Privacy policy

 

Last updated: June 7, 2026

1. Introduction

This Privacy Policy explains how DRYBRUSH STUDIO d.o.o. (“we,” “us,” or “our”) collects, uses, stores, shares, and protects personal data when you visit or use the website https://drybrush-studio.com (the “Website”), contact us, or communicate with us regarding our services.

We are committed to protecting your privacy and processing personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Croatian data protection legislation.

This Privacy Policy applies to visitors of the Website, potential clients, clients, business contacts, and other individuals who communicate with us.

2. Data Controller

The data controller responsible for the processing of personal data described in this Privacy Policy is:

DRYBRUSH STUDIO d.o.o.
Ulica Tita Brezovačkoga 4
10000 Zagreb
Croatia

Email: contact@drybrush-studio.com

3. Personal Data We Collect

We may collect personal data that you voluntarily provide to us, as well as certain technical and usage data collected automatically when you use the Website.

3.1 Personal data you provide to us

We may collect the following personal data when you contact us, fill out a form on the Website, request information, request services, or otherwise communicate with us:

  • name and surname;

  • company name, if applicable;

  • email address;

  • phone number;

  • message content and information included in your inquiry;

  • information related to a potential or existing project, cooperation, or service request;

  • any other information you choose to provide to us.

3.2 Technical and usage data

When you visit the Website, certain technical information may be collected automatically, including:

  • IP address;

  • browser type and version;

  • device type;

  • operating system;

  • pages visited on the Website;

  • time and date of your visit;

  • time spent on pages;

  • referring website or source;

  • approximate location based on technical data;

  • interaction with Website features.

This information may be collected through cookies, analytics tools, security tools, server logs, and similar technologies.

4. How We Collect Personal Data

We may collect personal data in the following ways:

  • when you fill out a contact form on the Website;

  • when you send us an email or otherwise contact us;

  • when you request information, a quote, or our services;

  • when we communicate with you regarding a project or business relationship;

  • when you use or browse the Website;

  • through cookies and similar tracking technologies;

  • through third-party tools used on the Website, such as Google Analytics and Google reCAPTCHA.

5. Purposes and Legal Bases for Processing

We process personal data only where we have a valid legal basis under applicable data protection laws.

5.1 Responding to inquiries and communication

We process your name, contact details, message content, and related information to respond to your inquiries, provide information, prepare offers, and communicate with you.

Legal basis: legitimate interest in responding to inquiries and communicating with potential clients and business contacts; steps prior to entering into a contract, where applicable.

5.2 Providing services and managing client relationships

If you become our client or business partner, we may process your personal data to provide agreed services, manage projects, communicate about deliverables, issue invoices, and administer the business relationship.

Legal basis: performance of a contract or steps prior to entering into a contract; compliance with legal obligations; legitimate interest in managing business relationships.

5.3 Website functionality and security

We process certain technical data to ensure that the Website functions properly, to maintain security, prevent spam, detect misuse, and protect the Website from unauthorized access, fraud, and automated abuse.

Legal basis: legitimate interest in maintaining a secure and functional Website; compliance with legal obligations where applicable.

5.4 Analytics and website improvement

We may use analytics tools, such as Google Analytics, to understand how visitors use the Website, monitor performance, and improve content, functionality, and user experience.

Legal basis: consent, where required by applicable cookie and privacy rules; legitimate interest where analytics are configured in a privacy-friendly manner and consent is not legally required.

5.5 Marketing and promotional communication

If you have given consent or where otherwise permitted by law, we may use your contact information to send you updates, offers, or marketing communications related to our services.

Legal basis: consent; legitimate interest for limited business-to-business communication where permitted by law.

You may opt out of marketing communications at any time by contacting us at contact@drybrush-studio.com or by using the unsubscribe option where provided.

5.6 Legal, accounting, and compliance purposes

We may process personal data to comply with legal, accounting, tax, record-keeping, or regulatory obligations, and to establish, exercise, or defend legal claims.

Legal basis: compliance with legal obligations; legitimate interest in protecting our rights and legal interests.

6. Cookies and Similar Technologies

The Website may use cookies and similar technologies to ensure proper functionality, improve user experience, analyze Website traffic, and protect the Website from spam and abuse.

Cookies may include:

  • essential cookies required for the Website to function;

  • analytics cookies used to understand Website usage;

  • security cookies used to protect the Website from spam, abuse, and automated activity;

  • third-party cookies related to tools such as Google Analytics and Google reCAPTCHA.

You can manage or disable cookies through your browser settings. Depending on your location and applicable law, you may also be able to manage cookie preferences through a cookie banner or consent tool on the Website.

For more information, please see our Cookie Policy, where available.

7. Third-Party Services

We may use third-party service providers that help us operate the Website, analyze Website traffic, protect the Website, communicate with users, host data, or provide business and technical services.

7.1 Google Analytics

We may use Google Analytics to collect information about how visitors use the Website, such as pages visited, time spent on the Website, browser and device information, and general usage patterns.

Google may process certain information in accordance with its own privacy practices. You can learn more about how Google processes data in Google’s Privacy Policy.

7.2 Google reCAPTCHA

We may use Google reCAPTCHA to protect the Website, contact forms, and related features from spam, abuse, and automated bots.

Google reCAPTCHA may collect technical and usage data in order to determine whether an interaction is performed by a human user or an automated system. This processing may be subject to Google’s Privacy Policy and Terms of Service.

7.3 Website hosting and technical providers

Our Website may be hosted or supported by third-party providers that process data on our behalf for technical, hosting, security, backup, maintenance, or support purposes.

7.4 Professional advisers and authorities

Where necessary, we may share personal data with accountants, legal advisers, business advisers, public authorities, courts, or regulators, but only where required or permitted by law.

8. Sharing and Disclosure of Personal Data

We do not sell your personal data.

We may share personal data only where necessary and in accordance with applicable law, including with:

  • service providers who help us operate and maintain the Website;

  • analytics, security, and anti-spam service providers;

  • hosting, IT, maintenance, and technical support providers;

  • payment, accounting, legal, or business advisers, where applicable;

  • public authorities, courts, regulators, or law enforcement bodies where legally required;

  • third parties where necessary to protect our rights, property, security, users, or business interests.

Where service providers process personal data on our behalf, we take appropriate steps to ensure that they process personal data in accordance with our instructions and applicable data protection requirements.

9. International Data Transfers

Some third-party service providers, including Google services, may process data outside the European Economic Area (“EEA”) or in countries that may not provide the same level of data protection as your country.

Where personal data is transferred outside the EEA, we rely on appropriate safeguards where required by law, such as adequacy decisions, standard contractual clauses, contractual protections, or other lawful transfer mechanisms.

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to respond to inquiries, provide services, maintain business records, comply with legal obligations, resolve disputes, and enforce agreements.

In general:

  • contact form inquiries and general correspondence are retained for as long as necessary to respond to the inquiry and maintain appropriate business records;

  • client and project-related data are retained for the duration of the business relationship and for the period necessary to comply with legal, tax, accounting, and contractual obligations;

  • invoice and accounting data are retained in accordance with applicable accounting and tax laws;

  • technical and analytics data are retained for the period determined by the relevant tool settings and legal requirements;

  • data processed on the basis of consent is retained until consent is withdrawn, unless another legal basis applies.

When personal data is no longer needed, we will delete it, anonymize it, or securely archive it where required by law.

11. Your Rights

Depending on the circumstances and applicable law, you may have the following rights regarding your personal data:

  • Right of access — to request confirmation of whether we process your personal data and to receive a copy of that data;

  • Right to rectification — to request correction of inaccurate or incomplete personal data;

  • Right to erasure — to request deletion of your personal data where legal conditions are met;

  • Right to restriction of processing — to request that we limit the processing of your personal data in certain circumstances;

  • Right to data portability — to receive your personal data in a structured, commonly used, and machine-readable format where applicable;

  • Right to object — to object to processing based on legitimate interests or direct marketing;

  • Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal;

  • Right not to be subject to automated decision-making — to not be subject to a decision based solely on automated processing, including profiling, where such processing produces legal or similarly significant effects.

To exercise your rights, please contact us at contact@drybrush-studio.com.

We may need to verify your identity before responding to your request. We will respond to requests within the timeframe required by applicable law.

12. Right to Lodge a Complaint

If you believe that we process your personal data unlawfully or that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority.

In Croatia, the supervisory authority is:

Croatian Personal Data Protection Agency
Agencija za zaštitu osobnih podataka
Selska cesta 136
10000 Zagreb
Croatia
Website: https://azop.hr

We encourage you to contact us first so that we can try to resolve your concern directly.

13. Data Security

We take reasonable technical, organizational, and security measures to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.

These measures may include secure servers, access controls, encryption where appropriate, backups, software updates, spam protection, and other security practices.

However, no method of transmission over the internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security.

14. Children’s Privacy

The Website and our services are not intended for children.

We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate authorization, we will take reasonable steps to delete such data.

If you believe that a child has provided us with personal data, please contact us at contact@drybrush-studio.com.

15. Links to Third-Party Websites

The Website may contain links to third-party websites, platforms, social media pages, or services.

We are not responsible for the privacy practices, content, security, or terms of use of third-party websites or services. We encourage you to read the privacy policies of any third-party websites you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or Website functionality.

The updated version will be published on this page with a new “Last updated” date.

We recommend that you review this Privacy Policy periodically to stay informed about how we process and protect personal data.

17. Contact Us

If you have any questions about this Privacy Policy, how we process personal data, or if you wish to exercise your rights, you may contact us at:

DRYBRUSH STUDIO d.o.o.
Ulica Tita Brezovačkoga 4
10000 Zagreb
Croatia

Email: contact@drybrush-studio.com

 

Scroll to Top