This Policy establishes a responsible and transparent framework for ensuring compliance with the General Regulation on Personal Data Protection.
The policy applies to all organizational parts of Adriateh d.o.o. (hereinafter referred to as PROCESSING MANAGER) and all employees, including honorary and temporary workers, as well as all external associates acting on behalf of the processing manager.
Adriateh d.o.o. with a registered office in Zagrebacka Street 2, Novaki- Sv. Nedelja, is the head of personal data processing.
Contact Information Processing Manager:
tel: +385 (0) 3335-120
The manager of the processing is committed to doing business in accordance with all laws, regulations and the highest standards of ethical business.
This policy sets forth the provisions of the expected retention of the employee of the processing manager and his / her external associates who are involved in the collection, use, storage, transmission, disclosure or destruction of any personal data belonging to the employees, business partners of the processing manager and other physical persons.
The purpose of the policy is to standardize the protection of the rights and freedoms of the respondents by preserving the privacy of their personal data in all aspects of the business manager’s operations that include personal information.
This policy is determined not to disclose unauthorized personal information to a third party, nor to act in a manner that endangers them.
Principles of processing personal data
The Processing Manager adopts the following principles to be followed when collecting, using, retaining, transmitting, and destroying personal data:
LEGITIMACY, RIGHTEOUSNESS AND TRANSPARENCY
Personal data will be processed legitimately, fairly and transparently against the respondent.
We collect only those personal information that is voluntarily delivered to us. We do not require you to send us this information to allow you access to your site and we are not asking you to disclose more information than is necessary to participate in any activity on our site.
We do not sell, transfer or disclose the data we collect except:
in cases when it is necessary to fulfill our legal obligations,
in cases when it is necessary to protect your life or bodily integrity and you are not able to give your consent to process your personal information,
in cases where this is necessary for the performance of tasks carried out in the public interest,
in cases where the involvement of the other party is necessary for the performance of the contract. In such cases, prior to the delivery of personal data, the other party undertakes to Adriateh d.o.o. to keep the business secret.
LIMITATION OF PURPOSE
Personal data will be collected for clearly defined and legitimate purposes and will not be processed in any way that is not in accordance with these purposes.
We collect personal information first and foremost to ensure the provision of the requested service and to respond more effectively to inquiries from our existing and potential business partners.
MINIMIZATION OF DATA
Collected personal information will be relevant and limited to what is necessary to achieve the purpose of their processing. This means that the handler will not collect, process or store more personal data than is necessary.
ACCURACY OF DATA
Collected personal information will be accurate and up-to-date, which means that the process manager will have developed procedures for detecting and solving obsolete, inaccurate and unnecessary personal data.
CAUTIOUS DATA STORAGE
The personal data will not be kept in a form that allows the identification of the respondent for longer than is necessary for the purpose of processing. This means that the manager will handle, wherever possible, personal data in a way that limits or prevents the identification of the respondent.
Personal data will be processed and stored in a manner that ensures adequate protection from injuries such as unauthorized and unlawful processing and accidental loss, destruction or damage to the data. The Processing Manager will implement the appropriate technological and organizational measures described in the Personal Data Security Policy to ensure the integrity and confidentiality of personal data at any time.
PRIVACY CONNECTED TO SYSTEM DESIGN
When designing new ones and reviewing and extending existing systems and processors, care will be taken to apply all of these principles in order to maximize the privacy of the respondents.
The rights of the respondent
All respondents whose data is collected and processed by the processing manager have the following rights:
THE RIGHT TO ACCESS INFORMATION
Each respondent is entitled to a copy of the data that the processing manager has in his archive for the purpose of insight. In addition to the right to inspect your own data, the respondent has the right to information about:
the purpose of processing and the legal basis for processing
legitimate interest, if it is based on processing
types and categories of collected personal data
to the third parties to whom the data is transmitted
data retention period
source of personal data, if not collected from the respondent
All information to the respondent should be provided in a clear and simple language to ensure understanding and must be clearly indicated and visible as the respondent should not overlook.
There is a possibility that providing the requested information to the respondent may reveal information about another person. In such cases, this information must be anonymized or completely denied in order to protect the rights of that person.
RIGHT TO DATA REVIEW
Each respondent has the right to correct inaccurate or incomplete information that the processing manager has in his archive.
THE RIGHT TO FORGET
Respondents may request that data be removed from the archive. The request will be considered and will be met if it doesn’t object to the legal basis for processing personal data.
THE RIGHT TO OBTAIN PROCESSING
Respondents are entitled to limit the scope of the processing, where applicable.
THE RIGHT OF TRANSMISSION OF DATA
Respondents are entitled to a copy of the data for transfer to another processing manager.
THE RIGHT TO COMPLAINT
Respondents have the right to complain, especially if the processing is based on the legitimate interest of the processing manager. It is then necessary to revise the purpose of the processing and to establish its legal basis and, where applicable, enable the respondent to withdraw data processing privileges and/or termination of it’s data processing.
The laws regulating the business of the tributary prescribe the sets of data that are necessary for the fulfillment of the legal obligation. For the collection and processing of data prescribed by the laws, the processing manager will not ask for the privilege of the respondent, but will only collect data prescribed by law and will not use them for other purposes. This applies in particular to the data collected under the following laws and the relevant regulations, among which we mention:
Value Added Tax Act
The Income Tax Act
A rulebook on the content and manner of keeping records of workers
EXECUTION OF CONTRACT OBLIGATIONS
Personal Information Required to Meet Contractual Obligations processing manager will collect without the cajolement of the examinee, to the minimum extent necessary for the fulfillment of the obligation.
In all other cases, the processing manager will ask for cajolement for the collection and processing of personal data in which the purpose of the processing will be clearly stated. The examinee can at any time withdraw the cajolement and thus his data must be automatically removed and the processing terminated.
The processing manager will keep records of active and withdrawn entrants to ensure business accuracy.