Join the waitlist

Privacy Policy

How we collect, use, and protect your personal data.

Effective date: March 10, 2026 · Last updated: March 10, 2026

1. Data Controller

The data controller for the processing of your personal data is:

Converge Software d.o.o.
Zagreb, Croatia
Email: privacy@workplace.hr

2. What Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Name and email address (when you create an account or join the waitlist)
  • Company name and business details
  • Authentication credentials (managed via IdPlace.hr, our identity provider)

Usage Data

  • Pages visited, features used, and interaction patterns
  • Browser type, device type, and operating system
  • IP address and approximate location (country level)

Service Data

  • Data you enter into our tools (e.g., salary calculation inputs, employee records)
  • Documents you upload for processing
  • HR and business administration records you manage through our platform

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

  • Contract performance (Art. 6(1)(b)) — to provide the services you have subscribed to, including account management and platform functionality.
  • Legitimate interest (Art. 6(1)(f)) — to improve our services, ensure security, and prevent fraud. Our legitimate interest does not override your fundamental rights and freedoms.
  • Consent (Art. 6(1)(a)) — for optional communications such as product updates and marketing emails. You may withdraw your consent at any time.
  • Legal obligation (Art. 6(1)(c)) — to comply with applicable laws and regulations.

4. How We Use Your Data

  • To provide, maintain, and improve our services
  • To process your account registration and manage your subscription
  • To respond to your inquiries and provide customer support
  • To send service-related notifications (e.g., security alerts, billing updates)
  • To send marketing communications (only with your consent)
  • To detect, prevent, and address technical issues and security threats
  • To comply with legal obligations

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account data — retained for the duration of your account, plus 30 days after deletion to allow recovery.
  • Service data — retained for the duration of your subscription. Upon termination, data is deleted within 90 days unless a longer retention period is required by law.
  • Usage data — retained for up to 12 months for analytics purposes, then anonymized or deleted.
  • Waitlist data — retained until you unsubscribe or for up to 24 months, whichever is earlier.
  • Legal and billing records — retained as required by applicable law (typically 5-10 years for financial records in Croatia).

6. Third-Party Processors

We use a limited number of third-party service providers to help operate our platform. All processors are bound by data processing agreements and are located within the European Union.

  • Hosting and infrastructure — EU-based data centers. No data is transferred to the United States or other countries outside the EU/EEA.
  • Email delivery — for transactional and service-related emails, processed within the EU.
  • Payment processing — for subscription billing (launching July 2026), using EU-based, PCI DSS-compliant processors.

We do not sell your personal data to third parties. We do not share your data with advertisers.

7. International Data Transfers

All personal data is stored and processed within the European Union. We do not transfer personal data to countries outside the EU/EEA. Our infrastructure is entirely EU-hosted, and we have selected all sub-processors to ensure data remains within EU jurisdiction.

8. Cookies

We use only essential cookies that are strictly necessary for the operation of our website and services. These include:

  • Session cookies — to maintain your authenticated session.
  • Security cookies — to prevent cross-site request forgery and other attacks.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required for strictly necessary cookies under the ePrivacy Directive.

9. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15) — request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
  • Right to restriction (Art. 18) — request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interest or direct marketing.
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@workplace.hr. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption at rest and in transit (TLS 1.2+)
  • Customer database isolation — each customer's data is stored in a separate database
  • Zero-knowledge encryption for sensitive data
  • Multi-factor authentication support via IdPlace.hr
  • Regular security assessments and updates
  • Access controls and audit logging

11. Data Protection Officer

For any questions or concerns regarding data protection, you can contact our Data Protection Officer at:

Email: privacy@workplace.hr

12. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is:

AZOP (Agencija za zastitu osobnih podataka)
Croatian Personal Data Protection Agency
Website: azop.hr

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will provide notice via email or through the platform.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Converge Software d.o.o.
Zagreb, Croatia
Email: privacy@workplace.hr
General inquiries: hello@workplace.hr