PRIVACY POLICY
_________ having its registered office at _________, PIN: _________ (hereinafter referred to as _________), is a service providing company registered in the Court Registry of the Commercial Court in Zagreb.
_________ is primarily engaged in _________. In the course of its business, _________ needs to collect and process certain data about individuals and is therefore considered a controller.
The purpose of this Policy is to ensure that _________provides all information necessary in connection with the personal data of the individuals whose personal data it processes.
All _________ employees are fully familiarized the contents of this Policy and ensure it is implemented when personal data are processed. Employees whose duties involve handling personal data have been adequately trained with respect to their duties in relation to personal data protection.
This Policy applies to all personal data processed by _________ in relation to any person, irrespective of whether or not such person is or becomes an employee, guest, customer, supplier or contact of _________. This Policy does not apply to anonymous data. Anonymous data is data altered in such a way that it cannot be associated with a particular person or cannot be exchanged without disproportionate effort, so it is not considered personal data within the meaning of the applicable legislation.
This Policy was developed for the purpose of improving the services _________ provides to its customers, to protect customers with respect to the confidentiality of their personal data in the process of providing _________ services, to prevent any damage to _________ or its employees and its customers as data subjects, and to ensure that the processing of personal data by _________ is carried out fully in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR) and other applicable regulations. The personal data processed by _________ in the course of its business are not shared with unauthorized persons, offered, sold or transferred outside the Republic of Croatia.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The personal data categories processed by _________ in the course of its business are name and surname, address, gender, country of residence, citizenship, list of project partners (if applicable), PIN, year of birth, e-mail address and other personal data for the respective data subject categories.
_________ primarily collects and processes personal data for the purpose of providing a data subject with services as part of its business or for the purpose of complying with legal obligations. The legal grounds for personal data processing is the contractual relationship between _________ and the data subject, _________legal obligation or data subject’s consent.
_________treats such personal data adequately and in compliance with the relevant regulations, irrespective of how such personal data are collected, recorded, stored and used – on paper, on a computer or on any other medium. _________ processes personal data it receives from data subjects and third parties subject to informing them or as instructed by them. _________ sometimes collects data from publicly available sources such as information contained in public registries, public phone directories, publicly available services or commercial services. _________ does not forward such data to third countries or to any charities.
For the purpose of protecting persons and property, _________ collects certain data through video surveillance in its facilities and the areas surrounding them, where it clearly informs data subjects through video surveillance notices displayed at the points of entry in the surveillance perimeter. Access to such data is only allowed to _________ responsible person or a person authorized by such responsible person, subject to all terms set forth in the Act Implementing the General Data Protection Regulation (Official Gazette No 42/18).
Where a data subject sends _________ an e-mail containing personal data that may identify him in the form of a message including a question or comment or by completing the contact form at www._________, _________uses such data to respond to data subject’s request or query in connection with a service provided by _________. In case the data subject refuses to provide his personal data necessary for the provision of such service or for granting the data subject’s request or to respond to his query, _________ will not be able to process such request or query or provide such service.
_________ processes certain personal data for marketing purposes (name and surname, e-mail address), i.e. for the purpose of providing notices of promotions, benefits and campaigns in relation to _________ services, subject always to data subject’s consent. _________ allows each data subject to withdraw the consent he gave to such data processing in accordance with the data subject’s rights specified below.
As of the time he provides his data to _________, the data subject agrees that _________may process his personal data according to the indicated purpose and for the time defined. The protection of data subject’s personal data is permanent and the data subject may at any time exercise his rights listed and explained below.
_________permanently retains its employees’ employment-related personal data. _________retains personal data appearing in accounting and bookkeeping documents (e.g. invoices issued to customers, but also invoices received from suppliers) for at least 11 years, as required under the applicable accounting regulations. _________processes data subjects’ contact information collected for the purpose of providing marketing services (newsletter) until such time they withdraw their consent based on which it processes them.
For the purposes of conducting its business processes, _________may outsource certain data processing services to processors, but only those that implement the technical, logical and organizational personal data protection measures implemented by _________.
_________stores such personal data collected in an appropriate manner and ensures that they remain confidential. _________will not forward such collected data to third parties without data subject’s consent, except where this is necessary to comply with its legal obligations (for example, to the Tax Administration, Croatian Pension Insurance Fund, or any other competent authorities) or its obligations under a contract to which the data subject is a party where this is necessary to perform duties being performed in public interest or where the data subject discloses such data himself, as well as in all other cases defined by the applicable regulations.
With respect to the personal data processed for him by _________, the data subject has the following rights:
Right to be informed
The data subject has the right to request from _________at any time to inform him of whether his personal data are being processed and for what purpose, who the controller is, the contact details of the data protection officer, the categories of personal data being processed, the period for which the personal data will be processed/stored, the source from which such personal data originate and the recipients of such personal data, as well as the right to be informed of his other rights specified in this Policy (right of access, right to rectification, right to erasure, right to restriction of processing, etc.).
Right of access
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him are being processed, and, where that is the case, access to the personal data and the following information:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed;
– where possible, the envisaged period for which the personal data will be stored or the criteria used to determine that period;
For the purpose of exercising his rights, the data subject should contact _________personal data protection officer by sending a written notice/request to such personal data protection officer by e-mail to the e-mail address provided below or by mail to: _________,
The data subject may also exercise his rights by providing a personal statement directly at _________business premises, subject to prior notice at _____ and identification by a valid identity document. _________reserves the right to set additional requirements regarding the identification of a person requesting to exercise his rights to prevent any abuse of data subject’s rights in connection with the protection of his personal data.
_________has appointed a personal data protection officer and each data subject may contact him in connection with the protection of his personal data at:
_________; or _________@_________.hr
_________believes that the lawful and proper treatment of personal data is highly important and therefore ensures that personal data are treated lawfully and properly. To that end, _________fully supports and complies with the Data Protection Principles.
The personal data protection principles require that personal data be:
– processed fairly and lawfully and that they must not be processed unless the relevant regulatory requirements are met;
– collected for one or more specific and lawful purposes and not be further processed in any manner inconsistent with such purposes;
– adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed and that such data be accurate and kept up to date;
– kept for no longer than is necessary for the purposes for which the personal data are processed;
– processed in accordance with the data subject’s rights under the applicable regulations;
– protected by appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss, destruction of damaging of personal data; and
– transferred to no country or territory outside the EU, unless such country or territory provided an appropriate level of protection of data subjects’ rights and freedoms in connection with personal data processing.
_________takes the following steps:
– fully complies with the requirements relating to the fair collection and processing of personal data;
– specifies the purpose for which personal data are processed;
– collects and processes adequate personal data to the extent necessary to meet its operating needs or to comply with the relevant legal requirements;
– provides all required information to the Personal Data Protection Agency at its request;
– ensures that personal data are not retained for longer than necessary;
– ensures that the rights of persons whose data are being processed may be fully exercised in accordance with the personal data protection principles;
– implements appropriate technical and organizational measures to protect personal data;
– ensures that personal data are not transferred abroad without appropriate protection;
– treats all persons justly and fairly irrespective of their age, religion, disability, gender, sexual orientation or ethnic origin when acting in connection with their requests for information;
– defines clear procedures for responding to requests for information.
To allow for the website of _________to work properly and to allow us to upgrade it for the purpose of improving your browsing experience, a minimum amount of information (cookies) needs to be stored in the computer of the website visitor. Over 90% of all websites use cookies and are, according to the relevant European Union rules, required to request user’s consent. By using the website of _________ the visitor agrees to the use of cookies – if blocked, the visitor may still browse the website, but some of its capabilities may be disabled.
What is a cookie?
A cookie is a piece of information that is stored in the PC at the time of browsing a website you are visiting. Cookies allow easier use because they store the website settings (language or address) of the website visitor and reactivate them each time the website is revisited. This way, such information is consistent with website visitor’s needs and his customary ways of using the website.
In addition to simple settings information, cookies may also store a number of personal information (name, e-mail address) to which the website visitor must allow full access. If the visitor does not allow such access, cookies will not be able to access files in his computer. The cookie storing and sending activities are not visible to website visitors, however, options of accepting/refusing a request to store cookies, erasing the stored cookies or performing other activities relating to the use of cookies may be defined in the settings of the selected browser.
How to disable cookies?
If cookies are disabled, they will not be stored in the website visitor’s computer. The cookie settings may be configured and altered in the selected browser. To view the settings, the visitor needs to select the browser he uses (Chrome, Firefox, Internet Explorer 9, Internet Explorer 7 and 8 and Opera or Safari) (English-language pages)). If the visitor disables cookies, he will not be able to use certain functionalities of the website.
What are session cookies?
Session (temporary) cookies are removed from the visitor’s PC when the browser used to browse the website is closed. Websites use these cookies to store temporary data.
What are persistent cookies?
Persistent (stored) cookies will remain stored in the visitor’s PC after the browser is closed. Websites use these cookies to store personal data to facilitate their use. For example, where a website asks for a username and password, it will remember such particulars entered by a particular visitor and such information will appear every time he revisits the site. Persistent cookies will remain stored in the computer for days, months or years.
What are first-party cookies?
First-party cookies originate from a website browsed by a visitor and may be temporary or persistent. This way, websites store data that will help visitors use the website every time they revisit it.
What are third-party cookies?
Third-party cookies reach the visitor’s computer from other sites contained in the website they are browsing. They are, for example, pop-up ads where cookies are responsible for tracking websites for advertising purposes.
Does this website use cookies?
Yes, this website uses cookies to provide its visitors with an easier and better user experience.
What kinds of cookies does this website use?
Session cookies – These are cookies that will be automatically erased when the browser used by the visitor is closed; Persistent cookies – These are cookies that will remain recorded in the visitor’s browser until they expire or until such time the visitor erases them manually. The information collected is anonymous and does not include visitor’s personal data.
Are there any third-party cookies on the website?
There are several external services that store limited cookies and they are not set by _________ website. Such limited cookies are used to allow uninterrupted use of the capabilities that allow users to easily access contents.
The website where this Policy is published allows:
Measuring visit rates
The website uses Google Analytics – This is a visit rate measuring service. If the visitor wishes to disable cookie storing by this service, he needs to opt out using the following link: Google Analytics – https://tools.google.com/dlpage/gaoptout
Additional information about disabling cookies
There are several websites you can use to disable cookies for different services. More information is available through the following links:
7. Social Plug-ins
Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website facebook.com is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for Facebook.com in Europe. The plug-ins are usually marked with a Facebook logo.
Besides Facebook, we use plug-ins from “Google+” (Provider: Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA), “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and “Pinterest” (Provider: Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA).
For data privacy reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Google+, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network’s servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network’s servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.
a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php.
Further information regarding the data collection: http://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-on-other#applications as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA;
https://www.google.com/policies/privacy/partners/?hl=de.
Google has submitted itself to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
https://twitter.com/privacy.
Twitter has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Pinterest Inc., 808 Brannan Street San Francisco, CA 94103, USA); http://about.pinterest.com/privacy/
YouTube-Videos
We have integrated YouTube videos into our website, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the “extended data protection mode ”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
8. Review and verification:
_________may update this Policy if necessary to reflect the best practices and to ensure compliance with any changes or modifications with respect to personal data protection.
Zagreb, _________, 2020
_________
