GDPR

General principles

Piel d.o.o. is a data controller pursuant to Article 4(1)(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Piel d.o.o. takes the protection of personal data seriously and guarantees the confidentiality of personal data of all data subjects, which it will collect only to the extent necessary to exercise the rights and obligations of the data subjects, and will take all necessary technical and organizational measures to protect data from destruction, loss, unauthorized changes and any other misuse.

This Personal Data Protection Policy contains the principles of personal data processing and information on the identity and contact details of the data controller, the contact details of the Data Protection Officer, what personal data Piel d.o.o. collects, how it processes it, for what purposes it uses it, and the rights of data subjects in relation to the processing of personal data.

Principles of Personal Data Processing

This Personal Data Protection Policy explains what personal data is collected in connection with the provision of our services and products, how we process, use and store this data, for what purposes we use it, as well as your rights related to this personal data.

Piel d.o.o. takes all necessary technical and organizational measures in accordance with best practice and obligations prescribed by Croatian law and the General Data Protection Regulation (EC 2016/679) – GDPR regarding the protection of personal data.

Piel d.o.o. manages its information system in accordance with applicable standards, and we regularly educate and inform users about the importance of information security and personal data protection.

In our business, we are guided by the fundamental principles of personal data protection, which means that we process data lawfully, transparently and fairly and that processing is limited only to the purpose for which the data was collected and that only those data that are necessary for that purpose are processed. We store your personal data only for as long as necessary to achieve the purpose of the processing, except in cases where we are required by certain regulations to store personal data for a longer period, or in cases where our legitimate interests so require (for example, for the establishment, exercise or protection of legal claims). Access to your personal data is only available to authorized persons of Piel d.o.o. and processors who process personal data on behalf of the Company.

What personal data do we process and for what purpose?

We process necessary personal data such as name and surname, address, OIB, date of birth, telephone number, email address, information arising from the type of contractual relationship, etc. We also process personal data that you make available to us in connection with the exercise of certain rights arising from our activities, such as information from an identity card, signing or representation authority, certificates of ownership, etc. We also process other personal data about our employees arising from the exercise of rights and obligations related to the employment relationship. The specific purpose and methods of processing your personal data largely depend on the type of business relationship on the basis of which we collect your data.

We protect your privacy and process only those personal data that are necessary for us and that are obtained as part of our business activities, whether the data is obtained from you, from third parties or from publicly available sources, and for the following purposes:

a) performance of contractual obligations – when processing is necessary for the performance of a contract to which you are a party or to take action at your request prior to entering into a contract

b) satisfaction of legitimate interests – when necessary, we process personal data outside of a specific contractual relationship, and in order to satisfy our legitimate interests. For example, such legitimate interest may be:
conducting legal proceedings and keeping records of them

detecting perpetrators of criminal acts and preventing fraud

protecting persons and property

responding to your inquiries and comments

c) necessary compliance with legal obligations

d) processing personal data for a specific purpose or multiple specific purposes described in the consent, only after we have received your consent to process personal data for a specific purpose. Your consent is in accordance with the relevant provisions of the Regulation, is unconditional and freely given. You also retain the right to withdraw your consent at any time.

If we process your personal data for purposes not described here or outside the purpose for which you have given your consent, we will provide you with information about that other purpose and any other relevant information about the processing prior to such processing.

Personal data retention period

Piel d.o.o. will retain personal data only for as long as necessary to fulfill a contractual or legal obligation or legitimate interest, except in the case of processing personal data based on consent, when the processing ceases at the moment of withdrawal of your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If your personal data is no longer necessary for the fulfillment of the above-mentioned purpose, it will be destroyed, except when further storage is required by law.

Who has access to your personal data?

Only authorized persons have access to your personal data. We provide access to your personal data to authorized external processors for the purpose of processing personal data for the needs of Piel d.o.o. based on our explicit instructions, through concluded contracts and with the obligation to comply with the Information System Security Policy.

We undertake to protect your personal data and will not disclose or make it available to third parties without your specific consent, except:

to service providers we engage as processors for tasks related to the execution of a contract to which you are a party to competent authorities for the purpose of performing tasks within their jurisdiction

when this data is required by a court or the competent state attorney’s office, or other bodies in equivalent legal proceedings

when we are legally obliged to provide this data.

We guarantee that as part of our processing of your personal data, it will not be transferred to third countries outside the European Union.

What are your rights related to the processing of personal data?

Depending on the legal basis for processing, your rights may be as follows:

request access to personal data relating to you, i.e. you have the right to information about the scope of the data collected, the purpose of the processing, the category of personal data processed, the recipients to whom the data is provided and the storage period
request correction of inaccurate or completion of incomplete personal data, in which case we are obliged to act in accordance with your request without undue delay
object to the processing of personal data in the case of processing based on the legitimate interests of Piel d.o.o. or in the case of processing for direct marketing
request deletion of data when the purpose of the processing has been fulfilled, when you withdraw consent as the sole basis for processing, when your interest in protecting privacy outweighs the legitimate interest in processing, when you object to processing for the purpose of direct marketing, when it is necessary to comply with legal obligations to which Piel d.o.o. is subject, and in the case of possible unlawful processing. The right to erasure is not an absolute right and does not apply, for example, in cases where processing is necessary to exercise the right to freedom of information and expression, to comply with legal obligations to which Piel d.o.o. is subject, to establish, exercise or defend legal claims, etc.
to restrict data processing, for example when you dispute the accuracy of the data, until we have verified their accuracy
to transfer data to another controller if the processing is based on consent or the performance of a contract to which you are a party, or if the processing is carried out automatically and if this is technically feasible
to file a complaint with the national supervisory authority, i.e. the Agency for Personal Data Protection (AZOP) at the address Martićeva ulica 14, 10000 Zagreb, web www.azop.hr, tel. +385 1 4609 000.

Requesting access to personal data concerning you or requesting correction of your personal data

If you would like to access your personal data or believe that there has been an irregularity in the processing of personal data, please contact the Data Protection Officer.

Objecting to the processing of personal data

If you believe that we do not have a legal basis to process your personal data, you can file a complaint with the Data Protection Officer at any time.

In that case, we will no longer process your personal data nor will we be able to provide you with our services and have a business relationship with you.

DATA PROTECTION OFFICER

Piel d.o.o.

E-mail: info@piel.hr

We will respond to your request as soon as possible, and no later than one month from the receipt of your request. In the event that we are unable to reliably confirm your identity, we will be free to request additional verification of your identity.