Privacy Policy

1. Data Controller

Controller

EPIPHANY TSC (j.d.o.o.)

Registered seat/address

G. NINSKOG 31 | 31220 JOSIPOVAC | CROATIA

OIB

51396948929

MBS

030315167

Court register / competent commercial court

TRGOVAČKI SUD U OSIJEKU

General contact email

info@epiphany-tsc.hr

2. Contact for Privacy Requests

Privacy contact email

privacy@epiphany-tsc.hr

Postal address (optional)

G. NINSKOG 31 | 31220 JOSIPOVAC | CROATIA

If a Data Protection Officer (DPO) is appointed in the future, we will publish the contact details here.

3. What Data We Process

4. Purposes of Processing

• Responding to inquiries and communication.
• Pre-contractual steps and onboarding when you request a quote or collaboration.
• Website operation, security, and abuse prevention.
• Legal obligations where applicable.

5. Legal Bases (GDPR)

• Pre-contractual steps and contract performance where you request an offer or engagement.
• Legitimate interests for website reliability, security, and abuse prevention.
• Legal obligation where processing is required by applicable law.
• Consent only if introduced later (for example, newsletter or marketing cookies), with withdrawal available at any time.

6. Recipients / Processors

We may share data with processors only where needed to operate our website and communications.

• Hosting provider: Hostinger (servers within the EU, including France and Germany).
• Email provider: Proton (Switzerland) and Titan Mail (Hostinger).
• Form provider (if used): Not used.
• IT/security support (if used): Internal IT support under EPIPHANY TSC.

We do not sell personal data.

7. International Transfers

We aim to process personal data within the EEA. If any provider processes data outside the EEA, we will ensure appropriate safeguards (for example, Standard Contractual Clauses) and update this policy.

8. Retention Periods

Data may be retained for longer where necessary to establish, exercise, or defend legal claims.

• Inquiry/contact form data: 12 months after last contact.
• Email correspondence: 24 months after last communication.
• Security logs: 30-180 days.
• Legal/accounting records: as required by applicable law where relevant.

9. Your Rights (GDPR)

You may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where consent applies.

• We respond without undue delay and in any event within one month.
• The period may be extended by up to two further months for complex requests; if extended, we will inform you within one month.

Contact: privacy@epiphany-tsc.hr

10. How to File a Complaint (AZOP)

We recommend contacting us first so we can address concerns quickly.

11. Cookies Statement

• We currently do not use analytics or marketing cookies and do not run tracking scripts.
• We may use only strictly necessary cookies, if any, required for core functionality and security.
• If analytics or marketing tools are introduced later, we will update this policy and implement an appropriate consent mechanism.

12. Social Media Presence

We maintain social media presences, including Facebook and YouTube, to communicate with audiences, publish updates, and share content.

When you visit or interact with those profiles, the respective platform operators may process personal data under their own privacy policies and platform terms.

For Facebook Page Insights, Meta may process usage data under its Page Insights Controller Addendum.

We do not currently run our own website analytics or marketing tracking scripts on this website.

13. Security

We apply reasonable technical and organizational measures, including access controls, secure hosting practices, and limited administrative access.

No method of transmission or storage is 100% secure.