Privacy Policy

This Privacy Policy explains how CorteCros d.o.o., Gramaca 5F, 10000 Zagreb, Croatia (“Data Controller”), processes personal data of users of the website www.cortecros.com.

The Data Controller processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable laws of the Republic of Croatia.

For any questions regarding the processing of your personal data, you can contact us at:

CorteCros d.o.o.
Gramaca 5F
Zagreb, Croatia
Email: [email protected]

The purpose of this Privacy Policy is to explain how CorteCros d.o.o., as the Data Controller, uses the personal data we collect. It also explains the purpose of data collection, how we store and process data, and how you can contact us to request the deletion of your data from our records.

1. What data do we collect?

We collect only the data voluntarily provided by users, including:

  • data submitted through our contact forms

  • technical data collected through cookies necessary for the website to function

  • data sent through direct email communication

We do not collect special categories of personal data.

2. Data collected through contact forms

The website contains two contact forms (“Ask Us” and “Contact”).

What data do we collect?

  • first and last name

  • company name

  • address (if provided)

  • phone number

  • email address

  • message content and any additional information voluntarily entered by the user

Purpose of processing

  • responding to your inquiry

  • sending requested documents, information, or offers

  • further communication regarding CorteCros d.o.o. products and services

Legal basis for processing

  • the legitimate interest of the Data Controller to respond to received inquiries (GDPR Art. 6(1)(f))

  • steps necessary at the request of the data subject prior to entering into a contract (GDPR Art. 6(1)(b))

Who receives the data?

Inquiries submitted via the forms are delivered to:

[email protected]

Access to this data is granted only to authorized employees of CorteCros d.o.o.

3. Google reCAPTCHA (form protection)

The contact forms use Google reCAPTCHA to prevent abuse and automated sending of spam messages.

reCAPTCHA may process:

  • IP address

  • browser information

  • interaction with the CAPTCHA element

Purpose: security protection of the forms (legitimate interest).

If data is transferred outside the EU, Google applies Standard Contractual Clauses (SCC).

4. Cookies

The website uses only essential cookies required for the functioning of the site and for displaying the CMP cookie banner.

According to the latest website scan, the following categories of cookies are used:

4.1. Essential (function) cookies

Consent Manager (CMP) cookies

Examples:__cmpcc*, __cmpccu*, cmpconsent*
Purpose: storing cookie preferences and ensuring GDPR-compliant functionality.

Google reCAPTCHA cookie

Example: rc:a
Purpose: security protection of contact forms.

WordPress and security session cookies

Examples: wordpress_logged_in_*, wordpress_sec_*, wp-settings-*, wp-settings-time-*

Purpose: website functionality, administrator login management, and security verification.

These cookies do not track user behaviour.

WPML language cookies (multilingual support)

Example: wp-wpml_current_language

Purpose: remembering the user’s selected language.

Currency cookie (WCML)

Example: wcml_dashboard_currency

Purpose: internal currency display in administration.

This cookie does not collect personal data of website visitors.

Hosting / server cookies

Examples: server session security cookies (depending on hosting configuration).

These cookies are set automatically and are essential for the website to function.

4.2. Third-party cookies – NOT ACTIVE

The website does not use:

  • Google Analytics

  • Google Ads

  • Facebook Pixel

  • Sourcebuster

  • YouTube cookies (embedded videos are blocked until consent is given)

CMP confirms that all non-essential cookies are disabled and not set without consent.

5. Data retention period

  • messages sent via contact forms: up to 12 months from the last communication

  • server logs: up to 12 months

  • cookies: according to the expiration period of each cookie

6. Your GDPR rights

Users have the right to:

  • request access to their personal data

  • request correction of inaccurate data

  • request deletion (unless legal restrictions apply)

  • request restriction of processing

  • object to processing

  • withdraw consent at any time

  • lodge a complaint with the Croatian Personal Data Protection Agency (AZOP): [email protected]

To exercise your rights, contact us at:
[email protected]

7. Automated decision-making

We do not perform automated decision-making or user profiling.

8. Data security

Personal data is processed in a secure IT environment with appropriate technical and organizational protective measures.
All processors act solely under the instructions of CorteCros d.o.o.

9. Changes to this Privacy Policy

CorteCros d.o.o. regularly updates this Privacy Policy.
This version was last updated on 10 December 2025.

For any additional questions, please contact:

CorteCros d.o.o.
Gramaca 5F
Zagreb, Croatia
Email: [email protected]

Comments are closed.