Virentaq

Privacy Policy

Last updated: 15 January 2026.

1. Introduction

Virentaq d.o.o., with its registered office at Ulica Kneza Mislava 14, 10000 Zagreb, Croatia (OIB: 82946317205), is committed to protecting the privacy of all users of our real estate crowdfunding platform. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the Croatian Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

By using the website virentaq.com and related services, you consent to the processing of data as described in this document. We recommend that you carefully read this policy before using our services.

2. Data controller

The controller of your personal data is Virentaq d.o.o., registered with the Commercial Court in Zagreb under number MBS 081432967. For all questions related to data protection, you can contact us at info@virentaq.com or by post at Ulica Kneza Mislava 14, 10000 Zagreb.

3. Types of personal data we collect

We collect the following categories of personal data: identification data (name, surname, address, date of birth), contact data (email address, phone number), financial data (required for investment processing and regulatory compliance), technical data (IP address, browser type, operating system, cookies), and communication data (content of messages sent through the contact form).

We do not collect special categories of personal data (health data, political beliefs, etc.). In the context of regulatory compliance, we may request an identification document for KYC (Know Your Customer) verification.

4. Purpose of processing and legal basis

We process your data for the following purposes: performance of contractual obligations (processing registration, managing investments, communication about projects), compliance with legal obligations (regulatory reports, tax obligations, AML/KYC checks), legitimate interest (improving our services, usage analytics, fraud prevention), and consent (sending marketing communications, use of analytical and marketing cookies).

The legal basis for data processing is determined separately for each purpose, in accordance with Article 6 of the GDPR.

5. Sharing data with third parties

We do not sell your data to third parties. We may share data with trusted partners who assist us in providing services: technical infrastructure providers (hosting, security), financial intermediaries and payment institutions, legal and accounting advisors, and competent regulatory authorities (when required by law).

All third-party partners are obligated to comply with equivalent data protection standards and have concluded appropriate data processing agreements in accordance with Article 28 of the GDPR.

6. International data transfers

Your data is generally processed within the European Economic Area (EEA). In the event of data transfers outside the EEA, we ensure appropriate safeguards such as Standard Contractual Clauses (SCC) approved by the European Commission or Adequacy Decisions, in accordance with Chapter V of the GDPR.

7. Data security

We implement technical and organisational measures to protect your data from unauthorised access, loss, or misuse. This includes data encryption in transit (TLS/SSL), access controls, regular security audits, and employee training. Despite all measures, no system can guarantee absolute security, so we recommend using strong passwords and exercising caution when sharing personal information.

8. Your rights

Under the GDPR, you have the right to: access your data, rectify inaccurate data, erase data ('right to be forgotten'), restrict processing, data portability, object to processing, and withdraw consent at any time. To exercise your rights, contact us at info@virentaq.com. We will respond to your request within 30 days.

You have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb, if you believe your data has been processed unlawfully.

9. Data retention

We retain your data only for as long as is necessary to fulfil the purpose for which it was collected or as required by law. Contact enquiries are kept for 2 years, investment data for 10 years from project completion (legal obligation), and technical data for up to 26 months.

10. Changes to this policy

We reserve the right to update this Privacy Policy. You will be notified of significant changes via email or a notification on the website. We recommend regularly checking this page to stay informed about any amendments.

We use cookies

Virentaq uses cookies to improve user experience, analytics, and customised marketing. You can manage your preferences or learn more in our cookie policy. Cookie Policy