PERSONAL DATA PROTECTION POLICY OF THE COMPANY STEGA TISAK d.o.o.
We, the company STEGA TISAK d.o.o. (hereinafter: “Company”), take personal data protection very seriously and act according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “Regulation”) and other applicable regulations.
I. BASIC PROVISIONS: SCOPE AND OBJECTIVE
Data protection plays a significant role in the Company’s business, which in its daily business activities collects and processes personal data of its clients, employees, business associates or other persons with which it cooperates (hereinafter: “data subjects”).
Personal data protection policy (hereinafter: “Policy”) is the basic act that describes the purpose and objectives of collecting, processing and managing personal data within the Company, and which ensures adequate data protection level in accordance with the Regulation and other applicable laws on personal data protection.
The Policy applies to all personal data processing within the Company, except in cases where anonymous data are processed or in cases of processing for statistical purposes, when it is impossible to identify the individual.
II. COLLECTION AND PROCESSING
Personal data are all data which establish or can establish your identity, e.g. your name and surname, residence address, email address, etc.
Depending on the purpose of data usage, the legal basis for processing your data can be:
- Your consent;
- Our legitimate interest which can refer to:
- Improvement of our products and services: specifically, our business interests that allow us to better understand your needs and expectations, which leads to an improvement in services, websites, products and brands in the favour of the consumer.
- Fraud prevention: verifying the completeness of payment and the absence of fraud and embezzlement.
- Tools security: keeping the tools you use (web pages) safe for usage and faultless, and ensuring their continuous improvement.
- Execution of agreements: specifically, execution of services you requested;
- Legal bases that require processing by law.
In order for the Company to be able to provide a service to the data subject-client or a business associate, it is necessary to process a minimal set of data essential for the quality provision of an individual service. Otherwise, that is, if the data subject declines to provide the required set of data, the Company will not be able to provide the service.
Information collected during a transaction may be used to contact you so you can complete the order without completing the transaction, to send notices on whether the product / service you wanted to purchase is available, to process and track your order, including the delivery of the product to a specific address, to manage order payment, to manage contacting us in relation to the order – executing the agreement: to provide the service you requested (purchase), to protect the transaction from fraud (please note that we use solutions from third party service providers for fraud detection and ensuring that the payment is complete and that is has been effected by you or a person authorised by you), to measure satisfaction, to manage conflicts relating to a purchase, for statistical purposes – legitimate interest: for malversation protection and ensuring that the payment has been complete and effected without fraud and embezzlement.
The Company makes it possible to ask questions on its web pages and to complete a survey on the quality of the Company’s service provision, but the client can send the filled question / survey form only after they have checked the designated box to give their express and free permission for the provided personal data to be collected, stored, used and processed in another way, and for the purpose of answering the client’s question, that is, assessing the satisfaction of data subjects-clients or business associates in relation to the quality of service provision by the Company.
If you wish to become a part of the Company’s team of experts, before sending your resume, a letter of motivation or another similar document, we will ask you to provide your free and explicit consent to the processing of your personal data originating from the said documents with the purpose of confirming professional qualifications of a potential employee for the applied post.
The Company guarantees that the personal data of its employees is protected and the protection is regulated in more detail by the Company’s internal acts, primarily by the Rules of Procedure.
The Company permanently deletes personal data as soon as the purpose for which they have been collected ceases.
III. DATA SUBJECT’S RIGHTS
Data subject’s personal data are under their ownership and, even though we need such data to provide a service, data subjects reserve certain rights at all times in relation to the processing of their data.
The Company will provide the following information when collecting data from a data subject: identity and contact details of the controller, contact details of the data protection officer (if applicable), the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing, legitimate interests, recipients or categories of recipients of the personal data, the intention to transfer personal data to third countries (if applicable), the period for which the personal data will be stored or the criteria used to determine that period, possible existence of automated decision-making, including profiling, information on whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as the consequence of failure to provide such data and the existence of the rights stated below. If personal data have not been obtained directly from the data subject, the source of personal data is to be stated along with the said data.
The data subject exercises the following rights pursuant to the conditions provided for in the Regulation:
- the right to withdraw their consent at any moment, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to access personal data;
- the right to rectify personal data;
- the right to erasure;
- the right to the restriction of processing;
- the right to lodge a complaint about the processing with the Company and/or with the Personal Data Protection Agency (Agencija za zaštitu osobnih podataka);
- the right of data portability.
IV. THE RIGH TO INFORMATION
You can request all information in relation to your rights, collection and processing of your personal data from our employee in charge of personal data protection using the email: email@example.com.
V. ANONYMOUS COLLECTION OF DATA ON OUR WEBSITE
- Your browser transfers information that is automatically collected and stored into the files with records on the Company’s server. It refers to the information about, e.g.:
- type/version of the browser used and the operating system
- identification URL address (previously visited web page)
- host name of a computer (IP address)
- computer response time
The Company cannot associate this data with individuals. This data are not merged with other sources of data and are deleted after the statistical analysis.
The Company is continuously taking all technical and organisational safety measures to protect your personal data. Your data are protected against loss, destruction, alteration/falsification, manipulation and unauthorised access.
The Company does not allow unauthorised collection, processing or use of personal data. The rule of the restriction of access to data is applied only to the data necessary to complete certain business tasks, that is, to the data necessary to achieve the purpose for which that personal data were provided. The Company employees are strictly forbidden to use data subjects’ personal data for any other purpose different from the one the data were collected for, unless they were informed about such other purpose and, if necessary, gave their permission.
Protection mechanisms apply to personal data within the Company regardless of the form they are kept in – paper or electronic.
VIII. PERSONAL DATA BREACH
All employees of the Company have the duty to inform the persons in charge in case of an incident related to the protection of personal data, and, in case of a personal data breach, the Company is obliged to report the breach to the Personal Data Protection Agency (Agencija za zaštitu osobnih podataka) within 72 hours after learning about the breach, if feasible. Also, in case of a personal data breach that will probably cause major risk to the rights and freedom of individuals, the Company shall inform the data subject about the personal data breach without undue delay.
IX. CONTACT DETAILS
STEGA TISAK d.o.o.
10 000 Zagreb
phone number: +385 1 6197-633
X. NOTIFICATION ON CHANGES
All changes to the Personal data protection policy will be published on our website and other sites where we consider it necessary.