Legal

Privacy Policy

Last updated: June 12, 2026 · Effective date: June 12, 2026

Alpha Prototype d.o.o. (“we”, “our”, or “us”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our software development services. This policy complies with the EU General Data Protection Regulation (GDPR) 2016/679 and the Croatian Act on the Implementation of the General Data Protection Regulation (Zakon o provedbi Opće uredbe o zaštiti podataka, NN 42/18).
Data Controller
Alpha Prototype d.o.o.
VAT / OIB
HR27508638571
Address
Ulica Jurja Njavre 31, 10020 Zagreb, Croatia
Email
hello@alphaprototype.hr

1. Introduction

This Privacy Policy describes how we handle personal data collected through our website and in the course of providing custom software design and development services. By using our website or engaging our services, you acknowledge that you have read and understood this policy.

2. Information we collect

2.1 Personal data you provide

  • Contact information: name, email address, phone number, company name;
  • Business information: VAT number, company address, position/title;
  • Communication data: messages, inquiries, project requirements;
  • Financial information: billing address, invoice details (we do not store payment card details).

2.2 Automatically collected data

  • Technical data: IP address, browser type, operating system, device information;
  • Usage data: pages visited, time spent, referring website;
  • Cookie data: as described in our Cookie Policy.

3. Legal basis for processing

We process your personal data on the following legal grounds:

PurposeLegal basisGDPR Article
Providing development servicesContract performanceArt. 6(1)(b)
Invoicing and accountingLegal obligationArt. 6(1)(c)
Marketing to existing clientsLegitimate interestArt. 6(1)(f)
Newsletter subscriptionConsentArt. 6(1)(a)

4. How we use your information

We use your personal data to:

  • Deliver software design and development services;
  • Process payments and manage accounts;
  • Communicate about projects and services;
  • Send service updates and technical notices;
  • Comply with legal obligations (tax, accounting);
  • Improve our services and website;
  • Market to businesses (with consent or legitimate interest for B2B).

5. Data sharing and disclosure

5.1 Service providers

We may share data with trusted providers who help us operate our business — for example cloud hosting and infrastructure, payment processing, accounting, and development tooling — only to the extent necessary to deliver our services.

5.2 Legal requirements

We may disclose your data to comply with legal obligations, court orders, or legitimate government requests.

6. International data transfers

Some of our service providers may be located outside the EU. Where this is the case, we ensure appropriate safeguards are in place, such as:

  • The EU–US Data Privacy Framework for certain US providers;
  • Standard Contractual Clauses (SCCs) where required; and
  • Adequacy decisions for approved countries.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

Data typeRetention period
Client project dataDuration of contract + 3 years
Financial records11 years (Croatian tax law)
Marketing contactsUntil consent withdrawn or 2 years of inactivity
Website analyticsUp to 26 months

8. Your rights under the GDPR

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain confirmation and copies of your data;
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data;
  • Right to erasure (Art. 17) — request deletion (“right to be forgotten”);
  • Right to restrict processing (Art. 18) — limit how we use your data;
  • Right to data portability (Art. 20) — receive your data in a machine-readable format;
  • Right to object (Art. 21) — object to processing based on legitimate interests;
  • Right to withdraw consent — withdraw consent at any time.

To exercise these rights, contact us at hello@alphaprototype.hr.

9. Data security

We implement appropriate technical and organizational measures, including:

  • SSL/TLS encryption for all data transfers;
  • Secure password policies and two-factor authentication;
  • Regular security reviews and updates;
  • Access limited on a need-to-know basis;
  • Data backup and disaster recovery procedures.

10. Children's privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children.

11. Cookies and tracking

We use cookies and similar technologies as described in our Cookie Policy. You can manage cookie preferences through your browser settings.

12. Third-party links

Our website may contain links to third-party sites. We are not responsible for their privacy practices and encourage you to review their privacy policies.

13. Updates to this policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a notice on our website.

14. Complaints

If you have concerns about our data processing, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency:

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb
Email: azop@azop.hr
Phone: +385 1 4609 000
Website: azop.hr

15. Contact us

For any questions about this Privacy Policy or your personal data, contact:

Alpha Prototype d.o.o.
Ulica Jurja Njavre 31, 10020 Zagreb, Croatia
Email: hello@alphaprototype.hr