Home About How It Works Literacy Guide Contact
EN HR
Legal

Privacy Policy

This policy describes how Xenlito collects, uses, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Croatian law.

Last Updated: 2 March 2026

1. Data Controller

The data controller for personal data collected through this website is Xenlito, located at Jankomir 33, 10090 Zagreb, Croatia. You may contact us regarding data protection matters at info@xenlito.com or by telephone at +385 99 466 1787.

2. What Personal Data We Collect

We collect personal data only when you voluntarily provide it to us. This may include:

  • Full name
  • Email address
  • Telephone number (if provided)
  • The content of messages you send us through our contact form
  • Technical data collected automatically (IP address, browser type, pages visited, time of visit) through cookies and similar technologies — see our Cookie Policy for details

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Consent (Article 6(1)(a) GDPR): When you submit the contact form and check the consent checkbox, you consent to us processing your data to respond to your enquiry.
  • Legitimate interests (Article 6(1)(f) GDPR): For basic website analytics to understand how our site is used, provided this does not override your rights and freedoms.
  • Legal obligation (Article 6(1)(c) GDPR): Where we are required to process data to comply with applicable Croatian or EU law.

4. How We Use Your Data

Personal data collected through the contact form is used solely to:

  • Respond to your enquiry about our educational programme
  • Provide information about session dates and programme details you have requested
  • Maintain records of correspondence as required

We do not use your personal data for marketing purposes, profiling, or automated decision-making without your explicit consent.

5. Data Retention

We retain personal data collected through contact forms for a maximum of 24 months from the date of your last communication with us, after which it is securely deleted. Technical data collected through cookies is retained for the period specified in our Cookie Policy.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for their own purposes. We may share data with:

  • Service providers who assist us in operating the website (such as hosting providers), subject to appropriate data processing agreements
  • Public authorities where required by law

Any third parties with whom we share data are required to maintain appropriate security measures and may only process your data in accordance with our instructions.

7. International Transfers

Where personal data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, including standard contractual clauses approved by the European Commission.

8. Your Rights

Under the GDPR and Croatian data protection law (Zakon o provedbi Opće uredbe o zaštiti podataka), you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your personal data where there is no lawful basis for continued processing.
  • Right to restriction: You may request that we restrict processing of your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract, you may request your data in a structured, commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@xenlito.com. We will respond within one month of receiving your request.

9. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP), Selska cesta 136, 10000 Zagreb, Croatia. Website: azop.hr

10. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures are reviewed and updated regularly.

11. Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the date of the most recent update. We encourage you to review this policy periodically.

13. Contact

For any questions regarding this Privacy Policy or our data processing practices, please contact us at:

Xenlito
Jankomir 33, 10090 Zagreb, Croatia
Email: info@xenlito.com
Telephone: +385 99 466 1787