Privacy Policy

The controller of your personal data is Nexdilo d.o.o., with its registered office at Vlaška ulica 78, 10000 Zagreb, Croatia, OIB: 73928461057. For all questions regarding the processing of personal data, you can contact us at: privacy@nexdilo.com.

We collect the following categories of personal data: • Identification data: name, surname, date of birth, personal identification number • Contact data: email address, phone number, residential address • Financial data: bank details required for transactions, investment history • Technical data: IP address, browser type, operating system, device information • Usage data: pages you visit, time spent on the platform, content interactions • Communication data: messages you send us via the contact form or email

We process your personal data based on: • Contract performance – processing is necessary for the provision of our crowdfunding services • Legal obligation – compliance with anti-money laundering regulations and financial supervision • Legitimate interest – improving our services and platform security • Consent – for sending marketing communications and using non-essential cookies

We use your data to: • Register and manage user accounts • Process investments and financial transactions • Communicate regarding your investments and projects • Comply with regulatory requirements (KYC/AML) • Improve user experience and platform functionality • Send notifications about new projects and investment opportunities (with your consent) • Analyze platform usage statistics

We may share your data with: • Financial institutions – for processing transactions • Regulatory bodies – when required by law (HANFA, HNB) • IT service providers – who assist us in operating the platform (with appropriate processing agreements) • Legal advisors – when legal consultation is needed We do not sell your personal data to third parties nor use them for advertising purposes without your explicit consent.

We retain your personal data for as long as necessary to fulfill the purpose for which they were collected: • Account data: for the duration of your account and 5 years after closure • Financial data: 11 years in accordance with the Anti-Money Laundering Act • Technical data: 12 months • Marketing data: until consent is withdrawn

Under the GDPR, you have the right to: • Access – you can request a copy of your personal data • Rectification – you can request correction of inaccurate data • Erasure – you can request deletion of your data ("right to be forgotten") • Restriction of processing – you can request restriction of processing in certain situations • Data portability – you can request transfer of data to another controller • Objection – you can object to processing based on legitimate interest • Withdrawal of consent – you can withdraw consent at any time To exercise your rights, contact us at: privacy@nexdilo.com

We apply technical and organizational measures to protect your data, including encryption of data in transit and at rest, regular security audits, access controls, and employee training on data protection.

For all questions about personal data protection, contact us at privacy@nexdilo.com. If you believe we have violated your rights, you have the right to file a complaint with the Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, azop@azop.hr.