In compliance with the General Data Protection Regulation (GDPR), the Act on the Implementation of the General Data Protection Regulation and other applicable legislation Premis d.o.o., established in Makarska (the Republic of Croatia), Put Volicije 8 (hereinafter referred to as: The Company) as the data controller, pursuant to Article 13 of the General Data Protection Regulation, hereby informs you about the arrangementsof processing of your personal data.
The Company can process your personal data due to a business relationship, a concluded contract, the Obligations Act, the Accounting Act, the Value Added Tax Act, and other applicable tax and accounting regulations, and for the purpose of the fulfilment of the rights and obligations stipulated by a concluded contract, and the Company’s compliance with its legal obligations as the data controller. Additionally, we can process your personal data for the purposes of our legitimate interest, such as: business communication, record keeping of business partners, and the evaluation of our mutual cooperation.
WHICH PERSONAL DATA AND WHOSE DATA WE PROCESS
THE PURPOSE OF PERSONAL DATA PROCESSING
The Company can process your following personal data (the following categories of personal data):
|The category of the data subject:||the category of the data:|
|I Business partners (natural persons)||Data for identification purposes (such as name and surname, personal identification number (Cro: OIB), and similar data) Contact information (such as address, phone number, cell phone number, and similar data) Banking data (account number, the name of the bank used, the type of the card, and similar data)|
|II Contact person of a business partner||Data for identification purposes (such as name and surname, etc.; personal identification number (Cro: OIB) of the responsible person where necessary, and similar data) Contact information (such as address, phone number, cell phone number, and similar data) Data regarding the position of employment of the contact person at the business partner (position, department, etc.)|
|III Responsible person of the legal person||Data for identification purposes (such as name and surname, etc.; personal identification number (Cro: OIB) of the responsible person where necessary, and similar data) Contact information (such as address, phone number, cell phone number, and similar data)|
|I, II, III while logging in on the web site in order to place an order||Contact information (such as e-mail address, phone number, cell phone number, and similar data) The IP address from which the registration was made, as well as the date and the time of the IP addresses from which the consent was given, and the date and the time of the registration. If you update the information on your user profile, along with the above mentioned data, the following data can also be collected: IP address, the date and the time when the last update was made|
Providing personal data could be necessary so that we could establish a business relationship with you, in other words, there could be a legal obligation that stipulates that we process some of your personal data. If a legal obligation that stipulates that you give us your personal data does not exist, then you are not obliged to do so, however, the Company could then be unable to establish a business relationship with you.
PREMIS that it can in the role of the data controller collect and process your data mentioned above in the extent and in the manner that is required for the following purposes
- Informing you about PREMIS products
- Ordering PREMIS products
- Protecting legal interest
- Contacting (e.g., correspondence through e-mail, a telephone or a cell phone call, through text messages, personal visits, in writing (through mail), in mentioned ways and/or through the channel of communication through which you contacted us)
- Product delivery
- Processing complaints
- Business inquiries
- And the like.
WHO CAN ACCESS YOUR PERSONAL DATA
WHO DO WE SHARE YOUR PERSONAL DATA WITH
Your personal data can be accessed by our employees who are authorized to process personal data in carrying out their duties (such as employees in charge of handling the mail, our accounting department, administration, deliverymen).
In order to process data for purposes which will be determined in advance, the recipients of your personal data can also be competent national authorities (such as the Tax Administration of the Republic of Croatia and similar bodies), our providers of bookkeeping and similar services, our providers of IT services, and the persons, banks, credit and financial institutions, etc. associated with the Company, notaries public, and third parties in relation to which there is a legal obligation to provide your personal data.
PROTECTION OF YOUR PERSONAL DATA
We are taking all the necessary measures so that the transfer of your personal information to third parties would be in compliance with the regulations on personal data protection.
In the event of a possible transfer of your personal data outside of the EU, we shall take all the necessary measures of protection of your data so that we ensure that that the third party to whom the data is transferred shall enable the same level of protection of your personal data as the one in the EU. At any point in time, you can obtain from us the information whether your personal data is transferred outside of the EU, as well as the measures of protection taken at the contact details given below.
We are taking the appropriate technical and organizational measures with a view to protect the collected personal data, and to prevent an accidental or illegal destruction, loss, modification; or the unauthorized disclosure or access to personal data.
In protecting your personal data, we are obliged to act according to our Personal data protection policy which is available at: www.premis.hr
Our way of conduct, which is regulated by the Personal data protection policy, ensures that we use your personal data only for the purpose for which they are obtained, that the data is used by persons authorised to do so, that your personal data is not disclosed to third persons, except in cases which are specially defined; and that your data is kept for as long as it is necessary.
All our employees are aware of their obligations and responsibility when it comes to processing operations of your personal data.
If certain operations of personal data processing are conducted by our Processor, we ensure that this person applies at least the corresponding level of protection of your personal data as the one we do.
CONSENT-AGREEMENT TO PERSONAL DATA PROCESSING
If the processing of a certain type of personal information is based on consent or consent is required to publish or transfer a piece of personal data, we shall obtain one from you in writing. When giving consent, you shall be informed by us about the purposes of giving that consent and the consequences if you deny to give consent. Your consent has to be voluntary and unambiguous. The written consent is kept for as long as the personal data to which it pertains is kept. If you have consented to a certain operation of personal data processing, you have the right to withdraw your consent at all times. The withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal. When giving consent, you shall be informed by us. You can withdraw your consent by submitting a written statement.
RETENTION PERIOD OF PERSONAL DATA
Your personal data shall be kept for five years from when the rights and the obligations from the contractual relationship has been fulfilled, but in the case of issuing/receiving invoices, the data shall be kept for as long as it is required by the period of the mandatory keeping of bookkeeping documents which is stipulated by relevant regulations. In the case of business communication, your personal data shall be kept for five years from the date when the business communication ended, and in the case of the establishment, exercise or defence of legal claims or interests, the data shall be kept depending on the circumstances of each individual case in accordance with the deadlines in particular regulations.
EXERCISING YOUR RIGHTS
Concerning the processing of your personal data, you have following rights:
- the right to access, to rectification and erasure of personal data, restriction of processing, the right to object to processing, and the right to data portability;
- the right to submit objections to the Croatian Personal Data Protection Agency.
The Company shall process your request and respond to it within 30 days of the date when the request was submitted. If your request cannot be met, the Company has a duty to provide a reasoned reply.
The Company does not implement automated decision-making, and a decision concerning you which is based solely on automatized processing shall not be made, including creating new user profiles, that has legal effects that concern you, or that could have a significant impact on you.
CHANGES TO THE NOTICE OF PERSONAL DATA PROCESSING
Depending on the needs, it is possible that we will modify this Notice so that we improve our procedures and achieve a higher level of protection of your right to privacy, or if modifications are required by changes in regulations. We shall publish every modification to this Notice accordingly. We would like to ask you to check in due time whether we have made modifications to this Notice.
The Notice of Personal Data Processing is published on our web page, and it is available at our headquarters. We can provide the Notice at your request.
In case of any questions, you can contact the data controller in the following ways:
e-mail address: firstname.lastname@example.org
phone number: +385 91 679 394
Effective from: 25 May 2018
In Makarska, the Republic of Croatia, 25 May 2018. Data controller: Zoran Premeru