Privacy Policy
1. Who We Are
Momentiv is operated by Marko Lumbar, based in 6000 Koper, Slovenia (the “Operator”). For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Marko Lumbar is the data controller.
Contact: hello@momentivagency.com
2. What Data We Collect
We collect the following personal data:
Contact form:
- Full name
- Email address
- Company name (optional)
- Project description / message
Newsletter subscription:
- Email address
Server logs (automatically collected):
- IP address
- Browser type and version
- Operating system
- Pages visited and timestamps
We do not collect sensitive data as defined under GDPR Article 9 (health data, political opinions, biometric data, etc.).
3. Why We Collect It / Legal Basis
| Data | Purpose | Legal Basis |
|---|---|---|
| Contact form data (name, email, company, message) | To respond to your enquiry and provide information about our services | Art. 6(1)(b) — necessary for pre-contractual steps |
| Newsletter email | To send occasional updates on web design, development, and building online | Art. 6(1)(a) — your consent |
| Server logs | To ensure the security and proper functioning of our website | Art. 6(1)(f) — our legitimate interest |
4. Third-Party Data Processors
We use the following third-party processors to operate our services. Each has been engaged under a data processing agreement in accordance with GDPR Article 28.
| Processor | Purpose | Location | Transfer Mechanism |
|---|---|---|---|
| Vercel Inc. | Web hosting and content delivery | USA | Standard Contractual Clauses (SCCs) |
| Resend Inc. | Delivery of contact form submissions and newsletter emails | USA | Standard Contractual Clauses (SCCs) |
| Calendly LLC | Meeting scheduling (when you click “Book a call”) | USA | Standard Contractual Clauses (SCCs) |
We do not share your personal data with any other third parties unless required by law.
5. International Data Transfers
Our processors Vercel, Resend, and Calendly are based in the United States. Data transfers to these processors are carried out under Standard Contractual Clauses (SCCs) as adopted by the European Commission Decision 2021/914 under GDPR Article 46(2)(c), providing appropriate safeguards for your personal data.
6. Data Retention
| Data | Retention Period |
|---|---|
| Contact form data | 2 years from the date of submission |
| Newsletter email | Until you unsubscribe |
| Server logs | 90 days |
After the applicable retention period, your data is securely deleted.
7. Minimum Age
Our website is not directed at children under the age of 15. In accordance with the Slovenian Personal Data Protection Act (ZVOP-2, Article 113), the minimum age for digital consent is 15. If you are under 15, please do not submit any personal data through this website.
8. Your Rights Under GDPR
Under GDPR Articles 15–21 and Article 7(3), you have the following rights:
- Right of access (Art. 15) — You can request a copy of the personal data we hold about you.
- Right to rectification (Art. 16) — You can ask us to correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — You can request deletion of your personal data (“right to be forgotten”).
- Right to restriction (Art. 18) — You can ask us to limit how we process your data.
- Right to data portability (Art. 20) — You can request your data in a structured, machine-readable format.
- Right to object (Art. 21) — You can object to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at hello@momentivagency.com. We will respond within 30 days.
9. No Data Selling
We do not sell, rent, or trade your personal data to any third parties, ever.
10. Security Measures
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS/TLS encryption for all data in transit
- Access controls limiting who can access your data
- Secure processing by vetted third-party processors under data processing agreements
11. Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours in accordance with GDPR Articles 33–34. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.
12. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Slovenian supervisory authority:
Informacijski pooblaščenec (IP RS)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
gp.ip@ip-rs.si
www.ip-rs.si
13. Cookies
This website does not use cookies. For more information, see our Cookie Policy.
14. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days’ notice before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.
Questions? hello@momentivagency.com