Contessa d.o.o. undertakes to protect private data of its Clients by collecting only the necessary and basic information about the users we need to have in order to fulfill our obligations; notify customers about data usage, giving customers the ability to use their data regularly, including the option to remove their name from a list of marketing campaigns. All client data is carefully kept and available only to employees who need this information to perform their duties. All employees of Contessa d.o.o. as well as business partners are obliged to respect the principles of privacy protection.
PERSONAL DATA PROTECTION POLICY
CONTESSA d.o.o. seriously understands the protection of your personal data and takes all necessary technical and organizational measures to protect them in accordance with the law of the Republic of Croatia and the European Union, in particular in accordance with the General Data Protection Regulation (GDPR).
The head of personal data processing is:
CONTESSA d.o.o., Rova 23, 51511 Malinska, OIB: 84585921286
The contact you can send your queries is:
Address: Rova 23, 51 511 Malinska
2. Personal data
Personal information is any information relating to a natural person who is identified or identifiable; a person who can be identified is a person whose identity can be identified directly or indirectly, in particular on the basis of an identification number or one or more features specific to her physical, psychological, mental, economic, cultural or social identity.
3. Purpose of processing and legal basis for processing personal data
The specific purpose and way of processing your personal information is greatly dependent on the type of relationship that we collect from your information. In our business, we are guided by the fundamental principles of personal data protection, which means that we handle the data legally, transparently and fairly, and that processing is limited only to the purpose for which the data is collected and that only data that are necessary for that purpose are processed. Your personal information is kept only as much as is necessary for the purpose of processing purposes, except when we are bound by certain regulations to store personal information longer, or when our legitimate interests require it (for example, to set up, enforce or protect legal requirements). Accuracy, reliability, confidentiality and integrity of your personal information are also the principles we are handling. Access to your personal information only has authorized persons.
CONTESSA d.o.o., as the manager of personal data processing, protects your privacy and handles only those personal data that are necessary and obtained through its business, whether the information is provided to you by third parties or publicly available sources, following:
4. Freedom of Choice
About the personal data that you give to the handler of your choice. However, if you decide that you will not provide the information necessary to meet any of your requirements, the processing manager will not be able to meet your request.
5. Timely Preservation of Personal Data
Processing Manager will keep your personal information as long as necessary to achieve the purposes for which the personal information was collected and processed.
All personal data processed by the processing manager under the law are retained by the processing manager within the statutory period.
All personal data processed by the processing manager due to contractual relationship with the respondent shall be kept by the processing manager for a period of time necessary for the performance of the contract and for another 5 years after the termination of the contract, except in the event of a dispute between you and the manager of the contract , when the processing manager keeps the data 5 years after the final court judgment or settlement, and in the event that no court dispute has been reached, the processing manager keeps the data 5 years after the day of the peaceful settlement of the dispute.
All personal data handled by the processing manager based on the subject’s privacy or legitimate interest, the processing manager keeps it permanently until the retractor has been withdrawn by the respondent, ie the request for processing interruption. This processing manager’s data is deleted prior to retrieval by the respondent only if the purpose of processing the personal data is achieved or, if so specified by law.
6. Security of personal data
Processing Manager takes all necessary (technical and physical) measures to ensure the security of your personal information. Your data at any time is protected against loss, forgery, manipulation, unauthorized access, and unauthorized disclosure.
Handwritten records of personal data are kept in registers, in lockers, while personal data are encrypted in personal computer and server encryption format and firewalls (firewall, antivirus software).
7. Forwarding personal data
Processing Manager Your personal information will be forwarded to third parties only in cases where it is required by law or other regulation (HZMO, CZZO, Tax Administration and other competent bodies).
8. Internet and Website
Privacy of data
We would like to say that when visiting CONTESSA d.o.o. at www.contessacroatia.com. Your personal information remains confidential unless you want to disclose them voluntarily. We undertake not to disclose the information we received to other parties, except in the cases listed in the previous chapter.
Our global network server uses statistical software. These programs are a standard feature of all Internet servers and are not unique to our sites. Such statistical programs allow us to customize your pages in a way that is as effective and simpler for our visitors (identifying information that most or less interested in our users, customizing pages for individual web browsers, improving the structure of our site, and visiting our sites.)
When you send us an e-mail with personal information that you can identify, either by e-mail with a question or comment, or a form you email us, we use this information solely for the purpose and scope necessary to fulfill it of your requests.
9. The rights of the respondent
a) The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) If you withdraw the facility on which the processing is based and there is no other legal basis for the processing,
c) If you file an objection, and there are no more legitimate reasons for processing;
d) Personal data is unlawfully processed;
e) Personal data must be deleted in order to respect the legal obligation of Union law or the right of the Member State to which the processing manager is subject;
except in so far as the processing is necessary:
a) To exercise the right to freedom of expression and information;
b) In order to comply with a legal obligation requiring processing in the law of the Union or of the Member State to which the master is subject or for the performance of tasks of public interest or in the exercise of the official authority of the processing manager;
c) For the purposes of public interest archiving, for the purposes of scientific or historical research or for statistical purposes to the extent that it is probable that the right of deletion may prevent or seriously jeopardize the attainment of the objectives of such processing;
d) For the purpose of establishing, acquiring or defending the legal requirements;
a) If you dispute the accuracy of personal data, the period during which the processing manager can check the accuracy of the personal data;
b) Processing is illegal and you are opposed to deleting your personal data and instead seek to limit their use;
c) The processing manager no longer needs personal data for processing purposes, but you are looking for them to set up, enforce, or defend the legal requirements;
d) Have filed a complaint against processing under Article 21 para. 1 of the General Data Protection Regulation, expecting confirmation that the legitimate reasons of the processing manager over your reasons arise;
a) If the processing of personal data is necessary for the performance of a public interest task or in the exercise of the official authority of the processing manager, and where the processing is necessary for the legitimate interests of the processing manager or a third party, you have the right, at any time, to complain processing of personal data relating to you; if you lodge such a complaint, the processing manager may no longer process your personal information unless it demonstrates that there are convincing legitimate grounds for processing that go beyond your interests, rights and freedoms or for the purpose of establishing, enforcing, or defending the legal requirements;
b) If personal data is processed for the purpose of scientific or historical research or for statistical purposes, you have the right, at any time, to object to the processing of personal data relating to you, based on your particular situation, unless processing is necessary for carrying out the task performs for the public interest; necessary for the performance of a task carried out for reasons of public interest;
All questions and requests related to the exercise of your rights in connection with personal data can be sent to: CONTESSA d.o.o., Rova 23, 51511 Malinska, Croatia or to the e-mail: firstname.lastname@example.org.
For the purposes of reliable identification of the data subject when exercising the right to personal data, the processing manager may request the provision of additional information and, in the event that the respondent can not be reliably identified, may refuse to act upon the request.
10. Rights of respondents in case of personal data violation
In the case of personal data breach, the processing manager shall inform the supervisory authority (Personal Data Protection Agency), unless it is unlikely that personal data breach will cause a risk to the rights and freedoms of the individual.
In the event of a breach of personal data likely to cause a high risk to an individual’s rights and freedoms, the processing manager is obliged to notify the respondent unless he has taken appropriate technical and organizational protection measures (eg encryption) or has taken any further action to ensure that it is no longer likely to be at high risk for the rights and freedoms of the respondent or would require a disproportionate effort (in the latter case, there should be public notice or similar measure to inform the respondents in an equally effective manner).
11. Announcement of Changes
Any change to the Personal Data Protection Policy will be posted on the CONTESSA d.o.o website. By using the Website you confirm that you agree to and agree to the full contents of this Personal Data Protection Policy.