Privacy policy
PRIVACY PROTECTION
Data privacy
Introductory provisions
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of their personal data and on the free portability of such data and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, page 1, hereinafter: the Data Protection Office), which has been in full application since 25 May 2018 in the Republic of Croatia and all EU Member States, as well as in accordance with the Law on the implementation of the general regulation on data protection (Narodne Novine No. 42/18, hereinafter: the Law) i.e. in accordance with the legal framework of protection of personal data in the Republic of Croatia and the EU and the European best practice, the company DICTA ltd, Limited liability company for trade and services, based in the Republic of Croatia, Trpimirova 2, Rijeka, entered in the court register of the Commercial Court in Zagreb under the registration number of the subject of registration (MBS): 1183753, personal identification number (OIB): 17277283962 (hereinafter: Company), as a manager of the personal data of users of its services and of customers, has drafted a Policy on the protection of privacy of users and customers. Privacy policy is a unilaterally binding legal act based on fundamental principles in the processing of personal data, which regulates which users and/or customers’ data is collected, how is that data processed and for which purpose. Privacy Policy also introduces users and/or customers to their rights regarding the collection and further processing of their personal data, with the intention to protect their privacy in the broad sense.
The Privacy Policy is based on the following principles of personal data processing: the principle of legality, transparency and best practice, the principle of limited processing and reduction of data, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of data integrity and confidentiality, trust and fair processing, the principle of appropriacy (purposes of processing), the principle of processing in an unnamed (anonymised) form.
The Privacy Policy applies to all services offered by the Company, with the aim of the Policy being to inform users and/or customers in a clear and transparent manner about the procedures for processing their personal data and their rights. First of all, users and/or customers may at any time contact the Company with a request to amend and/or update the data relating to them, as well as with a request to comment on the purposes for which they want or do not want their data processed.
The Company responsible for the processing of personal data:
DICTA ltd, Limited Liability Company for Trade and Services, with its registered office in the Republic of Croatia, Trpimirova 2, Rijeka, registered in the court register of the Commercial Court in Rijeka under the registration number of the subject of registration (MBS): 1183753, personal identification number (OIB): 17277283962.
Contact details of the personal data protection officer:
e-mail: zastita-privatnosti(a)dicta.hr
Method of collection and types of data collected
Certain services provided by the Company require the collection of personal data of users and/or customers, whereby basic data is collected in the following ways:
1. Directly by the users and/or customers themselves in a way that the users and/or customers themselves deliver the data with the consent of the Company as the processing manager in an extent that is essential for the provision of appropriate services. For the purpose of providing appropriate services, the user and/or customer is obliged to provide the Company with the following information that is necessary for the establishment of a contractual relationship in order to provide a particular service and/or sale of certain products from its range:
a) name and surname
b) address
c) contact telephone and/or mobile phone number
d) contact details of e-mail (e-mail address)
e) data from the identity card
f) bank account and card number data for the purpose of regulating the payment obligation
2. From other sources or from our business partners or from publicly available sources (for example, data available by accessing the telephone directory and other publicly available services)
3. Automatically by visiting our web pages, applications and web-shop portal, which are data associated with network identifiers (Internet protocol addresses and cookie identifiers, such as Google Analytics to monitor user and/or customer interaction). The network identifiers in question may leave traces which, in combination with other identifiers and information provided by Internet service servers, may be used to identify the user and/or customer. Also, for this purpose, we collect and process the following data:
a) IP address information
b) data on the use of individual applications
c) data on the habits of users and/or customers - we create these data for the purpose of profiling users and/or customers.
The extent of personal data that the Company collects depends on the type of service that the Company provides to its users and/or customers, as well as on the legal basis on which it collects data. The Company constantly takes care of collecting only the necessary range of personal data that is needed to achieve the legally established purpose for which the data is processed.
The purposes for collecting and further processing of personal data
The Company collects personal information in order to provide, maintain, protect and improve its services related to the purchase of certain products, to understand the ways in which users and/or customers use the services provided and the Company's web pages and to fulfil contractual obligations of the Company. Such data is collected by the Company based on the consent given by the user and/or the customer for one or more specific purposes, as well as in one of the following cases.
Execution of contractual obligations
The Company collects and further processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivery of ordered products, consulting and assistance in using products, providing appropriate additional and/or extended product warranties, services, resolving customer and/or customer complaints, and other actions related to the conclusion and execution of contracts in accordance with applicable regulations.
The legal basis for the processing of personal data of users and/or customers for the above purposes is the need to conclude a contract, i.e. in case that the user and/or customer refuses to provide relevant data, the Company will not be able to conclude a contract and/or take certain actions in regard of execution of the concluded contract.
Fulfillment of legal obligations
Based on the submitted written request of users and/or customers to the above address of the personal data protection officer, the Company is obliged to provide them with access to personal data processed about them, correction of inaccurate personal data, deletion of personal data or restriction of personal data processing, with the possibility to objection to the processing of personal data and the right to data portability.
Direct marketing
The contact details of users and/or customers may be used to send promotional notices about the Company's products and services if the user and/or customer has consented to such processing or if there is a legitimate interest of the Company in such actions, unless fundamental rights and freedoms of users and/or customers that require the protection of personal data is stronger than that legitimate interest.
The Company may use contact information and personally contact users and/or customers whose personal information it already possesses, based on a legitimate interest in sending promotional notices about all products and services it provides, using all available advertising channels, unless the user and/or the buyer does not object to such processing.
In order for the user and/or customer to receive notifications that correspond to his wishes and habits, it is necessary for the Company to use certain user and/or customer data to create personalized promotional notices, until the user and/or customer explicitly objects to such data processing, that is, he withdraws his previously submitted application for processing.
The legal basis for the processing of personal data for the stated purposes is the legitimate interest of the Company, unless the interest or fundamental rights and freedoms that require data protection are stronger than that interest.
Internal purposes
The Company uses certain data of users and/or customers exclusively for the purposes of its own records, with the purpose to protect the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data for the purpose of creating offers that meet the needs and desires of users and/or customers, market research and analysis.
Data on potential users
The Company is also authorized to collect data on potential users and/or customers of its services and/or products. This information includes basic information (name and surname, e-mail address) but also the interests of potential users and/or customers who contact the Company with the desire to be informed and/or offered certain products and services.
The legal basis for collection in the described case is the consent of the user and/or customer.
Time duration of storage and processing of personal data
Depending on the purpose and legal basis on which the personal data of users and/or customers is collected, in some cases the Company is obliged to keep personal data for a period of time prescribed by relevant regulations or the termination of the purpose for which they were collected. Upon the expiration of the legal deadline that obliges the Company to keep certain personal data or the termination of the purpose, they are deleted.
In cases where the basis for data collection and processing is the legitimate interest of the Company or the consent of the user and/or customer, personal data is stored for the following periods:
a) data on existing users and/or customers: during the duration of the contractual relationship and 6 months after its termination
b) data on potential users and/or customers: 3 months
Data processed based on the legitimate interest of the Company and/or the consent of users and/or customers may be deleted before the expiration of the period specified in this Policy, in case such deletion is requested by the user and/or customer or when the user and/or customer objects to such process.
User/customer rights
The right to access personal data
The Company, as the controller, undertakes, on the basis of a written request of the user and/or customer, which may also be in the form of an e-mail, to provide access to personal data processed about them, to inform them about the purpose of personal data processing, the type of personal data being processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the estimated period of processing or the criteria used to determine that period.
The right to correct inaccurate data
As the controller, the Company will enable the correction of inaccurate personal data in each individual case when it is determined that the collected personal data about the user and/or customer is inaccurate or there has been a change in the data of the user and/or customer.
The right to delete personal data
The Company will delete the personal data of the user and/or customer in the following cases:
a) when the personal data of the user and/or customer is no longer necessary for the fulfillment of the purpose of processing, i.e. the termination of the purpose of processing
b) when the user and/or the customer withdraws the consent as a legal basis for data processing, and there is no other legal basis for data processing
c) when the user and/or the customer objects to the processing of data (see more under the heading Right to object)
d) when personal data has been illegally processed
e) where personal data must be deleted in order to fulfill legal obligations under European Union law or the law of the Member State to which the controller is subjected to
f) when personal data is collected in connection with the offer of the Company in relation to the consent of the child.
The right to restrict data processing
Restrictions on the processing of personal data will be provided by the Company in cases when the user and/or customer disputes the accuracy of data, when processing is illegal and the user and/or customer opposes the deletion of data and instead requests restriction of their use, when the controller no longer needs personal data, processing needs but the user and/or customer requests data to meet legal requirements, as well as in case the user and/or customer objects to the processing of personal data based on the legitimate interest of the Company, including the creation of user and/or customer profiles.
The right to object
The user and/or the customer has the right to object to the processing of personal data related to him if the data is processed for the purposes of the legitimate interest of the controller. In that case, the Company, as the controller, will stop processing personal data, unless it proves that there are compelling legitimate reasons for the processing of personal data in relation to the rights of users and/or customers, or in the case where data processing serves to set, realize or defend legal requirements.
If the personal data of the user and/or customer is processed for the purposes of direct marketing, the user has the right at any time to object to the processing for the purposes of direct marketing, especially if personal data is used for the purpose of creating a profile.
Where personal data is processed
The Company processes personal data of users and/or customers in the Republic of Croatia.
Under what conditions is personal data passed on to third parties
The Company forwards personal data of users and/or customers to third parties (including competent authorities) only in the following cases:
a) the consent of the user and/or customer
b) for the purpose of fulfilling the legal obligations of the Company
c) when such processing is necessary to protect the key interests of users and/or customers.
Consent management
The active role of the user and/or customer in protecting privacy is reflected in giving consent as a voluntary, specially informed and unambiguous expression of the wishes of the respondent to whom he gives a statement or clear affirmative action consent to the processing of personal data. Consent management implies the possibility that the user and/or customer, by active and unambiguous action, authorizes the Company to collect and process certain personal data for one or more purposes (consent of respondents), or to withdraw previously given consent to collect and process personal data, for one or more purposes.
Who to contact
In case of any questions about the protection of personal data by the Company, users and/or customers may contact the Personal Data Protection Officer by e-mail address specified in this Privacy Policy or in writing to the following address:
DICTA ltd
Attn. Data Protection Officer
Trpimirova 2
51000 Rijeka
Amendments to the Privacy Policy
The Company reserves the right to amend this Policy at any time, without giving any special notice to interested parties. For this reason, it is recommended that all interested parties regularly check the content of the Company's website for information on the updated content of this Policy.
In Rijeka, May 25, 2018.
DICTA ltd