Privacy statement of Vox Komunikacije d.o.o.
- VOX KOMUNIKACIJE d.o.o., headquartered in Zagreb, Vice Vukova Street 6, VAT ID: 24533297794 (hereinafter referred to as the Company and/or Data Controller) collects and processes certain personal data from you in accordance with this Privacy Statement.
- The purpose of this Privacy Statement is to ensure fair and transparent processing by providing clear information to data subjects about the processing and protection of their personal data and to enable them to easily monitor and manage their personal data and consents.
- The Company is committed to the protection of privacy and personal data.
- If you have any questions related to the protection of personal data, please contact our data protection officer by email at firstname.lastname@example.org
- We reserve the right to change this Privacy Statement at any time, for any reason. Data subjects will be informed of any changes to this Privacy Statement on the website www.vox-communications.com (hereinafter referred to as the Website).
- We may occasionally remind you of the Privacy Statement via email, while the current version of the Privacy Statement is always available on the website.
Principles of personal data processing
The Data Controller processes the personal data of contact persons of its business partners (hereinafter referred to as the data subject) based on the following principles of personal data protection:
- Lawfulness, fairness, and transparency – In processing personal data, the Company acts in accordance with the law and provides the data subject with easily accessible and understandable information and communication related to the processing of personal data;
- Purpose limitation – The Company collects and processes personal data only for a specific and lawful purpose and does not further process them in a manner that is incompatible with the purpose for which they were collected;
- Data minimization – The Company uses only the data subject’s information that is adequate and necessary to achieve a specific lawful purpose;
- Accuracy of personal data – To ensure fair and transparent processing of personal data and to prevent potential misuse, personal data must be accurate, complete, and up-to-date. It is extremely important for the data subject to inform the Data Controller of any changes to their personal data immediately or as soon as possible;
- Storage limitation – The Company stores the personal data of the data subject for as long as necessary to fulfill a specific purpose and then deletes it from all records or applies anonymization and/or pseudonymization to the data;
- Integrity and confidentiality – The Company processes personal data securely, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage (e.g., only authorized persons who need the data subject’s personal data for their work have access to it, not others).
Process and use of personal data
This Privacy Statement explains:
- Types of personal data the Data Controller collects about data subjects;
- The way the Data Controller obtains the personal data of data subjects;
- The ways the Data Controller uses the personal data of data subjects;
- The basis on which the Data Controller uses the personal data of data subjects;
- With whom the Data Controller shares the personal data of data subjects;
- How the Data Controller protects the personal data of data subjects.
Types of personal data the Data Controller collects and processes
- The data controller collects only those personal data that are necessary to achieve a specific lawful purpose of processing.
- The data controller may collect your personal data when conducting its business, including when you contact the data controller, request information from the data controller, or use the services of the data controller.
- Personal data that the data controller collects and processes concerning the data subject include:
- identification data: first and last name;
- contact data: postal address, email address, Skype address, phone number and/or mobile phone number;
- technical data (the number of your visits to our website, or your receipt and use of materials and communications we send to you electronically) collected through cookies (so-called cookies);
- and other data about you that the Data Subject may provide to the Data Controller (e.g., by contacting the Data Controller via email, phone, etc.).
The data controller does not process special categories of personal data of the data subject that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation, nor personal data relating to criminal convictions and offenses.
Method of collecting personal data
The Company collects personal data of the data subject in various ways, including:
- While monitoring the data controller’s Website, including email communication sent to and from the Company;
- As part of the Company’s business processes with business partners; and
- When the Data Subject provides information during direct communication with the Company, including personal communication with the Company’s staff and communication via email.
When the data controller collects personal data of the data subject in any of the mentioned ways, it uses them exclusively for the purpose stated to the data subject at the time of collecting such data.
Purpose and retention period of personal data
When the data controller collects and processes personal data of the data subject, he does so in order to:
- fulfill its obligations arising from contracts with the company’s business partners;
- offer the services of the Company and/or its affiliates in the market, including sending publications and event details to data subjects;
- analyze and administer the website, including monitoring the use of the website;
- make available the data requested by the data subject.
A. CONTRACT EXECUTION
As a service provider to its business partners, the data controller collects the following personal data about data subjects: name, surname, address, phone number and/or mobile phone number, and email address.
These personal data are collected for the purpose of entering into and executing contracts by the data controller as a service provider, and carrying out business processes that involve resolving disputes with business partners.
To the extent reasonably necessary in connection with the Company’s services, it may be necessary for the data controller to share personal data with third parties. Please review the subsection “Persons with whom we share data subjects’ personal data.”
Personal data collected for this purpose will be completely deleted from all storage systems of the data controller and its processors (if any) no later than 8 days after the termination of the business relationship between the relevant business partner and the Company, or later if a specific law requires the data controller to retain such data.
B. MARKETING, DEVELOPMENT AND IMPROVEMENT OF COMPANY SERVICES
The personal data that are provided to the data controller by its business partners about the respondents (name, surname, phone number and/or mobile phone number, and email address) may be used by the data controller to find out if the data subject:
- reads emails or other materials from the Company, including newsletters, by downloading attachments in emails or opening links;
- opens web links, unsubscribe links, or event links included in email messages and marketing materials from the Company;
- visits the Website and how the data subject visits the Website after opening links provided by the Company. This is done by using software that places cookies on the data subject’s device, which track this activity and record it. Please check the Cookie Notice published at the link https://www.vox-communications.com/default.aspx?id=194 for more information on how to manage and delete cookies.
The aforementioned data is also used by the data controller to send marketing messages, newsletters, email notifications about the services of the Company or invitations to events organized by the Company or its affiliated companies, for the purpose of promoting them.
If you no longer wish to receive the above-mentioned marketing messages, newsletters or email notifications about the services of the Company or invitations to events organized by the Company or its affiliated companies, you can unsubscribe at any time by clicking the “Unsubscribe” link in each newsletter. Personal data collected for this purpose will be completely deleted from all storage systems of the Controller and its processors (if any) after the data subject unsubscribes from the previous paragraph, or later if there is a legal obligation for the Controller to retain such data.
Bases for personal data processing
The data controller processes the personal data of data subjects based on the following legal grounds:
- performance of a contract for the provision of services by the Company or another contract concluded between the Company and its business partners;
- legitimate interests pursued by the data controller, including but not limited to: establishing, exercising, or defending legal claims arising from disputes or litigation between business partners and the Company, sharing personal data with affiliated companies of the data controller and third parties as detailed in this Privacy Statement, as well as sending marketing messages, newsletters, event invitations, and email notifications about the Company’s services;
- explicit consent of the data subjects for receiving marketing messages, newsletters, email notifications about the Company’s services, or event invitations organized by the Company and/or affiliated companies.
Persons with whom the data controller shares your personal data
The data processed by the Company, the Data Controller may, based on its legitimate interest, share with related companies of the Data Controller (Blitz-Cinestar d.o.o., Zagreb, Ulica Vice Vukova 6) which may also process them.
The Company may share the personal data of the data subjects with third parties – business partners in accordance with the contractual obligations it has with them. This represents the legitimate interest of the Data Controller. Such third parties include:
- professional advisors and auditors
- suppliers of third-party services that the Company engages to perform services on behalf and for the account of the Company, including IT service providers, event organizers
- other third parties that the Company engages to provide you with services, including courier services, lawyers, experts, and translators
The Data Controller may share personal data with supervisory authorities, courts, or government agencies when such sharing of data is necessary, including for compliance with all legal requirements. Unless prohibited by law, the Company will make all reasonable efforts to notify the data subject prior to such disclosure of their personal data.
The Company does not allow the personal data of data subjects to be made available to third parties for the purpose of offering products and services of third parties unless you have given your explicit consent for that purpose.
The Company does not transfer the personal data of data subjects outside the European Union.
Protection of your personal data
- The company takes the protection of personal data seriously and has taken various precautions to protect the personal data of the data subjects.
- In accordance with applicable data protection laws, the company uses technical and organizational measures to protect personal data from unauthorized access, use, disclosure, or destruction.
- To protect the personal data of users and their privacy, the company implements appropriate physical, technical, and organizational security measures. Security maintenance and testing are conducted on an ongoing basis. The company restricts access to data subjects’ data in such a way that only authorized persons who are directly involved in providing or maintaining the service, improving the quality, and billing the service have access to it. In addition, the company constantly trains its staff on the importance of confidentiality and the maintenance of privacy and security of personal data and engages partners with whom it contracts for appropriate security measures.
Rights of data subjects
- Submitting a complaint – The Controller strives to ensure the highest standards in the processing of personal data and takes seriously the resolution of any complaints made by data subjects.
- If you believe that the processing of personal data carried out by the Controller is contrary to data protection laws, please notify us in writing at the Controller’s address or by email at: email@example.com.
You can also submit your complaint to the supervisory authority – Croatian Personal Data Protection Agency, Zagreb, Martićeva 14, and from May 25, 2018, to the supervisory authority within the EU.
- Right to access: Every data subject has the right to request details about the personal data that the data controller processes in relation to them and the manner in which it is processed.
- Right to rectification: If the data controller processes your personal data that is incomplete or inaccurate, you may request that it be corrected or supplemented at any time. Please notify us of any changes to your personal data via email at: firstname.lastname@example.org so that we can update your information.
- Right to erasure (“right to be forgotten”): You may request the erasure of your personal data from the data controller if it has been processed unlawfully or if such processing represents a disproportionate interference with your protected interests. Please note that there may be reasons that prevent immediate deletion, e.g. legal archiving obligations.
- Right to restriction of processing: You may request restriction of the processing of your data from the data controller:
- If you dispute the accuracy of the data during the period that allows the data controller to verify the accuracy of that data
- If the processing of data was unlawful, but you refuse to delete it and instead request a restriction on processing the data
- If the data is no longer necessary for the intended purposes, but you still need it to enforce legal claims
- If you have objected to the processing of this data
5. Right to data transfer: You have the right to request from the data controller that the data you have provided to them be provided to you in a structured, commonly used and machine-readable format:
- If the data is being processed based on your consent which you can withdraw, or for the performance of a contract
- If the processing is carried out by automated means
6. In certain circumstances, each data subject also has the right to request the cessation of any unauthorized transfer of their personal data to third parties and to demand that the data controller not transfer personal data concerning them to third parties.
7. To exercise any of the above-mentioned rights, please contact us using our contact information: Vox Communications Ltd., Zagreb, Vice Vukova 6 Street, email address: email@example.com.
8. Identity verification: In case of doubt, we may request additional information to verify your identity. This is to protect your rights and privacy.
9. Abuse of rights: If you were to use any of the aforementioned rights with an obvious intention of abuse, the Data Controller may charge an administrative fee or refuse to process your request.
10. When you object to the processing of your personal data by the data controller or withdraw your previously given consent, it is possible that the Company may not be able to achieve the processing purposes stated in this Privacy Statement or that you will not be able to use our services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
11. When you object to the processing of your personal data by the Data Controller or withdraw your previously given consent, it is important to understand that the Company may still continue to process your personal data to the extent necessary or otherwise permitted by law.
Consequences of not providing personal data and managing consent
- If you notify the Company that you no longer wish to receive marketing messages, newsletters, or email notifications about the services of the Company or invitations to events organized by the Company or its affiliated companies and/or withdraw the consent given for these purposes, you will no longer receive our marketing messages, newsletters, email notifications about the services of the Company.
- You can revoke the consent given to the Company for a specific processing purpose at any time, in which case your personal data collected on the basis of consent will no longer be used for the stated purposes.
- You can change your consent via the web interface or by sending an email to the email address: firstname.lastname@example.org.
- The aforementioned analytical software also collects and stores some technical data, including the user’s IP address.
- Analysis cookies, third-party cookies, and advertising cookies and similar cookies may be stored on your computer only with your explicit consent. You can otherwise disable or delete such cookies through your browser settings.
- Most internet browsers accept cookies, but you can usually change your browser settings to reject new cookies, disable existing ones, or simply notify you when new cookies are sent to your device.
- To set your browser to reject cookies, please refer to the help instructions of your browser provider (usually found under the “Help”, “Tools” or “Edit” menus).
- Note that certain site features may be lost if you refuse or disable cookies. In addition, disabling cookies or categories of cookies does not delete the cookie from your browser. You must do this yourself in the browser menu.
- We do not share your personal information collected through cookies with third parties without your explicit consent. Google Analytics stores this data permanently, and the user can delete it when they wish.
- You can find information about data subject rights and other information related to personal data collected through cookies in the Privacy Statement.
- Users will be notified of any changes to this Confidentiality Statement on the website www.vox-communications.com.
- If you have any questions about this notice, please contact us at email@example.com.