PRIVACY AND DATA PROTECTION STATEMENT
PRIVACY AND DATA PROTECTION STATEMENT
ABOUT DATA PROTECTION
Muraplast d.o.o. (hereinafter: the Company) follows the highest standards of personal data protection and works in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.4.2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46 / EC (General Regulation on Personal Data Protection) and the Act Implementing the General Regulation on Personal Data Protection (OG 42/18) other regulations and guidelines.
Considering business and technological changes and accordingly necessarily changes in regulations and their application, we regularly follow the activities and recommendations of European and national authorities on personal data protection.
The controller is Muraplast d.o.o. based in Kotoriba, Sajmišna 16, OIB: 16893266699.
- Tel.: +385 40 683 200
- Mail: email@example.com
DATA PROTECTION OFFICER
Personal data is any data relating to an individual, a natural person whose identity has been or can be discovered by that data. The individual whose data we collect is the Respondent.
COLLECTION OF PERSONAL DATA
We collect only the data necessary for the performance of services and business needs, respecting the principles of reducing the amount of data we process, legality, fairness and transparency.
We collect data from Respondents who may be employees, websites visitors, job candidates, our services users, office visitors and so on.
The legal basis for the data collection is a legal obligation, the fulfillment of contractual obligations, a legitimate interest or consent.
We collect data directly from the Respondents, and which data we collect depends on the purpose of personal data processing. These can be: name and surname, address, personal identification number, data required for transactions, contact details such as e-mail, etc.
We collect some data automatically, and such data may be:
- IP address in case of data collection via cookies, location, operating system, mobile network data
- Information about using the Company’s services which we use in order to identify changes and habits of use and the needs of the Respondents so that we can improve them.
PROCESSING OF PERSONAL DATA BY VIDEO SURVEILLANCE
We use video surveillance to protect people and property. The legal basis in this case is our legitimate interest.
The videos collected by video surveillance can be accessed only by authorized persons and we use them only for the protection of persons and property.
All areas covered by video surveillance are marked in accordance with the GDPR, which means:
- A video surveillance notice with a suitable camera image is always highlighted
- An object, room or outdoor area covered by video surveillance is marked
- The notice is always located before the perimeter covered by video surveillance
- Muraplast d.o.o. as controller and contact information through which the respondent can exercise his rights is always highlighted on the notice of video surveillance
- The notice about the implementation of video surveillance also contains information about where other information on the processing of personal data can be found
Personal hygiene, rest and changing rooms are not covered by video surveillance. Also, we do not take video surveillance of other people properties or public areas.
Visitors and employees will always be informed in advance in an appropriate way about the video surveillance.
State authorities also have access to data collected through video surveillance within their scope determined by law.
In case of video surveillance, we have an automated system for monitoring access to recordings that contains the place and time of access and the identification of the person who accessed the data.
Recordings collected by video surveillance are kept for 2 months, except in cases when they are evidence in court, administrative, arbitration or other proceedings or a longer retention period is prescribed by another law.
SHARING OF PERSONAL DATA
We don’t sell personal data and do not submit them to unauthorized persons.
We only share data if it is necessary for the bussines purposes or providing services.
Company’s authorized employees may have access to data for business purposes and for the performance of their work tasks. For example, lawyers, administrators or other employees for the purpose of drawing up employment contracts, calculating salaries etc.
We also share data with partners only for business purposes. For example, with bookkeeping services for the purpose of calculating and paying salaries; providers of information and communication solutions etc. When we share data with partners, we expect the same level of personal data protection. According to that we regulate data protection issues by appropriately contracting data protection obligations.
We data in accordance with applicable legal regulations with authorities such as FINA, the tax administration, the Croatian Pension Insurance Institute, the Croatian Health Insurance Institute, the Croatian Employment Service, law enforcement agencies and others.
PERIOD OF STORAGE OF PERSONAL DATA
The period of storing personal data depends on case to case. After the end of the collection purpose, we keep the data depending on the legal deadline for keeping data or other needs. For example, we keep work documentation for analytical purposes permanently, data collected via cookies depends on the purpose and type of cookies and so on. All mail correspondence we keep permanently for the purpose of proving contractual relations and other business needs.
About this period of data storage each respondent can contact us via e – mail.
We store data in electronic and / or physical form. In the case of electronic storage of personal data, we use secure methods and storage locations. Access is granted only to authorized employees who use their own passwords. For the physical storage of documents, we use protected premises and storage places to which only authorized employees have access.
RESPONDENTS ‘RIGHTS AND MANNER OF EXERCISING RIGHTS
When collecting personal data we provide respondents with all the following information:
- Identity and contact details of our Company and it’s representatives
- Contact details of data protection officer
- Purposes of processing, and legal basis for processing
- Legitimate interest if processing is based on it
- Recipients or categories of recipients of personal data
- Intention to transfer personal data to a third country or international organization and any consequences of such transfer
- Retention period of collected data or criteria for establishing that period
- The right to request access to personal data
- The right to correction or deletion of personal data or to limit data related to respondent
- The right to object processing
- The right to obtain the correction of inaccurate data related to respondent or to amend incomplete data
The respondent can contact us at any time via the e-mail addresses in order to get insight into all information about the processing of their personal data.
You always have the right to request the deletion of personal data and we will comply with your request if at least one of the following conditions is met:
- Personal dana is no longer necessary for the processing purposes
- The respondent withdraws the consent for processing and there is no other legal basis
- Respondent objects the processing of non – related data and there is no stronger legitimate interest for processing, and if there is the company must be able to prove it
- Respondent objects on processing for direct marketing
- Data must be deleted in accordance with legal obligation
- Data were collected in connection with the offer of the our services provided directly to a child
Anyone who thinks that his or hers rights were violated according to GDPR can apply to Data protection agency for the determination of the infringement.
We collect and process personal data in a way that ensures adequate security and confidentiality in their processing and enables the effective application of data protection principles, reducing the amount of data, the scope of their processing, retention period and their availability. We take all appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, access or access to data.
We implement technical and organizational measures such as:
- Anonymization and encryption of personal data
- We adopt internal acts regulating the protection of personal data, and these acts can be: Information security policu, contractual clauses as part of contracts, separate contracts, confidentiality statements and so on
- We are securing work equipment such as computers with passwords and restricting access rights
- We regularly upgrade programs and operating systems and install antivirus programs
- We back up data, install firewalls and other backup measures
- We ensure adequate protection of physical documents containing personal data by storing them in secure premises and key cabinets to which only authorized persons have access
- Access to personal data is allowed only to authorized persons
INCIDENT HANDELING (DATA BREACH)
In accordance with the regulations, in the event of a personal data breach, we are obliged to inform the Personal Data Protection Agency without delay, and no later than 72 hours after learning of the breach.
If there is a high risk to the rights and freedoms of the individual, then we will inform the Respondents to whom the violation relates. However, we do not have this obligation if we have taken the necessary measures to make such information incomprehensible to unauthorized persons. Such measures are encryption, anonymization and similar measures, and we prevent further danger to the rights of the Respondents.
AUTOMATED PROCESSING OF PERSONAL DATA
ACCURACY AND UPDATE OF PERSONAL DATA
We believe in the accuracy, truthfulness and up-to-date of the personal data of all Respondents, and you can always contact us via the listed contacts to check, correct or supplement them. We are not responsible for incomplete, untrue or inaccurate data whose deficiencies we have not been warned about in writing.
DATA TRANSFER TO THIRD COUNTRIES
All countries outside the European Union are considered third countries.
All transfers of personal data processed in a third country or intended for processing after transfer to a third country or international organization are possible if the controller and executor comply with the provisions of Chapter V of the GDPR, as well as for further transfers to third countries or international organizations.
In accordance with dynamics of changes in the protection of personal data as well as the development of technology and business, we regularly monitor the information on the official websites of the European Commission and the national supervisory authority regarding such transfers.
We use the site to collect information by setting cookies. This data could be IP address, ID data set via cookies and similar. Such data is transferred to third countries, and some of them do not comply with the level of personal data protection in accordance with the requirements of the European Union.
Among the most important, we emphasize the transfer of data to the United States, which stipulates in its national laws that data is submitted to intelligence services, and within its borders does not provide the same protection for foreigners. Therefore, compliance with the Regulation is not possible without additional security measures.
In order to ensure the highest possible data protection in these circumstances, we take technical and other measures. We are guided by the Guidelines of the European Commission which state Art. 49 of the GDPR, which contains provisions on derogations for special situations. Here, we especially mention consent as a key tool by which Respondents can directly influence such processing. However, it should be emphasized that it is possible that without such consent, some functions will not be optimal or even possible.
For consent to be valid, it must be explicit (flagged, not presumed), voluntary, based on clear information about the risks and to whom the data are transmitted, the purposes of the transfer and what data are processed.
When processing is based on consent, we must always be able to prove that consent was given in the manner described.
Consent must be given by clear affirmative action and pre-defined statements, ticked boxes, silence and similar are not valid consent.
Every respondent has the right to withdraw his or her consent at any time in the same simple way as he or she gave it. Withdrawal of consent does not affect the lawfulness of the processing of personal data on the basis of previously given consent to withdrawal.
Considering that we take care of regulations and personal data, in accordance with the General Regulation on Personal Data Protection (EU 2016/679), the Electronic Communications Act (OG 73/08, 90/11, 133/12, 80 / 13, 71/14, 72/17), guidelines and other regulations of the European Union and national laws, we make this Cookie statement.
The purpose of the statement is to inform our clients and other site visitors about how to use our site and the purposes and functions of cookies that we can set for regular use of the Website and optimize their content.
This statement applies to our website www.muraplast.com managed by Muraplast d.o.o.
Cookies are small electronic textual information that a website sends to a visitor’s browser, and are stored on the visitor’s hard drive to make the page work or enable additional features.
Cookies allows visitors to have a better user experience.
Cookies are set and activated immediately when the page is activated, and if you want to disable them, you can do so directly on our website or through the browser you use. You can exclude some or all cookies, except the necessary ones. It should be noted that there is a possibility that in the case of turning off cookies, some functions will not be optimal or will not work at all.
TYPES OF COOKIES
There are several types of cookies that allow different functions and they differ according to duration, source or purposes of processing.
Cookies by duration:
– Temporary – they are set when the page is opened and last as long as it is used (during the session), and are removed immediately after the page is closed. They collect insensitive data.
– Permanent – remain stored even after using the site for a certain time. The storage time depends on the type of cookie. With persistent cookies, the browser remembers passwords, language settings, login information and the like.
Cookies by source:
– First-party cookies – they are set only from our website and only remember the data for the use of our website. They can be installed temporarily or permanently. We do not share the data collected in this way with anyone.
– Third-party cookies – they are set from other sites and their purpose is for other sites to have an insight into how the Internet is used. They are placed for advertising purposes and so on.
Cookies by function:
– Technical (necessary) cookies – they are used for the proper functioning of the site and are exempt from seeking consent because they do not process any personal data and are active only during the use of the site. They are automatically removed immediately after closing the site. These are first-party cookies.
– Functional cookies – improve the functionality of the site and process some personal data. This way we can keep track of which features you have used and set up while using the site. The data collected by these cookies can be selected languages and similar data. Visitors to the site can enable or disable such cookies in the menu we offer on the home page.
– Marketing cookies – they are set in order to track the preferences of users, their interests and habits, and it is possible to display targeted ads. These are third-party cookies and are used by advertisers. The data collected in this way can be: IP address, location, search pages, etc. To set such cookies requires the consent of the user, and for this purpose users can turn cookies on or off in the menu on our site.
WHICH COOKIES ARE USED BY MURAPLAST
Muraplast uses the following cookies:
- Necessary cookies
- Functional cookies
- Analytical cookies
- Marketing cookies
Cookies are used as described above.
Some cookies are used as first-party cookies, and sometimes we share them with third-partIes by collecting third-party cookies.
It is important to note that each site visitor can choose which cookies to allow, other than the necessary ones, which are excluded from seeking consent. We aim to keep every visitor informed in a timely and accurate manner so that they can make the right and independent decision on whether to allow certain cookies, just some or not at all. On our home page we provide visitors with a choice with basic information and instructions on where to find more information. Also, visitors to our site can always contact us via the listed email addresses.
Your personal data collected via cookies may be shared with social networks, email services, analytics services, advertisers and the like.
We don’t sell your personal data.
We also share data in the case of legal obligations to judicial and other authorities for the purpose of detecting criminal offenses or other similar purposes, and in accordance with the law.
DATA TRANSFER TO THIRD COUNTRIES
It is very likely that we transfer personal data such as IP addresses, IDs set by analytics cookies and so on, to third countries as we use Google Analytics. In this regard, it is important to say that the United States requires its national laws to provide information to the competent intelligence authorities and thus does not provide the same level of personal data protection and compliance with the GDPR is not possible without additional protection measures.
That is why we follow the guidelines and opinions of the European Commission regarding the available possibilities for personal data protection, and we refer to Art. 49 of Chapter V of the GDPR on derogations for special situations. That is the reason we warn here of the importance of consent of site visitors, without which some functions will not be optimal or even possible.
In order for consent to be valid, it must be explicit (not pre-defined or labeled), you must give it voluntarily and based on the risk data and to whom the data is provided, so that you can make a clear and informed decision or consent. You are equally able to withdraw it.
QUESTIONS AND COMPLAINTS
If you have any questions or complaints regarding the processing of personal data or wish to exercise any of your rights under the GDPR, please contact us via the email addresses provided.
COOKIE STATEMENT CHANGES