Privacy Policy
The controller of this website and your personal data is:
MRAMOR CLEAN LIPOVAC, a company registered with the Commercial Court in Zagreb, with its registered office in Zagreb, Ulica Antuna Kolarića 26, OIB 16984360591, (hereinafter abbreviated as: “MCL”).
e-mail: info@mramor-clean-lipovac.hr mramorcl@hotmail.com
Personal Data Protection Officer:
Tel/Mob: +385 91 539 21 68 / +385 91 767 43 72
e-mail address: info@mramor-clean-lipovac.hr mramorcl@hotmail.com
Personal Data Protection Rules
MCL implements the obligation to protect the personal data of the data subjects pursuant to the Act on the Implementation of the General Data Protection Regulation, Official Gazette 42/2018, other laws based on the exercise of the official authority of the data controller and the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
MCL recognizes the importance of privacy, security and data protection for respondents therefore, our goal is to implement the protection of their personal data for all of them and implement a system that will enable this. The rules apply to all personal data of users that we collect and process, directly or indirectly. Personal data is any data relating to a natural person whose identity is established or can be established, directly or indirectly. Data processing is any operation
performed on personal data, such as collection, storage, use, consultation and transfer of personal data.
The collection and processing of data from minors, under the age of 16, is permitted only with legal permission or the consent of a parent or legal guardian. This statement on the rules for the protection of personal data of respondents will be publicly announced on our official websites.
Summary of the rules
In the MCL organization, the privacy of individuals will always be respected in accordance with the laws, the EU General Regulation and the organizational privacy principles established by this policy. The personal data of employees and stakeholders that we have at our disposal may not be made available to third parties without the consent of the data subject. The data subject and the AZOP will be notified of any potential error in the protection of personal data, and MCL will take all available measures to minimize the negative impact on the data subject.
Introduction
At MCL, all data that we collect, process, store or transmit relating to individuals (respondents) must be adequately protected from unauthorised access or malicious changes. When collecting, storing, processing or transmitting information relating to respondents, we must at all times respect their wishes and right to privacy. All employees at MCL who in any way come into contact with the data of respondents are familiar with all the rules for protecting the privacy of individuals and are obliged to sign a Statement of Secrecy or Confidentiality in which they undertake to be responsible in the event of their contribution to the breach of the data of respondents during their employment and also after the termination of their employment.
The website is owned by MCL d.o.o., Ulica Antuna Kolarića 26 HR-10020 Zagreb, Croatia.
It is important to read this Privacy Policy and we hope that you will take the time and your attention. To make it easier for you to access the information you want, please follow the content of this Privacy Policy. We reserve the right to periodically adjust and improve the text of this Privacy Policy, primarily for the purpose of complying with legal changes, or changes in the purposes and methods of processing.
How and for what purpose and what categories of your data do we collect?
Although you can use our website without providing any personal data as a
visitor of our pages, after you contact us via the information on the contact page or
directly via our e-mail address, MCL will contact you for the purpose of creating offers,
contracts or further business communication or fulfilling your request.
The data and categories of data that we may collect from you are personal data such as your
(First name, Last name, e-mail) stored so that we can contact you and respond to your
request.
We process personal data that we have collected from you through our publicly published
forms, requests, concluded contracts or other documentation, This includes, for example, your
basic data (e.g. first and last name, place of residence/residence – address, city, postal code
company name (optional), telephone, e-mail address), order data. Since we only collect the data that is necessary for us to achieve a specific purpose, in some cases it is possible to achieve the purpose of processing by using a smaller amount of data than previously described and stated. We prefer to use the smallest amount of personal data possible and after the service is completed, we leave only the data that we are required to keep according to legal and subordinate tax and accounting regulations. We may also collect the IP address or domain name of the computer through which certain visitors accessed our website, all for the purpose of providing better services from our offer. We collect individuals on video surveillance footage or photographs for the purpose of reducing the exposure of employees and property to the risk of robbery, burglary, violence, theft, damage, destruction, etc. In our Web shop, the specified personal data is also used for the purpose of payment, contact and delivery of your order to your address or another address to which you want delivery. Our sites are not intended for persons under the age of 16, and if you are under the age of 16, please do not provide us with your personal information without the consent of your parents or guardians.
For what purposes and on what legal basis do we process your personal data?
Personal data is collected for the purpose of fulfilling legal obligations of the MCL, and for the purpose of fulfilling obligations in the public interest.
The legal basis for the processing of personal data is established by law.
Article 6 EU General Data Protection Regulation “Lawfulness of processing” items (a) to (f).
Lawfulness of processing
Processing is lawful only if and to the extent that it meets at least one of the following:
a) The data subject has given consent to the processing of their data for one or more specific purposes
(if you give us consent, we would provide you with content and recommendations based on your
activities on the website in the form of SMS messages, newsletter e-mails, WhatApp
messages about discounts and promotions that we have)
b) Processing is necessary for the performance of a contract to which the data subject is a party or in order to
take action at the data subject’s request prior to concluding a contract
(contact details, your address for delivery purposes, payment details, etc.)
- c) Processing is necessary for compliance with the data controller’s legal obligations
d) Processing is necessary to protect the interests of the data subject or another natural person
e) Processing is necessary for the performance of tasks of public interest or in the exercise of the official authority of the data controller
f) Processing is necessary for the purposes of the legitimate interests of the data controller or a third party, except
when those interests are overridden by the interests or the fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. For the purpose of concluding a sales contract, we collect your personal data (Name, Surname,
e-mail address of the customer, payment data that we store can be processed for fulfillment
of our legal obligations in accordance with all legal and by-law tax and
according to accounting regulations, they must be kept for at least 11 years.
For the purpose of realizing the employment relationship, we collect data that we are legally obliged to collect
we keep it for the needs of personnel records and for the needs of occupational and professional protection
training of workers, we are obliged to keep certain data permanently and everything in accordance with
existing legal regulations. Potential employees who do not sign a contract with us
we return their documentation to them and delete their personal information from our staf
We store purchase data (name, surname, address, postal code and city, e-mail address) a minimum of 5 years and less for the purposes of consumer protection and potential disputes. If you withdraw your consent that you have given us to provide you with content and recommendations on based on your activities on the website in the form of SMS messages, newsletter e-mails, WhatApp messages about discounts and promotions we have, we will delete your information for receiving notifications and you will no longer be on the list for receiving such promotional automated messages.
Organizational and technical measures for security and data protection and storage
A password has been set on all computers containing the data of the respondent located at the address: Ul. Antuna Kolarića 26, 10020 Zagreb
Desktop computers are installed with the Windows 7/10/11 operating system, a licensed operating system that is regularly updated with new versions and security patches in order to increase security and reduce system vulnerability.
For the purpose of implementing technical measures, the licensed ESET antivirus program has been used and the specified computers have a license for it. Weekly antivirus scans of all computers and e-mail messages in MCL are performed in order to increase security and reduce system vulnerability. The license for the specified antivirus program is also renewed every year.
We use a firewall, strong passwords for personal computers, antivirus programs, and other measures to protect personal data as necessary (for example, encryption and pseudonymization) ü The equipment in our premises in which we store personal data is located in a secure environment with limited physical access to ensure the permanent confidentiality, integrity, availability of personal data and access to them in the event of a physical or technical incident ü We have obligated our employees to the confidentiality of all data (Confidentiality Statement) that they learn in the course of their work ü Ensuring the permanent confidentiality, integrity, and availability of personal data in MCL is carried out by locking it in the owner’s office in the management office and additionally in a locked cabinet purchased for the purposes of implementing the GDPR at the address: Ul. Antuna Kolarića 26, 10020 Zagreb Personal data may be stored and additionally inaccessible during the company’s non-working hours.
Forwarding of personal data
There is a legal basis on which MCL is obliged to forward personal data. It is carried out on the basis of a written request based on applicable regulations, to the competent state authorities.
In accordance with the Regulation on Personal Data Protection Measures (GDPR – General Data Protection
Regulation), upon your request, you will be provided with access to all your personal data that we have, the method of processing and the possibility of limiting the processing, amending or deleting them.
The protection of the privacy of your data is permanent, and MCL takes all measures necessary to protect them in accordance with applicable regulations and good practices. We process personal data in a secure manner, including protection against unauthorized or unlawful processing and loss.
MCL does not exchange personal data of respondents without the consent of the respondent. It will also never share your personal data with any unauthorized third party nor will it allow them to access your data.
Transfer of personal data to a third country or international organization
MCL does not transfer your data to third countries or international organizations, so there is no need to fulfill the additional requirements of Chapter V of the General Data Protection Regulation. In certain circumstances, we have a legal obligation to transfer your personal data, and the processing of personal data may include the international transfer of the same. The legal obligation may arise from national regulations or from EU regulations. For example, sometimes it is necessary to undertake joint supervisory activities of the supervisory authorities of the Member States or it is necessary to take action with the aim of collecting a fine imposed but not paid. Therefore, your data is transferred to other recipients when we are obliged by relevant regulations to the extent that is necessary to achieve the specified purpose. Your personal data will not be transferred to third parties for direct marketing purposes unless we have obtained your consent.
The protection of your personal data means that:
- we will not use your data for any other purpose than that stated here or agreed
- we will not give your contact and personal data to any third party
- your contact and personal data may only be disclosed to a third party at your request (right to portability) or with a court order
We only collect personal information that is voluntarily provided to us. We do not condition access to our site on the provision of information.
Consent
Personal data shall be collected in a transparent and lawful manner. All data collected
should be subject to consent, i.e. each user shall explicitly consent that his/her data may be stored and used for a clearly specified purpose. It shall also be clearly defined
for what purpose the data is collected and how it will be processed.
The data subject shall have the right to withdraw his/her consent at any time. Withdrawal of consent shall not affect
the lawfulness of processing based on consent before its withdrawal. The data subject shall be informed of this before giving consent. Withdrawing consent shall be as easy as giving it.
Processing of personal data obtained through video surveillance
We process your personal data on the basis of legitimate interest within the meaning of Article 6(1)(f) of the General Regulation, for the purpose of:
· purpose: protection of persons and property of MCL
· legal basis: legitimate interest of MCL
· recipients: we can deliver video recordings upon request to competent authorities (police, court) if necessary for the conduct of procedures pursuant to special regulations
· retention: we retain recordings obtained through the video surveillance system for a maximum of six
months or longer if they are exempted as evidence in judicial, administrative, arbitration or
other proceedings
· Rights of data subjects (natural persons recorded by video surveillance cameras): Right
to access their personal data, right to erase them, right to restrict
their processing and right to object to their processing.
Cookies
Cookies are small files that your browser saves on your disk when you visit our website. This allows our website to recognize your computer the next time you visit us, in order to offer you a personalized experience while surfing. Cookies are not aimed at spying on users and do not track everything the user does, and are not malicious code or viruses. Cookies are also not associated with unwanted messages or spam, cannot save passwords and are not intended solely for advertising or advertising. Information such as your name or email address will not be saved – websites cannot access your personal information and files on your computer.
In order to use “cookies” in accordance with the Electronic Communications Act, the Personal Data Protection Act, EU Directives 2002/58/EC and 95/46/EC and the GDPR Directive, we need your consent.
You can find more information about the use of cookies, types of cookies, cookie management, cookie settings and disabling cookies at the link: http://www.MCL.hr/postavke-kolacica/
Your rights:
Right to access information: You have the right to access your personal data
that we process about you and you can request detailed information, in particular, on the
purpose of the processing, on the type/categories of personal data processed, including access to your personal data, on the recipients or categories of recipients and on the envisaged
period for which the personal data will be stored. Access to personal data may be
limited only in cases prescribed by Union law or our national
legislation or when such a restriction respects the essence of the fundamental rights and
freedoms of others;
Right to rectification/amendment You have the right to request the rectification or amendment of
your personal data if your data is not accurate, complete and up-to-date. To do this,
send your request to us as the controller in writing, including
by electronic means of communication. Please note that the request must specify
what specifically is not accurate, complete or up-to-date and in what sense the above should be
corrected and provide the necessary documentation in support of your allegations;
Right to erasure (“Right to be forgotten”): You have the right to request the erasure of personal data concerning you if one of the following conditions is met:
· Your personal data are no longer necessary in relation to the purposes for which we collected or processed them;
· you have withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and there is no other legal ground for the processing;
· you have objected to the processing of your personal data in accordance with Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing;
· the personal data have been unlawfully processed;
· the personal data must be erased for compliance with a legal obligation under Union or national law to which the controller is subject
· the personal data were collected in connection with the provision of information society services referred to in Article 8(1).
Right to restriction of processing: in certain situations (for example where the accuracy of the data is contested or where the data subject wishes the controller to retain their data),
the data subject has the right to request that processing be restricted with the exception of storage and certain other types of processing;
Right to portability: the data subject has the right to receive the personal data concerning him or her, which he or she has previously provided to the controller, in a structured format and in a commonly used and
in a commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if the processing is carried out by automated means and is based on consent or a contract;
The right to withdraw consent at any time: The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Before giving consent, the data subject shall be informed of this. Withdrawal of consent must be as simple as giving it.
The right to the source of personal data and, where applicable, whether they come from publicly available sources; If you have not received some of this data from the data subject but from another source, you are obliged to provide the data subject with information about the source of the personal data.
Users (data subjects) whose data are processed by MCL have the right to know for what purpose their data is processed and the period for which the data will be processed. Data subjects have the right to request the deletion of data and forgetting. They have the right to request the deletion of part of their data.
In case you need to exercise any of the above rights, please feel free to contact us at our contact details.
There is a possibility that we may perform a security check (verify your identity) before we comply with your request, but this will not affect the exercise of your rights as an individual.
If you submit a request to send your personal data to our e-mail address, we will comply with that request free of charge. If we cannot comply with your request within a reasonable time due to a large number of requests received, we will inform you of the date when we will comply with the request (maximum two additional months). If for some reason we cannot comply with your request, we will send you an explanation of why we did not comply with your request.
We will try to respond to your request in the shortest possible time for regular requests, no later than 30 days.
Right to lodge a complaint with the competent supervisory authority
You may lodge a complaint directly with the competent supervisory authority at any time, in particular in the EU country where you have your habitual residence, place of work or place of the alleged infringement, if you consider that our processing of your personal data is unlawful.
The direct contacts of the Croatian national supervisory authority are:
PERSONAL DATA PROTECTION AGENCY (AZOP)
Selska cesta 136
HR – 10 000 Zagreb
Phone: +385 1 4609 000
Fax: +385 1 460 099
e-mail: azop@azop.hr
Web: http://www.azop.hr
Privacy protection objectives
MCL will:
a. use methods that enable understanding of the privacy risks of the data subjects for the data being processed
b. take all measures to protect the personal data of the data subjects in terms of protecting their privacy
c. preserve the integrity of the personal data of the data subjects
d. consistently apply the established principles of privacy of the data subjects
e. ensure that the Code of Conduct for the Controller and Processor is consistently implemented
f. ensure that privacy will not negatively affect the acceptance of the product or service by the user
Exclusion of liability for damage
All damage and losses that may arise from the use or inability to use this website are borne by the users themselves. This absolutely and completely excludes any liability of MCL for damage that users may suffer from the use of this website.
Applicable law and jurisdiction
These terms of use shall be interpreted in accordance with the provisions of the applicable law of the Republic of Croatia, and all disputes that may arise in connection with the use of this site
are subject to the jurisdiction of the courts of the Republic of Croatia.
Dear users, after you have familiarized yourself with the binding Terms of Use, we wish you a pleasant stay on our website.
Application
All individual policies related to privacy make their principles and guidelines integral
part of this policy.
These rules and their specifications, on the day of publication, become the obligation of every employee in
MCL Any non-compliance or circumvention thereof will be considered a work violation
duties.
Transparency Guidelines
For further information and explanations on the individual elements of the transparency requirements
see the Article 29 Working Party Transparency Guidelines (adopted by the European Data Protection Board) which can be found here:
https://azop.hr/wp-content/uploads/2020/12/smjernice-o-transparency.pdf
Improvements to this Privacy Policy
We reserve the right to change the text of the Privacy Policy and to adapt and improve it from time to time, primarily to comply with legal changes, or changes in the purposes and methods of processing.
However, we will not limit your rights arising from this Privacy Policy or from relevant legal regulations. In the event that there are changes to the rules that may affect your rights, we will inform you about this in a timely and direct manner in an appropriate manner.