Privacy Policy

Last updated: December 2025

1. Introduction

Reviya ("we", "our", or "us") is operated by Kingfisher Software d.o.o. (OIB: 23813791964), based in Samobor, Croatia. We respect your privacy and are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

This privacy policy explains how we collect, use, store, and protect your personal information when you use our website and services.

2. Data Controller

Kingfisher Software d.o.o.
Jurja Dijanića 18
10430 Samobor, Croatia
OIB: 23813791964
Email: info@reviya.eu

3. What Data We Collect

3.1 Information You Provide Directly

  • Contact Forms: Name, email address, company name, and message content
  • Waitlist Signup: Work email and company type
  • User Accounts (when available): Name, email, company details, and authentication credentials
  • Newsletter Subscription (future): Email address and preferences

3.2 Data Collected Automatically

  • Analytics Data: We use Google Analytics to collect information about your visit, including pages viewed, time spent, browser type, and approximate location (country/city level)
  • Cookies: Small files stored on your device. See our Cookie Policy for details
  • Server Logs: IP address, browser type, access times, and referring URLs

3.3 Business Data (for Platform Users)

When you use our Digital Product Passport platform (when launched), we will collect and store:

  • Product information and metadata
  • Supply chain data and supplier information
  • Certification documents and compliance records
  • Usage statistics and platform interactions

4. How We Use Your Data

4.1 Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: For analytics cookies, marketing communications, and newsletter subscriptions
  • Contract Performance: To provide our services when you create an account
  • Legitimate Interests: To respond to inquiries, improve our services, and prevent fraud
  • Legal Obligation: To comply with applicable laws and regulations

4.2 Purposes

  • Respond to your inquiries and support requests
  • Provide and improve our Digital Product Passport services
  • Send product updates and compliance information (with consent)
  • Analyze website usage and improve user experience
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

5. Data Sharing and Third Parties

5.1 Service Providers

We share your data with trusted service providers who help us operate our business:

  • Google Workspace: Email hosting and communication (covered by Google's GDPR compliance)
  • Google Analytics: Website analytics (anonymized IP addresses)
  • Hosting Providers: Servers located within the European Union

5.2 Legal Requirements

We may disclose your data if required by law, court order, or to protect our legal rights.

5.3 No Data Selling

We will never sell your personal data to third parties.

6. Data Retention

  • Contact Form Submissions: 2 years after last contact
  • Analytics Data: 26 months (Google Analytics default)
  • User Accounts: Until account deletion or 3 years of inactivity
  • Business Data: As long as you maintain an active account, plus legal retention periods
  • Newsletter: Until you unsubscribe

7. Your Rights Under GDPR

As an EU-based service, we ensure you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

To exercise any of these rights, contact us at info@reviya.eu. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication for user accounts
  • Regular security updates and monitoring
  • Access controls and employee training
  • EU-based data storage

9. International Data Transfers

Your data is primarily stored and processed within the European Union. When we use service providers outside the EU (such as Google), we ensure they comply with GDPR through:

  • EU-US Data Privacy Framework certification
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

10. Cookies

We use cookies to improve your experience. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

You can manage cookie preferences at any time by clicking .

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be notified via email or a prominent notice on our website. The "Last updated" date at the top indicates when changes were made.

13. Complaints and Supervisory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Croatian Data Protection Authority (AZOP):

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb, Croatia
Website: azop.hr

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: info@reviya.eu
Address: Kingfisher Software d.o.o., Jurja Dijanića 18, 10430 Samobor, Croatia