PRIVACY POLICY
1. GENERAL PROVISIONS
In accordance with Regulation (EU) 2016/679 of the European Parliament and the European Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data, which has been in full force since May 25, 2018 in the Republic of Croatia and all member states of the European Union , as well as the Act on the Implementation of the General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: the Act), i.e. in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union, Friland j.d.o.o. is attaching the Policy on the protection of personal data of service users.
The Personal Data Protection Policy is a unilaterally binding legal act based on the fundamental principles in the processing of personal data, which regulates which service user data is collected, how such data is processed and for what purposes it is used. The policy on the protection of personal data also informs service users of their rights in the collection and further processing of personal data, all for the purpose of protecting their privacy in a broader sense.
The personal data protection policy is based on the following principles of personal data processing: the principle of legality, transparency and best practice, the principle of limited processing and reduction of the amount of data, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and confidentiality of data, the principle of responsibility, the principle of trust and fair processing, the principle of opportunity, the principle of anonymous processing.
The policy on the protection of personal data applies to all services offered by the Controller, whereby the goal of the Policy is to inform service users in a clear and transparent manner about the procedures for processing their personal data and their rights. First of all, service users can contact the Data Controller at any time with a request to amend or supplement and/or update the data relating to them, as well as with a request for a statement on the purposes for which they want or do not want their data to be processed .
2. TYPES OF DATA COLLECTED AND METHOD OF DATA COLLECTION
The services provided by the Controller require the collection of personal data of service users, whereby basic data is collected in the following ways:
1.1. Directly by the users of the services in such a way that the users of the services give them themselves with the signed consent of Friland j.d.o.o. as the Data Controller, which is defined in a certain amount of data that is essential for the provision of services. For the purpose of providing services, the user of the service is obliged to submit the following data to the Data Controller, which is necessary for the provision of a particular service.
a) name and surname;
b) address;
c) date of birth;
d) contact phone and/or cell phone number;
e) e-mail contact information (e-mail address);
1.2. Automatically by visiting our websites and social networks, which is data associated with network identifiers (Internet protocol addresses and cookie identifiers, such as Google Analytics for monitoring user interaction).
Cookies enable Friland j.d.o.o. to collect statistical data on user behavior on websites (e.g. on which parts of the website users stay the longest and where the shortest) , which Internet browser (eg Internet Explorer, Opera, Safari, Google Chrome, Firefox) is used, and the like.
Cookies are a small set of data sent from the server of the company’s website to the user’s computer, and serve as an anonymous identifier. Cookies are also used for easier navigation through Internet pages. Cookies are not used to access user data or to track user activities after leaving the company’s website.
3. PURPOSE OF COLLECTION OF PERSONAL DATA
The Data Controller collects personal data exclusively for the purpose of fulfilling requests for the performance of a specific service. We do not collect data that does not serve to perform the requested service. Such data is collected by the Data Controller based on the consent given by the service user for one or more specific purposes, as well as in one of the following cases.
3.1. For the purpose of providing the service
We process personal data in case of your inquiries, then complaints regarding the quality, content and type of service provided, requests in accordance with the applicable regulations (provisions related to the rights of respondents according to Regulation EU 2016/679 of the European Parliament and Council – General Data Protection Regulation, etc. .)
3.2 Fulfillment of legal obligations
Personal data may be processed for the purpose of public interest for statistical purposes in accordance with applicable legal regulations (e.g. in accordance with the Annual Plan of Statistical Activities of the Republic of Croatia) or in accordance with the contractual conditions of the service provider. In this case, your data is processed in an aggregated and anonymized form and cannot be linked to a specific natural person.
3.3. Direct promotion (marketing)
The contact data of the service user can be used to send promotional information about the Friland j.d.o.o. services if the service user has given consent for such processing.
3.4. Internal purposes
The controller uses certain data of service users exclusively for the purposes of own records, for the purpose of protecting the legitimate interests of service users and/or Friland j.d.o.o..
3.5. Information about potential service users
The data controller is also authorized to collect data on potential users of its services. This data includes basic data (name and surname, e-mail address) as well as the interests of potential service users who contact the Data Controller with the desire to be informed and/or offered a specific service. The legal basis for collection in the described case is the consent of the service user.
4. STORAGE OF PERSONAL DATA
Depending on the purpose and legal basis on the basis of which the personal data of the service user is collected, the Data Controller is in some cases obliged to keep personal data for a period of time prescribed by the relevant regulations for a particular purpose.
SERVICE USER RIGHTS
5.1. The right to access personal data
Friland j.d.o.o. as a data controller undertakes, on the basis of the submitted written request of the service user, which request can also be in the form of an electronic mail, to provide access to the personal data it processes about them, to inform them about the purpose of the personal data processing for which are processed, about the type of personal data that is processed, about recipients or categories of recipients to whom personal data has been disclosed or will be disclosed to them, about the expected time period of processing or about the criteria used to determine this period.
5.2. The right to correct incorrect data
Friland j.d.o.o. as the processing manager will enable the correction of incorrect personal data in every single case when it is established that the collected personal data about the service user is incorrect or that the data of the service user has changed.
5.3. The right to delete personal data
Friland j.d.o.o. will delete the personal data of the service user in the following cases:
a) when the personal data of the user of the service is no longer necessary for the fulfillment of the purpose of processing, i.e. when the purpose of processing ceases;
b) when the service user withdraws consent as a legal basis for data processing, and there is no other legal basis for data processing;
c) when the user of the service objects to the processing.
5.4. The right to restriction of data processing
Restriction of personal data processing will be provided by Friland j.d.o.o. in cases where the user of the service disputes the accuracy of the data, when the processing is illegal, and the user of the service objects to the deletion of the data and instead requests the limitation of their of use, when the controller no longer needs personal data for processing purposes, but the service user requests data to fulfill legal requirements, as well as in the case when the service user objects to the processing of personal data based on a legitimate interest Friland j.d.o.o.
5.5. The right to object
The user of the service has the right to lodge an objection to the processing of personal data relating to him if the data is processed for the purposes of the legitimate interest of the data controller. In that case, Friland j.d.o.o., as the controller, will stop processing personal data, unless it proves that there are convincing legitimate reasons for processing personal data in relation to the rights of the user and/ or the customer, i.e. in the case where the data processing serves to establish, realize or defend legal claims.
6. WHERE PERSONAL DATA IS PROCESSED
Personal data of service users is processed by the Controller in the Republic of Croatia.
7. CONSENT MANAGEMENT
The active role of the service user in the protection of personal data is reflected in the granting of consent as a voluntary, specially informed and unambiguous expression of the wishes of the respondents to whom he gives his consent to the processing of personal data by a statement or a clear affirmative action. Consent management implies the possibility for the user of the service to actively and unambiguously authorize the Controller to collect and process certain personal data for one or more purposes (consent of the subject), i.e. to withdraw the previously given consent for the collection and processing of personal data in one or more ways. multiple purposes.
8. AMENDMENTS TO THE PERSONAL DATA PROTECTION POLICY
The controller reserves the right to amend and supplement this Policy at any time, without giving any special notice to interested persons.
