OUR CORE BUSINESS PRINCIPLE IS PRIVACY AND PERSONAL DATA PROTECTION
The privacy of individuals and the protection of personal data are fundamental human rights. It is our duty to care for individuals whose data we have collected and stored. Data is a responsibility and should only be collected and processed when absolutely necessary, with security measures to protect them.
We adhere to the following principles to protect your privacy:
- We do not collect more data than necessary.- We do not use your data for purposes other than those stated.- We do not keep your data if it is no longer necessary.- We never sell, lend, or distribute personal data.- Personal data is not shared with third parties without your knowledge and if it is not lawful.- We do not transfer personal data outside the EU/EEA.- We do not profile individuals or predict your personal preferences and behaviors.- We ensure that your personal data is securely stored and protected.
If you have further questions about personal data protection after reading this, please feel free to contact our Data Protection Officer:
Igor Barlek, CIPP/E, Data Protection Officer- Email: firstname.lastname@example.org- Address: Ivančica d.d., Petra Preradovića 12, 42240 Ivanec.
1. WHO WE ARE
Ivančica d.d., Petra Preradovića 12, 42240 Ivanec, acts as the data controller in relation to your personal data. We determine the purposes and methods of processing your personal data and ensure the security of your personal data.
2. WHAT DATA DO WE PROCESS, HOW, AND FOR HOW LONG
When receiving orders or selling our products:
When you visit one of our stores and make a purchase, we only require the necessary set of your personal data (name and surname).
If you visit our webshop and place an order, we will collect and process the personal data required to process your order and deliver it to your address, including payment information. We retain this data to the extent necessary and in accordance with accounting and tax regulations.
Video surveillance is conducted solely for the purpose of protecting the safety of our employees and business partners, as well as all individuals within legally designated recording perimeters. It also serves to protect property and prevent unlawful actions such as theft, robbery, break-ins, violence, destruction, and more, in line with our legitimate documented interests. The recordings are stored for a necessary period, depending on the volume of recorded data on the storage media, but no longer than six months.
Selection of Candidates for Job Positions and Employment:
During the selection and employment processes, we collect basic information about candidates with the intention of entering into employment contracts, such as name, address, email address, phone number, education, work experience, and other information provided through resumes. After the selection process, data of chosen candidates is collected in compliance with legal obligations. Applications and personal data of unsuccessful candidates are either returned or permanently destroyed, but with your consent, they may be retained for potential future employment.
Consumer Right to Complaint:
Every customer has the right to file a complaint about the services we provide. We collect the necessary set of personal data from complainants and retain it for up to 12 months in accordance with consumer protection regulations.
Use of Your Personal Data for Sending Newsletters:
We send newsletters containing news solely with your consent when we collect the most necessary personal data (name, surname, email address) and use them until you withdraw your consent for processing in direct marketing purposes, after which they are permanently deleted.
Collection of Your Personal Data on Our Website:
Although you can use our website without providing personal data, when you contact us through publicly available email addresses or our contact form for potential employment, establishing a business relationship, or inquiries, we collect your name and email address. An optional telephone number is welcome for better understanding of your needs when we return your call.
We retain your personal data as long as there is ongoing communication for the purpose of establishing a business relationship, deleting it when communication ceases or when GDPR-related lawful grounds for data processing no longer exist.
Our website is not intended for providing services to minors under the age of 16, and it is necessary to obtain parental or guardian consent before providing personal data through our contact form.
Our website uses small text files known as "cookies" and places them on your computer for the purpose of customizing your web browser interface. Cookies necessary for ensuring the functionality of our website cannot be turned off and are typically set in response to your actions, such as requests for services, like cookie settings, login, or filling out forms.
For the use of other cookies, which may collect your personal data, your prior consent is required. However, even without your free consent, you can fully use our website and have uninterrupted access to all its content.
List of All Cookies:
The list of all cookies we use is found within the cookie bar, where you have the full freedom to choose whether to use them, and we ensure that you can change your consent settings for cookies at any time.
3. WHO HAS ACCESS TO YOUR DATA
We collaborate exclusively with trusted business partners who help us provide and improve our services and make our direct communication with you more efficient. We provide access to your personal data to authorized external data processors for processing personal data on our behalf, based on explicit instructions and data processing agreements in accordance with Article 28 of the GDPR.
Our chosen external data processors are business partners who provide us with IT services, business application and system maintenance, and web and email hosting, which are essential for us to ensure the highest quality of our services and communication with you. Your personal data is not shared with any third party, except Ivančica d.d. We carefully select our partners and business associates to ensure data security and privacy preservation.
4. YOUR RIGHTS
At any time, you are free to contact us to exercise your rights in the field of personal data protection. Your rights are as follows:
- Right to access personal data: You have the right to access your personal data and to be informed about which data we process, for what purpose, and for how long. We provide you with the opportunity to obtain a copy of your personal data.- Right to rectify personal data: You have the right to correct or supplement incorrect or incomplete personal data that we have collected.- Right to erasure of personal data: You have the right to request that we delete your personal data when the data is no longer necessary for the purpose for which it was collected, when
you file a legitimate objection, or when your personal data is being processed unlawfully.- Right to object: You have the right to object to certain processing of your personal data. For example, you can request that we stop processing your personal data for direct marketing purposes.- Right to restriction of processing: You may request that we restrict data processing, for example, when deletion, correction, or objection concerning your personal data is pending, and/or when there is no valid basis for processing your data, but you wish to keep it. When processing is restricted, your data is stored and will not be further processed. For example, if you dispute the accuracy of your data, its processing will be restricted until it is ensured that the data is accurate.- Right to data portability: When processing is automated and based on a contract or consent, you have the right to receive the personal data you provided in a structured, commonly used, machine-readable format and to transmit this data to third parties.- Right to withdraw consent: If you have previously given free consent for a particular use of your personal data, you have the full right to withdraw your consent at any time, and we will immediately stop using your personal data.
If you wish to exercise any of the aforementioned rights, feel free to submit a request:
- Email: email@example.com- Address: Ivančica d.d., Petra Preradovića 12, 42240 Ivanec.
We will respond to your request as soon as possible, but no later than one month from the receipt of your request. In case we cannot securely confirm your identity, we may request additional identity verification from the requester.
If you believe that our processing of your personal data is unlawful, you can submit a complaint to the competent supervisory authority, the Croatian Personal Data Protection Agency (AZOP), located at Selska cesta 136, 10,000 Zagreb, telephone: 01 4609 000, email: firstname.lastname@example.org.