INTRODUCTION
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119 , 4 May 2016, p. 1, hereinafter referred to as “the General Data Protection Regulation”, which has been in full application since 25 May 2018 in the Republic of Croatia and all Member States of the European Union, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter referred to as “the Act” or, in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and European best practice, Pet Secret, a Limited Liability Company for the production of perfumes and toiletries, based in the Republic of Croatia, Zagreb, Medarska 69, registered with the Commercial Court of Zagreb under the registration number of the subject of registration (MBS): 04870646, Personal Identification Number (OIB): 50255581077 (hereinafter: the Company), as the manager of the processing of personal data of users of their services and customers, developed a Privacy Policy for service users and customers. The privacy pol-icy is a unilaterally binding legal act based on fundamental principles in the processing of personal data, that regulates the personal data processed, how they are processed, and for what purposes. The privacy policy also informs service users and/or customers of their rights regarding the collection and further processing of personal data, all to protect their privacy in a broad sense.
The Privacy Policy is based on the following principles of processing personal data: the law-fulness, transparency and the best practices: limitations on processing and data minimisation; accuracy of personal data, data storage limits; integrity and confidentiality of data; ac-countability; trust and fair storage, appropriateness (processing purposes), the principle of processing in an unnamed (anonymised) form.
The Privacy Policy applies to all services offered by the Company, whereas the goal of the Policy is to clearly and transparently inform users and/or customers about the processing of their personal data and their rights. First and foremost, users and/or customers may at any time request from the Company to amend and/or update the data relating to them, as well as t to comment on the purposes for which they wish or do not wish their data to be processed
The following Company is responsible for the processing of personal data:
Pet Secret Limited Liability Company for Trade and Services, having its seats in the Republic of Croatia, Zagreb, Medarska 69, registered at the Commercial Court in Zagreb under the registration number of the entity (MBS): 04870646, Personal Identification Number (OIB): 50255581077
Contact information for the personal data protection:
E-mail: info@petsecret.hr
METHOD OF COLLECTION AND TYPES OF DATA COLLECTED
Some of the services provided by the Company require the collection of personal data of users and/or customers, whereas basic data is collected in the following ways:
- Directly by the users themselves and/or customers in the manner that the users and/or customers submit them themselves with the consent to the Company as processing man-ager in a certain range of data that is essential for the provision of the relevant services. To provide appropriate services, the user and/or customer is obliged to provide the Company with the following information, which is necessary for the establishment of a contractual relationship to provide a particular service and/or sale of certain products in its range:
- first and last name;
- address;
- e-mail address;
- From other sources, that is, from our business partners or publicly available sources (for example, data accessible through access to the telephone book and other publicly available services);
- Automatically by visiting our web pages, applications and Web-shop portal, which includes information joined to the network identifiers (Internet protocol addresses and cookie identifiers, such as Google Analytics for tracking user and/or customer interaction).
A cookie is a small data file that is stored on a computer or mobile device when you visit a particular web page. Cookies are used to provide a better user experience to each user and/or customer, to store user and/or customer preferences, to make the website more effi-cient, as well as to monitor and test the use and visits of the Company’s website. Cookies are also used to track internet usage and create user profiles, and then to display personalised online ads based on user and/or customer preferences.
By switching off and/or blocking the cookie from being saved, the user and/or customer can still browse the Company’s web pages. However, it is likely that some features and/or functionality of the website will not be available to such user and/or customer, or that the time required to access certain features of the website will take longer than usual.
The subject network identifiers may leave traces that, in combination with other identifiers and information provided by the Internet service servers, may serve to identify the user and/or customer. We also collect and process the following information for this purpose:
- IP address information;
- data on usage of individual applications and websites;
- user and/or customer habits data – we create these data for the purpose of profiling users and/or customers.
The amount or scope of personal data that the Company collects depends on the type of service the Company provides to its customers and/or customers, as well as the legal basis on which it collects data. The Company constantly takes care of collecting only the necessary scope of personal data that is necessary to achieve the legally determined purpose for which the data are processed.
PURPOSE OF COLLECTING AND FURTHER PROCESSING PERSONAL DATA
The Company collects personal data to provide, maintain, protect and improve their services related to the purchase of certain products, to understand how users and/or customers use the services provided and use the Company’s website(s) and to fulfil the Company’s contrac-tual obligations. The Company collects such data based on the consent given by the user and/or customer for one or more specific purposes, as well as in one of the following cases.
Performance of contractual obligations
The Company collects and further processes personal data of users and/or customers for the purpose of entering into and executing agreements, delivering ordered products, advising and assisting with product use, providing appropriate additional and/or extended product warranties, resolving user and/or customer complaints and other actions related to the conclusion and execution of the agreement in accordance with the relevant regulations.
The legal basis for processing personal data of users and/or customers for the purposes stated above is the necessity to conclude an agreement, that is, in the event that the user and/or customer refuses to provide relevant data, the Company will not be able to conclude an agreement and/or take certain actions related to execution of the concluded agreement.
Compliance with legal obligations
On the basis of a written request by users and/or customers sent to the above-mentioned address of the personal data protection officer, the Company is obliged to provide them with access to personal data about them that it processes, correct inaccurate personal data, delete personal data or restrict the processing of personal data, as well as make them acquainted with the possibility of objecting to the processing of personal data and the right to data transferability.
Direct Marketing
The contact details of users and/or customers may be used for sending promotional materials about the Company’s products and services if the user and/or customer has given a con-sent to such processing or if there is a legitimate interest of the Company in such actions, unless such interests are of greater interest or fundamental rights and freedoms of the user and/or customer that require the protection of personal data.
The Company may use the contact details and personally contact users and/or customers whose personal data they already possess, based on a legitimate interest for sending promotional materials about all products and services they provide, using all publicly available channels, unless the user and/or the customer does not object to such processing.
In order for the user and/or customer to be able to receive materials corresponding to their wishes and habits, it is necessary for the Company to use certain data of users and/or customers to create personalised promotional materials, until the user and/or customer explicitly objects to such processing of data, that is, waives of their earlier approved consent for processing.
The legal basis for processing personal data for the aforementioned purposes is the legitimate interest of the Company unless the interest or fundamental rights and freedoms that require the protection of the data prevail.
Internal Purposes
The Company uses certain data about users and/or customers solely for their records, to protect the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data to create offers that meet the needs and wishes of users and/or customers, market research and analysis.
Data on potential users
The Company is also authorised to collect data about potential users and/or customers of their services and/or products. This data includes basic information (name and surname, e-mail address) as well as the interests of potential users and/or customers who contact the Company with the desire to be informed about and/or offered with certain products and services.
The legal basis for collection in the case described is the consent of the user and/or customer.
DURATION OF THE PERSONAL DATA STORAGE AND PROCESSING
Depending on the purpose and legal basis on which the personal data of users and/or customers are collected, in certain cases, the Company is obliged to store the personal data for a period prescribed by the relevant regulations or until the termination of the purpose for which they were collected. In case of the expiry of the statutory period obliging the Company to store certain personal data or in case the purpose terminates the same shall be deleted.
In cases where the basis for the collection and processing of data is a legitimate interest of the Company or the consent of the user and/or customer, the personal data is stored for the following periods:
- data on existing users and/or customers: during the contractual term and 6 months after termination;
- data on potential clients and/or customers: 3 months;
The data processed on the basis of the legitimate interest of the Company and/or the con-sent of users and/or customers may be deleted even before the expiry of the period specified in this Policy, in case such deletion is requested by the user and/or customer, or when the user and/or customer objects to such processing.
RIGHTS OF THE USERS/BUYERS
The right to access personal data
The Company, as processing manager, undertakes to provide access to the personal data it processes about the user and/or customer on the basis of their written request, which may also be in the form of electronic mail, to inform them about the purpose of processing the personal data which being processed, the type of personal data being processed, the recipi-ents or categories of recipients to whom personal data has been or will be disclosed, the es-timated processing time period, or the criteria used to determine that period.
Right to correct inaccurate data
As a processing manager, the Company will allow the correction of inaccurate personal data in each case when it is determined that the collected personal data about the user and/or customer is inaccurate or there has been a change in the user and/or customer data.
Right to delete personal data
The Company will delete the personal data of the user and/or customer in the following cases:
- when the personal data of the user and/or customer are no longer necessary
- for the fulfilment of the purpose of processing, that is, the termination of the purpose of the processing;
- when the user and/or customer withdraws the consent as the legal basis for the data processing, and there is no other legal basis for the data processing;
- when the user and/or customer objects to the processing of data (see more under the right to file a complaint)
- when the personal data is illegally processed;
- when the personal data must be deleted to fulfil legal obligations under European Union law or the right of the Member State to which the data processing manager is subject;
- when personal data has been collected in connection with the provision of the IT company services concerning the child’s consent.
The right to restriction of data processing
Restriction of the processing of personal data will be provided by the Company in cases where the user and/or customer disputes the accuracy of the data, when the processing is illegal and the user and/or customer opposes the deletion of data and instead requests a restriction of their use, when the processing manager no longer needs personal data for processing purposes, but the user and/or customer requests data for the fulfilment of legal requirements, as well as in cases where the user and/or customer objects to the processing of personal data based on the legitimate interest of the Company, including the creation of user and/or customer profiles.
Right to file a complaint
The user and/or customer has the right to object to the processing of personal data relating to him if the data is processed for the legitimate interest of the processing manager. In such a case, the Company, as processing manager, will cease processing personal data unless it proves that there are compelling legitimate reasons for processing personal data concerning the rights of the user and/or customer, or where the processing of data serves to set up, obtain or defend legal requirements.
If the personal data of the user and/or customer are processed for direct marketing purposes, the user has the right to object at any time to processing for direct marketing purposes, especially if the personal data is used to create a profile.
WHERE PERSONAL DATA IS PROCESSED
The Company processes personal data of users and/or customers in the Republic of Croatia.
UNDER WHICH CONDITIONS PERSONAL DATA IS DISCLOSED TO THIRD PARTIES
The Company shall disclose the personal data of users and/or customers to third parties (including competent authorities) only in the following cases:
- users’ and/or customers’ consents;
- to fulfil the Company’s legal obligations;
- when such processing is necessary to protect the key interests of users and/or customers
CONSENT MANAGEMENT
The active role of the user and/or customer in the protection of privacy is reflected in giving consent as a voluntary, especially informed and unambiguous expression of the wishes of the respondents to whom, by a statement or clear affirmative action, they consent to the processing of personal data. Consent management implies the possibility for the user and/or customer to authorise the Company by an active and unambiguous act to collect and process certain personal data for one or more purposes (consent of the respondents), or to withdraw the earlier given consent in order to collect and process personal data, for one or more purposes.
WHOM TO CONTACT
In the event of any questions regarding the protection of personal data by the Company, users and/or customers may contact the Personal Data Protection Officer via email at the email address provided in this Privacy Policy or in writing at the following address:
PET SECRET d.o.o.
Attn: Dario Čičin-Karlov
Medarska 69
10000 Zagreb
AMENDMENTS TO THE PRIVACY POLICY
The Company reserves the right to amend this Policy at any time without any special notice to interested persons. For this reason, it is recommended that all interested parties regularly check the content of the Company’s web pages for information on the updated content of this Policy.
In Zagreb, May 2019
PET SECRET d.o.o.