Privacy Policy
Last updated: 3 June 2026
This notice describes how the personal data of users who browse the website aer.group and who get in touch with Aer Group is processed, pursuant to Art. 13 of Regulation (EU) 2016/679 ("GDPR") and the applicable Croatian legislation (Zakon o provedbi Opće uredbe o zaštiti podataka).
1. Data controller
Aer L.F. d.o.o
Ulica rijeke Rižane 4, 52466 Novigrad (Cittanova), Croatia
OIB / VAT: HR55800830610
Email: info@aer.group · Tel: +385 51 770201
The Controller has not appointed a Data Protection Officer (DPO), as there is no legal obligation to do so. For any matter relating to the processing of data you may write to the email address above.
2. Types of data processed
a) Browsing data
The IT systems and software procedures used to operate this website acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of internet communication protocols (e.g. IP addresses, browser and device type, operating system, date and time of the request, pages visited). Such data is used solely to obtain anonymous statistical information on the use of the site and to check that it functions correctly and securely.
b) Data provided voluntarily by the user
The optional, explicit and voluntary sending of communications to the Controller's contact details (email, telephone) entails the acquisition of the sender's contact details and of any personal data included in the communication (e.g. name, surname, company name, contact details and message content).
c) Cookies and similar technologies
For data collected through cookies and similar technologies please refer to the Cookie Policy.
3. Purposes and legal basis of processing
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Responding to requests for information and contact | Pre-contractual measures / legitimate interest (lett. b/f) |
| Managing the commercial relationship with customers and suppliers | Performance of the contract (lett. b) |
| Accounting, tax and legal obligations | Legal obligation (lett. c) |
| Operation, security and basic statistics of the site | Legitimate interest (lett. f) |
| Any statistical or marketing cookies | Consent (lett. a) — see Cookie Policy |
4. Methods of processing
Data is processed with IT and, where necessary, paper-based tools, adopting appropriate technical and organisational measures to ensure its security, confidentiality and integrity and to prevent unauthorised access, loss or disclosure (Art. 32 GDPR). Processing is carried out by the Controller's authorised personnel and by any designated data processors.
5. Data retention
- Contact data relating to requests that did not lead to a relationship: kept for the time needed to handle the request and, at most, for 24 months.
- Data relating to contractual relationships: kept for the entire duration of the relationship and thereafter for the statutory limitation period.
- Data for accounting and tax obligations: kept for the period required by applicable law (normally 10 years).
- Browsing data: kept only for the time strictly necessary for security and statistical purposes.
6. Recipients and disclosure of data
For the purposes described above, data may be processed by parties acting on the Controller's behalf as data processors, including: hosting and IT infrastructure providers, email service providers, accounting and tax advisors, professionals and providers of logistics and commercial services. Data may also be disclosed to public authorities and supervisory bodies where required by law. Data is not disseminated.
7. Transfer of data outside the EU
The site uses the Google Fonts service (Google Ireland Ltd. / Google LLC) to load typefaces, which may involve the transfer of the IP address to servers located also outside the European Economic Area. Such transfers take place under adequate safeguards pursuant to Art. 44 et seq. of the GDPR (EU-US Data Privacy Framework adequacy decision and/or Standard Contractual Clauses). Save as indicated, data is processed within the European Union.
8. Nature of the provision of data
The provision of browsing data is connected to the use of the site's technologies. The provision of contact data is optional, but failure to provide the data indicated as necessary makes it impossible to respond to requests.
9. Rights of the data subject
As a data subject, the user has the right, within the limits and conditions set out in Art. 15-22 of the GDPR, to:
- access their personal data and obtain a copy;
- request its rectification, updating or integration;
- request its erasure ("right to be forgotten");
- obtain the restriction of processing;
- object to processing based on legitimate interest;
- obtain data portability;
- withdraw consent at any time, without prejudice to the lawfulness of prior processing.
Rights may be exercised by writing to info@aer.group. The Controller will respond within the legal time limits.
10. Right to lodge a complaint
A data subject who believes that the processing of their data infringes the GDPR has the right to lodge a complaint with the competent supervisory authority. In Croatia: Agencija za zaštitu osobnih podataka (AZOP) — Selska cesta 136, 10000 Zagreb — azop.hr.
11. Changes to this notice
The Controller reserves the right to modify or update this notice at any time, including as a result of regulatory changes. The version in force is the one published on this page, with its last-updated date.