Skip to main content

Data & privacy

Privacy Policy

The practical rules behind how we handle inquiry, booking, analytics, and website data across our services in Croatia.

Last updated: May 2026

1. Data Controller

Cosmic Production d.o.o. (hereinafter "we", "us", or "the Company") is the data controller responsible for processing your personal data under Regulation (EU) 2016/679 (GDPR) and Croatian Act on the Implementation of GDPR (NN 42/2018).

Legal entity details:
Cosmic Production d.o.o.
Zagrebačka 13, 21000 Split, Croatia
OIB (VAT ID): 67085310627
Share capital: 20.000 kn
Director: Ivan Boban
Email: info@cosmicproduction.hr
Phone: +385 99 496 7531
Website: cosmicproduction.hr

2. What Data We Collect

We collect and process the following categories of personal data:

  • Contact information: Name, email address, phone number, and company name when you submit a contact or inquiry form.
  • Booking and service data: Event details, dates, venue information, and service requirements provided during the booking process.
  • Communication data: Records of correspondence between you and our team via email, phone, or our website.
  • Technical data: IP address, browser type, operating system, referring URLs, and browsing behavior on our website, collected automatically through cookies and similar technologies.
  • Payment data: Billing information necessary to process invoices and payments for our services. We do not store credit card numbers on our servers.

3. How We Use Your Data

We process your personal data for the following purposes:

  • To respond to your inquiries and provide quotes for our AV integration, equipment rental, DJ agency, and content studio services.
  • To fulfill contractual obligations related to event production, equipment rental, and other services.
  • To send you relevant updates about your booking or project.
  • To improve our website, services, and customer experience through analytics.
  • To comply with legal obligations, including tax and accounting requirements under Croatian law.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):

  • Contractual necessity: Processing required to fulfill a contract with you or to take pre-contractual steps at your request (e.g., preparing a quote).
  • Legitimate interest: Processing necessary for our legitimate business interests, such as improving our services and marketing, where these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent, such as subscribing to our newsletter or accepting non-essential cookies.
  • Legal obligation: Processing required to comply with applicable Croatian and EU laws.

5. Cookies and Analytics

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze website traffic.

  • Essential cookies: Required for the website to function properly. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website. We use Google Analytics with IP anonymization enabled.
  • Marketing cookies: Used to deliver relevant advertisements and track campaign performance. These are only set with your consent.

You can manage your cookie preferences at any time via the link in our footer, or through your browser settings. Disabling certain cookies may affect website functionality. Our analytics and marketing cookies default to "denied" until you give explicit consent through the banner, in compliance with Google Consent Mode v2 and the EU ePrivacy Directive.

6. Data Sharing and Third Parties (Processors)

We do not sell your personal data. The following named processors handle data on our behalf under GDPR Article 28 Data Processing Agreements:

  • Cloudflare, Inc. (US, EU edge) — website hosting, CDN, DDoS protection. Standard Contractual Clauses in place.
  • Google Ireland Ltd — Google Workspace (email infrastructure for `cosmicproduction.hr` mailboxes including inquiry-form delivery via Gmail API), Google Analytics 4 (with IP anonymization, only after analytics consent), and Google Ads (only after marketing consent).
  • Event partners: Venues, wedding planners, hotels, and other vendors involved in your event — only when necessary to fulfill our services and with your knowledge.
  • Legal and tax advisors in Croatia, bound by professional confidentiality.
  • Legal authorities: When required by law, regulation, or legal proceedings.

All processors are contractually obligated to process your data in accordance with GDPR. Cross-border transfers outside the EEA rely on EU Standard Contractual Clauses or adequacy decisions.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form inquiries: up to 2 years after the last communication.
  • Contractual and booking data: for the duration of the business relationship plus 5 years, as required by Croatian tax and accounting regulations.
  • Analytics data: aggregated and anonymized data may be retained indefinitely.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request a copy of your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at info@cosmicproduction.hr. We will respond within 30 days.

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka - AZOP) at azop.hr.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for data in transit, secure hosting infrastructure, and restricted access to personal data on a need-to-know basis.

10. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses or adequacy decisions by the European Commission.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Cosmic Production d.o.o.
Zagrebačka 13, 21000 Split, Croatia
OIB: 67085310627
Email: info@cosmicproduction.hr
Phone: +385 99 496 7531
Website: cosmicproduction.hr

Need a quick privacy or data clarification?

If you want help understanding how we handle inquiries, bookings, analytics, or your GDPR rights, we are happy to clarify.

Contact Us