Privacy Policy

Last Updated: 2 March 2026

1. Introduction

Xonelvi ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information when you visit our website at xonelvi.com or contact us in connection with our meeting facilitation services.

This policy is written in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable Croatian data protection legislation.

2. Data Controller

The data controller responsible for your personal data is:

• Business name: Xonelvi
• Address: Šetalište Andrije Kačića Miošića 12-13, 51000 Rijeka, Croatia
• Email: info@xonelvi.com
• Phone: +385 51 371 009

3. What Personal Data We Collect

We may collect the following categories of personal data:

3.1 Data you provide directly

• Full name
• Email address
• Phone number
• Message content submitted via our contact form
• Any additional information you choose to share with us

3.2 Data collected automatically

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on each page
• Referring website or source
• Cookie data (see our Cookie Policy)

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent (Article 6(1)(a) GDPR): Where you have given explicit consent, such as accepting non-essential cookies or submitting the contact form with the privacy checkbox ticked.
• Legitimate interests (Article 6(1)(f) GDPR): For website analytics and security purposes, where our legitimate business interests do not override your fundamental rights.
• Contract performance (Article 6(1)(b) GDPR): Where processing is necessary to respond to your enquiry or fulfil a service agreement.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

• To respond to enquiries submitted via our contact form
• To communicate with you about our facilitation services
• To improve the functionality and content of our website
• To analyse website usage patterns using anonymised analytics data
• To comply with legal obligations
• To maintain records of our service engagements where applicable

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

• Contact form enquiries: retained for up to 24 months from last contact, unless a service engagement is initiated
• Service engagement records: retained for the duration of the engagement plus 5 years for legal and accounting purposes
• Website analytics data: retained in anonymised form for up to 26 months
• Cookie consent records: retained for 13 months

7. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share data with:

• Service providers: Trusted third-party providers who assist us in operating our website (e.g., hosting providers, analytics tools), bound by data processing agreements.
• Legal authorities: Where required by applicable law, court order, or regulatory requirement.

Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

8. Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete data.
• Right to erasure: You may request deletion of your personal data where there is no legitimate reason for us to continue processing it.
• Right to restriction: You may request that we restrict processing of your data in certain circumstances.
• Right to data portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to object: You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@xonelvi.com. We will respond within 30 days.

9. Complaints

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP):

• Website: azop.hr
• Address: Selska cesta 136, 10000 Zagreb, Croatia

10. Website Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact

For any questions about this Privacy Policy or how we handle your data, please contact us at:

• Email: info@xonelvi.com
• Phone: +385 51 371 009
• Address: Šetalište Andrije Kačića Miošića 12-13, 51000 Rijeka, Croatia