Pursuant to Article 25 of the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/2018) and the provisions of the Articles of Association of the limited liability company DEKADA KOMUNIKACIJE limited liability company for services from Zagreb, Bani ulica 75a (OIB: 49593171501) (hereinafter referred to as the Employer), represented by the director Dario Đanić, on 16 May 2018, hereby adopts the following
PERSONAL DATA PROTECTION POLICY ON OUR WEBSITES
1. Introductory provisions
1.1 Privacy applies to our website – dekada.hr
This Policy applies to all users of DEKADA KOMUNIKACIJE doo services, that is, to all persons whose personal data DEKADA KOMUNIKACIJE doo collects, uses or otherwise processes.
1.2 We process your personal data in accordance with the General Data Protection Regulation (EU Regulation 2016/679) and the Act on the Implementation of the General Data Protection Regulation (OG 42/2018).
1.3 By accepting this Personal Data Protection Policy by clicking when visiting our website, you confirm that you have read, understood and agree to the processing of personal data as set out in this Policy.
2. Security
In order to protect your personal data, we have taken appropriate technical and organizational measures, which we are continuously upgrading, and which protect your personal data from loss, misuse, unauthorized access, unauthorized disclosure and manipulation.
However, we cannot guarantee complete protection during the transmission of personal data to or from our website, therefore it is extremely important that you yourself take care of the security of your computer and the secure storage of personal data and its confidentiality.
DEKADA KOMUNIKACIJE doo attaches great importance to the protection of personal data of its website users. This Privacy Policy governs the manner in which information that DEKADA KOMUNIKACIJE doo processes or collects when users visit our website is handled.
Employees of DEKADA KOMUNIKACIJE doo, as well as professional services that maintain the website, are obliged to respect the confidentiality of the User's data and comply with the general acts of the company DEKADA KOMUNIKACIJE doo.
Categories of personal data and purpose of processing
3.1 Customer category – we process the following personal data:
– identification data such as: name and surname, OIB (Personal Identification Number), address, ID card number, photograph, other data contained in the ID card;
– contact information such as: e-mail address, telephone number (mobile and/or landline number)
– bank details such as: IBAN, bank name; card type, etc.
- data on other persons - proxies, contents of your inquiries and our answers, documentation you have made available to us, documentation of our services, evidence of services rendered, cost accounting
– as well as any other information you provide to us before or during the provision of the service
– special category of personal data: may contain data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data concerning health, data about sex life, data about sexual orientation. We do not need the aforementioned data to provide our services, but if for any reason we obtain the aforementioned data, it will be kept in accordance with our internal regulations and this personal data protection policy.
Purpose of processing:
a) We process your personal data that is necessary for us to provide our services, all in order to fulfill your requests to us. DEKADA KOMUNIKACIJE doo does not collect personal data unless the User explicitly makes it available (e.g. when ordering a service or applying for employment, making an inquiry or for some other reason), thereby agreeing to or giving consent to its use for the purposes listed below.
The services we provide are not intended for persons under the age of 18, but we cannot know whether the information we collect or process relates to persons under the age of 18. We advise all parents and guardians to teach persons under the age of 18 how to handle personal information safely and responsibly online.
The processing of personal data is based on a contractual or non-contractual legal basis in accordance with the provisions of the General Data Protection Regulation.
b) Fulfillment of legal obligations
We process your personal data in order to comply with our legal obligations as a data controller. In certain cases, we are obliged to process your data in order to comply with legal obligations. The aforementioned processing may follow from mandatory legal regulations, e.g. tax, trade, anti-money laundering, criminal provisions and the like, due to various supervision and controls by state authorities and legal obligations to provide data. The processing is based on Art. 6 et seq. of the General Data Protection Regulation.
3.2 Category of respondent – request for exercising rights:
– e-mail address, first name, last name, telephone number (mobile and/or landline number)
– if necessary, a copy of the identification document (solely for the purpose of establishing the identity of the respondent)
Purpose of processing personal data: legitimate interest - response to your request, performance of services.
3.3 Business partner category:
– business partners of natural persons – identification data: name and surname, OIB, etc., contact data: address, telephone, mobile phone, etc., bank data such as: IBAN, bank name; card type, etc.
– contact person of the business partner – identification data: name and surname, etc., contact data: address, telephone, mobile phone, etc., data related to the job position at the business partner (position, department, etc.)
Purpose of personal data processing: personal data is processed for the purpose of exercising rights and obligations under contracts concluded with business partners, in particular for the purpose of issuing invoices for services performed. Certain personal data may also be processed if necessary to comply with the legal obligations of the controller. Personal data may also be processed for the purposes of the legitimate interests of the controller, e.g.: business communication, keeping records of business partners and assessing mutual cooperation.
4. Submission of personal data
You are not obliged to provide us with your personal data. However, the provision of personal data is generally necessary to perform the requested services or contracts, so we must warn you that without the provision of personal data (depending on each individual case) we will not be able to provide you with the complete service you are requesting.
5. Sources
We collect your personal data, in addition to those that you have provided to us personally, if there is a need for it, solely for the purpose of protecting your rights and interests as our customer/business partner, and from competent state institutions and third parties.
When we collect data about persons who are not our party/business partners, we collect them on the basis of your statements or on the basis of legal powers contained in special laws, that is, on the basis of inspection of publicly published registers.
6. Recipients
Members of the board and other employees of our company in charge of accounting, mail delivery and administration can have access to your personal data.
External recipients may only have access to your personal data if this is necessary for the performance of our service or if this arises from mandatory legal regulations.
External Recipients can be:
– competent state bodies (such as the Croatian Pension Insurance Institute, the Croatian Health Insurance Institute, the Tax Administration, courts, FINA, the Ministry of the Interior, etc.)
– providers of accounting and similar services to the controller;
– IT support service providers to the controller;
– related persons of the controller;
– banks, credit and financial institutions and the like;
– notaries; our lawyers
– translators;
– third parties in relation to whom there is a legal obligation to provide personal data of the respondent;
- other third parties for the purpose of realizing interests related to the purpose of realizing legitimate interests.
In the event of any transfer of personal data outside the Republic of Croatia, we will take the necessary measures to protect your personal data in order to ensure that the third party to whom your personal data is transferred provides the same level of protection for your personal data as in the Republic of Croatia. You can obtain information from us at any time whether your personal data is transferred outside the Republic of Croatia, as well as the protection measures taken, using the contact details below.
8. Storage period
a) We will store personal data for as long as the law requires us to do so (currently no longer than five years). If mandatory legal regulations or other internal regulations of DEKADA KOMUNIKACIJE doo require us to store it for a longer period, then your data will be deleted after the expiry of additional legal periods. If the User has given consent for processing for advertising purposes that extends beyond the prescribed period, DEKADA KOMUNIKACIJE doo may store the data until the consent is withdrawn.
9. Web cookies
We use cookies that are exclusively necessary for the correct display and operation of this website, and we do not collect your personal data through cookies.
Cookies are small files that are temporarily stored on the User's hard drive, which allows the website to recognize the User's computer the next time they visit the DEKADA KOMUNIKACIJE doo website.
The aforementioned tools may collect and store technical data such as cookies, user and/or visitor IP address, mobile device identifier, browser data, and the like, but they do not identify a person.
The cookies that are stored are used for analytical and statistical purposes and for the functioning of all website features and a better user experience. These cookies can be permanent cookies that remain stored on the user's computer after the visit, or temporary cookies that are stored only during the visit to the site.
Third-party cookies are used by DEKADA KOMUNIKACIJE doo to obtain statistical data on website traffic and usage. The data collected includes the user's IP address, browser information, language, operating system, and other standard statistical data that is collected and analyzed exclusively in an anonymous and mass form.
Depending on the settings of the User's internet browser, cookies may be automatically accepted. If the User does not consent to their use, they can easily delete and/or permanently disable cookies at any time on their computer or mobile device using the settings of the browser they are using.
The User can find more information about managing cookies on the pages of the browser they use. DEKADA KOMUNIKACIJE doo emphasizes that the purpose of cookies is to improve and enable the use of our website, and by preventing or deleting cookies, you may disable the functionality of our website features or cause different operation and appearance in your browser.
10. Your rights:
10.1 Right of access – you can request confirmation of whether your data is being processed, for what purpose and to what extent.
10.2 Right to rectification – if we process your personal data that is inaccurate or incomplete.
10.3 Right to erasure - you can request the erasure of your personal data if the purpose for which it was collected no longer exists, if it is an illegal processing, if the processing disproportionately interferes with your protected legitimate interests or the data processing is based on your consent which you have withdrawn.
However, it is necessary to take into account the possible existence of other reasons that could be against the complete deletion of your personal data, for example, storage that is expressly required by law, the existence, exercise or defense of legal claims, and the like.
10.4 Right to data portability – data that you have provided to us and that we process based on your consent or for the performance of a contract, and whose processing is carried out by automated means, we will forward them to you at your request in a structured, commonly used and machine-readable format. If technically feasible, we may transmit them directly to another controller at your request.
10.5 Right to restriction of processing – you have the right to request restriction of processing of your data:
– if you dispute the accuracy of your personal data, during a period that allows us to verify the accuracy of the data
– if the processing is unlawful, but you have refused deletion and instead request the restriction of data processing
– if we no longer need your personal data for the intended purpose, and you still need it to establish or defend legal claims
– if you have lodged an objection to the processing of personal data, awaiting confirmation whether the legitimate reasons of the controller override your reasons
10.6 Right to object – you can object to the processing of your personal data at any time in accordance with Article 6 of the General Data Protection Regulation. This means that if we process your personal data in the public interest or if we base the processing on the needs of our legitimate interests.
* When exercising your rights, please take care to provide us with proof based on which we will be able to establish your identity in an unmistakable way (personal identification document)
10.7 Right to appeal – if you believe that we have violated personal data protection regulations when processing your personal data and have thereby violated your interests, rights and freedoms, please contact us so that we can clarify any possible issues.
In addition to contacting us directly, with your complaint or appeal, you can also contact the supervisory authority for personal data protection in the Republic of Croatia - the Agency for Personal Data Protection (AZOP), Martićeva 14, 10000 Zagreb.
10.8. We will provide information on the actions taken no later than one month from the date of receipt of your request.
If the processing of the request is complex or involves a large number of requests, this deadline may be extended by another two months, but in that case we will inform you of the reasons for any extension of the deadline.
Also, if we are unable to act on your request, we will inform you of our decision, stating the reasons for such decision, and the possibility of filing a complaint or appeal with the Personal Data Protection Agency.
In the event that requests are manifestly unfounded or excessive, in particular due to their frequent repetition, we may charge a reasonable fee based on administrative costs or refuse to act on the request.
Download: request form for exercising rights
11. Automated processing including profiling
We would like to point out that some data (such as the type of internet browser you use, the number of visits, the average time spent on the pages, the content viewed and similar) is processed automatically when accessing the DEKADA KOMUNIKACIJE doo website. The aforementioned data is used for the purpose of assessing the attractiveness of our website. We would like to point out that the User has the right not to be subject to a decision based solely on automated processing, unless such a decision is necessary for the conclusion or performance of a contract between the User and DEKADA KOMUNIKACIJE doo, permitted by Croatian or Union law, or based on the User's explicit consent.
12. Terms and changes
The terms of this Privacy and Cookies Policy govern the use of cookies and all data collected during the application of this Policy, with the exception of third-party cookies.
Any changes to our privacy policy will be posted on the home page and in other places deemed appropriate.
To exercise your rights and any additional questions, please contact us:
phone: 099 370 7968
e-mail: support@dekada.hr
web: dekadka.hr
Zagreb, May 16, 2018
DEKADA KOMUNIKACIJE doo.
______________________
Dario Đanić, CEO