1. Introduction

Rounded Square d.o.o., a company registered in Slovenia (registration number: 9572660000, VAT: SI31966837), with its registered office at Zgornje Hoče 6C, 2311 Hoče, Slovenia ("we", "us", "our", or "Rounded Square"), is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or otherwise interact with us. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

By visiting our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the terms of this policy, please do not access our website or use our services.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity Data: First name, last name, username, job title, company name.
• Contact Data: Email address, telephone number, billing address, business address.
• Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, and other technology on the devices you use to access our website.
• Usage Data: Information about how you use our website, products and services, including pages visited, time spent on pages, navigation paths, and interaction patterns.
• Communication Data: Records of correspondence between you and Rounded Square, including emails, contact form submissions, and any feedback or support requests.
• Marketing Data: Your preferences in receiving marketing from us and your communication preferences.

4. How We Collect Your Data

We collect personal data through the following methods:

• Direct interactions: You provide data when you fill in forms on our website (e.g., contact forms, newsletter sign-ups), correspond with us by email or phone, request a consultation, or engage our services.
• Automated technologies: As you interact with our website, we may automatically collect Technical Data through cookies, server logs, and similar technologies.
• Third parties: We may receive personal data about you from analytics providers (such as Google Analytics), advertising networks, and search information providers.

5. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

• Contractual necessity: Processing is necessary for the performance of a contract to which you are party, or to take steps at your request prior to entering into a contract.
• Legitimate interests: Processing is necessary for our legitimate interests (such as improving our services, marketing, and business development), provided these do not override your fundamental rights and freedoms.
• Legal obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax and accounting requirements).
• Consent: Where you have given explicit consent to the processing of your personal data for specific purposes (e.g., marketing communications). You may withdraw consent at any time.

6. How We Use Your Data

We use your personal data for the following purposes:

• To provide, operate, and maintain our website and services.
• To process and manage your inquiries, requests, and service engagements.
• To communicate with you, including sending service-related notices and updates.
• To personalize and improve your experience on our website.
• To analyze website usage and trends to improve our offerings.
• To send you marketing communications, where you have opted in to receive them.
• To comply with legal obligations and protect our legal rights.
• To detect, prevent, and address fraud, security issues, or technical problems.

7. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with the following categories of recipients:

• Service providers: Third-party companies that perform services on our behalf, such as web hosting, analytics, email delivery, and customer support tools. These providers are contractually obligated to protect your data.
• Legal authorities: Where required by law, regulation, or legal process, or to protect our rights, privacy, safety, or property.
• Business transfers: In connection with any merger, acquisition, or sale of company assets, your personal data may be transferred as part of the transaction.

8. International Transfers

Your personal data may be transferred to, and processed in, countries other than Slovenia. When we transfer data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and applicable legal requirements.

10. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data against accidental loss, unauthorized access, alteration, or disclosure. These include encrypted data transmission (TLS/SSL), access controls, regular security assessments, and employee training. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Your Rights

Under applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data under certain circumstances.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Request transfer of your data to another controller in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@roundedsq.com. We will respond to your request within 30 days.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically for any changes.

13. Contact Us

If you have any questions about this Privacy Policy, or if you would like to exercise your rights, please contact us:

• Rounded Square d.o.o.
• Zgornje Hoče 6C, 2311 Hoče, Slovenia
• Email: info@roundedsq.com
• VAT: SI31966837