Privacy policy
Article 1.
This privacy policy defines the rules related to the protection of individuals with regard to the processing of personal data and the rules related to the free movement of personal data, and in particular the obligations of the manager of personal data processing, the rights of data subjects, informing data subjects, the right to access data, the right to deletion, correction and limitation processing of personal data, the right to object, the right to data portability, the principles of personal data processing, supervision and other issues in accordance with the General Regulation on the Protection of Personal Data (hereinafter the Regulation), as well as other relevant legal norms in the Republic of Croatia.
In terms of this Policy, the following terms have the meaning as follows:
– “personal data” means all data relating to an individual whose identity has been determined or can be determined (“the respondent”); an identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, online identifier or with the help of one or more factors inherent to physical, physiological, genetic, mental , economic, cultural or social identity of that individual;
– “processing” means any procedure or set of procedures performed on personal data or on sets of personal data, either by automated or non-automated means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, performance of insights , use, disclosure by transfer, dissemination or otherwise making available, matching or combining, restriction, deletion or destruction;
– “processor” means a natural or legal person, public authority, agency or other body that alone or together with others determines the purposes and means of personal data processing; when the purposes and means of such processing are determined by the law of the Union or the law of a Member State, the controller or special criteria for his appointment may be provided for by the law of the Union or the law of a Member State;
– “processor” means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller;
– “recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients; the processing of such data by these public authorities must be in accordance with the applicable rules on data protection according to the purposes of the processing;
– “consent” of the respondent means any voluntary, special, informed and unequivocal expression of the wishes of the respondent by which he gives his consent to the processing of personal data relating to him by a statement or a clear affirmative action;
– “personal data breach” means a breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that has been transmitted, stored or otherwise processed;
Article 2.
The protection afforded in connection with the processing of personal data should apply to individuals regardless of their nationality or residence. The Regulation does not cover the processing of personal data concerning legal entities, and especially entrepreneurs who are established as legal entities, including the name and form of the legal entity and contact information of the legal entity.
CONSENT
ARTICLE 3.
Consent is given by a clear affirmative action expressing the subject’s voluntary, specific, informed and unequivocal consent to the processing of personal data relating to him, such as a written statement, including electronic, or oral statements. This could include ticking a box when visiting websites, selecting technical settings of information society services or other statements or behavior that clearly show in this context that the data subject accepts the proposed processing of his personal data. Silence, a pre-ticked box or a lack of activity should therefore not be considered consent.
Children deserve special protection with regard to their personal data, since they may be less aware of the risks, consequences and protective measures in question, as well as their rights in relation to the processing of personal data. Such a right to special protection should specifically refer to the use of children’s personal data for the purpose of marketing or the creation of personal or user profiles and the collection of personal data about children when using services that are directly offered to the child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counseling services offered directly to the child.
In the case of data collection, for example through contact forms and access forms and other methods of data collection via the Internet, consent will be given electronically in such a way that before any data is collected, before sending the data, the respondent must actively give consent, i.e. give confirmation that they are familiar with all the data regarding data processing, in accordance with the respondent’s right to information stated below, and that he consents to the same processing. The data controller will ensure access to the subject’s consent before the possibility of sending the data subject’s data to the data controller. Consent can also be given in writing in cases where the same is necessary for technical reasons, for example in the case of data collection through access forms by personally coming to the branches of the data processing manager (e.g. loyalty cards), or in the event that the respondent expresses a desire to give consent in writing, and the same consent will be given in that case before providing the data, in such a way that the data collection form will list all the information that must be provided to the respondent before providing data, and the respondent will confirm by marking the corresponding field on the form that he is familiar with all the data and agrees to the data collection.
