Data Protection, Privacy Policy, and the Use of Cookies

DATA PROTECTION:

Introductory Provisions:

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L 119, 4.5.2016, p. 1, hereinafter referred to as: GDPR), which has been fully applicable in the Republic of Croatia and all European Union Member States since 25 May 2018, as well as the Law on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter referred to as: the Law), or in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union, Marijo Cetin (hereinafter referred to as: the owner), as the controller of users’ personal data, has developed a Privacy Policy for users of its services.

The Privacy Policy is a unilaterally binding legal act based on fundamental principles in the processing of personal data, regulating which personal data of users are collected and processed, how and for what purposes. The Privacy Policy also informs users about their rights in the collection and processing of personal data, all for the purpose of protecting their privacy in a broader sense.

The Privacy Policy applies to all services provided by the Owner, with the aim of clearly and transparently informing users about the procedures for collecting and processing their personal data and their rights.

Method of Collection and Types of Data Collected

Certain services provided by the Owner require the collection of users’ personal data, which are collected in the following ways:

Directly from users themselves, in a manner provided by the users. For the purpose of signing up for a contact form via the website, where they provide the following information:

a) name and surname,

b) company name,

c) mobile phone number and/or electronic contact information (email address),

Automatically, by visiting our web pages, whereby data associated with network identifiers (Internet Protocol addresses and cookie identifiers, such as Google Analytics for tracking user interaction) are collected.

A cookie is a small data file that is stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience to each user, store user preferences, with the aim of making websites work more efficiently, as well as for tracking and analyzing the usage and visits to the website.

Cookies are also used to track internet usage and create user profiles, and then to display personalized internet advertisements based on user preferences.

By disabling and/or blocking the storage of cookies, the user can still browse the Owner’s website. However, there is a possibility that certain features and/or functionalities of the website will not be available to such a user, or that the time required to access certain features of the website will be longer than usual.

These network identifiers can leave traces which, in combination with other identifiers and information provided by internet service providers, can be used to identify users. For this purpose, we collect and process data on the IP address.

Purposes for which personal data are collected and further processed

The Owner collects the aforementioned personal data in order to provide, maintain, protect, and improve its services, to understand how users use the Owner’s websites, and for the purpose of concluding and performing cooperation agreements and other actions related to the conclusion and performance of cooperation agreements in accordance with applicable regulations.

Duration of storage and processing of personal data

Depending on the purpose and legal basis for which users’ personal data are collected, the Owner is obliged in certain cases to store personal data for the period prescribed for a specific purpose by applicable regulations or upon the cessation of the purpose for which they were collected. Upon the expiration of the statutory period obliging the Owner to retain certain personal data or upon the cessation of the purpose, they are deleted.

User Rights

Right of access to personal data

Based on a written request submitted by the user, which may also be in the form of an email, the Owner undertakes to provide access to the personal data it processes about them, inform them about the purpose of processing personal data, the type of personal data processed, recipients or categories of recipients to whom the personal data have been or will be disclosed, the intended period of processing, or the criteria used to determine that period.

Right to rectify inaccurate data

The Owner will enable the correction of inaccurate personal data in each individual case when it is determined that the collected personal data about the user are inaccurate or if there has been a change in the user’s data.

Right to erasure of personal data

The Owner will erase users’ personal data in the following cases:

a) when the user’s personal data are no longer necessary for the purpose of processing, or when the processing purpose has ceased;

b) when the user withdraws consent as the legal basis for data processing, and there is no other legal basis for data processing;

c) when the user objects to the processing of data (see more under the heading Right to object);

d) when personal data are processed unlawfully;

e) when personal data must be erased to fulfill legal obligations under EU law or the law of a Member State to which the data controller is subject;

f) upon expiration of the statutory period obliging the Owner to retain certain personal data.

Right to object

The user has the right to object to the processing of personal data concerning them if the data are processed for the purposes of the legitimate interests pursued by the data controller. In this case, the Owner, as the data controller, will cease processing personal data, unless it proves that there are compelling legitimate reasons for processing personal data in relation to the user’s rights, or in cases where data processing serves to establish, exercise, or defend legal claims.

Where personal data are processed

The Owner processes users’ personal data in the Republic of Croatia.

Under what conditions personal data are disclosed to third parties

The Owner discloses users’ personal data to third parties (including competent authorities) only in the following cases:

a) user consent,

b) to fulfill the legal obligations of the Owner,

c) when such processing is necessary to protect the vital interests of users.

Consent Management

The active role of users in privacy protection is reflected in giving consent as a voluntary, particularly informed, and unambiguous expression of the wishes of the data subjects by which they consent to the processing of personal data. Consent management implies the possibility for the user to authorize the Owner to collect and process certain personal data for one or more purposes (consent of the data subject) by active and unambiguous action, or to withdraw previously given consent for the collection and processing of personal data, for one or more purposes, in the same manner.

Whom to contact

Marijo Cetin is responsible for the processing of personal data.

In case of any questions regarding the protection of personal data by the Owner, users can contact the Data Protection Officer via email at g.p.o.cetin@gmail.com or by phone: (+385) 98 898 765.

Amendments and Supplements to the Privacy Policy

The Owner reserves the right to amend and supplement this Policy at any time, without providing any special notice to interested parties. For this reason, it is recommended that all interested parties regularly check the content of the Owner’s websites for up-to-date information on the contents of this Policy.

In Zagreb, 13 February 2024.