INTRODUCTION

(1) Privacy Policy is an internal document implementing Regulation (EU) 2016-679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, the so-called General Data Protection Regulation (“GDPR”).  It regulates the gathering and processing of personal data by controllers and processors, establishes the basic principles and rules for the protection of personal data depending on the business and safety requirements of the Controller and in compliance with legal norms.

(2) The Privacy Policy provides answers the following important questions regarding personal data protection to users, employees, business partners or other persons as data subjects:

  1. who the controller of personal data is,
  2. what the principles of personal data collection and processing are,
  3. which personal data are collected,
  4. which data are not collected and processed,
  5. manner of personal data collection,
  6. purposes and reasons for collecting personal data,
  7. manner of personal data processing,
  8. keeping personal data,
  9. sharing personal data,
  10. data on the data protection officer,
  11. measures of protection of personal data,
  12. rights of the data subjects.

(3) The protection and safety of personal data of our buyers, clients and business partners are our priority. Therefore, please read the following text carefully!

 

CONTROLLER

(1) ProService d.o.o. (hereinafter “Controller”), Josipa Račića 1, 10000 Zagreb, Tax ID no. (OIB): 64625966417 is a data controller under the GDPR, the law and other personal data protection regulations.

(2) The Controller respects privacy and protects personal data collected and processed during the regular course of its business.

(3) Pursuant to legal and regulatory requirements, if you have any questions regarding personal data processing or the realization of your personal data protection rights, you may contact us at info@ssw.hr or by phone: +385/(0)14673669.

 PERSONAL DATA COLLECTED

In the course of its business, i.e. the performance of its registered business activity, the “Controller” may collect and process the following personal data depending on data subject categories (buyers, users, clients, etc.) and the services provided. Basically, these data are a requisite for service provision, and include as a minimum:

 PERSONAL DATA COLLECTION AND USE

(1) The “Controller” may collect personal data in different ways:

(2) Cookies and monitoring activities on the Internet

Cookie is a text file stored by the websites visited on a user’s device (computer, tablet, smart phone). The Controller uses cookies to facilitate and improve visitor’s access to website’s functionalities. Information collected by cookies are used to save settings and user activities on the website, like item browsing, site browsing, product placement in the cart, interesting items or items used for comparison purposes, etc. A user may delete or block cookies in the settings of his/her web browser at any time.

(3) The Controller uses visit analysis and buyer habit tracking services like Google Analytics in its web shop. The service provider may monitor user’s visits to our and other websites by using cookies, and display paid ads or ads of other service users on the basis thereof. Users may stop the display of ads on the website of the service providers displaying the ads.

 

PURPOSES OF PERSONAL DATA COLLECTION AND PROCESSING

(1) The “Controller” may process personal data for the following purposes:

(2) Where necessary, we will request additional express consent of the user for certain purposes.

(3) If personal data required by the “Controller” to enter into a legal transaction and realize contractual rights or provide our services are not provided, the contract might not be concluded.

 SHARING PERSONAL DATA

(1) The “Controller” may share the collected personal data with third parties exclusively in the following cases:

(2) Third parties, within the meaning of the preceding paragraph, are legal, supervisory and regulatory bodies in and outside the territory of the Republic of Croatia, courts, state attorney’s offices, governmental bodies and institutions competent for the resolution of requests processed by the “Controller”.

(3) When transferring the data of data subjects, the “Controller” shall strictly observe the processing limitation principle by transferring the minimum quantity of data required to realize the service requested, as well as all other principles relevant for data protection.

(4) The “Controller” personally performs its registered activity, but might entrust the performance of parts thereof to its associates (subcontractors, IT services, carrier, etc.) and share with such persons the following personal data required for task (order) execution, namely:

(5) The “Controller” hired an accounting office for the provision of bookkeeping services in compliance with the Accounting Act and thus shares with that office personal data necessary for task (order) execution, namely personal data of its clients (e.g. name, surname, e-mail address, IBAN, account no., etc.), data necessary to meet legal requirements, accounting and financial data, etc.

 

 KEEPING PERSONAL DATA

(1) Personal data are kept only while necessary for the purposes for which they were collected, i.e. to meet our contractual or legal obligations.

(2) Personal data collected to meet our legal and regulatory obligations are kept during the prescribed time periods. Personal data collected for the purpose of performance of our registered business activity are stored during the term of the contractual relationship and in compliance with the GDPR and the law.

(3) Personal data are erased following the cessation of the contractual relationship, but no later than following the expiry of all legal keeping obligations, except where a court or similar proceedings have been initiated which require the data to be kept.  Upon expiry of the time limits for keeping data, the data are either eliminated from the system and the archives or anonymized to prevent any possibility of tracing such data back to you.

(4) If data are processed based on your consent, they will be kept until such consent is withdrawn.

PERSONAL DATA SUPERVISION AND PROTECTION

(1) The “Controller” will ensure that any personal data collected and processed are made available to the minimum possible number of its employees, depending on their scope of work and competencies, and undertakes to implement the appropriate technical or organizational measures ensuring their protection against unauthorized or illicit processing, loss, destruction or damage.

(2) The “Controller” applies appropriate technical and organizational standards of protection, methods of data access supervision, etc.

(3) The “Controller” will conclude a confidentiality contract/statement with its employees, associates and business partners to whom personal data are available or who collect and process personal data, whereby such persons will undertake an ongoing confidentiality obligation.

(4) The Controller will implement appropriate measures to be applied to and by employees in their everyday work with buyers and clients with respect to the protection of their personal data. Such measures, among other things, include:

(6) If external associates (Processors) process the data collected on behalf and for the account of the principal (Controller), they must enter into a contract on the processing of personal data regulating the issue of protection of personal data.

 

RIGHTS OF THE DATA SUBJECTS AND DEADLINES

(1) The “Controller” respects the right to privacy, collects and processes data only where there is legal basis for processing and the data subjects have certain rights with respect to the processing of their data at all times.

(2) When collecting data from the data subjects, the Controller will provide the following applicable information:

(3) Where the data are not collected directly from the data subject, the source of personal data must also be indicated.

(4) Where proscribed by law, the data subject, buyer, has the following rights:

(5) If you believe our processing of personal data represents a violation of the personal data protection regulations, please inform us thereof in writing to address: ProService d.o.o., Ulica Josipa Račića 1, 10000 Zagreb or by e-mail: info@ssw.hr. You may also submit your objection to the supervising body – the Personal Data Protection Agency, Zagreb, Martićeva 14, and as of 25 May 2018 to the supervising body in the EU.

CONSENT

Consent given for a particular purpose of processing may be withdrawn at any time, in which case your personal data collected based on your consent will cease to be used for the stated purpose.

EXPENSES AT THE REQUEST OF THE DATA SUBJECT

The “Controller” reserves the right to charge a reasonable fee based on administrative costs or refuse to act as instructed by the data subject based on his rights if the requests of the data subject are unfounded or excessive, and especially if repeated frequently.

FINAL PROVISIONS

(1) This Privacy Policy shall apply as of 1 December 2018.

(2) You will be notified of any amendment hereof in due time, on www.ssw.hr.

On behalf of ProService d.o.o.

Contact

If you have any questions regarding the manner of use of your personal data, you may contact us by phone, e-mail or mail as follows: