Marinion International OÜ, Järvevana tee 9, Tallinn, 11314, Estonia, Registry code (EE): 17372214, as the operative company and franchising entity of MARINION INTERNATIONAL™ (hereinafter: the Company, We, or Us), hereby establishes and adopts the following Privacy Policy.

This Privacy Policy explains how the Company collects, uses, discloses, and processes the personal data of its clients, prospective clients, and website visitors (collectively, Data Subjects), in accordance with the General Data Protection Regulation (GDPR).

I. Data Controller and Scope

Data Controller: Marinion International OÜ, Järvevana tee 9, Tallinn, 11314, Estonia. The Company is the central Data Controller for the MARINION INTERNATIONAL™ brand network.

Joint Processing with Service Providers: For the purpose of providing services under an individual contract, the specific franchised Service Provider (the legal entity or consultant with whom the Client contracts) acts as a Joint Controller with the Company regarding the data processed for service execution. The Service Provider is primarily responsible for the data processing activities and security measures related to the execution of the specific service contract. Both entities are jointly committed to protecting your privacy under this Policy.

Scope: This Policy covers all data processing activities related to the provision of Business Consulting and Conciliation services, including data collected via the website www.marinionint.com (hereinafter: the Site) and during the execution of service contracts. For details on Site tracking technologies, please see our Cookie Policy.

II. Categories of Data, Purpose, and Legal Basis

We collect and process personal data based on the following legal grounds and for the purposes outlined below:

A. Contractual Necessity

Processing is necessary for the performance of a service agreement with you or to take steps, at your request, before entering into such an agreement. This includes:

Categories of Data Processed: Contact and Identification Data (Name, email, phone, position within the company or entity, address) and Conciliation / Case-Specific Data (details related to the dispute, strategic information).

Purpose of Processing: Entering into and performing Service Contracts, communication, invoicing, delivery of specific Conciliation and Consulting services, and dispute resolution.

B. Legal Obligation

Processing is necessary for compliance with a legal obligation to which the Company is subject. This includes:

Categories of Data Processed: Financial and Transaction Data (invoices, payment history, bank details).

Purpose of Processing: Fulfilling accounting, tax reporting, and other mandatory legal obligations.

C. Legitimate Interest

Processing is necessary for the purposes of the legitimate interests pursued by the Company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. This includes: 

Categories of Data Processed: Conciliation / Case-Specific Data (for managing professional risks), Technical/Logging Data (IP address, browser type, server log data). 

Purpose of Processing: Ensuring website security and functionality, diagnostics of technical errors, and managing professional risks related to service delivery.

D. Consent

Categories of Data Processed: Marketing Data (Subscriptions, preferences, opt-in status).

Purpose of Processing: Sending professional updates, newsletters, and marketing materials, provided you have explicitly consented.

III. Recipients of Personal Data and International Transfers

1. Recipients

We may share your personal data with the following categories of recipients:

- Service Providers (Franchised Network): Data necessary for the performance of the service agreement will be shared with the specific franchised Service Provider (consultant, mediator, or entity) responsible for the execution of the Client’s contract. These providers are bound by confidentiality agreements.

- IT and Hosting Providers, Legal and Financial Advisors, Public Authorities.

- AI Processing Tools: Data may be processed using Artificial Intelligence (AI) tools, including Google AI services, for purposes including internal operational optimization, research, and improving service quality (Legal Basis: Legitimate Interest). We utilize third-party AI processors and ensure data sharing is governed by strict processing agreements and confidentiality clauses.

2. Transfers Outside the EEA

Since we utilize Service Providers and AI processors (such as those located in the United States, including Google) that operate outside the European Economic Area (EEA), your data may be transferred to a third country for processing. In such cases, we ensure that transfers are subject to one of the following safeguards: The transfer is based on an Adequacy Decision by the European Commission; The transfer is covered by Standard Contractual Clauses (SCCs), which are contractual mechanisms approved by the European Commission, with necessary supplementary security measures; or The transfer is based on the Client’s explicit consent.

IV. Data Retention and Security

Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Contractual Data is retained for the duration required by applicable positive law for the purpose of the processing, including statutory limitation periods for legal claims and compliance with financial/tax reporting obligations. Consent Data is retained until the Data Subject withdraws consent or requests erasure.

Security: We implement appropriate technical and organizational measures (TOMs) to protect personal data from loss, unauthorized access, disclosure, alteration, and destruction, including, but not limited to, data encryption, access controls, and regular data backup procedures.

V. Data Subject Rights (Your Rights Under GDPR)

As a Data Subject, you have the following rights regarding your personal data: Right of Access, Right to Rectification, Right to Erasure (Right to be Forgotten), Right to Restriction of Processing, Right to Data Portability, Right to Object, Right to Withdraw Consent, and Right to Lodge a Complaint with a supervisory authority.

VI. Language Precedence

This Policy is drafted equally in both English and Croatian language. In the event of any language dispute regarding the content of this Policy, the English language version shall prevail.

VII. Contact Information and Amendments

Amendments: The Company reserves the right to amend this Privacy Policy at any time. Any changes will be posted on the Company's website www.marinionint.com, and become effective immediately upon publication, unless a later date has been set.

Contact: If you have questions about this Privacy Policy or wish to exercise your data subject rights, please contact the Data Controller representative via Email: info@marinionint.com.

Effective Date: This Policy is effective as of the date of adoption of this Privacy Policy, as designated herein.

Marinion International OÜ

18.12.2025.