This site is owned by SUKHA, obrt za savjetovanje, vl. Harun Kayacan, Grabrovnik, Grabrovnik 76, and operated by SCRIBO PR j.d.o.o., Grabrovnik 107, Štrigova, Croatia, (“Sukha Psychology”, “we”, “our” or “us”).
This Privacy Policy explains how we collect data, what information we collect, why we collect it, how we use it, how long we store it, and the procedures we have in place to safeguard your privacy.
We are the data controller and are responsible for your personal data. This includes the processing performed by our subcontractors, who process your information based on our instructions.
We keep your personal data confidential, and if you have questions about how we handle personal data, please let us know. The first point of contact for privacy aspects at our organization is the Data Protection Officer, who can be contacted via email at in**@su************.com or via phone at +385 95 32 98 851.
You have the right to make a complaint to the Croatian Personal Data Protection Agency (AZOP), the Croatian supervisory authority for data protection issues (https://azop.hr).
This Privacy Policy should be read together with our Cookies Policy.
We reserve the right to make changes to this Privacy Policy (together with other related SUKHA GDPR documents), in accordance with the requirements and changes in European Union legislation or the General Data Protection Regulation.
How we collect your personal data
Personal data refers to any information or pieces of information that could identify you either directly or indirectly from one or more identifiers or from factors specific to the individual.
We only collect information which is necessary, relevant, and adequate for the purpose you are providing it for. This Privacy Policy relates to personal data we receive via:
- Our website: www.sukhapsikoloji.com
- Our contact channels: where you provide or submit your personal information to us through our “Contact Us” form on the website, via email, or by phone
We may collect your personal data:
- Full name
- Company information
- Project information
- Email address
Our website may include links to third-party websites, plug-ins, and applications. Following those links or enabling those connections may allow third parties to collect or process data about you. Please be advised that we do not control these third-party websites and we are not responsible for their privacy practices, so we encourage you to read their privacy policies.
Personal data we collect
SUKHA processes personal data of:
Website visitors
- Geolocation, IP address, and cookies (more information about our Cookie Policy can be found on our website)
Job Candidates
- Data collected by applying for an open job position or by sending an open application
Potential Clients
- Name and surname, email and/or phone number
Newsletter Subscriptions
- Email address, cookies
Data retention
We will not retain your personal data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of personal data:
- Website visitors: 26 months
- Job candidates: 5 years
- Clients: 5 years
- Newsletter subscriptions: 4 years
Social media
All data gathered through SUKHA’s social media which can be considered personal data pursuant to the GDPR is processed in accordance with this Privacy Policy and the law.
SUKHA can be found on the following platforms, whose privacy policies apply respectively:
Provision to third parties
In the context of the quality of our services, we may make use of the services of third parties — such as contractors and suppliers. In regard to data protection, they serve as processors or subprocessors who process the personal data on the basis of our instructions.
If these third parties have access to personal data, or themselves collect and/or process it, we conclude a DPA (Data Processing Agreement) with them. These third parties may only process your personal data for the purposes defined by us.
We use:
- Google Analytics and Hotjar for internet analytics
- Google reCAPTCHA to protect against spam
- Mailchimp for our newsletter delivery
International data transfers
We will only process and store personal data within the European Economic Area (EEA) unless otherwise agreed in a written contract.
In some cases, third parties such as Google, Hotjar, and Mailchimp may store data outside of the EEA (e.g., in the US). In these cases, appropriate safeguards are applied in accordance with GDPR Articles 45 and 46, such as Standard Contractual Clauses and Privacy Shield frameworks (if applicable).
Security
We have taken appropriate organizational and technical measures to protect your personal data. These include:
- Confidentiality agreements with all staff and third parties with access to data
- Staff training on GDPR and data handling
- Clear internal data protection policies
- Timely breach notification procedures (within 72 hours)
Your rights
Under GDPR, you have the right:
- To access and be informed
- To rectification and erasure
- To restrict or object to processing
- To data portability
- Not to be subject to decisions based solely on automated processing
To exercise any of your rights, please contact our Data Protection Officer using the contact details provided above. We may require proof of identity to process your request.
If you are unsatisfied with our response, you can submit a complaint to AZOP or another supervisory authority in your country of residence or the location of the data processing.