Privacy policy

The company responsible for processing your personal data is Cutlio d.o.o., located at Selčica 21A, Orešje, Sveta Nedelja, OIB: 36103377195, MBS: 081575441. The person responsible for personal data processing is the director of Cutlio d.o.o. Thank you for choosing to be part of our Cutlio community. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about our policies or practices regarding your personal data, please contact us at gdpr@cutlio.com. You can find all information about personal data protection at the following link:
Data Protection Based on the General Data Protection Regulation.

Who Should Be Informed About This Privacy Policy?

This policy may apply to you if you are:

• A partner using our platform's services,
• An end user of the services, or
• A visitor to our website.

When you visit our website www.cutlio.com ("Website") and use our services, you entrust us with your personal data. We take your privacy very seriously. This privacy policy aims to explain as clearly as possible what data we collect, how we process it, for what purposes we use it, how long we retain it, how you can monitor all our procedures, and what rights you have regarding your personal data.

These privacy rules apply to all data collected through our websites (such as www.cutlio.com), our mobile application, and all related services, sales, marketing, or events (collectively referred to in this privacy policy as "websites" or "Website").

Please read this privacy policy carefully, as it will help you make informed decisions about sharing your personal data with us.

If there are any terms in this privacy policy that you do not agree with, please discontinue the use of our website and services. We are happy to answer any questions you may have.

The terms used in this privacy policy that have gender significance are used neutrally and refer equally to both the female and male genders.

WHAT DATA DO WE COLLECT?

Your personal data that you voluntarily provide to us:

In short: We collect personal data that you voluntarily provide to us, i.e., data that you manually enter on our websites.

Specifically, this includes your first and last name, email, mobile number, address, gender, and date of birth. Additionally, we may collect login data from social media accounts if you consent and link your account with a social media account. We do not have access to your payment method details (e.g., credit/debit card number or bank account number), but we enable our payment partner to collect this information through our websites.

The personal data we collect depends on the nature of your interaction with us and the websites, your choices, the products, and the features you use. By entering your personal data in the designated fields, you give consent for these data to be used for the purpose for which they were provided.

The data we collect may include the following:

• Name and Contact Information: we collect your first and last name, email address, postal address, phone number, gender, date of birth, and IP address.
• Credentials: we do store your password in the system and we are collecting password hints and similar security data used for account recovery.
• Device identifiers: We use device identifiers to deliver and improve our services, conduct analytics and research, enhance security and fraud prevention, and provide personalized content and recommendations.
• Payment Method Information: This data will never be accessible to us. The data needed for payment processing, such as your payment instrument number (like a credit/debit card number or bank account number) and the security code associated with your payment instrument, is stored by our payment processor (www.stripe.com). We direct you to their privacy policy (https://stripe.com/en-hr/privacy) to contact them directly for any questions. We cannot see your payment method data, nor do we need it.
• Social Media Login Data: We offer you the option to register using social media account details, such as your Google, Facebook, Twitter, or other social media accounts. If you choose to register this way, we will collect data as described in the section titled HOW WE PROCESS SOCIAL MEDIA LOGINS below.

All personal data you provide must be true, complete, and accurate, and it is important that you notify us of any changes to the personal data you have provided.

Automatically Collected Data

In short: Some data, such as your computer's IP address or browser and device characteristics, are collected automatically when you visit our websites.

We automatically collect certain data when you visit, use, or navigate our websites. This information does not reveal your identity (such as your name or contact details) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our site, as well as other technical information. This information is primarily needed to maintain the security and operation of our websites and for internal analytics and reporting purposes.

We also collect information through cookies and similar technologies. You can learn more about this in our Cookie Policy.

Data Collected Through Our Applications

In short: When you use our applications, we may collect information about your geolocation, mobile device, push notifications, and Facebook permissions.

When you use our applications, we may collect the following data:

• Geolocation Data: We may request access or permission to track location-based data from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device settings.
• Mobile Device Access: We may request access or permission to certain features from your mobile device, including your calendar, contacts, reminders, SMS messages, or social media accounts. If you wish to change our access or permissions, you may do so in your device settings.
• Mobile Device Data: We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information, and IP address.
• Push Notifications: We may request to send you push notifications regarding your account or the mobile application. If you wish to opt out of receiving these types of communications, you may turn them off in your device settings.

Data Collected from Other Sources

In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.

We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (like Facebook), and other third parties, but only with your consent or if you link your account with a third party to your account with us. This data may include: social media profile information (your name, gender, birthday, email, current city and state, user ID for your contacts, profile picture URL, and any other information you choose to make public); marketing offers and search results, including paid listings (such as sponsored links).

How We Process Your Data, Purposes, and Legal Basis

In short: We process your data for purposes based on compliance with our legal obligations, the fulfillment of our contract or relationship with you, legitimate business interests, and/or your consent.

We only process personal data that is necessary for achieving specific purposes, and we use this data solely for established, clear, legitimate, and expected purposes.

Legal Bases for Processing Your Data:

• Consent: We may process your data if you have given us permission to use your personal data for specific purposes.
• Contract Execution: If we have entered into a contract with you, we may process your personal data to fulfill the terms of our contract.
• Legal Obligations: We may disclose your data where we are legally required to do so to comply with applicable laws, court orders, or other legal processes, including responses to public authorities to meet national security or law enforcement requirements.
• Legitimate Interests: We may disclose your data where necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, illegal activities, or as evidence in litigation in which we are involved.

Purposes for Using Your Data:

• Account Creation and Login: If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the data you allowed us to collect from those third parties to create and log in to your account to fulfill our contract. For more information, refer to the section below titled How We Process Social Media Logins."
• Marketing and Promotional Communications: We and/or our third-party marketing partners may use the personal data you send to us for marketing purposes, if consistent with your marketing preferences. You can opt out of our marketing emails at any time, as explained in the section Your Data Protection Rights."
• Administrative Communications: We may use your personal data to send you product, service, and new feature information and/or information about changes to our terms and policies, but only if we have received your consent to do so during the validity of the consent.
• Posting Reviews: We post reviews on our services or applications that may contain personal data. Before posting a review, we will obtain your consent to use your name and review. If you wish to update or delete your review, please contact us at gdpr@cutlio.com and include your name, review location, and contact information.
• Targeted Advertising: We may use your data to develop and display content and advertising (and work with third parties who do so) tailored to your interests or location and to measure its effectiveness, but only if we have received your consent during the validity of the consent.
• Feedback Requests: We may use your data to request feedback and to contact you about your use of our services or applications, but only if we have received your consent during the validity of the consent.
• Service Protection: We may use your data as part of our efforts to keep our services or applications safe and secure (for example, for fraud monitoring and prevention).
• Facilitating Service Provider Communication: We may use your data to facilitate communication between you and the service provider to enable the provision and enhancement of service quality.
• Managing User Accounts: We may use your data to manage your account and keep it in working order during our business relationship.
• Providing Services to Users: We may use your data to provide the requested service.
• Responding to User Inquiries and Support: We may use your data to respond to your inquiries and resolve any potential issues with your use of our services and applications.
• Business Purposes: We may use your data for other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our services or applications, products, marketing, and your experience. We may use and store this information in aggregated and anonymized forms so that it is not associated with individual end users and does not include personal data. We will not use identifiable personal data without your consent.

Will Your Data Be Shared with Anyone?

In short: We do not sell, rent, or loan your information to unrelated third parties.

Your personal data is not shared with or transferred to unrelated third parties and is securely stored on our or a chosen external server, and in our business premises, which ensure the implementation of appropriate technical and organizational measures in compliance with the
General Data Protection Regulation (GDPR) to safeguard your rights.

We limit the data we share and disclose to the minimum necessary to achieve the purpose of processing. All legal and natural persons to whom we transfer your personal data are contractually obligated to maintain confidentiality and have also implemented organizational and technical protection measures.

Certain data may be transferred to authorities of the Republic of Croatia upon their request to comply with obligations prescribed by Croatian law. Your personal data is not transferred to any third country, international organization, or recipient in a third country.

Specifically, we may need to share your personal data in the following situations:

• Suppliers, Consultants, and Third-Party Service Providers: We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such data to do so. Examples include shipment delivery, payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology (such as Google Analytics) on the Services or Applications, enabling them to collect data about your interaction with our Services or Applications over time. This information may be used for, among other things, analyzing and tracking data, determining the popularity of certain content, and better understanding online activity. Outside of these instances, we do not share your data with third parties for their promotional purposes.
• Business Transfers: We may share or transfer your data in connection with or during negotiations of any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Other Users: When you share personal data (for example, by posting comments, contributions, or other content to the Services or Applications) or otherwise interact with public areas of the Services or Applications, such personal data may be viewed by all users and may be publicly distributed outside the Services or Applications. If you interact with other users of our services or applications and register through a social network (such as Facebook), your social network contacts will see your name, profile photo, and descriptions of your activity. Similarly, other users will be able to view descriptions of your activities, communicate with you within our Services or Applications, and view your profile.

We have categorized each party in detail to help you easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to withdraw it, please contact us.

Connecting with Your Third-Party Accounts:

• Facebook, Google and Apple Accounts: If you use these accounts to log in to the Application.
• Advertising, Direct Marketing, and Lead Generation: Google AdSense and Facebook Audience Network may tailor ads you see while using the Internet.
• Cloud Computing and Data Backup Services: Microsoft Azure, where our data is stored in the cloud.
• Sending SMS and WhatsApp Messages: Twilio, Infobip, Amazon, Messagebird and WhatsApp, if you want to receive reminders and information about your appointments.
• Marketing and Statistical Reporting: Google Analytics and Facebook Custom Audience help us identify our target audiences.
• Providing Support to Our Users: Intercom, which we use for messaging, publishing articles, and demonstrating how to use the Application.
• Online Payments: Stripe, if you are a partner who pays for using our Services online (these data are never visible to us).

Do We Use Cookies and Other Tracking Technologies?

In short: We may use cookies and other tracking technologies to collect and store your data.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store data.

Cookies are small text files placed on the user's computer by an Internet server, which allows the service provider to access the Internet and display the website. Cookies are created when a user's browser loads a visited website, which sends data to the browser and creates a text file (cookie). The browser retrieves and sends the cookie to the website server when the user returns to it.

On our websites, we use:

• Technical cookies: (mandatory cookies that cannot be turned off) necessary for the functioning of the website,
• Functional cookies: (can be turned off) that allow the website to provide enhanced functionality and personalization,
• Marketing cookies: (can be turned off) that enable recording visits and traffic sources so we can measure and improve the efficiency of our website.

How Do We Process Social Media Logins?

In short: If you choose to register or log in to our services using social media accounts, we may have access to certain information about you.

Our services or applications offer the option to register and log in using third-party social media account details (such as your Google, Facebook, or Apple accounts). If you choose to do this, we will receive certain profile information from your social media provider. The profile information we receive may vary depending on the social media provider, but it often includes your name, email address, friend list, profile picture, and other information you choose to make public.

We will use the information we receive only for the purposes described in this privacy policy or as otherwise made clear to you on our Services or Applications. Please note that we do not control and are not responsible for other uses of your personal information by your third-party social media provider. We recommend reviewing their privacy policy to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their websites and applications.

What Is Our Stance on Third-Party Websites?

In short: We are not responsible for the safety of any information that you share with third-party advertisers that are not affiliated with our websites.

Our Services or Applications may contain advertisements from third parties that are not affiliated with us and which may link to other websites, online services, or mobile applications. We cannot guarantee the safety and privacy of data you provide to any third parties. Any data collected by third parties is not covered by this privacy policy. We are not responsible for the content or privacy and security practices and policies of any third parties, including other websites, services, or applications that may be linked to or from our Services or Applications. You should review the policies of such third parties and contact them directly if you have any questions.

How Long Do We Keep Your Data?

In short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless otherwise required by law.

We will retain your personal data only for as long as necessary for the purposes outlined in this privacy policy, unless a longer retention period is required by law or other regulations (such as tax and accounting regulations).

For instance, if you have used our service and we issued you an invoice, your name, address, and personal identification number on the issued invoice will be kept for 11 years (counting from the last day of the year in which the invoice was issued), as required by law for issued invoices. Invoices we receive from suppliers are also kept for 11 years (counting from the last day of the year in which the invoice was issued), as this is the legal obligation for keeping received invoices.

Your contact information, such as your phone number or email address, will be deleted immediately after you cancel or delete your user account.

How Do We Protect Your Data?

In short: Our goal is to protect your personal data through a system of organizational and technical security measures.

We have implemented appropriate technical, organizational, and personnel security measures designed to protect the security of all personal data we process. However, please note that we cannot guarantee that the Internet is 100% secure. While we will strive to protect your personal data, the transmission of personal data to and from our Services or Applications is at your own risk. You should only access the Services within a secure environment.

Do We Collect Information from Minors?

In short: We do not collect data from individuals under 18 years of age.

We do not solicit data from individuals under 18 years of age. By using the Services or Applications, you declare that you are at least 18 years old or that you are the legal guardian or custodian of a minor and consent to the use of the Services or Applications with respect to your ward. If we learn that, despite a declaration of being 18 years old or data being collected from a legal guardian or custodian, personal data has been collected from users under 18 years of age, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

What Are Your Rights Regarding the Processing of Your Data?

In short: You have several rights related to the processing of your personal data, and below we provide a detailed overview of these rights.

You can obtain confirmation from us as to whether your personal data is being processed and, if so, access to that data and the following information: the purposes of processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, and the existence of your rights regarding the processing of personal data (as detailed in this Privacy Policy).If your personal data that we process is incomplete or inaccurate, you can request that we correct or complete it at any time by providing an additional statement. Please note that you are responsible for providing accurate data, and you also have an obligation to inform us of relevant changes to your personal data.You have the right to request the deletion of your personal data if you believe that it is no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you have objected to the processing based on our legitimate interest, if you believe that your data has been processed unlawfully, or if you believe that your data should be deleted based on European Union or Croatian law.

Please consider that there are reasons that may prevent the immediate deletion of personal data, such as data that must be retained for a certain period or permanently.

If you have requested the deletion of personal data that must be retained for a certain period, we will inform you of the period during which the data must be retained and the date when it will be deleted in response to your deletion request.

If you have requested the deletion of personal data that must be retained permanently, we will inform you of the inability to delete such data in response to your deletion request, along with the legal basis that prescribes the permanent retention of the data.

Right to Restrict Processing

You can request that we restrict the processing of your data:

• If you contest the accuracy of the data, for a period that allows us to verify the accuracy of the data.
• If the processing is unlawful, but you oppose deletion and instead request the restriction of use of the data.
• If we no longer need the data for the intended purposes, but you need it to establish, exercise, or defend legal claims.
• If you have objected to the processing of your personal data based on public interest tasks or tasks of public bodies.

If the processing of data is restricted, such personal data may only be processed with your consent, except for storage or for the establishment, exercise, or defense of legal claims or the protection of the rights of another natural or legal person or for reasons of important public interest. If you obtain a restriction on data processing, we will inform you before the restriction is lifted.If we process your data for public interest tasks or tasks of public bodies or rely on our legitimate interests in processing, you can object to such data processing if there is an interest in protecting your data. If we rely on our legitimate interests in processing your data and you object to such processing, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if it is necessary for establishing, exercising, or defending legal claims.If you believe that we have processed your personal data in violation of European Union or Croatian law, please contact us to clarify any issues. You also have the right to file a complaint with the Data Protection Agency.In the event that, despite all measures taken, a breach of your personal data occurs, we will notify you of such a breach without undue delay by sending a written notice.

The notice will describe the nature of the personal data breach, provide the name and contact information of the person from whom you can obtain more information about the breach, describe the likely consequences of the personal data breach, and describe the measures we have taken to address the breach, including measures to mitigate its adverse effects. This notice will be composed using clear and simple language.

Exercising Your Rights

If you wish to exercise any of the aforementioned rights, please contact us using our contact details

• Email Address: gdpr@cutlio.com
• Postal address: Selčica 21A, Orešje, Sveta Nedelja, Hrvatska
• In Person: At the above-mentioned address.

We will respond to your requests for exercising rights in accordance with the deadlines and authorizations prescribed by the General Data Protection Regulation (GDPR). In any case, when exercising these rights, please note that we must unequivocally establish your identity to protect your rights and privacy.

Your aforementioned rights may also be exercised by your authorized representative, who must present a power of attorney certified by a notary public, except when the representative is a lawyer, in which case a certified power of attorney is not required.

If you exercise any of these rights too frequently and with a clear intention of abuse, we may refuse to process your request.

Rights in Case of Data Processing Based on Consent

When we base the processing of personal data on consent, we ensure that you always provide your consent in the form of a written statement, signed by hand, and that the consent is voluntary, specific, informed, and unambiguous.

The written statement by which you give consent for the processing of your personal data will be prepared for each individual purpose of processing, in an understandable and easily accessible form, using clear and simple language.

You have the right to withdraw your consent for the processing of personal data at any time. You will be informed of this right before giving consent, and it will be explicitly stated in the written statement by which you give consent for the processing of personal data. The consent can be withdrawn by signing a form statement that we will prepare in a simple format.

Please note that if the consent was given for a one-time processing action and the processing has already been completed, the withdrawal of consent will have no legal effect.

In case of withdrawal of consent, we will immediately delete all your personal data except those we are required to keep in accordance with the regulations of the European Union and the Republic of Croatia.

If you do not agree to give consent in cases where data processing is based on consent, we will not be able to establish any legal relationship with you.

Account Information

If you want to review or change the information on your account or terminate your account at any time, you can:

• Log into your account settings and update your user account.
• Contact us using the provided contact details.

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.

Opting Out of Email Marketing

You can unsubscribe from our marketing email list at any time by clicking the unsubscribe link in the emails we send or by contacting us using the details below. You will then be removed from the marketing email list. However, we will still need to send you service-related emails necessary for the administration and use of your account. To otherwise opt-out, you can:

• Change your preferences when you register an account on the website.
• Access your account settings and update your preferences.
• Contact us using the provided contact details.

Do We Update This Policy?

In short: Yes, we will update this policy as necessary to stay compliant with the General Data Protection Regulation and other relevant regulations.

The updated version will be indicated by an updated "Revised" date, and the updated version will be effective as soon as it is available. If we make significant changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We recommend that you review this privacy policy periodically to stay informed about how we protect your data.

How Can You Contact Us Regarding This Privacy Policy?

If you have any questions or comments about this policy, you can contact our Data Protection Officer (DPO) by email at gdpr@cutlio.com or by mail at:

Cutlio d.o.o.
Selčica 21A,
Orešje 10431
Grad Sveta Nedelja, Croatia