SeaCras

Corporate Website Legal

Website Privacy Policy

This Privacy Policy explains how Sea Cras d.o.o. processes personal data in connection with the public SeaCras corporate website at seacras.com and www.seacras.com. It does not apply to the separate public SeaCras App available at water.seacras.com, which is covered by a separate privacy policy.

Servicewww.seacras.com
ControllerSea Cras d.o.o.
Last UpdatedMarch 25, 2026
Privacy Contactinfo@seacras.com

1. Controller, Scope, and Privacy Contact

The controller for the personal data described in this Privacy Policy is Sea Cras d.o.o., Avenija Dubrovnik 15, 10000 Zagreb, Croatia, VAT ID HR70844303390.

SeaCras can be contacted for privacy matters at info@seacras.com. For the purposes of Canadian and Quebec transparency requirements, this address is also the contact point for the person responsible for SeaCras privacy practices relating to the public corporate website. If SeaCras appoints a dedicated Data Protection Officer or another statutory privacy contact for these services, this notice will be updated accordingly.

This Policy applies to personal data processed through the public corporate website, including company pages, service pages, industries pages, publications, news, careers, and public business contact pathways. It does not apply to client dashboards, partner portals, contracted services, or the separate public SeaCras App at water.seacras.com.

2. Data We Process

Depending on how you interact with the website, SeaCras may process the following categories of data:

  • Technical and usage data: IP address, browser type, device type, operating system, language, referrer URL, visited pages, date and time of access, cookie preferences, and security-related logs.
  • Inquiry and contact data: name, company, role, email address, phone number, country, and the content of your message when you contact SeaCras or request a demo, meeting, or follow-up.
  • Business relationship data: notes relating to your organization, use case, sector, project scope, needs, and follow-up communications connected with potential or existing business discussions.
  • Recruitment data: CVs, cover letters, portfolios, employment history, qualifications, and any other information you choose to submit when applying for a role or expressing interest in joining SeaCras.
  • Optional analytics data: website interaction information generated by analytics technologies only where the relevant technology is enabled and any required consent has been obtained.
  • Compliance and request-handling data: records needed to respond to privacy requests, complaints, legal obligations, and audit or compliance requirements.
Do not send unnecessary sensitive data. SeaCras does not ask visitors to submit sensitive personal data through the public website unless this is specifically justified and clearly requested. Please do not submit medical information, government identifiers, or other high-risk personal data through a public form or general email channel unless SeaCras has expressly asked for it and provided an appropriate channel.

3. Where the Data Comes From

SeaCras may obtain personal data:

  • directly from you when you browse the website, fill a form, contact SeaCras, request a demo, or send job application materials;
  • from your employer or organization in the context of business discussions or introductions;
  • from publicly available professional sources, such as official company websites, professional directories, event materials, or professional networking profiles, where appropriate and lawful;
  • from service providers acting on SeaCras instructions, such as hosting, infrastructure, security, or communication providers.

Where personal data has not been obtained directly from you, SeaCras will provide the information required by applicable law within the time required by that law, subject to any permitted exception.

4. Purposes, Legal Bases, and Legitimate Interests

SeaCras processes personal data for the following purposes and legal bases:

Purpose Examples Legal Basis
Operate and secure the website Deliver pages, maintain performance, detect misuse, prevent fraud, and maintain logs. Legitimate interests in operating, securing, and improving the public website.
Respond to inquiries and requests Answer questions, discuss demos, schedule meetings, and manage pre-contract communication. Steps prior to entering into a contract, legitimate interests, or contract performance where applicable.
Manage business relationships Evaluate use cases, partnership opportunities, project fit, and ongoing business discussions. Legitimate interests and contract-related necessity where applicable.
Recruitment Review applications, manage hiring processes, communicate with candidates, and maintain recruitment records. Steps prior to entering into an employment contract, legitimate interests, and consent where required.
Improve website performance Use analytics to understand aggregate traffic, page performance, content use, and consent patterns. Consent where required by law.
Comply with legal obligations and defend claims Maintain records, handle rights requests, meet regulatory duties, and establish, exercise, or defend legal claims. Legal obligation and legitimate interests.

Legitimate interests SeaCras relies on

Where SeaCras relies on legitimate interests, those interests generally include operating a secure public website, responding to professional inquiries, presenting SeaCras services, maintaining business records, improving user experience, managing recruitment processes, and protecting SeaCras legal position and systems.

5. When Data Is Required

Browsing publicly available pages usually does not require you to submit direct identifiers, although technical data such as IP address and device information is processed as part of delivering and securing the website.

If you choose to contact SeaCras, request a demo, pursue a partnership discussion, or apply for a role, the requested fields are generally voluntary from a website perspective but may be necessary for SeaCras to respond, evaluate your request, or consider your application. If you do not provide relevant information, SeaCras may be unable to respond effectively or proceed with the relevant process.

SeaCras does not currently use the public corporate website to make solely automated decisions that produce legal effects or similarly significant effects about you.

6. Sharing, Processors, and Recipients

SeaCras may share personal data with the following categories of recipients:

  • website hosting, infrastructure, IT, security, and communication providers acting as processors or service providers;
  • analytics providers, but only to the extent the relevant technologies are enabled and any required consent has been obtained;
  • professional advisers such as lawyers, auditors, insurers, or consultants where necessary;
  • public authorities, regulators, courts, or law enforcement where disclosure is required by law or necessary to establish, exercise, or defend legal claims;
  • a potential acquirer, investor, or restructuring counterparty in connection with a merger, acquisition, financing, or reorganization.

SeaCras does not operate these public website services as a data broker. SeaCras does not knowingly sell personal data for money through the public corporate website. If SeaCras later carries out an activity through this public service that is treated as a sale, sharing, targeted advertising, or a similar regulated activity under applicable law, SeaCras will update this notice and provide the required controls.

7. International Transfers

Some service providers may process personal data outside the European Economic Area, the United Kingdom, or your home jurisdiction. When this occurs, SeaCras will use an appropriate transfer mechanism and safeguards required by applicable law, such as an adequacy decision, standard contractual clauses, or another lawful mechanism, together with supplementary measures where appropriate.

If you would like further information about the safeguards used for a specific transfer, you may contact SeaCras using the details in this notice.

8. Retention

SeaCras keeps personal data only for as long as necessary for the relevant purpose. In general:

  • technical and security logs are kept for a limited period appropriate to security, troubleshooting, and legal compliance;
  • inquiry and demo-related correspondence is kept for as long as needed to manage the request and reasonable follow-up, and then retained only where necessary for records or legal claims;
  • business relationship records are kept while the relationship is active and for a reasonable period afterwards;
  • recruitment materials are kept for the active recruitment process and, where lawful and appropriate, for a limited future hiring period if you consent or applicable law allows;
  • consent records and suppression records are retained for as long as necessary to demonstrate compliance and respect user preferences;
  • certain records may be retained longer where required by law, regulation, tax rules, litigation holds, or claim defense needs.

9. Automated Decision-Making and Profiling

SeaCras does not currently use personal data collected through the public corporate website to make decisions based solely on automated processing that produce legal effects or similarly significant effects about individuals.

Optional analytics and basic website measurement may involve assessing traffic patterns, interest in content, or aggregate campaign performance. SeaCras does not use those public website analytics processes to make materially significant individualized decisions about visitors.

10. Your Rights

Depending on where you are located and which laws apply, you may have the right to access, correct, delete, restrict, object to, or request portability of your personal data, as well as the right to withdraw consent where processing is based on consent.

EEA and UK

If the GDPR, UK GDPR, or similar European data protection law applies to the relevant processing, you may have the right to request access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also lodge a complaint with your local supervisory authority, including AZOP in Croatia or the UK Information Commissioner's Office where relevant.

United States state privacy laws

Depending on your state of residence and whether SeaCras is subject to the relevant law, you may have rights such as the right to know or access, correct inaccuracies, delete, obtain a portable copy of data, and opt out of targeted advertising, sale, sharing, certain profiling, or certain sensitive-data processing.

SeaCras does not currently offer a public financial-incentive program tied to personal data through the corporate website. If SeaCras engages in processing that triggers a right to opt out of sale, sharing, or targeted advertising under applicable U.S. state law, SeaCras will provide the required notice and mechanism, including recognition of browser-based opt-out preference signals such as Global Privacy Control where required.

Canada and Quebec

If Canadian private-sector privacy law applies, including PIPEDA or Quebec's private-sector privacy law, you may request access to and correction of personal information and may challenge SeaCras compliance with applicable privacy requirements. If Quebec law applies, this notice is intended to function as a clear and simple website confidentiality policy for information collected through technological means.

How to exercise rights

To exercise your rights, contact info@seacras.com. SeaCras may need to verify your identity before acting on your request. If applicable U.S. state law gives you a right to appeal a decision on a request, you may ask SeaCras to reconsider the decision by replying to the decision notice or by writing to the same privacy contact.

11. Cookies and Similar Technologies

The corporate website uses cookies and similar technologies to operate securely and, where enabled, to understand website use. Please see the separate Website Cookie Policy for more detail, including how SeaCras approaches consent, browser settings, and optional technologies.

12. Security

SeaCras uses technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures are designed with regard to the sensitivity of the data, the context of processing, and the risks involved. However, no internet-based service can guarantee absolute security.

13. Children

The corporate website is not directed to children. SeaCras does not knowingly collect personal data from children through the public corporate website. If you believe a child has submitted personal data through this service, please contact SeaCras so the matter can be reviewed.

14. Changes

SeaCras may update this Privacy Policy from time to time to reflect operational, legal, regulatory, or technical changes. The latest version will be published on this page with the updated revision date. Where required by applicable law, SeaCras will also provide additional notice of material changes.

15. Contact, Complaints, and Appeals

For privacy questions or requests, contact info@seacras.com or write to Sea Cras d.o.o., Avenija Dubrovnik 15, 10000 Zagreb, Croatia.

If you believe your rights have been infringed, you may also lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), with the supervisory authority in your jurisdiction, with the UK Information Commissioner's Office where relevant, or with the Office of the Privacy Commissioner of Canada or Commission d'acces a l'information du Quebec where applicable.