GDPR & Data Subject Rights
Your rights over your personal data, and how to exercise them.
01 Overview
Under the EU General Data Protection Regulation (GDPR) and similar laws, individuals have rights over their personal data. This page explains those rights and how to exercise them with the Operator (WEB rješenja d.o.o., OIB 97669668809, Zagreb).
If you are a Customer of Nebion, this page applies to data we hold about you as controller. For end-user data inside your hosted Projects, we are processor — please direct end-user requests to the Customer responsible for that Project.
02 Your rights
Right of access (Art. 15)
You can request confirmation of whether we process personal data about you and, if so, a copy of that data along with information about purposes, categories, recipients, retention, and your other rights.
Right to rectification (Art. 16)
You can ask us to correct inaccurate or incomplete data we hold about you.
Right to erasure (Art. 17)
You can request deletion of your data where one of the GDPR grounds applies — for example, the data is no longer necessary, you withdraw consent, or processing is unlawful.
Right to restriction (Art. 18)
You can ask us to restrict processing in specific circumstances — for example, while accuracy is being verified.
Right to data portability (Art. 20)
For data we process based on consent or contract by automated means, you can receive that data in a structured, commonly used, machine-readable format.
Right to object (Art. 21)
You can object to processing based on legitimate interests, including profiling. We stop unless we demonstrate compelling legitimate grounds, or for marketing — where objection ends the processing.
Rights related to automated decision-making (Art. 22)
We do not subject Customers to automated decision-making with legal or similarly significant effects without human review.
Right to withdraw consent
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint
You can complain to the supervisory authority in your EU country of residence. We encourage you to contact us first so we can try to resolve the matter directly.
03 How to make a request
Send an email to hello@ws.agency with:
- The right you want to exercise.
- Enough information to identify you (typically the email associated with your account).
- Any additional context (specific data, time period, scope).
We may ask for additional verification if we have reasonable doubt about your identity, to protect your data from being disclosed to the wrong person.
04 How long it takes
We respond within 30 days of receiving a complete request. Where requests are complex or numerous, we may extend by up to 60 additional days, in which case we explain the reason within the original 30-day window.
If we cannot fulfil a request, we explain why and inform you of your right to lodge a complaint with a supervisory authority and to seek a judicial remedy.
05 Cost
Requests are free of charge. We may charge a reasonable fee, or refuse, only where requests are manifestly unfounded or excessive (typically because of repetition).
06 Requests about Customer Projects
If your data is held inside a Customer's hosted Project (e.g. a website built on Nebion), please contact that Customer directly — they are the controller for that data, and only they can fulfil rights against it.
If you are unsure who the Customer is, write to us and we will do our best to forward the request and inform you of the controller's identity, where lawful.
07 Contact
Privacy and data protection contact: hello@ws.agency .