The processing of personal data is under the responsibility of the Company: STENTOR, a limited liability company for services, with its registered office in the Republic of Croatia, Zagreb, Ulica grada Vukovara 284, entered into the court register of the Commercial Court in Zagreb under the company registration number (MBS): 081103769, personal identification number (OIB): 28042507798
Contact information of the personal data protection officer:
Method of data collection and types of data collected
Particular services provided by the Company require the collection of users' and/or customers' personal data, whereas basic data are collected in the following ways:
1. Directly from users and/or customers, where users and/or customers submit the data themselves together with their consent to the Company as the controller to process a specific scope of data required for providing relevant services. For the purposes of providing relevant services, the user and/or customer is required to submit to the Company the following data required to establish a contractual relationship for the provision of a particular service:
a) name and surname;
c) personal identification number (OIB);
d) date of birth;
f) contact landline and/or mobile phone number;
g) e-mail address;
h) identity card information;
i) information on the bank account and the card number for the purposes of regulating payment obligations;
2. From other sources, i.e. our business partners or from publicly available sources (e.g. information available in a phone book or other publicly available services);
3. Automatically by visiting our web pages, applications and the web-shop portal, whereas the data concerned are those associated with online identifiers (internet protocol addresses and cookie identifiers).
A cookie is a small file that is downloaded to a computer or mobile device when visiting a web page. Cookies are used to provide an improved user experience to each user and/or customer by storing their preferences in order to make web pages work more efficiently, as well as to track and analyse the use of, and the number of visits to, the Company’s website. In doing so, the Company uses the following types of cookies:
a) Persistent Cookies that help the Company’s website remember information and settings for future visits to the website, which results in faster access to the website’s contents and improved user experience;
b) Session Cookies that enable the Company’s website to track movements from page to page in order to avoid that the user and/or customer is asked to re-enter the same information that he/she already provided during his/her visit to the website, allowing for uninterrupted movement without the need for additional authentication;
c) First Party Cookies that are created by the Company’s website when visited by the user and/or customer and used to store data at the next visit to the Company’s website;
d) Third Party Cookies that are coming from other websites’ advertisements and are located on the Company’s website, which are used to track and analyse the use and the number of visits, as well as for marketing purposes.
Cookies are also used to track internet use and create user profiles, followed by displaying customised online advertisements based on the user’s and/or customer’s preferences.
By deactivating and/or blocking cookies, the user and/or customer may still browse the Company’s website. However, there is a chance that some options and/or functionalities of the website will not be available to that user and/or customer or that the time required to access certain functions of the website will be longer than usual.
The online identifiers in question may leave traces which, when combined with other identifiers and information provided by the internet service providers, may be used to identify the user and/or customer.
The quantity, i.e. the amount of personal data collected by the Company depends on the type of service the Company provides to its users and/or customers, as well as on the legal basis under which it collects data. The Company continuously takes care of collecting only the amount of personal data necessary to achieve the legally defined purpose for which the data are processed.
Purposes for which personal data are collected and further processed
The Company collects personal data so that it can provide, maintain, protect and improve its services associated with the purchase of particular products, understand the ways in which users and/or customers use the provided services and the Company’s website and for the performance of the Company’s contractual obligations. The Company collects such data on the basis of the consent given by the user and/or customer for one or more specific purposes, as well as in one of the cases below.
Performance of contractual obligations
The Company collects and further processes users’ and/or customers’ personal data for the purpose of entering into and performing a contract, delivering ordered products, providing advisory service and assistance concerning product use, offering appropriate additional and/or extended product warranties, addressing users’ and customers’ complaints and taking other actions related to entering into and performing a contract in accordance with the relevant regulations.
The legal basis for processing users’ and/or customers’ personal data for the aforementioned purposes is the necessity of entering into a contract or, in other words, if the user and/or customer refuses to provide essential data, the Company may not be able to enter into a contract and/or take actions related to entering into and performing a contract.
Compliance with legal obligations
The Company shall, upon a written request submitted by the user and/or customer to the address of the personal data protection officer indicated above, allow access to processed personal data concerning him/her, rectification of inaccurate personal data, erasure of personal data or restriction of processing of personal data, as well as inform him/her of the right to object to processing of personal data and the right to data portability.Direct marketing
The contact details of users and/or customers may be used for sending marketing communications concerning the Company’s products and services if the user and/or customer has given his/her consent to such processing or if the Company has legitimate interests to take such actions, except where such interests are overridden by the interests or fundamental rights and freedoms of the user and/or customer which require protection of personal data.
The Company may use contact details and directly contact users and/or customers whose personal data it already has based on its legitimate interest to send marketing communications about similar products and services it offers, using all available marketing channels, unless the user and/or customer objects to such processing.
In order for the user and/or customer to be able to receive communications corresponding to his/her wishes and habits, it is necessary that the Company uses certain data concerning users and/or customers for creating personalised marketing communications, until the user and/or customer explicitly objects to such data processing or withdraws his/her previously given consent to the processing.
The legal basis for processing of personal data for the aforementioned purposes is the Company’s legitimate interest, except where such interest is overridden by the interests or fundamental rights and freedoms which require protection of personal data.
The Company uses certain data concerning users and/or customers only for the purposes of keeping its own records and protecting legitimate interests of users and/or customers and/or the Company. For instance, this includes the use of personal data for the purpose of creating offers that satisfy the needs and wishes of users and/or customers, market research and analysis.
Data on potential users
The Company is also authorised to collect data on potential users and/or customers of its services and/or products. These data include basic information (name and surname, e-mail address) as well as interests of potential users and/or customers contacting the Company for the purpose of being informed about and/or offered specific products and services.
In this case, the legal basis for collection is the consent of the user and/or customer.
Time limit on storing and processing of personal data
Depending on the purpose and legal basis under which users’ and/or customers’ personal data are processed, in some cases the Company is required to retain personal data for the time period prescribed for a specific purpose by the relevant regulations or by fulfilment of the purpose for which they were collected. After the expiry of the statutory time limit requiring the Company to retain particular personal data, such data are erased.
Where the basis for data collection and processing is the Company’s legitimate interest or the user’s and/or customer’s consent, the personal data are retained for the following time periods:
a) data on the existing users and/or customers: for the duration of the contractual relationship and 6 months after its termination;
b) data on potential users and/or customers: 3 months;
The data processed on grounds of the Company’s legitimate interest and/or the user’s and/or customer’s consent may be erased prior to the expiry of the time limit referred to in this Policy, if so requested by the user and/or customer or when the user and/or customer objects to such processing.
Rights of users/customers
Right of access to personal data
As the controller, the Company shall, upon a written request submitted by the user and/or customer, which may also be in the form of an e-mail, allow access to processed personal data concerning them, inform them of the purposes of the processing of personal data, the type of personal data processed, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for processing or the criteria used to determine that period.
Right to rectification of inaccurate data
As the controller, the Company shall enable rectification of inaccurate personal data in each individual case when it is established that the collected personal data concerning the user and/or customer are inaccurate or when there is a change in the user’s and/or customer’s data.
Right to erasure of personal data
The Company shall erase the user’s and/or customer’s personal data in the following cases:
a) where the user’s and/or customer’s personal data are no longer necessary for the purposes of the processing, i.e. fulfilment of the processing purpose;
c) the user and/or customer objects to the data processing (see more under Right to Object below);
d) where the personal data have been unlawfully processed;
e) where the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) where the personal data have been collected in relation to the offer of information society services with respect to child’s consent.
Right to restriction of data processing
The Company shall ensure restriction of processing in cases where the accuracy of the personal data is contested by the user and/or customer, where the processing is unlawful and the user and/or customer opposes the erasure of the personal data and requests the restriction of their use instead, where the controller no longer needs the personal data for the purposes of the processing, but they are required by the user and/or customer for the exercise of legal claims, as well as where the user and/or customer has objected to processing of the personal data which is based on the Company’s legitimate interest, including profiling of users and/or customers.
Right to data portability
The Company shall, at the request of the user, transmit his/her personal data to another controller, if that controller has given consent to such transmission and the processing is carried out by automated means, as well as if such transmission is technically feasible.
Right to object
The user and/or customer is entitled to object to the processing of any personal data relating to him/her if such data are processed for the purpose of legitimate interests of the controller. In this case the Company shall, as the controller, no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing of personal data which override the user’s and/or customer’s right or when data processing is used for the establishment, exercise or defence of legal claims.
If the user’s and/or customer’s personal data are processed for direct marketing purposes, the user shall have the right to object at any time to processing for direct marketing purposes, particularly where personal data are used for profiling.
Where are personal data processed
The Company processes personal data of users and/or customers in the Republic of Croatia.
Under which conditions are personal data forwarded to third parties
The personal data of users and/or customers may be forwarded to third parties (including competent authorities) only in the following cases:
a) the user and/or customer has given consent;
b) compliance with the Company’s legal obligations;
c) when such processing is necessary in order to protect the vital interests of users and/or customers.
The user’s and/or customer’s active role is reflected in consents that are freely given, specific, informed and an unambiguous indication of the data subject's wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data. The consent management includes the possibility that the user and/or customer, by an active and unambiguous action, authorises the Company to collect and process particular personal data for one or more purposes (the data subject’s consent) or to, similarly, withdraw his/her previous consent to collect and process personal data for one or more purposes.
Who to contact
attn. data protection officer
Ulica grada Vukovara 284
10 000 Zagreb
The Company reserves the right to amend this Policy at any time and to inform users and/or customers of such amendments.
Zagreb, May 2018