Java Promet Logo

Privacy policy

The protection of personal data is very important on the Java promet d.o.o. website. Use of the website Java promet d.o.o. it is also possible without providing personal data, however, if the subject wants to use some of the services of this website, the processing of personal data may be necessary. If data processing is necessary, but there is no legal basis for it, the data subject will always be asked for consent.

The processing of personal data such as the name, surname, address, email address or telephone number of the subject will always be in accordance with the GDPR and the legal regulations of the member state applicable to the Java promet d.o.o. website. Through these Privacy Policy, we want to inform the public about the nature, scope and purpose of personal data that we collect and process. Furthermore, we would like to inform subjects about their rights.

As a data processing manager, the website Java promet d.o.o. has incorporated a number of technical and organizational measures to ensure the complete protection of personal data that is processed. However, data transmission via the Internet can theoretically have security flaws, so 100% protection cannot always be guaranteed. For this reason, each subject can submit personal data by alternative methods, for example by telephone call.

1. DEFINITIONS

Privacy Policy of the website Java promet d.o.o. are based on terms used by the EU Legislation when drafting and accepting the GDPR. The Privacy Policy is legible and understandable to the general public, as well as to our clients and business partners. To ensure this, we will first explain the terminology used.

In this Privacy Policy, we use, among others, the following terms:

a) Personal data

Personal data is any data relating to any identified natural person (“data subject”). An identified person is one who can be identified, directly or indirectly, by name and surname, identification number, location data, online identifiers such as physical, psychological, genetic, mental, economic, cultural or social identity of a person.

b) Subject

The subject is any person whose identity has been determined or can be determined, and whose personal data is subject to processing by the data controller in charge of personal data processing.

c) Processing

Processing is any process or set of processes applicable to personal data, whether automated processes such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, review, use, disclosure by transmission, dissemination or posting for disposal, settlement, limitation, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling is any method of automated processing of personal data consisting of the use of personal data to determine the personal preferences of a person, more precisely to analyze and overlook aspects of performance at work, economic situation, health, personal preferences, interests, reliability, behavior , location and movement of each individual person.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that characteristics can no longer be assigned to the subject without the use of additional data that is collected in such a way that it is separate, and measures of a technical and organizational nature can be applied to them that ensure that the data cannot be applied to any person whose identity has been determined or can be determined.

g) The manager of personal data processing or the person in charge as the manager of personal data processing

The manager of personal data processing or the person in charge as the manager of personal data processing is any person, public institution, agency or other body that alone or in cooperation with others determines the purpose and method of personal data processing; in places where the purpose and method of processing personal data is regulated by the legislation of an EU member state, the criteria for the selection of the data controller will be under the jurisdiction of the legislation of the EU member state.

h) Executor of personal data processing

The processor of personal data is a natural or legal person, public institution, agency or other body that processes personal data on behalf of the manager of personal data processing.

i) Recipient

The recipient is a natural or legal person, public institution, agency or other body to which personal data has been provided, whether it is a third party or not. However, government bodies that receive personal data through a specific inquiry that complies with EU or member state law will not be considered recipients; the processing of personal data by these government bodies will be in accordance with applicable regulations related to the purpose of data processing.

j) Third party

A third party is a natural or legal person, public institution, agency or other body, who are not the data subject, data controller or processor, and who are authorized to process personal data of the data subject with the direct permission of the data controller or data processor.

k) Consent

Consent of the data subject is any precisely defined, informed and unambiguous indication of the data subject’s desire by which he or she expresses consent to the processing of personal data related to him or her through a statement or a clear affirmative action.

2. NAME, SURNAME AND ADDRESS OF PERSONAL DATA PROCESSING MANAGER

The manager of personal data processing according to the GDPR or other laws concerning the protection of personal data applicable in EU member states is:

Branko Smiljanić
Ulica Nikole Jurišića 19/I
10000 Zagreb
Hrvatska
Broj telefona: +385 1 481 77 95
Email: [email protected]
Website: www.javapromet.hr

3. COOKIES

Website Java promet d.o.o. uses cookies. Cookies are text files that the browser saves on the computer system.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. Cookie ID is a unique cookie identifier. It consists of a series of characters that websites and servers can assign to the specific browser in which the cookie is stored. This gives the visited websites and servers the ability to distinguish individual browsers from other browsers that have different cookies. An individual browser can be identified by means of a unique cookie ID.

Through the use of cookies, the website Java promet d.o.o. provides visitors with more accessible services that would not be possible without the use of cookies.

The information and offers of the website can be optimized through cookies so that the user and his user experience come first. As previously stated, cookies enable us to recognize website users. The purpose of this is to make it easier for the user to use the website. For example, a user who uses cookies does not have to enter access data every time he accesses the website, because this process is taken over by the website that places the cookie on the computer system. Another example of the use of cookies is the shopping cart in the web shop. The web store remembers the items that the user placed in the shopping cart via cookies.

The subject can prevent the placement of cookies at any time by editing the settings of the browser he is using, and thus can permanently disable the placement of cookies. Furthermore, already set cookies can be removed at any time via any browser. However, if the subject deactivates the setting of cookies in his browser, he will not be able to use all the functions of the website.

4. COLLECTION OF GENERAL DATA AND INFORMATION

Website Java promet d.o.o. collects general data and information when the subject or an automated system accesses the website. These general data and information are then saved on the server in the form of log files. We collect (1) browser type and its version, (2) operating system, (3) website from which the website is accessed (so-called referrers), (4) subpage, (5) date and time of accessing the website, (6) are collected. IP address, (/) Internet service provider and (8) other similar data and information that can be used in the event of an attack on the information system.

When using these general data and information, we do not draw any conclusions about the subject. Rather, this information is necessary to (1) deliver website content correctly, (2) optimize website content and its marketing, (3) ensure the long-term viability of the system and website, (4) provide necessary assistance to government authorities in in case of criminal prosecution due to cyber-attack. Therefore, the website Java promet d.o.o. analyzes anonymously collected data and information statistically with the aim of increasing data protection and security, and to ensure the optimal level of protection of all collected personal data that it processes. The anonymous data of the server log files is stored separately from the personal data of the subject.

5. POSSIBILITY OF CONTACT THROUGH THE WEBSITE

Website Java promet d.o.o. contains information that enables quick contact via electronic media as well as direct communication that includes the so-called email address. If the subject contacts the manager of personal data processing via email or contact form, the transferred personal data is automatically saved. Personal data transferred voluntarily by the subject to the manager of personal data processing are automatically stored for the purpose of processing or further communication with the subject. There is no transfer of this type of personal data to a third party.

6. ROUTINE DELETING OR BLOCKING OF PERSONAL DATA

The manager of personal data processing will process and keep the personal data of the subject only for the time necessary to achieve the goals of keeping personal data, or until the deadline allowed by the EU Legislation or other legislators under the jurisdiction of the manager of personal data processing.

If the reason for saving personal data cannot be fulfilled or the retention period determined by European legislation or other competent legislators expires, the personal data of the subject will be routinely blocked or deleted in accordance with legal requirements.

7. RIGHTS OF THE DATA SUBJECT

a) The right to confirm personal data

Every subject has the right, guaranteed by European legislation, to receive confirmation from the personal data controller as to whether his or her personal data is being used or processed. If the data subject wishes to exercise this right to confirmation, he or she may contact the personal data controller at any time.

b) The right to access personal data

Every subject has the right, guaranteed by European legislation, to receive free information about their stored personal data, as well as a copy of the requested personal data, at any time from the manager of personal data processing. Furthermore, European provisions and directives enable the subject to access the following information:

  • purpose of personal data processing;
  • type of personal data requested;
  • the recipient or type of recipient with whom the personal data is shared, especially recipients from third world countries or international organizations;
  • where possible, the expected period of storage of personal data, or in case of impossibility, the criterion that determines that period;
  • the existence of the subject’s right to request the correction or deletion of personal data from the manager of personal data processing, restriction of the processing of the subject’s personal data or the subject’s right to object against the processing of personal data;
  • the existence of the right to submit an appeal to the supervisory authority;
  • if the personal data were not collected directly from the subject, available information about the source of the personal data;
  • the existence of an automated decision-making process referred to in Article 22, paragraphs 1 and 4 of the GDPR, and in this case available information on the logic of automation, as well as the importance and anticipated consequences for the subject. Furthermore, the subject has the right to be informed if his or her personal data is transferred to third countries or international organizations. In that case, the subject has the right to be informed about the security measures implemented in data transmission

If the subject wants to use this right of access, he can contact the manager of personal data processing at any time.

c) The right to correct personal data

Every subject has the right, guaranteed by European legislation, to obtain correction of inaccurate personal data at any time from the manager of personal data processing. Bearing in mind the purpose of personal data processing, the subject has the right to have his/her incomplete personal data completed, among other things, by means of a supplementary statement.

If the respondent wants to use this right to correction, he can contact the manager of personal data processing at any time.

d) Right to erasure of personal data (Right to be forgotten)

Every subject has the right, guaranteed by European legislation, to request the deletion of personal data related to the subject at any time from the manager of personal data processing without delay. The manager of personal data processing has the obligation to delete personal data without delay where at least one of the conditions is applicable, as long as the processing is not necessary:

  • Personal data are no longer necessary in terms of the purpose for which they were collected or processed.
  • The respondent has withdrawn consent to the processing of personal data based on Article 6, Paragraph 1 or Article 9, Paragraph 2 of the GDPR, and where there is no longer a legal basis for data processing.
  • The subject objects to data processing according to Article 21, Paragraph 1 of the GDPR, and there is no legal basis for data processing, or the respondent objects to data processing according to Article 21, Paragraph 2 of the GDPR.
  • Personal data were processed illegally.
  • Personal data must be deleted according to a legal obligation under the EU or the laws of the member state of which the controller of personal data is a citizen.
  • Personal data were collected in connection with the offer of information society services according to Article 8, Paragraph 1 of the GDPR. If at least one of the above-mentioned reasons is applicable, and the subject requests the deletion of personal data collected by the Java promet d.o.o. website, he or she can contact the manager of personal data processing. The manager of personal data processing shall ensure that the deletion of personal data is carried out immediately.

In places where the manager of personal data processing has allowed the publication of personal data, and according to Article 17, Paragraph 1, the deletion of said personal data is mandatory, the manager of personal data processing will take reasonable steps, including technical measures, taking into account the technical feasibility and costs of application, in order to informe other managers of personal data processing that the subject requested the deletion of all links, copies or replicas of personal data, until their processing is no longer necessary. Manager of personal data processing on the Java promet d.o.o. website. will ensure the implementation of the mentioned measures in each individual case.

e) The right to limit the processing of personal data

According to EU legislation, each subject has the guaranteed right to obtain from the personal data controller the right to limit the processing of personal data in cases where the following is applicable:

  • The accuracy of the personal data is disputed by the subject, which enables the personal data controller to verify the accuracy of the personal data.
  • The processing of personal data is illegal, and the subject objects to the deletion of personal data and instead requests the restriction of the use of said personal data.
  • The personal data controller no longer needs the personal data for processing, but the data subject needs them for the establishment, implementation or defense of legal claims.
  • The subject objected to the processing of personal data according to Article 21, Paragraph 1 of the GDPR pending verification of whether the legal grounds of the personal data processor override those of the subject.

If at least one of the above-mentioned reasons is applicable, and the subject requests the restriction of the processing of personal data collected by the website Java promet d.o.o., he or she can contact the manager of personal data processing. The manager of personal data processing will ensure the limitation of personal data processing.

f) The right of portability of personal data

Every subject under EU Legislation has a guaranteed right to receive personal data relating to him or her from the controller of personal data, in a structured, commonly used and legible format. The subject has the right to transfer said personal data to another personal data processor than the current personal data processor without any hindrance, as long as the processing of personal data is based on consent according to point A, Article 6, Paragraph 1 or point A, Article 9, Paragraph 2 of the GDPR, or by contract according to point B, Article 6, Paragraph 1 of the GDPR, and data processing is carried out automatically, as long as the data processing is not necessary for tasks of public interest or for the performance of the official duty of the data controller personal data.

Furthermore, according to the existing right of portability of personal data from Article 20, Paragraph 1 of the GDPR, the subject has the right to have his or her personal data transferred directly between personal data processors where it is technically feasible and where this procedure does not endanger the rights and freedoms of other respondents.

In order to exercise his right of portability of personal data, the subject can at any time contact the manager of personal data processing of the Java promet d.o.o. website.

g) The right to object

Every subject under EU Legislation has a guaranteed right to object based on their own situation, at any time, to the processing of personal data relating to the subject, based on points E and F of Article 6, Paragraph 1 of the GDPR. It may also apply to profiling based on this Regulation.

Website Java promet d.o.o. in case of objection, it will not continue processing personal data, except in the case when there is a serious legal basis for processing personal data, which can override the interests, rights and freedoms of the data subject, or for the establishment, implementation or defense of legal claims.

If the website Java promet d.o.o. processes personal data for marketing purposes, the subject has the right to object at any time against the processing of personal data used for these purposes. This also applies to closely related profiling for the purposes of such direct marketing. If the subject expresses an objection against the processing of personal data for the purposes of direct marketing, the website of Java promet d.o.o. will no longer process personal data of the subject for the purpose of direct marketing.

In addition, the subject has the right, based on his own situation, to object to the processing of personal data by the website Java promet d.o.o., which are used for scientific research or statistical purposes according to Article 89, Paragraph 1 of the GDPR, unless data processing necessary for the purpose of public interest.

In order to use the right to object, the subject can at any time contact the manager of personal data processing of the Java promet d.o.o. website. In addition, the subject in the context of using information society services, despite Regulation 2002/58/EC, can exercise his right to object by automated means using technical specifications.

h) Automated decision-making, including profiling

Every data subject has the guaranteed right under EU legislation not to be subject to decisions based solely on automated processing of personal data, including profiling, which may create legal or similar consequences for him or her, as long as the decision (1) is not part of an agreement between of the data subject and the personal data controller, or (2) is not permitted by the laws of the EU or individual member states that enact appropriate measures that will protect the rights, freedoms and interests of the data subject, or (3) is not based on the express consent of the data subject.

If the decision (1) is necessary for the contract between the subject and the personal data controller, or (2) is based on the express consent of the subject, the website Java promet d.o.o. will implement measures that will protect the subject’s rights, freedoms and interests, the minimum right of human intervention by the personal data manager to whom he will express his position and challenge the decision.

If the subject wants to use the rights related to automated individual decision-making, he can contact the manager of personal data processing of the website Java promet d.o.o. at any time.

i) The right to withdraw and revoke consent

Every subject has the guaranteed right under EU legislation to withdraw and/or cancel their consent to the processing of personal data at any time.

If the subject wants to use the right to withdraw and/or cancel his consent, he can contact the manager of personal data processing of the website Java promet d.o.o. at any time.

8. PRIVACY PROVISIONS RELATED TO FACEBOOK

On the website Java promet d.o.o. the controller of personal data has incorporated components of the company Facebook. Facebook is a social network.

A social network is a place of social connection on the Internet, an online community that usually allows users to interact with each other in a virtual space. The social network serves as a platform to share opinions and experiences, or to provide personal or work-related information to the Internet community. Facebook allows its users to create private profiles, upload pictures and connect through friend requests.

Facebook is owned by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the person using Facebook lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By opening any page of the Java promet d.o.o. website, which is managed by the manager of personal data processing, and on which a Facebook component (Facebook plugin) is embedded, the subject’s browser will display the corresponding Facebook component. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook was provided with information about the specific subpage visited by the subject.

If the subject is logged in to Facebook, at the same time Facebook can detect each of his views of the Java promet d.o.o. website, and which specific subpages he visited during his stay on the website. This information is collected through the Facebook component and transferred to the Facebook account of the subject. If the subject clicks on any Facebook button integrated on the Java promet d.o.o. website, e.g. the “Like” button, or if the subject sends a comment, then Facebook transfers the specified information to the subject’s personal Facebook account and thereby saves personal data.

Each time the subject is logged in to Facebook and at the same time accesses the Java promet d.o.o. website, Facebook will receive information about it through the Facebook component. This will happen regardless of whether the subject clicks on the Facebook component or not. If the subject does not want to transfer this type of information, he can prevent it by logging out of his Facebook account before accessing the Java promet d.o.o. website.

The personal data protection guidelines published by Facebook at https://facebook.com/about/privacy/ provide information on the collection, processing and use of personal data by Facebook. Also, it was explained which settings Facebook provides to protect the personal data of subjects. Likewise, various configuration options are available to disable the transfer of personal data to Facebook. The subject can use the mentioned options in order to prevent the sending of personal data.

9. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Article 6, Paragraph 1, Subparagraph A of the GDPR is the legal basis for the processing of personal data for which we have obtained consent. If the processing of personal data is necessary for the implementation of a contract to which the subject is a part, such as when the processing of personal data is necessary for the delivery of goods or services, the processing of personal data is based on Article 6, Paragraph 1, Subsection B of the GDPR. The same applies when processing personal data that is necessary to implement pre-contractual measures, for example in the case of inquiries related to products or services. If a legal or natural person is the subject of a legal obligation for which the processing of personal data is necessary, such as fulfilling tax obligations, the processing of personal data is based on Article 6, Paragraph 1, Subsection C of the GDPR. In rare cases, the processing of personal data is necessary to protect the interests of the data subject or some other natural person. For example, in the event that the respondent is injured while visiting the site of the owner of this website, personal information such as name, age, health insurance information or some other vital information will have to be forwarded to a doctor, hospital or a third party. Such data processing is based on Article 6, Paragraph 1, Subparagraph D of the GDPR. Finally, the processing of personal data can also be based on Article 6, Paragraph 1, Subparagraph F of the GDPR. This legal basis is used in personal data processing procedures when no previous legal basis is applicable, if the processing of personal data is necessary for the legitimate interests of the owner of the website Java promet d.o.o. or some third parties, except in situations where the stated interests threaten the basic rights and freedoms of the subject, and which require the protection of personal data. This kind of processing of personal data is especially allowed since it is specifically mentioned by the EU Legislation. It is envisaged that it is possible to invoke a legitimate interest if the subject is a client of the personal data processor.

10. LEGITIMATE INTERESTS OF PERSONAL DATA PROCESSOR OR THIRD PARTIES

In places where the processing of personal data is based on Article 6, Paragraph 1, Subparagraph F of the GDPR, the legitimate interest is business for the benefit of employees and/or shareholders, if these exist.

11. STORAGE PERIOD OF PERSONAL DATA

The criterion for determining the storage period of personal data is the maximum storage period determined by law. After this period, the personal data is routinely deleted, until it is no longer necessary to fulfill the contract or conclude it.

12. PROVIDING PERSONAL DATA AS A LEGAL OR CONTRACTUAL REQUIREMENT; PREREQUISITE FOR CONCLUSION OF CONTRACT; SUBJECT’S OBLIGATION TO PROVIDE PERSONAL DATA; POSSIBLE CONSEQUENCES IF PERSONAL INFORMATION IS NOT PROVIDED

We must clarify that the provision of personal data is partly prescribed by law (eg tax provisions) or may be the result of a contractual obligation (eg information about a contractual partner). Sometimes it is necessary to conclude a contract so that the subject provides personal data, which are then processed. The subject, for example, is required to provide personal data when with the owner of the website Java promet d.o.o. enters into a contract. Refusal to provide personal data will result in the impossibility of concluding a contract. Before the subject provides personal data, he will have to contact the owner of the website Java promet d.o.o.. He will then indicate to him whether the provision of personal data is legally or contractually necessary, i.e. whether it is necessary to conclude a contract, whether there is an obligation to provide personal data and finally the consequences if he refuses to provide personal data.

13. EXISTENCE OF AUTOMATED DECISION-MAKING PROCESS

As a responsible business partner, the website Java promet d.o.o. does not use an automated decision-making process, i.e. profiling.