Privacy Policy
Last updated: February 24, 2026
1. Who We Are
Our company is Widget D.o.o., a digital agency registered in Croatia, providing web design, development, SEO optimization, digital marketing, photography, video production, business consulting, and related services.
Website: https://widgetinfo.com Company name: Widget D.o.o. Registered address: Croatia Contact email: widgets.hr@proton.me Contact phone: +385 95 781 8170
For all questions related to this Privacy Policy or the processing of your personal data, you may contact us directly via the contact information above or through the contact form on our website.
2. What Data We Collect and Why
2.1 Contact Forms
When you fill out a contact or inquiry form on our website, we collect your name, email address, phone number (if provided), and the content of your message. We use this information exclusively to respond to your inquiry and, where applicable, to prepare and send you a service offer. Legal basis: legitimate interest and pre-contractual measures (Article 6(1)(b) and (f) GDPR).
2.2 Comments
If you leave a comment on our website, we collect the data shown in the comment form — your name, email address, website (if provided) — as well as your IP address and browser user agent string. This information helps us detect and prevent spam. An anonymized string (hash) derived from your email address may be shared with the Gravatar service to check whether you use it; Gravatar’s privacy policy is available at https://automattic.com/privacy/. Upon approval of your comment, your profile picture (if available via Gravatar) will be publicly visible alongside your comment. Legal basis: legitimate interest (Article 6(1)(f) GDPR).
2.3 Cookies
Our website uses cookies — small text files stored on your device — to ensure the proper functioning of the website, remember your preferences, and analyze website traffic. A full list of cookies used on this website is available in our Cookie Policy, which is managed and displayed via the Complianz cookie consent plugin. You may manage or withdraw your cookie consent at any time through the cookie settings available on our website.
Specific cookies set by WordPress include:
- Comment cookies: If you leave a comment, you may opt in to saving your name, email, and website in cookies for your convenience. These cookies last for one year.
- Login cookies: If you log in to the website (administrators only), cookies are set to save your login session. Login cookies last two days; screen option cookies last one year. Selecting “Remember Me” extends login persistence to two weeks.
- Article edit cookie: If you publish or edit an article, a temporary cookie is saved containing the post ID. It contains no personal data and expires after one day.
- Session cookie: When you visit our login page, a temporary cookie is set to check whether your browser accepts cookies. It contains no personal data and is discarded when you close your browser.
2.4 Media Uploads
If you upload images to our website (administrators only), you should avoid uploading images that contain embedded location data (EXIF GPS). Visitors to the website can download images and extract any location data embedded in those files. We are not responsible for EXIF data included in user-uploaded media.
2.5 Google Analytics 4
We use Google Analytics 4 (provided by Google LLC) to collect anonymized statistical data about how visitors interact with our website. This includes data such as pages visited, time spent on pages, approximate geographic location (country/city level), device type, browser, and traffic source. This data is collected via cookies and is used solely to improve our website and understand our audience. Google may transfer this data to servers in the United States. We have enabled IP anonymization. For more information, see Google’s Privacy Policy at https://policies.google.com/privacy. Legal basis: your consent (Article 6(1)(a) GDPR), managed via Complianz.
2.6 Google Search Console
We use Google Search Console to monitor our website’s performance in Google Search results. This tool provides us with aggregated, non-personally identifiable data about search queries, impressions, and clicks. No personal data of individual visitors is accessible through this tool.
2.7 Google Ads
We use Google Ads (Google LLC) to run paid advertising campaigns. Google Ads may use cookies and tracking pixels to show our advertisements to users who have previously visited our website (remarketing) or to users matching certain interest profiles. This involves the processing of data by Google on our behalf. You can opt out of personalized advertising at https://adssettings.google.com. Legal basis: your consent (Article 6(1)(a) GDPR), managed via Complianz.
2.8 Google Maps
Our website embeds Google Maps (Google LLC) to display our location and facilitate navigation. When you interact with an embedded Google Maps element, Google may collect your IP address and use cookies. We embed Google Maps with a consent layer — the map activates only after your cookie consent. For more information, see https://policies.google.com/privacy. Legal basis: your consent (Article 6(1)(a) GDPR).
2.9 Google Business Profile
We maintain a Google Business Profile (Google LLC) listing for Widget D.o.o. If you interact with our Google Business Profile — for example by leaving a review, sending a message, or viewing our profile — that interaction is governed by Google’s Privacy Policy at https://policies.google.com/privacy. We receive aggregated insights (views, clicks, calls) from Google but do not receive your personal data directly through this channel unless you contact us via it.
2.10 reCAPTCHA
Our website uses Google reCAPTCHA (Google LLC) to protect our contact forms from spam and automated abuse. reCAPTCHA analyzes visitor behavior and may collect IP address, browser information, and other signals. This data is processed by Google. Legal basis: legitimate interest (Article 6(1)(f) GDPR). For more information, see https://policies.google.com/privacy.
2.11 Embedded Content from External Websites
Pages on this website may include embedded content from third-party platforms, including:
- YouTube (Google LLC) — youtube.com
- Facebook (Meta Platforms Ireland Ltd.) — facebook.com
- Instagram (Meta Platforms Ireland Ltd.) — instagram.com
- LinkedIn (LinkedIn Ireland Unlimited Company) — linkedin.com
- TikTok (TikTok Technology Limited) — tiktok.com
Embedded content from these platforms behaves as if you had visited those websites directly. They may collect data about you, set cookies, embed additional third-party tracking, and monitor your interaction with the embedded content — including if you have an account on that platform and are currently logged in. We have no control over the data these platforms collect. We load embedded social media content behind a consent layer where technically possible. You are encouraged to review the privacy policies of each respective platform:
- YouTube / Google: https://policies.google.com/privacy
- Facebook & Instagram (Meta): https://www.facebook.com/privacy/policy/
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy
2.12 WordPress Platform
Our website is built on WordPress (Automattic Inc.). WordPress itself processes minimal technical data necessary for the website to function, including server logs and IP addresses. We use the following WordPress plugins that may process data:
- Elementor Pro — page builder; processes no personal visitor data beyond standard WordPress behavior
- Yoast SEO — SEO optimization plugin; processes no personal visitor data
- Complianz — cookie consent management; collects and stores your cookie consent preferences (consent record with timestamp and IP hash) for legal compliance purposes
- Envato Elements — design asset library used during development only; does not interact with visitor data
3. Who We Share Your Data With
We do not sell, rent, or trade your personal data with third parties. We share data only in the following circumstances:
- Service providers and data processors: Google LLC (Analytics, Ads, Maps, reCAPTCHA, Search Console, YouTube), Meta Platforms Ireland Ltd. (Facebook, Instagram), LinkedIn Ireland Unlimited Company, TikTok Technology Limited, Automattic Inc. (WordPress/Gravatar), Hostinger International Ltd. (web hosting). Each of these acts as a data processor on our behalf or as an independent data controller, and each maintains their own privacy standards.
- Hosting provider: Our website is hosted on Hostinger Cloud infrastructure. Hostinger processes server data, including IP addresses and access logs, necessary to deliver the website to your browser. Hostinger’s privacy policy is available at https://www.hostinger.com/privacy-policy.
- Legal obligation: We may disclose your data if required to do so by applicable law, court order, or governmental authority.
- Password reset: If you request a password reset, your IP address will be included in the reset email sent by WordPress.
4. International Data Transfers
Some of our third-party service providers — including Google LLC and Meta Platforms — are based in or transfer data to the United States or other countries outside the European Economic Area (EEA). Where such transfers occur, they are based on Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other appropriate safeguards as required under Chapter V of the GDPR.
5. How Long We Retain Your Data
- Contact form submissions: We retain your inquiry data for as long as is necessary to respond to and fulfill your request, and thereafter for up to 3 years for legitimate business record-keeping purposes, unless a longer retention period is required by law.
- Comments: Approved comments and their associated metadata are retained indefinitely to facilitate ongoing discussion and automatic moderation of follow-up comments.
- Registered users: If any user registers an account on our website, their personal data is stored in their user profile until the account is deleted. Users may view, edit, or delete their personal data at any time (with the exception of their username). Website administrators can also access and edit user information.
- Cookie consent records: Complianz stores your cookie consent preferences for a maximum of 12 months, after which fresh consent may be requested.
- Analytics data: Google Analytics 4 data is retained in accordance with our GA4 data retention settings (default: 14 months).
- Server logs: Hosting server logs containing IP addresses and access data are retained for up to 30 days by our hosting provider.
6. Your Rights Under GDPR
If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:
- Right of access (Article 15 GDPR): You have the right to request a copy of the personal data we hold about you.
- Right to rectification (Article 16 GDPR): You have the right to request correction of inaccurate or incomplete personal data.
- Right to erasure (Article 17 GDPR): You have the right to request deletion of your personal data, subject to our legal obligations to retain certain data.
- Right to restriction of processing (Article 18 GDPR): You have the right to request that we restrict the processing of your data in certain circumstances.
- Right to data portability (Article 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Article 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent (Article 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint: You have the right to lodge a complaint with the competent supervisory authority. In Croatia, this is the Agencija za zaštitu osobnih podataka (AZOP), website: https://azop.hr.
To exercise any of these rights, please contact us at the contact details provided in Section 1. We will respond to your request within 30 days.
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or alteration. These measures include SSL/TLS encryption on all pages, regular security updates to WordPress core, themes, and plugins, daily automated backups, 24/7 server monitoring via our hosting provider, and restricted access to administrative functions. While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.
8. Children’s Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it without undue delay.
9. Links to Third-Party Websites
Our website contains links to third-party websites, including our social media profiles on YouTube, Facebook, Instagram, LinkedIn, and TikTok. Once you leave our website, this Privacy Policy no longer applies. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices or content of those websites.
10. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of our website after any changes constitutes your acceptance of the updated Privacy Policy.
11. Contact
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:
Widget D.o.o. Croatia 📞 +385 95 781 8170 🌐 https://widgetinfo.com 📧 widgets.hr@proton.me
This Privacy Policy was prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation — GDPR) and the applicable Croatian data protection legislation.