1. GENERAL INFORMATION
This data processing informs you of the ways we use the data that can directly or indirectly identify you as an individual ("personal data"). Regarding the personal data that we use in our business activities, we implement security measures of personal data in accordance with the General Data Protection Regulation (GDPR) through legal, regulatory, and contractual obligations.
1.1. Processing Manager
Your personal data will be processed by AITAC Ltd., Žegoti 6/1, Kastav, ID No (OIB).: 08560945663, E-mail: firstname.lastname@example.org (hereinafter: "Company").
1.2. When Is This Notification Applied?
This notification applies to the personal data you share with the Company or to those resulting from the processing of personal data you have already shared with the Company.
1.3 Data Protection Representative
The Company has appointed a Data Protection Representative whom you should contact by using the information listed below, regarding any issues connected with the processing of your personal data and exercising the rights provided by the General Data Protection Regulation, in the following ways:
• In writing at the address: AITAC Ltd., Žegoti 6/1, Kastav, for the Data Protection
• E-mail address: email@example.com.
2. PERSONAL DATA PROTECTION RULES
2.1 What Data Are Collected?
Through various forms of communication with the Company (including, but not limited to the use of the Company's Web site, sending E-mail inquiries, concluding cooperation agreements, participation in tenders and events), personal data are collected which include but not limited to :
ID no. (OIB), name, surname, E-mail, postal address, phone number, position within the company, and basic information about your employer (name, address, company profile) and bank account number.
The company, through various forms of communication, may also collect data that do not belong to the group of personal data, which include, but are not limited to the following: data about the device through which you connect to the Internet, the type and version of the Internet browser you use to visit our Internet services, and the way you use them.
2.2. Legal Basis for Personal Data Processing
We process and use personal data only for the purposes for which they were collected. Processing of personal data is permitted only if at least one of the following criteria is met:
• Processing is necessary in order to respect the Company's legal obligations - this implies but does not limit the processing of data for the purpose of issuing accounts, for the purpose of solving complaints on the basis of applicable regulations, etc.
• Processing is necessary for the execution of a contract in which the beneficiary is a party or in order to undertake actions at the request of the user before concluding the contract.
• Processing is necessary for the interests of legitimate business activities of the Company or a third party, except when the interests or the fundamental rights and freedoms of the users who require the protection of personal data are stronger.
• Based on the information regarding the range of processing, the explicit user's consent is given.
2.3 When do We Use Personal Information on a Legal Obligation or Contractual Basis or Legitimate Interest?
2.3.1 Delivery of Ordered Goods and Services
If you order goods or services from us, we will use your personal data that you provide at the time an order is made: ID no. (OIB), name, surname, E-mail, postal address, phone number, position within the company, and basic information about your employer (name, address, company profile) and the bank account number for the payment purposes in order to process your order and deliver the goods or services. This may include activities that precede the conclusion of a contract such as answering your inquiries, negotiating product presentations and / or services, and other pre-sale activities, sharing information required for delivery and payment, and customer support providing. It also includes information used for communication through chat functionality, contact forms, E-mails, or telephone conversations. For the purposes of this Privacy Notification, goods and services include services provided by the Company's core business, providing services to the third-party application solutions, offers, tenders, newsletters, documentation, training and events that we organize.
Furthermore, we communicate with you on a regular basis via E-mail, and by phone for the purposes of solving reported users problems or investigation of suspicious activities. We may use your E-mail address for the purposes of opening an account for you, to issue a bill for services or require your payment, inform you about changes in our products and services, and other notifications based on contractual or legal obligations. Generally, customers are not entitled to get an exemption from such communication that is not directed towards marketing, but is required by a business relationship.
Communication related to marketing (for example an E-mail, phone calls), the Company will contact you (i) when it is legally binding but only with your prior explicit consent and (ii) providing you with an option to withdrawal a consent at any time if you don’t want to continue to receive our communication related to marketing. In order to take the advantage of such right, please contact us via E-mail at firstname.lastname@example.org.
2.3.2 Legitimate Interest
The purpose of the processing described below is a legitimate interest of the Company for handling and using of your personal data. If you do not agree, you may file a complaint about the processing or use of your personal information.
Surveys and questionnaires. We may invite you to participate in surveys and questionnaires. These surveys and questionnaires will generally be designed to be used without the need to enter your personal data. If, nevertheless, you enter personal data into the questionnaire or the survey, the information could be used to improve our products and services.
Anonymized data. We may anonymize your personal information in order to create anonymous set of personal data that will be used to improve our services and products or services and products of our business partners or affiliated companies.
Recording of phone or chat conversations. We can record phone or chat conversations to improve the quality of our products and services (after we inform you about that during the conversation and before the recording starts).
As part of our existing business relationship, we may notify you, when applicable according to law, of our products or services (including webinars, seminars or events) that are similar to or related to our products and services that you have previously purchased or used. Furthermore, when you have attended a webinar, seminar or event we organize or purchase our products or services, we may contact you to get feedback about the improvement of the appropriate webinars, seminars, events, products or services.
Digital marketing, newsletter. The Company sends promotional materials via digital communication channels to individuals who have at some point achieved some form of cooperation (customers who expressed interest and agreed on the presentation of our products and services, customers of our products and services, participants in tenders) and who gave us contact information for such a form of communication. The Company's clients of services have at all times the right to disable the service of receiving promotional materials, and the Company will provide the tools in order to enable removal from the notification database. The legitimate interest of the Company is the legal basis for processing data for these purposes.
Contact information, such as your name and E-mail address, are required in case when you want to use the services of receiving promotional materials from the Company. The promotional materials include information on services and special offers and newsletters.
The customer will be notified during the first contact or at any stage of the service performance regarding the use of his / her data for the digital marketing purposes.
The possibility of a general exclusion is not available for some forms of communication that are not related to marketing, such as communication relating to the delivery and / or receiving of services and products, sales transactions, statements of compliance with legal obligations when it is permitted by law.
For delivery of the Newsletters, the Company may use the third party technical services. In this case, we will only process the E-mail address you have submitted for the Newsletter. We also make sure that the selected third-party use it solely and only for the delivery of our Newsletter at the time period while you are subscribed to it, and may not be used for other purposes. Except in the aforementioned case and subject to the above conditions, the Company will not share your contact information with the third parties which you used to sign in to the Newsletter.
You can use your right for objection to the above-mentioned processing purposes at any time by sending an E-mail to the E-mail address email@example.com.
In that case, we will stop using your personal data for the foregoing purposes (i.e., based on the legitimate interests mentioned above) and delete your data from our records, unless we are entitled to use this personal information for another purpose defined in this Notification, or if we establish a legitimate interest that allows us to use further your personal data.
2.4 When do We Use Your Information Based On Consent?
In certain cases, the Company may require individuals their consent to process personal data for specific purposes.
Consenting and providing the personal data to the Company is not your obligation. However, without the access to personal data under certain circumstances, the Company will not be able to provide you with certain benefits or provide certain services.
When personal data processing is based on the consent, an individual can withdraw it at any time, but it will not affect the legitimacy of the data processing which was based on the consent before its withdrawal.
In the following cases, the Company will use your personal data only based on your previously expressed permission for a particular purpose. Therefore, each data processing requires a separate informed consent.
Special categories of the personal data. Regarding the registration and enabling of your participation in events or seminars that we organize, we may ask you for information about your health or eating habits only for the purpose of enabling participation in order to make the most enjoyable stay at such events or seminars for people with disabilities or people with a special diet regime.
We kindly inform you that, if you do not provide us with the information requested, we will not be able to take appropriate measures.
Event Profiling. If you register for an event, seminar, or webinar we organize, we can share the basic information about participants (your name, surname, company name, and E-mail address) to other participants of the same event, seminar, or webinar for purposes of communication and exchange of experiences.
Withdrawal of consent. At any time, you can withdraw your consent by sending an e-mail to firstname.lastname@example.org.
In the case of a withdrawal of consent, we will cease processing personal information relating to the seized consent, unless we are legally obliged to keep them. In that case, we will use your personal data only in the way in which the applicable laws oblige. Your withdrawal of consent will not affect previous processing of your personal information to the moment of withdraw.
Furthermore, if your use of our services is subject to your previously expressed consent, the Company will not be able to provide you with the appropriate services or benefits or your participation in the events after the withdrawal.
2.5. Methods of Data Collection
Personal data are collected in the following ways:
• direct from an individual - the information provided for the purpose of the conclusion or execution of the contract or in order to take actions at the request of the customer prior to the conclusion of the contract, creation of a user account for access to the application solutions and other information and communication services of the Company, by coming to the premises of the Company, by telephone interviews with the individual, by taking part in competitions or events of the Company
2.5.1 How Long Are Your Personal Information Preserved for?
The Company will not keep personal data longer than necessary for the purposes for which it was originally collected.
The Company will keep your personal data as long as it is required to provide a product or service as long as necessary in accordance with this Notification or the time of collection; as long as it is necessary for the Company's legal obligations, settlement of disputes, and execution of our contracts or to the extent permitted by the law.
When the retention period expires, the Company will delete personal information and ensure that they cannot be reconstructed or read.
2.6. Services Used by a Child
These web pages, as well as our services, products, and benefits are not intended for any person under the age of 16.
2.7. Where do You Process Your Personal Data?
Your personal data are processed within the European Economic Area.
The Company carries out the transfer of personal data to the third countries or international organizations only for the purposes of using the MailChimp E-mail marketing service. The Company uses the MailChimp service for the purposes of digital marketing (marketing campaigns) and newsletter services. For this purpose, the data are transmitted to the MailChimp service provider's headquarter:
The Rocket Science Group LLC MailChimp 675 Ponce De Leon Ave NE, Suite 5000 Atlanta, Georgia 30308
The United States of America
The mentioned transfer is made based on the Adequacy Decision (Art. 45 of the EU Regulation 2016/679 of the European Parliament and Council of 27.04.2016) and by the third party participation in The Privacy Shield Program.
2.8. Examinees' Rights
According to the General Data Protection Regulation, you are entitled to different rights regarding the processing of your personal data. The Company ensures the exercise of the rights of the examinee in relation to:
• Access to information
• Correction and Erasing
• Limitation of processing
• Transfer of data
• Objection to processing
Requests for the examinees' rights are submitted in writing. If an individual submits an application regarding to any of the above rights, the Company will consider any such request in accordance with all applicable laws and regulations on data protection. The Company reserves the right to charge the costs for user requests' processing in exceptional cases where the requests are irrational.
The examinees have the right to be informed on the basis of a submitted claim, and after a successful verification of their identity to the following:
• The purpose of processing personal data;
• Personal data category;
• Recipients or categories of the recipients to whom personal data are or may be transferred together with the location of those recipients;
• The anticipated period of storage of personal data or explanation for determining
the storage period;
• Existence of the right to request correction or deletion of the personal data from the processing manager or to limit the processing of personal data relating to the examinees or the right to object to such processing;
• The right to file a complaint with the Supervisory Body;
• Source of personal data, if it is not provided by the user;
• Use of any automated decision-making, including profiling.
All requests related to actualization of the examinees' rights must be addressed to the Personal Data Protection Representative, who will record each application upon receipt. The response to each request is submitted within 30 days of the receipt of the written request of the user.
2.9 Automated Decision Making
The Company does not implement automated decision-making, including profiling for the purpose of processing personal data in this Notification.
2.10 The Right to Complain to the Supervisory Body
If you believe that your rights with respect to personal data processing have been violated, you have the right to file a complaint with The Personal Data Protection Agency, Martićeva ulica 14, 10 000 Zagreb.
2.11 Data Protection
The Company conducts physical, technical, and organizational measures that guarantee the security of personal data (for example, prevention of loss or damage, unauthorized modifications, access or processing and other threats to which personal data may be exposed, caused by human activity or physical / natural environment).
The implemented security measures intend to:
• Prevent unauthorized persons to get access to a data processing system that processes personal data;
• Prevent persons who have the right to use the data processing system to access
personal data that is beyond their needs and authority;
• Ensure that personal data during electronic transmission or during transmission can not be read, copied, modified, or removed without permission;
• Ensure the availability of system records for the purpose of determining whose personal data has been entered, altered, or removed from the data processing system;
• Ensure that when processing is performed by the processor, the data can be processed only in accordance with the instructions of the processing manager;
• Ensure that personal data is protected against unwanted destruction or loss;
• Ensure that personal data collected for different purposes can be processed
• Ensure that personal data is not kept longer than necessary.
3.1 Cookies and Other Similar Technologies
• Collect your browser's standard information (browser type, browser language
• IP network address or other address or device identifier (ID)
• Activities you take on our web site, such as visited sites and links
• Internet pages or other content you are browsing to communicate with our services
• Date and time of visit, access, or use of the service
• information about downloading E-mails, such as whether you open, view the content of the message or invite the links contained in the message, or forward the message.
3.1.1 Information from the Registry
When you browse the content of our web pages or use program support to communicate with us, we automatically collect and store certain information in the server logs. This includes recording and usage of your login information, cookies, data on your device, and internet protocol ("IP") address to identify and record your use of our services.
3.1.2 Links to Other Websites
These web sites may contain links to the third-party external sites. We do not take responsibility for the application of privacy measures or the content of the external internet sites.
The Company takes all security measures to protect individual data, during data entry, transfer, data processing, and storage. Access to data is limited and only available to those employees who are required to do the work and business activities of the Company.
Individuals have the right at any time to request information about their personal data processed by the Company, that is, to be rectified or deleted, by submitting a request to the Personal Data Protection Representative.
These rules define how the Company collects and uses your personal data in the activities of conducting the selection process of a candidate for employment. Personal data will be used in accordance with the below prescribed rules.
By submitting personal data required for employment or business registration, you voluntarily hand over your personal information to the Company.
Personal data collection. The Company requires certain information, including:
• contact information (name, surname, address, phone number, E-mail)
• candidate's data (date and place of birth, citizenship, gender, title, language knowledge)
• information of qualification and education level for the positions you are applying for (resume (CV), qualifications, past job details, driver's license (only if a job description requires it)).
Furthermore, the Company may collect data from the third parties during the verification of the validity of the submitted data by the candidate (eg. to check the validity of the diploma, work experience, and / or recommendations).
Sensitive personal information. During employment, the Company will not seek or require sensitive personal information such as religious affiliation, health status, sexual orientation or political orientation, ethnic or racial origin, marital status, family members, and family planning.
Voluntary disclosure. During the employment process, personal data provided voluntarily shall be available to the Company. The Company will only ask for the necessary information required for a proper functioning of the law and harmonized employment procedure, and will not implement unnecessarily excessive collection of personal data.
Use of personal information. Data can be used to communicate with you, to select a candidate, for the recruitment procedures, and to meet organizational and legal regulations. If you are eligible for employment, we may use your data for employment and organizational management.
Data recipients and sharing with the third parties. Company may share your personal information internally and with service providers and other third parties if necessary in the process of selecting candidates, employment, organizational management, procurement and legal or regulatory obligations to respond to public sector or administration requirements for state security purposes and / or enforcing the law. The Company commits such service providers and third parties to the confidentiality of your personal data and to use personal information only in accordance with the specific purpose for which they are disclosed.
Security and confidentiality. The Company maintains a high level of organizational and technical security measures designed to protect the confidentiality of personal data and the
same is required from its service providers. Employees of the Company who, because of their job description, can access personal data are obliged to keep the confidentiality of such data.
The Company can apply security procedures in its facilities and on its computer systems to monitor and maintain security. Any surveillance of the facilities, systems, or assets of the Company shall be conducted in accordance with the applicable laws.
Your duties. Each candidate is responsible for the data submitted to the Company. All data must be accurate, truthful, and in no way misleading. Candidates must ensure that the information provided does not contain inappropriate, defamatory. or any content that violates the third party rights. In the case where the personal data of another person (e.g. a person who can give a recommendation) are submitted, the candidate is responsible to obtain the consent of the person on time whose information is provided.
5. UPDATING INFORMATION ON THE PERSONAL DATA PROCESSING