Privacy Policy
Last updated: January 15, 2026
Tyvoralis d.o.o. (hereinafter: 'Tyvoralis', 'we', 'us') is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website tyvoralis.com and related services.
1. Data Controller
The controller of your personal data is: Tyvoralis d.o.o. Ulica Andrije Hebranga 32 10000 Zagreb, Croatia OIB: 58291674035 Email: privatnost@tyvoralis.com Phone: +385 1 463 7290
2. Data we collect
We collect the following categories of personal data: • Identification data: first name, last name, date of birth • Contact data: email address, phone number, postal address • Account data: username, password (encrypted) • Financial data: data required for identity verification in accordance with anti-money laundering regulations • Technical data: IP address, browser type, operating system, device data • Usage data: pages you visit, access time, platform interaction • Cookies and similar technologies: in accordance with our Cookie Policy
3. Purpose and legal basis of processing
We process your personal data for the following purposes: • Service provision: managing your account, processing investment requests, and project-related communication (legal basis: contract performance) • Legal obligations: implementation of client identification measures in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act, tax reporting (legal basis: legal obligation) • Service improvement: platform usage analysis, development of new features, market research (legal basis: legitimate interest) • Marketing: sending notifications about new projects and platform changes, only with your explicit consent (legal basis: consent)
4. Data retention period
We keep your personal data only as long as necessary to fulfill the purposes for which they were collected: • Account data: during the contractual relationship and 5 years after account closure • Financial data: 11 years in accordance with legal documentation retention obligations • Marketing data: until withdrawal of consent • Technical data and cookies: up to 26 months
5. Your rights
In accordance with the General Data Protection Regulation (GDPR), you have the following rights: • Right of access: request a copy of your personal data • Right to rectification: request correction of inaccurate data • Right to erasure: request deletion of your data under certain conditions • Right to restriction: request restriction of processing in certain situations • Right to portability: receive your data in a structured format • Right to object: object to processing based on legitimate interest • Right to withdraw consent: at any time, without affecting the lawfulness of processing before withdrawal To exercise your rights, contact: privatnost@tyvoralis.com
6. Data security
We apply appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3), encryption at rest, access controls, regular security audits, and incident response plans.
7. Data transfers
Your personal data is primarily processed within the European Economic Area (EEA). In case of transfer outside the EEA, we ensure appropriate safeguards in accordance with Articles 46 and 49 of the GDPR, including the European Commission's standard contractual clauses.
8. Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy. We will notify you of significant changes via email or platform notification at least 30 days before they take effect.
9. Data protection contact
For all questions regarding personal data protection, you can contact: Data Protection Officer Tyvoralis d.o.o. Email: privatnost@tyvoralis.com Phone: +385 1 463 7290 You also have the right to file a complaint with the competent supervisory authority: Croatian Personal Data Protection Agency (AZOP) Selska cesta 136, 10000 Zagreb www.azop.hr