PRIVACY POLICY
In accordance with the General Data Protection Regulation, the Law on Implementation of the General Data Protection Regulation, and other applicable regulations, PREMIS d.o.o. with headquarters in Makarska, Put Volicije 8 (hereinafter referred to as the Company) as the data controller, hereby informs you about the method of processing your personal data, based on Article 13 of the General Data Protection Regulation.
The Company may process your personal data based on a business relationship, concluded contract, the Law on Obligations, the Law on Accounting, the Law on Value Added Tax, and other relevant tax and accounting regulations, for the purpose of fulfilling the rights and obligations arising from the concluded contract, and complying with the legal obligations of the Company as the data controller. In addition, we may process your personal data for the purposes of our legitimate interests, such as: business communication, maintaining records of business partners, and evaluating mutual cooperation.
WHAT AND WHOSE PERSONAL DATA WE PROCESS
PURPOSE OF PERSONAL DATA PROCESSING
The Company may process the following of your personal data or categories of personal data:
| Category of data subject | Category of data |
|---|---|
| I. Business partners – natural persons | Identification data (such as name and surname, OIB, etc.)<br>Contact details (such as address, telephone, mobile phone, etc.)<br>Bank details (account number, bank, card type, etc.) |
| II. Contact person of a business partner | Identification data (such as name and surname, etc., if necessary, OIB of the responsible person)<br>Contact details (such as address, telephone, mobile phone, etc.)<br>Data related to the workplace at the business partner (position, department, etc.) |
| III. Responsible person of a legal entity | Identification data (such as name and surname, etc., if necessary, OIB of the responsible person)<br>Contact details (such as address, telephone, mobile phone, etc.) |
| I, II, III When logging in to the website to place an order | Contact details (such as e-mail, telephone, mobile phone, etc.)<br>IP address from which the login was made as well as the date and time<br>IP address from which the consents were given, as well as the date and time<br>Date and time of registration<br>When refreshing data in the user profile, the following data may be collected in addition to the above: IP address, date and time when the last refresh was made |
Izvezi u Tablice
The provision of your personal data may be necessary in order for us to be able to enter into a business relationship with you, or there may be a legal obligation for us to process certain of your personal data. If there is no legal obligation for you to provide us with your personal data, then you are not obliged to do so, however, in that case, the Company may not be able to enter into a business relationship with you.
PREMIS, as the controller of personal data, collects and processes your aforementioned data to the extent and in the manner necessary for the following purposes:
- Informing about PREMIS products
- Ordering PREMIS products
- Protection of legal interests
- Contacting (e.g., communication via e-mail, telephone, mobile phone, SMS messages, direct visit, in writing – by mail – in the stated ways and/or through the communication channel you used to contact us)
- Product delivery
- Complaint resolution
- Servicing
- Sending inquiries
- And similar.
WHO HAS ACCESS TO PERSONAL DATA
TO WHOM WE TRANSFER YOUR PERSONAL DATA
Our employees who are authorized to carry out certain personal data processing activities in the performance of their work tasks may have access to your personal data (for example, employees in charge of mail dispatch, accounting, administration, and delivery of goods).
For the purpose of fulfilling the aforementioned purposes of personal data processing, the recipients of your personal data may be competent state bodies (such as the Tax Administration, etc.), our providers of accounting and similar services, our IT support service providers, then persons connected with the company, banks, credit and financial institutions, etc., notaries public, and third parties in relation to whom there is a legal obligation to provide your personal data.
PROTECTION OF YOUR PERSONAL DATA
We take all necessary actions to ensure that the transfer of personal data to third parties is in accordance with personal data protection regulations.
In the event of any transfer of personal data outside the EU, we will take the necessary measures to protect your personal data in order to ensure that the third party to whom your personal data is transferred ensures the same level of protection of your personal data as in the EU. You can obtain information from us at any time as to whether your personal data is being transferred outside the EU, as well as the protective measures taken, at the contact details listed below.
We take appropriate technical and organizational measures with the aim of protecting the collected personal data and preventing accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.
In protecting your personal data, we are obliged to act in accordance with our Personal Data Protection Policy, which is available at www.premis.hr.
The manner of our conduct, which is determined by the Personal Data Protection Policy, ensures that we use your personal data only for the purpose for which it was collected, that the data is used by persons who are authorized to do so, that your data is not disclosed to third parties except in specifically defined cases, and that your data is kept for as long as is strictly necessary.
All our employees are aware of their tasks and responsibilities in the processing of your personal data.
If certain actions of processing your personal data are carried out by our data processor, we ensure that they implement at least the same level of protection of your personal data as we do ourselves.
CONSENT FOR THE PROCESSING OF PERSONAL DATA
If the processing of a certain type of personal data is based on consent or if consent is required for the publication or transfer of personal data, we will obtain it from you in writing. When giving consent, we will inform you about the purpose of giving consent and the consequences if you refuse to give consent. Your consent must be freely given and unambiguous. Written consent is kept for as long as the personal data to which it relates is kept. If you have given consent for a certain processing of personal data, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before its withdrawal. We will inform you about this when giving consent. You can withdraw your consent by submitting a written statement.
PERIOD OF KEEPING PERSONAL DATA
We will keep your personal data for five years from the fulfillment of the rights and obligations arising from the contractual relationship, but in the case of issuing/receiving an invoice, we will keep the data during the period of mandatory keeping of accounting documents prescribed by the relevant regulations. In the case of business communication, we will keep personal data for five years after the termination of business communication, and in the case of establishing, exercising, or defending legal claims or interests, we will keep the data depending on the circumstances of each individual case in accordance with the deadlines from special regulations.
EXERCISE OF YOUR RIGHTS
In relation to the processing of your personal data, you have the following rights:
- the right to access, correct, and delete personal data, restrict processing, the right to object to data processing, and the right to data portability;
- the right to lodge a complaint with the Personal Data Protection Agency.
The Company will process your request and respond to it within 30 days from the date of receipt. If your request cannot be fulfilled, the Company is obliged to provide you with a reasoned response.
We do not have automated decision-making, and no decision will be made in relation to you that is based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
CHANGES TO THE NOTICE ON THE PROCESSING OF PERSONAL DATA
Depending on the needs, it is possible that we will change this Notice in order to improve our procedures and achieve greater protection of your right to privacy or if changes in regulations require it. We will appropriately announce any change to this Notice. Please check from time to time to see if we have changed this Notice.
The Notice on the processing of personal data is published on our website and is available at our headquarters. We can provide you with the Notice upon your request.
In case of any questions, you can contact the data controller in the following ways:
e-mail address: info@premis.hr telephone: 021 679 394
Valid from: May 25, 2018 Last updated: In Makarska, on May 25, 2018.
Data controller: Zoran Premeru
