Skip to main content

Privacy Policy

Last updated: April 8, 2026

This Privacy Notice for HDI.Vision (operated by Tomislav Krištof, Radauševa 4, Zagreb, Croatia) describes how and why we might collect, store, use, and/or share your information when you use our services, including when you visit hdi.vision, use the HDI test platform at test.hdi.vision, or contact us.

Questions or concerns? Reading this notice will help you understand your privacy rights and choices. If you disagree with our policies, please do not use our services. For questions, contact us at info@hdi.vision.

1. What Information Do We Collect?

Information you provide voluntarily

We collect personal information you provide when you register an account, take the HDI assessment, or contact us. This includes:

  • Name, email address, username, and password
  • Year of birth, country, occupation, and education status
  • Responses to HDI assessment questions (including information about your digital behaviour)
  • Messages sent via the contact form

Sensitive information

The HDI assessment may collect data relating to your self-reported digital behaviour patterns, wellbeing indicators, and psychological traits (such as self-reported anxiety, mood, or behavioural tendencies). Under GDPR Article 9, this may constitute sensitive personal data.

We collect this data only with your explicit consent, provided at the point of assessment. You may withdraw this consent at any time by contacting us at info@hdi.vision, though withdrawal will prevent further use of the assessment. This data is used solely for:

  • Generating your personal HDI report and improvement recommendations
  • Anonymised and aggregated academic research (PhD research at Algebra Bernays University, Zagreb)

Important: HDI assessment data is not shared with healthcare providers, insurers, employers, or any third party without your explicit separate consent. It is never used for profiling, advertising targeting, or automated decision-making with legal effects.

Information collected automatically

When you visit our site, we automatically collect:

  • IP address, browser type and version, device characteristics
  • Operating system, language preferences
  • Pages visited, time spent, referring URLs

2. How Do We Use Your Information?

We process your information to:

  • Create and authenticate your account on test.hdi.vision
  • Deliver your HDI assessment report and personalised recommendations
  • Process payments via Stripe for the comprehensive assessment
  • Respond to your enquiries and contact form submissions
  • Improve and develop our services and assessment methodology
  • Conduct anonymised academic research (PhD research at Algebra Bernays University)
  • Comply with legal obligations under Croatian and EU law

3. Legal Bases for Processing (GDPR)

We only process your personal information when we have a valid legal basis to do so under applicable law:

  • Consent — where you have given us explicit consent (e.g. for sensitive assessment data or marketing communications)
  • Contract performance — to deliver the services you have purchased or requested
  • Legal obligation — where processing is required by law
  • Legitimate interests — for security, fraud prevention, and service improvement, where these are not overridden by your rights

4. Do We Share Your Information?

We do not sell your personal information. We may share information with:

  • Stripe — for payment processing (comprehensive test purchase)
  • Google Analytics — for anonymised website usage analytics
  • OpenAI / Anthropic — where AI-powered improvement reports are generated. Assessment data sent to these providers is processed in accordance with their data processing agreements. Data is used solely for generating your report and is not used to train AI models.
  • Resend — for transactional email delivery (account verification, invoice delivery)
  • Law enforcement or regulatory authorities where required by law

We do not collect any personal information from third parties, and we do not share your individual assessment data with any third party without your explicit consent.

5. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to operate our website and improve user experience. These include:

  • Essential cookies — necessary for the site and assessment platform to function
  • Analytics cookies — Google Analytics, used to understand how visitors use the site (with IP anonymisation enabled)

You can control cookie settings through your browser preferences. Opting out of analytics cookies will not affect your ability to use the site.

6. How Long Do We Keep Your Data?

We retain your personal information for as long as necessary to fulfil the purposes outlined in this notice, or as required by law. Specifically:

  • Account data — for the duration of your account plus 2 years after deletion request
  • Assessment data — for the duration of your account, used in anonymised form for ongoing research
  • Payment records — 7 years (Croatian tax law requirement)
  • Contact enquiries — 2 years from last communication

7. Your Privacy Rights

As a resident of the EEA (including Croatia), you have the following rights under GDPR:

  • Right of access — to receive a copy of your personal data
  • Right to rectification — to correct inaccurate data
  • Right to erasure — to request deletion of your data ("right to be forgotten")
  • Right to restrict processing — to limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at info@hdi.vision. We will respond within 30 days. You also have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) at azop.hr.

8. Data Security

We implement appropriate technical and organisational security measures to protect your personal information. However, no electronic transmission or storage system is 100% secure. We encourage you to use a strong, unique password for your account and to contact us immediately if you suspect unauthorised access.

9. International Data Transfers

HDI.Vision is based in Croatia (EU). Where we use third-party service providers outside the EEA (such as Stripe, OpenAI, or Anthropic), we ensure appropriate safeguards are in place — specifically, Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46(2)(c). By using the Services, you acknowledge that your data may be transferred to and processed in countries outside the EEA as described above.

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal information from children under 16 without verified parental consent. If you believe a child has provided us with personal data, please contact us immediately.

11. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, data subject access requests, or to exercise your rights: