Last updated: 2026-04-25
Privacy Policy
1. Controller and contact
The data controller is:
ProMit Gjorgi Mitrov s.p.
Cankarjeva ulica 6, 4240 Radovljica, Slovenia
VAT ID: 39852652
Email: [email protected]
The Data Protection Officer (DPO) can be reached at the same address: [email protected].
2. Scope
This policy covers mizarent.si and the processing of personal data you submit via the contact form or by email.
3. What we collect
3.1 Data you provide
When you send an inquiry through the form, we process: your name, email address, optionally a phone number and event date, and the content of your message.
3.2 Server log data
Our hosting provider (DigitalOcean) records each request (IP address, user agent, timestamp, URL path). We use these logs solely for operating, securing, and troubleshooting the service.
3.3 Cookies and similar technologies
See our Cookie Policy for details. We do not load any tracking cookies without your consent.
4. Purposes and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Replying to inquiries, preparing quotes and fulfilling orders | Art. 6(1)(b) — pre-contractual measures / contract performance |
| Operating, securing and protecting the website (server logs) | Art. 6(1)(f) — legitimate interest |
| Visit analytics (Google Analytics 4) | Art. 6(1)(a) — consent (via cookies) |
| Tax and accounting obligations | Art. 6(1)(c) — legal obligation |
5. Recipients and processors
| Processor | Purpose | HQ | Cross-border mechanism |
|---|---|---|---|
| DigitalOcean LLC | Website hosting | USA (EU region for the data center) | Standard Contractual Clauses (SCCs) |
| Web3Forms (Statichunt) | Delivering contact-form messages to the controller's inbox | India | Standard Contractual Clauses (SCCs) |
| Google Ireland Limited (Google Analytics 4) | Visit analytics | Ireland / USA (Google LLC as sub-processor) | SCCs + Data Privacy Framework |
Webfonts (Erica One and DM Sans) are self-hosted at build time via next/font; no requests reach Google during your visit.
6. Retention
- Contact-form messages: kept as long as needed to handle the inquiry and follow up. We delete them once the conversation is closed, unless tax law requires longer retention.
- {{TODO: confirm hosting log retention with DigitalOcean DPA before launch}}
- Server logs:per the hosting provider's standard retention.
- Accounting records: 10 years per Slovenian tax law.
- Consent cookie: 12 months (the expiry triggers re-consent).
- Google Analytics: 14 months by default (user and event data).
7. International transfers
Where we transfer data outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses and/or the Data Privacy Framework where the recipient is certified.
8. Your rights
Under the GDPR you have the right to:
- access your data (Art. 15);
- rectify inaccurate data (Art. 16);
- erasure (“right to be forgotten”) (Art. 17);
- restrict processing (Art. 18);
- data portability (Art. 20);
- object to processing (Art. 21);
- withdraw consent at any time, without prejudice to processing already carried out (Art. 7(3)).
Send requests to [email protected]. We respond within one month.
You can also lodge a complaint with the supervisory authority:
Information Commissioner of the Republic of Slovenia, Dunajska cesta 22, 1000 Ljubljana, website: www.ip-rs.si.
9. Children
The site is not directed at users under 16. We do not knowingly collect children's data. If you believe a child has submitted data, contact us and we will delete it.
10. Automated decision-making
We do not engage in automated decision-making within the meaning of Art. 22 GDPR (including profiling with legal effects).
11. Changes to this policy
We may update this policy from time to time. The date of the most recent update is shown at the top. Material changes affecting your rights are communicated via the site.
12. Privacy contact
For any privacy-related questions, please contact us at [email protected].