Privacy Policy

Introduction

astralnexus d.o.o. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website astralnexus.pro, use our services, or interact with us in relation to our continuing education programmes.

By accessing our website or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our website or services.

Data Controller Information

The data controller responsible for your personal information is:

Data Collection

We collect various types of information to provide and improve our continuing education services. The data we collect includes:

Personal Information

• Name, email address, phone number, and postal address
• Professional background and educational qualifications
• Employment information and career objectives
• Payment information (processed securely through third-party providers)
• Programme preferences and learning requirements

Technical Information

• IP address, browser type, and operating system
• Website usage patterns and navigation behaviour
• Device information and screen resolution
• Referral sources and search terms used to find our website

Communication Data

We collect information from your communications with us, including enquiries, support requests, feedback, and any other correspondence related to our services.

How We Use Your Information

We use your personal information for various purposes related to our continuing education services. How we use your information depends on how you interact with us and the legal basis for processing:

Service Provision

• Processing programme applications and enrolments
• Delivering educational content and support services
• Issuing certificates and maintaining academic records
• Processing payments and managing billing
• Providing customer support and responding to enquiries

Communication and Marketing

• Sending programme updates and important notifications
• Providing information about new courses and services
• Conducting surveys and collecting feedback
• Marketing communications (with your consent)

Legal and Operational Purposes

We may also use your data to comply with legal obligations, protect our rights and interests, prevent fraud, and ensure the security of our systems and services.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfil our educational services contract with you
• Legitimate Interests: For business operations, service improvement, and fraud prevention
• Consent: For marketing communications and optional data processing activities
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

• Service Providers: Trusted third parties who assist with payment processing, email delivery, and technical support
• Professional Bodies: When required for certification or accreditation purposes
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with mergers, acquisitions, or business restructuring

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our data retention periods are:

• Student Records: Maintained for 10 years after programme completion for certification verification
• Financial Records: Retained for 7 years in accordance with accounting regulations
• Marketing Data: Retained until consent is withdrawn or for 3 years of inactivity
• Website Analytics: Aggregated data retained for 26 months

When personal data is no longer needed, we securely delete or anonymise it in accordance with our data retention schedule.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal information:

• Access: Request copies of your personal data and information about how it's processed
• Rectification: Request correction of inaccurate or incomplete personal data
• Erasure: Request deletion of your personal data under certain circumstances
• Restriction: Request limitation of processing in specific situations
• Portability: Receive your personal data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests or for direct marketing
• Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the contact information provided below. We will respond to your request within one month of receipt.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure data backup and recovery procedures
• Incident response and breach notification procedures

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

International Data Transfers

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions
• Standard contractual clauses approved by the European Commission
• Binding corporate rules or certification schemes

Children's Privacy

Our services are designed for professionals and individuals over the age of 18. We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Updating the "Last updated" date at the top of this policy
• Sending email notifications for significant changes (where appropriate)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local data protection authority if you believe your privacy rights have been violated.