ADVERTISING PULSE j.d.o.o.
Našička 20, 10000 Zagreb, Croatia
Company registered with the Commercial Court in Zagrebu
IBAN: HR5523400091110593949 (PBZ)
Advertising pulse j.d.o.o. respects the privacy and protects the personal data of all respondents (employees of the Company, candidates participating in the competition procedure for employment in the Company, business partners (natural persons, craftsmen, authorized persons-representatives of legal entities), whose personal data is collected and processed in their day-to-day business.
This Policy defines the basic principles and rules for personal data protection in accordance with the Company’s business and security requirements, as well as legal regulations, best practices and internationally accepted standards. In order to ensure fair and transparent processing, the Company wishes to provide clear information on the processing and protection of personal data that it collects and processes and to enable easy monitoring and management of personal data and consent.
- What personal information we collect and process
- How we collect personal information, for what purposes and what the basis is for us;
- How long we store them and who we share them with;
- What rights they have in terms of data protection and how we protect them.
PRINCIPLES OF PERSONAL DATA PROTECTION
The Company pays special attention to the protection of the privacy of respondents’ data, which can always be contacted in the event of inquiries about the processing of their personal data. Respondent may exercise his rights in accordance with the rules on personal data protection by contacting him by e-mail: firstname.lastname@example.org
The Company applies the following principles regarding the processing of personal data.
Personal information must be:
- lawfully, fairly and transparently treated with respect to the Respondent (“legality, fairness and transparency”);
- collected for specific, express and lawful purposes and may not be further processed in a manner inconsistent with those purposes
- appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data reduction”);
- accurate and up-to-date; every reasonable measure must be taken to ensure that personal data which are incorrect are taken into account without delay or rectified (“accuracy”), taking into account the purposes for which they are processed;
- kept in a form that enables the Respondent to be identified only for as long as is necessary for the purposes for which the personal data are processed and subsequently deleted from all records, except when a longer retention period is established by positive regulations. Exceptionally, personal data may also be stored for extended periods if the legitimate interest of the Company has been established or the respondent has given consent (“storage limit”);
- processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by appropriate technical or organizational measures (“integrity and confidentiality”).
CATEGORIES OF PERSONAL DATA PROCESSED
We process the following personal information from business partners:
- identification information (first and last name, job title)
- contact information (e-mail address, phone / mobile number)
In addition to the usual communication in person, by phone and e-mail, there is a “contact” page and a questionnaire within our website. Through this questionnaire, we collect your personal information (name, surname, telephone number, mobile number, e-mail address) that you voluntarily provide to us by completing the questionnaire on our website. The information provided will be used for the purpose of contacting you, answering your queries, providing information at your request, and records of users of this website, which are necessary for us to respond to your inquiry and provide a service.
LEGAL BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
The Company processes your personal information on the following grounds:
- processing is necessary to comply with the Company’s legal obligations
- processing is necessary to execute the contract in which the respondent is a party or to take action at the request of the respondent prior to the conclusion of the contract
- processing is necessary for the needs of the legitimate business interests of the Company or of a third party, except where those interests or the fundamental rights and freedoms of the respondents requiring the protection of personal data are stronger.
- the respondent gave consent to the processing of his or her personal data for one or more specific purposes;
SAVING PERSONAL DATA
The Company is authorized to keep the data only for as long as is necessary for the purposes for which the personal data are processed.
Thereafter, all data shall be deleted, unless a statutory storage period is prescribed by law, in which case the data will be stored for the prescribed period and shall not be used for any purpose other than the one prescribed by law. An exception is litigation which may extend the retention period.
DATA PROTECTION OFFICER (DPO)
The Company did not appoint a Data Protection Officer because Article 37 (1) of the General Data Protection Regulation prescribes the appointment of a data protection officer in three specific cases that cannot be applied to Advertising pulse j.d.o.o.
DATA TRANSFER TO RECIPIENTS
The transfer of data to other recipients may only be allowed with the written consent of the respondent, who must be fully informed in advance of the personal data being transferred, the purposes of processing, the identity of the recipient and the reasons for the transfer.
The company respects the right to privacy, collects and processes data only with the existence of legitimate grounds for processing, and respondents at any time retain certain rights with respect to the processing of their data.
Respondents have the following rights:
Right to information
Right of erasure (“right to be forgotten”) – the respondent has the right of the Company to obtain the deletion of personal data relating to him, and the Company is obliged to delete personal data without undue delay if one of the following conditions is fulfilled:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed, except where a longer retention period is prescribed by law
- the processing is based on the consent of the respondents and the respondent withdrew the consent, with no other legal basis for processing;
- respondent objected to processing based on the legitimate interests of the Company, unless the Company proves that there are compelling legitimate reasons for processing that go beyond the interests, rights and freedoms of the respondents, or for the purpose of setting, exercising or defending legal claims
- personal data have been illegally processed;
- personal data must be deleted in order to comply with a legal obligation under Union or Republic of Croatia law;
Right of access to data – the respondent has the right to obtain from the Company a confirmation of whether personal data relating to him are processed and, if such personal data is processed, to enable him to access personal data and to provide information on the purpose of processing, categories of personal data, recipients to whom send personal data, retention period, respondent’s right to correct or delete personal data, right to restrict processing, right to object to processing, and right to complain to the supervisory authority. The respondent has the right, upon request, to be informed of the possible existence of an automated decision-making method, including the creation of a profile, with a meaningful explanation of the logic involved, as well as the importance and anticipated consequences of such processing for the respondent. The respondent is also entitled to request, upon request, whether his personal data is transferred to third countries or international organizations, and the safeguards taken in such a transfer.
In addition to the information described above, the Company is obliged, at the request of the respondent, to provide him with an insight and obtain a copy of his personal documentation stored with the Company.
The respondent is entitled to find out from the Company the source of the information. The respondent has the right to be informed of the automated decision making and the possible consequences of such processing.
Right to Correction – The respondent has the right to immediately obtain from the Company the correction of inaccurate and complete incomplete personal data relating to him. In addition, respondents have an obligation to update their personal information.
Right to data portability – In cases where the Company performs automated data processing based on the consent of the respondent or is necessary to fulfill the contract in which the respondent is a party or to take action at the request of the respondent prior to the conclusion of the contract, the personal data relating to him in a structured, commonly used and machine-readable format, and at the request of the respondent he is obliged to pass on such information to another processing manager, provided that this does not adversely affect the rights and freedoms of others.
Right of Objection – In cases where the processing of the personal data of the respondents is carried out on the basis of the legitimate interests of the Company, the respondent has the right to object at any time to such processing. Acting on the objection filed, the Company will, in each case, assess whether the Company’s legitimate interests in conducting such processing over the interests of the rights and freedoms of the respondents exceed. The Company is authorized to proceed with further processing only if it considers that its legitimate reasons for processing go beyond the interests of the rights and freedoms of the respondents, otherwise it shall suspend any further processing.
Right to Restrict Processing – Respondent has the right to ask the Company for restriction of processing in case it disputes the accuracy of personal data, when it considers the processing to be illegal and opposes the deletion of personal data and instead requests a restriction of their use, in case the respondent objects to processing and expects to confirm whether the legitimate reasons of the processing manager go beyond the respondents’ reasons, and when the Company no longer needs personal data for processing purposes, but the respondent requests them for the purpose of making, realizing or defending legal claims. Upon submission of the request for exercising the right to the processing restriction, the data in the Company’s database will not be changed as long as the procedure at the request of the Examiner is ongoing. Upon settlement of the case at hand, the Company will notify the Respondent of the termination of processing restrictions.
METHOD OF EXERCISE OF RIGHTS
The request for the exercise of any of the above rights of the Respondent must be sent via e-mail: address: email@example.com
The written request must contain at least the following information:
- Respondent’s personal information (First name, last name and OIB for his / her identification when determining the facts and answering a query related to the personal data of the particular respondent)
- Which of these rights he wants to exercise
- The address for the delivery of the response to the request
It is the responsibility of the company to comply with the respondent’s request within one month of receiving the request. The time limit may, if necessary, be extended by an additional two months, taking into account the complexity and number of requests. The respondent who submitted the request will be informed of any such extension of time.
PROTECTION OF PERSONAL DATA
In order to protect the personal information we collect, the Company implements appropriate physical, technical and organizational safeguards, taking into account the nature, scope, context and purposes of processing, and the latest technological developments as well as implementation costs, to the best of its ability.
PERSONAL DATA PROTECTION BREACH REPORTING
The company will notify the supervisory authority of the breach of personal data no later than 72 hours from the knowledge, if such is the nature of the breach of personal data which may result in the violation of the rights and freedoms of the respondents (eg monetary losses, disclosure of professional secrecy, discrimination, damage to reputation or any other significant social and economic damage).