In addition to providing services in line with internal, national, and international norms, legislature and other regulation pertaining to quality, environmental protection, employee health and safety, and energy efficiency, the company CIAK Grupa d.d. pays special attention to protection of personal data, in accordance with the General Data Protection Regulation.
Personal data are defined as any information pertaining to an identified or identifiable individual. An identified or identifiable individual is a person who can be identified, directly or indirectly, especially through identifiers such as name, ID number, location, network ID, or one or more factors characteristic for physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
By “processing”, we refer to all actions or sets of actions performed over personal data or based on sets of personal data, conducted via automatic means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, disseminating or making available through other means, alignment or combination, restriction, erasure or destruction.
2. Who controls the data
CIAK Grupa d.d. determines the purpose and means of processing your personal data and is regarded as the Controller of data processing.
Taking into consideration its legal responsibilities, data processing Controller is responsible for storing and using personal information via computers or physical files.
CIAK Grupa d.d.
Savska opatovina 36, 10 090 Zagreb
CIAK Grupa d.d. employs a person in charge of personal data protection known as the data protection officer. If you have any questions regarding personal data you have provided us, please contact CIAK Grupa d.d at any time.
For additional information or for contacting us, please look at contact details or send an e-mail to our personal data protection officer firstname.lastname@example.org.
3. Which data are collected
All of our activities are based on strict ethical and legal requirements and we support the privacy of all our clients and visitors of our websites. Because of this, the manner in which we collect and store data, including personal data, depends on how our websites and related services are used. We do not collect any kind of sensitive personal data about you.
3.1. Data collected through your interaction with us
Različite tehnologije mogu se koristiti na našim web stranicama u svrhu poboljšanja učinkovitosti i sigurnosti.
Different technologies can be used on our websites in order to improve their efficiency and security.
3.2. Data you provide
Apart from data collected through automatic means (cf. 3.1), we process data provided by you. This includes, but is not limited to:
- Data provided through purchases made in our web shop,
- Data provided by submitting a complaint form,
- Personal data provided by sending an e-mail or submitting a contact form
3.3. The data we collect:
- first and last name,
- e-mail adress,
- IP address of visitor,
- other data provided by you which you want to keep anonymous
4. Purposes for which we collect personal data::
- To provide services within the scope of our registered activities,
- To respond to your inquiries as efficiently as possible,
- To ensure providing and paying for requested services,
- To conduct our internal statistical analysis,
- To send promotional materials and special benefits,
- To meet other obligations prescribed by the applicable law.
5. Lawfulness of processing
Processing of personal data is lawful as it is based on consent provided by you, on the Contract made within the scope of our activities, or on fulfilling obligations prescribed by applicable legislature.
Processing is also lawful if it is deemed necessary to protect your vital interests, to perform the tasks which are in the public interest, or is based on legitimate interests of CIAK Grupa d.d.
6. Disclosing personal data
Your personal data can be disclosed to the extent necessary to be in line with our legal obligations and legislation and regulations pertaining to you.
Your personal data can be shared with your consent or without it, in cases where it is necessary for us to fulfill our obligations towards you.
We collect only those personal data which are provided voluntarily and we use them only for the purpose of providing services mentioned above.
7. Your rights
- Right to submit a request to access your personal data
- Right to change and/or delete your personal data
- Right to limit the processing of your personal data
- Right to transfer data
You can submit a request to access, change, correct, limit the processing of, transfer, or delete your personal data by contacting us via our e-mail address email@example.com or by sending a written request to: CIAK Grupa d.d., Savska opatovina 36, 10090 Zagreb.
7. Data storage and security
CIAK Grupa d.d. recognizes the importance of data protection and continuously controls and encourages improvements of technological, professional and organizational security measures and procedures.
Our website is equipped with strict security measures intended to protect your personal data from unlawful destruction, accidental loss, misuse, alteration, unauthorized disclosure or access to personal data or other unlawful forms of processing.
CIAK Grupa d.d. is in no way responsible for loss of personal information in the process of sending the data to the website.
Only authorized employees and reliable third parties whose use of personal data is necessary to conduct personal interest, as defined above, shall have access to personal data.
CIAK Grupa d.d. shall store personal information for the duration defined by the applicable legislature, duration of business cooperation, or until the consent is revoked.
8. Supervisory authority
Supervisory authority for personal data protection:
Croatian Personal Data Protection Agency
Martićeva ulica 14, 10 000 Zagreb
Tel. 00385 (0)1 4609-000
Fax. 00385 (0)1 4609-099
CIAK Grupa d.d. cooperates with the supervisory authorities in cases of personal data infringement and is obliged to contact them no later than 72 hours after identifying the infringement. If the infringement is highly likely to cause high risk for the individual, data processing controller shall immediately notify the supervisory authorities. If a type of data processing is likely to cause a high risk for individual’s rights and freedoms, the data processing controller shall conduct and assessment of effects of predicted procedures on personal data protection. A single assessment can be applied to multiple similar data processing procedures.
9. Changes to these policy