Google Analytics)
  • marketing tools and platforms
  • accounting service providers
  • competent public authorities where legally required

All data processors are required to protect personal data in accordance with GDPR requirements.

5. Transfers Outside the EU/EEA

Certain services we use (such as Google, Meta, or cloud-based services) may process personal data outside the European Union or European Economic Area.

Where such transfers occur, we ensure appropriate safeguards in accordance with GDPR, including Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected or as required by applicable law.

For example:

  • contact form and e-mail communication data: up to 2 years
  • accounting documentation: according to legal retention periods
  • analytics and cookie data: according to cookie settings and provider policies

After the retention period expires, data is deleted or anonymized.

7. Your Rights

Under GDPR, you have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request deletion of personal data
  • restrict processing
  • object to processing
  • request data portability
  • withdraw consent at any time
  • lodge a complaint with a supervisory authority

To exercise your rights, please contact us at:

info@sunny.hr

8. Right to Lodge a Complaint

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority:

Croatian Personal Data Protection Agency

Selska cesta 136
10000 Zagreb
Croatia

Website: AZOP

9. Cookies

This website uses cookies for:

  • proper website functionality
  • security
  • traffic analytics
  • improving user experience

Non-essential cookies are used only with your prior consent through the cookie banner.

More information is available in our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or destruction.

Although we apply reasonable security measures, no method of internet transmission or electronic storage can be guaranteed as completely secure.

11. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the content, security, or privacy practices of third-party websites and encourage users to review their privacy policies.

12. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect legal, technical, or business developments.

Any changes will be published on this page together with the updated revision date.

CONTACT US…

Send us a message and we will do our best to respond as soon as possible.