GDPR Compliance

Effective: March 1, 2026

EnterSolutions d.o.o. ("EnterSolutions") is committed to protecting personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This page outlines how we ensure compliance as both a data controller and data processor.

Our Commitment to GDPR

As a company headquartered in Zagreb, Croatia (an EU member state), EnterSolutions is fully subject to GDPR. We have implemented comprehensive data protection measures across our organization, products, and services. Our CRM platform is designed with privacy by design and by default principles.

Legal Bases for Processing

Consent (Art. 6(1)(a))

For marketing communications, cookie tracking, and optional analytics. Consent can be withdrawn at any time.

Contractual Necessity (Art. 6(1)(b))

For providing the EnterCRM service, managing accounts, processing payments, and core functionality.

Legitimate Interest (Art. 6(1)(f))

For service improvement, security monitoring, fraud prevention, and internal analytics.

Legal Obligation (Art. 6(1)(c))

For tax regulations, accounting requirements, and lawful government requests.

Data Subject Rights (Articles 15-22)

Right of Access (Art. 15) — Obtain a copy of your personal data

Right to Rectification (Art. 16) — Correct inaccurate data

Right to Erasure (Art. 17) — Request deletion of your data

Right to Restriction (Art. 18) — Restrict processing

Right to Data Portability (Art. 20) — Receive data in machine-readable format

Right to Object (Art. 21) — Object to processing

Rights Related to Automated Decisions (Art. 22)

Right to Withdraw Consent at any time

Sub-processors

Google Cloud Platform

Infrastructure & hostingEU (Belgium)

Stripe

Payment processingEU/US (SCCs)

SendGrid (Twilio)

Email deliveryEU/US (SCCs)

Cloudflare

CDN & DDoS protectionGlobal

Sentry

Error monitoringEU (Frankfurt)

International Data Transfers

Your data is primarily stored within the EEA. When transfers outside the EEA are necessary, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

Data Breach Notification

In the event of a personal data breach, we will notify the Croatian Personal Data Protection Agency (AZOP) within 72 hours (Article 33 GDPR), notify affected data subjects without undue delay if the breach poses high risk (Article 34 GDPR), and document all breaches in our internal register.

Supervisory Authority

Agencija za zaštitu osobnih podataka (AZOP)

Fra Grge Martića 14, 10000 Zagreb, Croatia

azop.hr

You have the right to lodge a complaint with AZOP or any other EU supervisory authority.

Contact

Email: privacy@entersolutions.io

Address: EnterSolutions d.o.o., Zagreb, Croatia

We will respond to requests within 30 days.