Who is responsible for processing your personal data?
The personal data protection officer of Aquarium Pula doo is Zoran Mičić
Contact: firstname.lastname@example.org Address: Verudella 33, 52100 Pula
The personal data protection officer takes care of personal data protection, the legality of personal data processing in terms of compliance with the provisions of the General Regulation on Personal Data Protection (GDPR) and other regulations governing personal data processing issues. The official is obliged to preserve the confidentiality of all information and data that he learns in the performance of his duties, and this obligation continues even after performing the duties of a data protection officer.
Who can you contact if you have a question or request regarding personal data?
For any questions, requests or complaints related to this statement or to exercise your rights based on this statement, you can contact us at the contact e-mail address in the header of the statement.
We appreciate the trust you place in us by entrusting us with your personal data, and we undertake to always process them in a fair, transparent and secure manner. The key principles that we follow when processing personal data are as follows:
- Legality: We will collect personal data in a fair, legal and transparent manner.
- Minimum scope of personal data: We will limit the collection of personal data to those that are appropriate and necessary for the purpose for which they were collected.
- Purpose limitation: We will collect personal data only for specific, explicit and legitimate purposes and will not process them in a way that is inconsistent with that purpose.
- Accuracy: We will ensure the accuracy and up-to-dateness of personal data.
- Security and protection of personal data: We will implement technical and organizational measures to ensure appropriate levels of data protection, taking into account, among other things, the nature of your personal data to be protected. These measures provide for the prevention of any type of unauthorized disclosure or access, accidental or intentional destruction or accidental loss or alteration, and other unlawful forms of processing.
- Access and corrections: We will process your personal data respecting your rights.
- Storage limitation: Your personal data will be stored in accordance with the applicable legal regulations on the protection of personal data and only for as long as is necessary to achieve the purpose for which it was collected.
- Protection during international transfers: We will ensure that your personal data, if transferred to countries outside the European Economic Area, will be transferred in accordance with legal regulations and will be adequately protected during transfer.
- Protection of personal data when passing on to third parties: We will ensure that personal data is forwarded to third parties and processed by a third party in accordance with applicable legislation and appropriate contractual protection measures.
What data do we collect and on what legal basis?
You will always be clearly informed about which personal data we collect. We will present this information to you with a separate privacy notice that will be included in certain services (including communication services), e-news, reminders, surveys, offers, invitations to events, etc.
In accordance with the current regulations on the protection of personal data, we can process your personal data if:
- you have given your consent for certain processing purposes (as stated in the privacy notice relating to the particular processing). You have the right to withdraw your consent at any time without giving a reason; or
- is the processing of your personal data necessary to fulfill the terms of the contract to which you are a contracting party; or
- with such processing, we follow legitimate interests, for example, we can process certain personal data for the purpose of preventing abuse, i.e. fraud, when establishing rights based on a guarantee, in order to check your satisfaction with products and services in certain cases. We will notify you of the legitimate interests in the privacy notice associated with that particular processing; or
- is it necessary to fulfill our legal obligations, for example, if you have purchased a product or service from us, we must process data related to your identity (name, surname, address, OIB, etc.), to the purchased product (type, equipment, price , etc.) and the circumstances of the purchase (payment, place and date of collection, etc.).
For what purposes we process your personal data
We process personal data only for specific, expressly confirmed and legitimate purposes and will not process them in a way that is inconsistent with these purposes.
Such a purpose can be the fulfillment of your order, improvement of visits to our website, improvement of products and services in general, offer of services or applications, marketing communications and actions, etc. The purpose of processing your personal data is clearly stated each time in a separate privacy notice that is refers to specific processing. The privacy notice is available, for example, on the website, on the order, on the application form, in e-news, etc.
Certain information (such as the categories of products you purchase) is used to evaluate or rate the content that may be most interesting and useful to you. In this way, we want to increase the possibilities of introducing you to the most relevant offer of products or services. For this purpose, individuals can be classified into different groups (profiles) with whom we communicate differently, that is, adapted (individualized).
This means that different groups (profiles) of individuals receive marketing messages with different content, including special purchase conditions (eg discounts or payment terms). When classifying individuals into groups (profiles), we can also monitor, record and use individual responses to marketing messages, e.g. opening emails, opening links, the time an individual spends on a certain website, etc.
Taking care of the accuracy and up-to-dateness of your personal data
It is important to us that your data is always accurate and up-to-date. Please notify us of any changes or errors in our records of your personal data by contacting us via the contact e-mail address. We will take reasonable steps to delete or correct any inaccurate or out-of-date personal data.
Access to your personal data
You have the right to access your personal data that we process and if your personal data is incorrect or incomplete you can request the correction or deletion of your personal data. If you need information about your privacy rights or want to exercise one of your rights, please contact us at the contact e-mail address.
How long we keep your personal data
We store your personal data in accordance with the current regulations on the protection of personal data.
We keep your personal data only for as long as is necessary to achieve the purpose for which we process your personal data, for the period determined by law (e.g. 10 years for issued invoices) or for the period necessary to fulfill the terms of the contract, including warranty claims and possible requirements (e.g. 5 years from the fulfillment of the contractual obligations or the expiration of the obligations from the warranty, if the circumstances do not indicate otherwise).
We store personal data that we process based on your personal permission permanently, until you revoke it, unless the purpose for which the personal data was collected has already been achieved.
Protection of your personal data
We implement technical and organizational security measures to protect your personal data from illegal or unauthorized access or use, as well as from accidental loss or destruction. The aforementioned measures are implemented taking into account our IT infrastructure, the potential impact on your privacy and implementation costs, and in accordance with current standards and practices in the field of data protection.
We will only entrust the processing of your personal data to those authorized persons (third parties) who respect the specified technical and organizational measures for the protection of personal data.
Ensuring data protection means taking care of the confidentiality, integrity and availability of your personal data.
(a) Confidentiality: We will protect your personal information from unauthorized disclosure to third parties.
(b) Integrity: We will protect your personal data from changes by unauthorized third parties.
(c) Availability: We will ensure that your personal data can only be accessed by authorized persons when necessary.
Forwarding of personal data
Regarding the purpose of collecting your personal data, we may forward, disclose or provide access to the categories of users listed below, who process this data in accordance with the stated purpose. We require them to always comply with applicable legal regulations, personal data protection rules and to pay special attention to the confidentiality of your personal data.
a) Within our organization and within our trademarks / service brands:
- authorized officers;
- members of the network of our authorized sellers and authorized services that you have marked as selected or are located near you (in relation to your postal code and address) or with whom you are in contact;
b) business partners:
- advertising agencies, marketing and PR agencies: which help us implement and analyze the effectiveness of our campaigns and promotional activities (e.g. MailChimp, Google - only cookie identification data for remarketing purposes, e-mail address for displaying ads in the Google program AdWords, identification information about the cookie for the purpose of analysis in the Google Analytics program; Facebook - only identification information about the cookie (cookie) for the purpose of remarketing, e-mail address for displaying ads in the Facebook Custom Audiences program);
- business partners: for example, confidential companies that may use your personal data to provide you with services and/or products that you have requested and/or deliver marketing material (provided that you have consented to receive such material).
- external IT service providers, accounting services, law firms, etc.
c) other third parties in connection with the following procedures:
- when required by law, at the request of authorities, court decisions, legal proceedings, obligations to report and inform competent authorities, etc.
- verifying or controlling our compliance with rules and agreements
- protection of the rights, property or safety of the company and/or its clients
- in connection with corporate transactions: in the context of the transfer or sale of all or part of the business or otherwise in connection with a merger, consolidation, change in control, reorganization or liquidation of all or part of the company's business
Please note that the recipients listed in points b) and c) of this document, in particular service providers who may offer you products and services within the scope of providing our services or applications or through their own channels, may separately collect your personal data. In that case, those users are solely responsible for monitoring that personal data and your relationship with those users is subject to their terms.
Use of social media
If you log into our online store from social networks (for example using your Facebook account), we will record your personal data available on those social media, and your use of those media means that you expressly agree to the transfer of your personal data.
We will record only the personal data that we ask for when opening a user account, namely first and last name, e-mail address, telephone, postal address, city and country.
Transfers outside the European Economic Area
Your personal data may be transferred to users located outside the European Economic Area (EEA) and may be processed by our company and those users outside the EEA. When transferring personal data to countries outside the EEA that generally do not provide the same level of data protection as the EEA, we implement appropriate special measures to ensure an adequate level of protection of your personal data.
You will always be notified if your personal data is transferred outside the EEA by a separate privacy notice that will be included in certain services (together with communication services), e-news, reminders, surveys, offers, invitations to events, etc.
Your options and rights
We want to be as transparent as possible, so we offer you the option of choosing how you want us to use your personal data.
- Your options for choosing how to be contacted
Various options are available to choose the way you want us to contact you or through which channel (for example, e-mail, mail, social media, telephone, ...), for which purpose.
- Your personal data
You can always contact us via the contact e-mail for the protection of personal data if you want to find out which of your personal data we process and the source of this data.
If you find an error in your personal data or if it seems to you that the data is not complete or correct, you can request a correction or amendment.
- Restriction of processing
You have the right to request the restriction of the processing of your personal data (for example while the accuracy of your personal data is being checked).
- Your objections
You can object to the processing of your personal data for direct marketing purposes (if you wish, you can inform us through which channel and how often you want us to contact you) or to your personal data being forwarded to third parties for this purpose.
Refusal of consent to the processing of personal data does not entail negative consequences or sanctions and is completely voluntary. However, there is a possibility that after canceling consent to the processing of personal data, we will not be able to provide the user with one or more of our services that cannot be provided without the use of personal data.
In addition, you can ask us to delete all your personal data (except in certain cases, eg for the purposes of proving a transaction or if it is necessary to comply with legal regulations).
You have the right to file a complaint with the supervisory authority.
The provisions of these rules supplement and do not cancel the legislative provisions in the field of personal data protection. In case of inconsistency between the provisions of these rules and legislative provisions in the field of personal data protection, the legislative provisions shall apply.
We may change these rules at any time. In this case, we will warn you and invite you to read the latest version of the policy again.
Definitions of terms
(a) Data controller means the organization that determines the purpose and means of processing your personal data.
(b) Data processor means a person or organization that processes personal data on behalf of the controller.
(c) EEA means the European Economic Area (includes the member states of the European Union and Iceland, Norway and Liechtenstein.
(d) Personal Information is any information that directly relates to you or from which you can be identified, such as your name, telephone number, email address, Vehicle Identification Number (VIN), geolocation, etc.
(e) Processing means the collection, access and all other forms of use of your personal data.