PRIVACY POLICY
1. GENERAL PROVISIONS
Pursuant to Regulation (EU) 2016/679 of the European Parliament and the European Council of 27 April 2016 on the protection of individuals in connection with the processing of personal data, which has been in full force since 25 May 2018 in the Republic of Croatia and all member states of the European Union, as well as the Law on the Implementation of the General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: the Law), i.e. in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union M. Data obrt za accounting and consulting services, vl. Mandica Zetić, Šćitarjevo 262; 10410 Velika Gorica; email: info@partner-fly.com; tel. +385953114230; in the following text , M. Data attaches the Policy on the protection of personal data of service users.
The Personal Data Protection Policy is a unilaterally binding legal act based on the fundamental principles in the processing of personal data, which regulates which service user data is collected, how such data is processed and for what purposes it is used. The policy on the protection of personal data also informs service users of their rights in the collection and further processing of personal data, all for the purpose of protecting their privacy in a broader sense.
The personal data protection policy is based on the following principles of personal data processing: the principle of legality, transparency and best practice, the principle of limited processing and reduction of the amount of data, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and confidentiality of data, the principle of responsibility, the principle of trust and fair processing, the principle of opportunity, the principle of anonymous processing.
The policy on the protection of personal data applies to all services offered by the Controller, whereby the goal of the Policy is to inform service users in a clear and transparent manner about the procedures for processing their personal data and their rights. First of all, service users can contact the Data Controller at any time with a request to amend or supplement and/or update the data relating to them, as well as with a request for a statement on the purposes for which they want or do not want their data to be processed .
2. TYPES OF DATA COLLECTED AND METHOD OF DATA COLLECTION
The services provided by the Controller require the collection of personal data of service users, whereby basic data is collected in the following ways:
1.1. Directly by the service users in a way that the service users themselves provide them with the signed consent of M. Data as the Data Controller, which is defined in a certain scope of data that is essential for the provision of services. For the purpose of providing services, the user of the service is obliged to submit the following data to the Data Controller, which is necessary for the provision of a particular service.
a) name and surname;
b) address;
c) contact phone and/or cell phone number;
d) e-mail contact information (e-mail address);
1.2. Automatically by visiting our websites and social networks, which is data associated with network identifiers (Internet protocol addresses and cookie identifiers, such as Google Analytics for monitoring user interaction).
Cookies enable M. Data to collect statistical data on user behavior on Internet pages (e.g. on which parts of the Internet page users stay the longest and where the shortest), which Internet browser (e.g. Internet Explorer, Opera, Safari) , Google Chrome, Firefox) uses and the like.
Cookies are a small set of data sent from the server of the company’s website to the user’s computer, and serve as an anonymous identifier. Cookies are also used for easier navigation through Internet pages. Cookies are not used to access user data or to track user activities after leaving the company’s website.
3. PURPOSE OF COLLECTION OF PERSONAL DATA
The Data Controller collects personal data exclusively for the purpose of fulfilling the request for the performance of a specific service. We do not collect data that does not serve to perform the requested service. Such data is collected by the Data Controller based on the consent given by the service user for one or more specific purposes, as well as in one of the following cases:
3.1. For the purpose of providing the service
We process personal data in case of your inquiries, then complaints regarding the quality, content and type of service provided, requests in accordance with the applicable regulations (provisions related to the rights of respondents according to Regulation EU 2016/679 of the European Parliament and Council – General Data Protection Regulation, etc. .)
3.2 Fulfillment of legal obligations
Personal data may be processed for the purpose of public interest for statistical purposes in accordance with applicable legal regulations (e.g. in accordance with the Annual Plan of Statistical Activities of the Republic of Croatia) or in accordance with the contractual conditions of the service provider. In this case, your data is processed in an aggregated and anonymized form and cannot be linked to a specific natural person.
3.3. Direct promotion (marketing)
Contact data of service users can be used to send promotional information about M. Data services if the service user has given consent for such processing.
3.4. Internal purposes
The data controller uses certain data of service users exclusively for the purposes of its own records, in order to protect the legitimate interests of service users and/or M. Data.
3.5. Data on potential service users
The data controller is also authorized to collect data on potential users of its services. This data includes basic data (name and surname, e-mail address) as well as the interests of potential service users who contact the Data Controller with the desire to be informed and/or offered a specific service. The legal basis for collection in the described case is the consent of the service user.
4. STORAGE OF PERSONAL DATA
Depending on the purpose and legal basis on the basis of which the personal data of the service user is collected, the Data Controller is in some cases obliged to keep personal data for a period of time prescribed by the relevant regulations for a particular purpose.
RIGHTS OF THE USER OF THE SERVICES
5.1. The right to access personal data
M. Data as a data controller undertakes, on the basis of the submitted written request of the service user, which request can also be in the form of an electronic mail, to provide access to the personal data it processes about them, to inform them about the purpose of processing the personal data for which it is processed, about the type of personal data that is processed , on recipients or categories of recipients to whom personal data has been disclosed or will be disclosed to them, on the anticipated time period of processing or on the criteria used to determine this period.
5.2. The right to correct incorrect data
M. Data, as the processing manager, will enable the correction of incorrect personal data in every single case when it is determined that the collected personal data about the service user is incorrect or that the service user’s data has changed.
5.3. The right to delete personal data
M. Data will delete the personal data of the service user in the following cases:
a) when the personal data of the user of the service is no longer necessary for the fulfillment of the purpose of processing, i.e. when the purpose of processing ceases;
b) when the service user withdraws consent as a legal basis for data processing, and there is no other legal basis for data processing;
c) when the user of the service objects to the processing.
5.4. The right to restriction of data processing
Limitation of personal data processing M. Data will ensure in cases where the service user disputes the accuracy of the data, when the processing is illegal, and the service user opposes the deletion of the data and instead requests a limitation of their use, when the data controller no longer needs personal data for the purposes of processing, but the service user requests the data for the realization legal requirements, as well as in the case when the service user lodges an objection to the processing of personal data based on a legitimate interest M. Data.
5.5. The right to object
The user of the service has the right to lodge an objection to the processing of personal data relating to him if the data is processed for the purposes of the legitimate interest of the data controller. In this case, M. Data , as the data controller, will stop processing personal data, unless it proves that there are convincing legitimate reasons for processing personal data in relation to the rights of the user and/or customer, i.e. in the case when the data processing serves the purpose of setting up, achieving or defense of legal claims.
6. WHERE PERSONAL DATA IS PROCESSED
Personal data of service users is processed by the Controller in the EU, Republic of Croatia.
7. CONSENT MANAGEMENT
The active role of the service user in the protection of personal data is reflected in the granting of consent as a voluntary, specially informed and unambiguous expression of the wishes of the respondents to whom he gives his consent to the processing of personal data by a statement or a clear affirmative action. Consent management implies the possibility for the user of the service to actively and unambiguously authorize the Controller to collect and process certain personal data for one or more purposes (consent of the subject), i.e. to withdraw the previously given consent for the collection and processing of personal data in one or more ways. multiple purposes.
8. AMENDMENTS TO THE PERSONAL DATA PROTECTION POLICY
The controller reserves the right to amend and supplement this Policy at any time, without giving any special notice to interested persons.
