ARCHLIOR PRIVACY POLICY

Last Updated: February 3, 2026

1. Introduction

Archlior d.o.o. ("We," "Us," "Our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share your information when you use the Archlior platform, our AI visualization tools, and our inquiry services (collectively, the "Platform").

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Croatian Act on Implementation of the General Data Protection Regulation (Zakon o provedbi Opće uredbe o zaštiti podataka).

2. Data Controller

The entity responsible for processing your personal data is:
Archlior d.o.o.
Croatia
Email: info@archlior.com

3. What Data We Collect

We collect data in the following scenarios:

A. Information You Provide to Us

Data CategoryExamplesPurpose
Account DataName, email address, password, job title, company name, OIB/VAT ID (for B2B).To create your account, verify your professional status (KYB), and manage your profile.
Inquiry DataMessage content, phone number, project details sent via "Send Inquiry".To facilitate communication between you and the product manufacturer.
AI Input DataPhotos, sketches, or 3D files you upload to our AI tools; text prompts you enter.To generate lighting simulations and visualizations requested by you.
Transaction DataBilling address, purchase history (if buying via Marketplace). Note: We do not store full credit card numbers; these are handled by our payment processor.To process orders, issue fiscal invoices, and comply with tax laws.

B. Information Collected Automatically

  • Usage Data: Pages visited, time spent, click interactions (e.g., which products you view).
  • Technical Data: IP address, browser type, device type, operating system.
  • Cookies: We use cookies to remember your login state and analyze traffic. (See Section 9).

4. How and Why We Use Your Data

We only process your data when we have a legal basis to do so:

1. Performance of a Contract (Art. 6(1)(b) GDPR)

  • To provide the Services (e.g., generating an AI rendering you requested).
  • To process your "Send Inquiry" requests and transmit them to manufacturers.
  • To manage your account and billing.

2. Legal Obligation (Art. 6(1)(c) GDPR)

  • To comply with Croatian tax laws (e.g., issuing e-Invoices via Fiscalization 2.0).
  • To comply with the Digital Services Act (DSA) regarding content moderation.

3. Legitimate Interest (Art. 6(1)(f) GDPR)

  • To improve our AI algorithms and platform functionality.
  • To prevent fraud and ensure platform security.
  • To send B2B newsletters to professional users (with opt-out option).

4. Consent (Art. 6(1)(a) GDPR)

  • When you subscribe to our newsletter as a consumer.
  • When you accept non-essential cookies.

5. Specific Feature: "Send Inquiry" System

When you use the "Send Inquiry" or "Request Quote" button on a product page:

  • Data Transfer: You explicitly acknowledge that the personal data you enter (Name, Email, Message) will be transferred directly to the third-party Manufacturer of that product.
  • Manufacturer's Role: Once the data is transferred, the Manufacturer becomes an independent Data Controller responsible for handling your inquiry. Archlior is not responsible for how the Manufacturer processes your data after the transfer.
  • International Transfer: If the Manufacturer is located outside the EU/EEA (e.g., in China or the USA), your data will be transferred based on the necessity to perform the contract (Art. 49(1)(b) GDPR) — i.e., to fulfill your request for information about their product.

6. Specific Feature: AI Visualization Tools

When you upload images or input prompts into our AI tools:

  • Processing: We process this data to generate the requested output (e.g., a lit room scene).
  • No Biometric Data: We do not use facial recognition technology. However, you should avoid uploading photos of identifiable people.
  • Training: We may use anonymized and aggregated input data to train and improve our AI models. You own the copyright to your original uploads, but you grant us a license to process them for this purpose.

7. Data Sharing and Recipients

We do not sell your personal data. We share data only with:

  • Manufacturers: As described in Section 5 (only when you initiate an inquiry).
  • Service Providers (Processors): Third parties who provide IT infrastructure (e.g., AWS, Azure), payment processing (e.g., Stripe, CorvusPay), and email delivery services. All processors are bound by Data Processing Agreements (DPA).
  • Authorities: Tax authorities (Porezna uprava), HAKOM, or law enforcement, if required by law.

8. International Data Transfers

Some of our service providers or listed manufacturers may be located outside the European Economic Area (EEA). In such cases, we ensure protection via:

  • Adequacy Decisions: For countries like the UK, Japan, or Canada.
  • EU-US Data Privacy Framework: For US providers certified under the framework.
  • Standard Contractual Clauses (SCCs): For other countries, ensuring your data gets EU-level protection.

9. Cookies and Tracking

We use cookies to ensure the website functions properly.

  • Essential Cookies: Required for login and security.
  • Analytics Cookies: (e.g., Google Analytics 4) Used to understand site traffic. These are only activated if you give consent via our Cookie Banner.

You can manage your preferences at any time in the Cookie Settings link in our footer.

10. Data Retention

We retain your data only as long as necessary:

  • Account Data: Until you delete your account.
  • Inquiry Logs: 2 years (for dispute resolution).
  • Fiscal/Transaction Data: 11 years (statutory obligation under Croatian Accounting Act).

11. Your Rights

Under the GDPR, you have the right to:

  • Access your data.
  • Correct inaccurate data.
  • Delete your data ("Right to be Forgotten").
  • Restrict processing.
  • Object to processing (especially for marketing).
  • Data Portability (receive a copy of your data).

To exercise these rights, contact us at: info@archlior.com.

12. Supervisory Authority

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the Croatian supervisory authority:

Agencija za zaštitu osobnih podataka (AZOP)
Selska cesta 136, 10000 Zagreb
Website: azop.hr

This Privacy Policy was last updated on February 3, 2026. We may update it periodically to reflect changes in our services or regulations.