In compliance with the General Data Protection Regulation (GDPR), the Act on the Implementation
of the General Data Protection Regulation and other applicable legislation,
Premis d.o.o., established in Makarska (the Republic of Croatia), Put Volicije 8
(hereinafter referred to as: the Company) as the data controller, pursuant to
Article 13 of the General Data Protection Regulation, hereby informs you about the arrangementsof processing of your personal data.
The Company can process your personal data due to a business relationship,
a concluded contract, the Obligations Act, the Accounting
Act, the Value Added Tax Act, and other applicable tax
and accounting regulations, and for the purpose of the fulfilment of the rights
and obligations stipulated by a concluded contract, and the Company’s compliance with its legal obligations as
the data controller. Additionally, we can process your personal data for
the purposes of our legitimate interest, such as: business communication,
record keeping of business partners, and the evaluation of our mutual cooperation.
WHICH PERSONAL DATA AND WHOSE DATA WE PROCESS
THE PURPOSE OF PERSONAL DATA PROCESSING
The Company can process your following personal data (the following categories of personal data):
The category of the data subject:
the category of the data:
I Business partners (natural persons)
Data for identification purposes (such as name and surname, personal identification number (Cro: OIB), and similar data) Contact information (such as address, phone number, cell phone number, and similar data) Banking data (account number, the name of the bank used, the type of the card, and similar data)
II Contact person of a business partner
Data for identification purposes (such as name and surname, etc.; personal identification number (Cro: OIB) of the responsible person where necessary, and similar data) Contact information (such as address, phone number, cell phone number, and similar data) Data regarding the position of employment of the contact person at the business partner (position, department, etc.)
III Responsible person of the legal person
Data for identification purposes (such as name and surname, etc.; personal identification number (Cro: OIB) of the responsible person where necessary, and similar data) Contact information (such as address, phone number, cell phone number, and similar data)
I, II, III while logging in on the web site in order to place an order
Contact information (such as e-mail address, phone number, cell phone number, and similar data) The IP address from which the registration was made, as well as the date and the time of the IP addresses from which the consent was given, and the date and the time of the registration. If you update the information on your user profile, along with the above mentioned data, the following data can also be collected: IP address, the date and the time when the last update was made
Providing personal data could be necessary so that we could
establish a business relationship with you, in other words, there could be a legal obligation
that stipulates that we process some of your personal data. If a legal obligation that stipulates
that you give us your personal data does not exist, then you are not obliged to do so.
However, the Company could then be unable to establish
a business relationship with you.
PREMIS that it can in the role of the data controller collect and
process your data mentioned above in the extent and in the manner that is
required for the following purposes
Informing you about PREMIS products
Ordering PREMIS products
Protecting legal interest
Contacting (e.g., correspondence through e-mail, a telephone or a cell phone call, through text messages, personal visits, in writing (through mail), in mentioned ways and/or through the channel of communication through which you contacted us)
Product delivery
Processing complaints
Repairs
Business inquiries
And the like.
WHO CAN ACCESS YOUR PERSONAL DATA
WHO DO WE SHARE YOUR PERSONAL DATA WITH
Your personal data can be accessed by our employees who are
authorized to process personal data in carrying out their duties
(such as employees in charge of
handling the mail, our accounting department, administration, deliverymen).
In order to process data for purposes which will be determined in advance,
the recipients of your personal data can also be competent national authorities
(such as the Tax Administration of the Republic of Croatia and similar bodies), our providers of bookkeeping and
similar services, our providers of IT services, and
the persons, banks, credit and financial institutions, etc. associated with the Company
notaries public, and third parties in relation to which there is a legal
obligation to provide your personal data.
PROTECTION OF YOUR PERSONAL DATA
We are taking all the necessary measures so that the transfer of your personal information to
third parties would be in compliance with the regulations on personal data protection.
In the event of a possible transfer of your personal data outside of the EU, we shall
take all the necessary measures of protection of your data so that we ensure
that the third party to whom the data is transferred shall enable the same level
of protection of your personal data as the one in the EU. At any point in time,
you can obtain from us the information whether your personal data is transferred outside of the EU,
as well as the measures of protection taken at the contact
details given below.
We are taking the appropriate technical and organizational measures with a view to
protect the collected personal data, and to prevent an accidental
or illegal destruction, loss, modification; or the unauthorized disclosure or
access to personal data.
In protecting your personal data, we are obliged to act according to ourPersonal data protection policy which is available at: www.premis.hr
Our way of conduct, which is regulated by the Personal data protectionpolicy, ensures that we use your personal data only for the purpose for which
it was collected; that the data is used only by authorized persons;
that your personal data is not disclosed to third persons, except in cases which are
specially defined; and that your data is kept for as long as
it is necessary.
All our employees are aware of their obligations and responsibility when it comes
to processing operations of your personal data.
If certain operations of personal data processing are conducted by our
Processor, we ensure that this person applies at least the corresponding level
of protection of your personal data as the one we do.
CONSENT-AGREEMENT TO PERSONAL DATA PROCESSING
If the processing of a certain type of personal information is based on consent or
consent is required to publish or transfer a piece of personal data, we shall
obtain one from you in writing. When giving consent, you shall be informed by us
about the purposes of giving that consent and the consequences if you deny
to give consent. Your consent has to be voluntary and unambiguous. The written consent
is kept for as long as the personal data to which
it pertains is kept. If you have consented to a certain operation of personal
data processing, you have the right to withdraw your consent at all times. The withdrawal of the consent does not
affect the lawfulness of processing based on consent before its withdrawal. You shall be
informed about this when giving consent. You can withdraw your consent by
submitting a written statement.
RETENTION PERIOD OF PERSONAL DATA
Your personal data shall be kept for five years from the date when the rights and the obligations
from the contractual relationship has been fulfilled, but in the case of issuing/receiving invoices, the data
shall be kept for as long as it is required by the period of the mandatory keeping of bookkeeping documents
which is stipulated by relevant regulations. In the case of business communication,
your personal data shall be kept for five years from the date when the business communication
ended, and in the case of the establishment, exercise or defence of legal
claims or interests, the data shall be kept depending on the circumstances of
each individual case in accordance with the deadlines in particular regulations.
EXERCISING YOUR RIGHTS
Concerning the processing of your personal data, you have the following rights:
the right to access, to rectification and erasure of personal data, restriction of processing, the right to object to processing, and the right to data portability;
the right to submit objections to the Croatian Personal Data Protection Agency.
The Company shall process your request and respond to it within 30 days
of the date when the request was submitted. If your request cannot be met, the Company
has a duty to provide a reasoned reply.
The Company does not implement automated decision-making, and a decision
concerning you which is based solely on automatized processing shall not be made,
including creating new user profiles, that has legal effects that
concern you, or that could have a significant impact on you.
CHANGES TO THE NOTICE OF PERSONAL DATA PROCESSING
Depending on the needs, it is possible that we will modify this Notice so that
we improve our procedures and achieve a higher level of protection of your right
to privacy, or if modifications are required by changes in regulations. Every modification
to this Notice we shall publish accordingly. We would like to ask you
to check in due time whether we have made modifications to this Notice.
The Notice of Personal Data Processing is published on our web
page, and it is available at our headquarters. We can provide the Notice
at your request.
CONTACT INFORMATION
In case of any questions, you can contact the data controller
in the following ways:
e-mail address: info@premis.hr
phone number: +385 21 679 394
Effective from: 25 May 2018
Last updated:
In Makarska, the Republic of Croatia, 25 May 2018.
Data controller: Zoran Premeru
