Personal Data Protection Policy

PERSONAL DATA PROTECTION POLICY

1. GENERAL

    HADRIE D.O.O. from OZALJ, Nikole Šubića Zrinskog 29, ID: 777 064 378 90 (further in tekst: the company) takes the protection of your personal data seriously and takes all necessary technical and organizational measures to protect them in accordance with the law of the Republic of Croatia and the Europian Union, and particulary in accordance with the Law of the implementation of general regulation of the Act about data protection (NN 42/18), and Act (EU) 2016/679 European Parliament and the Council from date 27. April, year 2016. about the protection of the individuals according to the proccessing of personal data and on the free movement of such data.

    This privacy policy describes which personal data we collect and on what basis, for what purposes we use it, how we protect it from unauthorized acces, and your rights in relation to this data.

    The processing manager of personal data is the company HADRIE D.O.O. from OZALJ, Nikola Šubća Zrinskog 29, ID: 777 064 378 90.

    The personal data protection manager of the Company is: Wanda Svrakić.

    The contact you can send to your inquiries is:

    Address: OZALJ, Nikola Šubća Zrinskog 29, ID: 777 064 378 90.

    Email: ana.zabcic@hs-produkt.hr

    2. PERSONAL DATA PROTECTION

      Personal data is every information related to a person who is identified or can be identified; an identifiable person is a person whose identity can be determined directly or indirectly, especially on the basis of an identification number or one or more characteristics specified to his physical, psychological, mental, economic, cultural or social identity.

      The data controller, in accordance with the purposes listed below and privacy policy, collects the following personal data:

      • Bacic information about the person (name and surname, address, date of birth, location);
      • Contact information and information about your communication with the data controller (e-mail address, phone number, date, time and content of the email communication, date time and duration of the phone calls)
      • Data of the person s use of the controller s website (dates and times of website visits, pages visited (URL), time spent on individual pages, number of pages visited, total time spent visisting the website, actions on the website) and usage date received messages (email, SMS) from the controller
      • Data from voluntarry filled out forms by person
      • Other data that the person voluntarily provides to the provider when requesting certain services for which data is needed

      3. PURPOSE OF THE PROCESSING AND LEGAL BASIS FOR THE PROCESSING PERSONAL DATA

      The specific purpose and methods of the processing your personal data largely depend on the type of the relationship on the basis of which we collect your data.

      In our activities, we are guided by the fundamental principles of personala data protection, which means that we process data legally, transparently and fairly, and that the processing is limited only to the purpose for which the data was collected, and that only those data that are necessary for that purpose are processed. We store your personal data only as long as it is necessary to achieve the purpose of the processing, except in the case when we are bound by certain regulations to store personal data for a longer period of time; in the case when our legitimate interests require it (for example: to establish, to fullfill or protect legal claims.).

      Accuracy, reliability, confidentiality and completeness of your personal data are also the pronciples that guide us during processing.

      Only authorized persons have acess to your personal adata.

      The company, as the manager of personal data processing, protects your privacy and processes only those personal data that are necessary and that are obtained as part of its activity, whether the data is obtained from you, by third parties or publicity available sources, for the following purposes:

      • Execution of contractual obligations – when processing is necessary for the execution of a contract to which you are a party or for taking actions at your request before concluding a contract
      • Satisfaction of legitimate interests – when it is necessary, we process personala data outside of the concrete contractual relationship, in order to satisfy out legitimate interests. For example, such as legitimate interests can be: registration and deregistration of guests to competent authorities and institutions, conducting court proceedings and keeping records of them, protection of persons and property, responding to your inquiries and comments
      • Fulfilling your requests and enabling the exercise of your rights
      • Necessary compliance with the legal obligations
      • Processing of personal data for a special purpose or several special purposes described in the consent, only after we receive your consent for the processing of personal data for a specific purpose. Your consent is in accordance with the relevant provisions of the Regulation, it is unconditional and given freely. You also reserve the right to revoke your consent at any time.

      4. FREEDOM OF CHOICE

      You decide about the personal data you provide to the data contoller. However, if you decide not to provide data that is necessary for the realization of one of your requests, the data controller will not be able to comply with your request.


        5. TEMORARY STORAGE OF PERSONAL DATA

        The controller will keep your personal data as long as it is necessayry to achieve the purpose for which the personal data are collected and processed.

        All personal data processed by the data controller on the basis of the law shall be kept by the data controller for a period specified by law.

        All personal data processed by the data controller for the performance of the contractual relationship with the data subject shall be kept by the data controller for the period of time required for the execution of the contract and for another 5 years after the termination of the contract, unless there is a dispute between you and the data controller regarding to contract, then the data controller keeps the data for 5 years after the final court verdict or settlement, and in the event that there is no court dispute, the data controller keeps the data for 5 years after the date of peaceful resolution of the dispute.

        All personal data that controller processes on the basis of the consent of the data subject or legitimate interest, the data controller keeps permanently until the consent is withdrawn by the subject i.e. untill the processing termination request. The data controller delets this data before withdrawing consent from the data subject only if the purpose of personal data processing has been achieved or if it is stipulated by law.

          6. SECURITY OF PERSONAL DATA

          The data contoller takes all necessary (technical and physical) measures to ensure the security of your personal data. Your data is protected against loss, falsification, manipulation, unauthorized acces and unathorized disclosure at all times.

          Manual records of personal data are kept in registers, in locked cupboards, while personal data that are in electronic record format on personal computers and servers are protected by encryption and protection systems (firewall, antivirus program).


            7. FORWARDING OF PERSONAL DATA

            The controller will forward your personal data to third parties only in cases where he is obliged to do so by law or other regulation (Croatian Pension System, Croatian Employment System, Tax Administration, Ministery of interior afairs and other competent authorities.

            The controller may also antrust your personal data to the IT system maintainer, who may process the data exclusively on behalf of and within the limits of the controller s authorization and in accordance with this personal data protection policy.


              8. INTERNET AND WEBSITE

              CONFIDENTIALITY OF DATA

              We want to make it clear that while visiting the company s website at: http://www.hadrie.hr/ your personal information remains confidential, unless you want to disclose it voluntarily. We undertake not to disclose the data we have received to other parties, exept in the cases mentioned in the previous chapter.

              SERVER STATISTICS

              Our global network server uses statistical software. These programs are a standard feature of all internet servers and are not unique to our sites. Such statistical programs allow us to adjust our pages in such a way that they are as efficient and simple as possible for our visitors (determining the data that most or least interests our users, adjusting the pages for individual Internet browsers, the effectivness of the structure of our location and the number of visits to our pages.)

              USE OF COOKIES (COOKIES)

              In order to faciliate the browsing of our internet pages, our global network server uses cookies. These are very small text files that the server places on the user s computer for the purpose of monitoring the selection of certain language variants of our pages, as well as when entering parts of the pages that require the entry of a username and pasword. Cookies cannot be used to run programs or install viruses on your computer. The cookies that our internet server sets are automatically deleted from your computer at the end of the session i.e. the moment you leave our pages. Viewing our pages is also possible without the use of cookies, if your internet browser is set to do so.

              EMAIL MESSAGE

              When you send us electronic meil (e-mail) with personal data that can be used to identify you, either through an e-mail with a registration of stay, with an inquery or a comment, or with a form that you submit to us by e-mail, we use this data exclusively for the purpose and to the extent necessary to fulfill your requests.

                9. VIDEO SURVEILLANCCE

                The contoller, solely for the purpose of the protecting his property, carries out video surveillance of the following buildings in his ownership: VILLAS HADRIE at the adress: Uvala Rova (nbr. 15,17, 33/1,33/2,33/3, 29, 29A, 29B, 29C), 51511 ZIDARIĆI ass well at the address: Puntarska ulica (nbr. 14 and 15).

                10. RIGHT OF RESPONDENTS

                1. The right to withdraw consent: if you have given consent for the processing of your personal data, you have the right to withdraw the consent, provided that the withdrawal of consent does not affect the lagality of the processing before its withdrawal; withdrawal of consent does not result in any negative consequences for the respondent, however, it is possible that, after withdrawal of consent for the processing of data that is necessary for achieving one of your rights, you will no longer be able to achieve a certain right;
                • The right to acess personal data: you have the right to receive confirmation from the controller as well to recieve confirmation from the controller as to whether your personal data is being processed and when it is being processed, acess to personal data and the following information:

                purpose of processing , category of personal data, forwarding of data, time of data retention or criteria for determining the same, the existence of the right to correct or delete personal data, the right to limit processing, the right to object to processing, the right to complain to a supervisory authority, the source of data ( if the data was not collected from you);

                • The right to correct the personal data: you have the right, without delay, to obtain from the data controller the correction of incorrect personal data relating to you, as well as to complete uncomplete data;
                • The rigt to delete personal data („right to be forgotten“): you have the right, without undue delay, to obtain from the controller the reasure of your personal data, if one of the following conditiones is met:
                • The data are no longer necessary in relation to the purposes for which they were collected or to others way processed;
                • If you withdraw the consent on which the processing is based, and there is no other legal basis for processing
                • If you file an objection to the processing and there are no stronger legitimate reasons for processing:
                • Personal data were illegally processed
                • Personal data must be deleted in order to comply with a legal obligation under Union Law or the Law of a Member state which the data controller is subject;

                Except to the extent that processing is necessary:

                • In order to achieve the right to freedom of expression and information;
                • In order to comply with a legal obligation that requieres processing under the Law of the Union or a member state to which the contoller is subject, or for the performance of a task of public interest or when exercising the official authority of the contoller;
                • For archiving purposes in the public interest, for scientific or historical purposes research or for statistical purposes to the extent that is likely that the right to deletion may take it impossible or seriously jepardize the achievement of the goals of that processing;
                • In order to establish, realize or defend legal claims;
                • The right to restriction of processing: you have the right to obtain restiction of processing from the controller if one of thr following is met:
                • If you dispute the accuracy of personal data, for the period during which the controller is alloewd to verify the accuracy of personal data
                • The processing is illegal, and you object to the deletion of personal data and instead request the restriction of their use;
                • The data controller no longer needs personal data for processing purposes, but you request them in order to establish, fulfill or defend legal claims;
                • You have filed an objection to the processing based on Artivle 21. paragraph 1 of the General Data Protection Regulation, awaiting confirmation as to whether to legitimate reasons of the data controller exceed your reasons;
                • The right to data portability: you have the right to receive personal data relating to you that you have provided to the data controller in a structured, commonly used and machine-readable data to another data controller without interference from the data controller to whom it is personal data provided, if the processing is based on consent or on a contract and if the processing is carried out by authomated means; when achieving this right, you have the right to a direct transfer from one data controller to another if this is technically feasible; this right does not apply to processing necessary for the performance of a task of public interest or in the exercice of official authority granted to the controller, and must not negatively affect the rights and freedoms of others;
                • The right to complaint:
                • If the processing of personal data is necessary for the performance of a task in the public interest or in the exercise of the official authority of the data controller, and when the processing is necessary for the legitimate interests of the data controller or a third party, you have the right, based on your particular situation, to object at any time to processing of personal data relating to you; if you file such an objection, the data controller may no longer process your personal data unless it proves that there are compelling legitimate reasons for the processing that go beyond your interests, rights and freedoms or to establish, excercise or defend legal claims;
                • If personal data is processed for the purpose of scientific or historical research or for statistical puproses, you have the right, based on your particular situation, at any time to object to the processing of personal data relating to you, unless the processing is necessary for the performance of the task performs for public interest: necesary for the performance of a task performed for reasons of public interests;
                • The right to complain to a supervisory authority:

                You have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you have your habitual residence, in which your place of work or the place of the alleged infingement, if you believe that the processing of personal data relating to you infringes the General Reulation on data protection; in the country where you reside work or where the breach allegedly occured, if you believe that the processing of personal data relating to you violates the rules on the protection of personal data;

                • The right to an efective legal remedy against the supervisory body: you have the right to an effective legal remedy against a legally binding decision of the supervisory body that applies to you as well as in the event that the competent supervisory body does not resolve the complaint or does not inform you of the progress within three months or the outcome of the submitted complaint.

                All questions and requests related to achieving your rights in connection with the personal data can be sent to the address: HADRIE D.O.O. OZALJ, NIKOLE ŠUBIĆA ZRINSKOG 29, n.p. Personal data protection officer or to the e-mail address: ana.zabcic@hs-produkt.hr

                For the purposes of reliable identification of the respond when achieving rights related to personal data, the controller may request the provision of additional information, and in the event that the respondent cannot be reliably identified, may refuse to act on the request.

                11. NOTIFICATION OF PERSONAL DATA VIOLATION

                In the event of personal data violation, the data controller is obliged to report this to the supervisory authority (Personal Data Protection Agency), unless it is likely that the personal data violation will cause a risk to the rights and freedoms of the individual.

                In the event of a violation of personal data that is likely to cause a high risk for the rights and freedoms of an individual, the data controller is obliged to inform the data subject, unless he has taken appropriate technical and organizational protection measures ( (encryption) or has taken subsequent measures to ensure that it is no longer likely that there will be a high risk to the rights and freedoms of the data subjects or that this would require a disporportionate effort (in the latter case there must be public notification or a similar measure that informs the data subjects in an equually effective way).

                12. ANNOUNCEMENT OF CHANGES

                Any changes to the Personal Data Protection Policy will be published on the company s website. By using the website, you confirm that you accept and agree with entire content of this Personal Data Protection Policy.

                Hadrie

                Vile HADRIE, Uvala Rova 15
                51511 Malinska, Krk

                +385 91 606 4970

                booking@hadrie.hr

                Made with Apartmanica