Notice of personal data processing

We are a company CREO LAB GROUP doo for production (hereinafter: “CLG”, “we”, “our”, “our”) with its registered office at Industrijska cesta 14, 10 360 Sesvete, Croatia, OIB: 22894862069.

If you have any questions regarding the processing and protection of your personal data, as well as questions regarding this Notice on the processing of personal data (hereinafter: the “Notice”), please feel free to contact us via the following available contacts:

Writing:
Industrijska cesta 14, 10360 Sesvete, Croatia

Email:
info@uroni.co

Call:
+385 98 981 6704

In order to fully understand and comprehend our Notice, we kindly ask you to carefully read the definitions of the terms listed below.

General regulation means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) ;

Processing means any operation or set of operations performed on personal data or on sets of personal data, whether automated or non-automated, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, insight, use, transmission, by disseminating or otherwise making available, harmonizing or combining, restricting, deleting or destroying;

Personal data means all data relating to an individual whose identity has been established or can be established (respondent);

Examineemeans an individual whose identity has been or can be established; an identifiable individual is a person who can be identified directly or indirectly, in particular by means of identifiers such as name, identification number, location data, network identifier or by one or more factors specific to physical, physiological, genetic, mental , the economic, cultural or social identity of that individual;

Processing manager means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

Joint processing managers means two or more controllers who jointly determine the purposes and means of the processing of personal data;

Processing executor means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

Recipient means a natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not it is a third party;

Third party means a natural or legal person, public authority, agency or other body other than the respondent, the controller, the controller or persons authorized to process personal data under the direct responsibility of the controller or processor;

Consent of respondents means any voluntary, special, informed and unambiguous expression of the respondent’s wishes by which he or she gives consent to the processing of personal data relating to him or her by a statement or clear affirmative action;

Violation of personal data means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed;

Supervisory bodymeans an independent public authority established by a Member State; in the Republic of Croatia it is the Agency for Personal Data Protection (AZOP), Selska cesta 136, 10 000 Zagreb, Croatia.

In this Notice you can find all important information about the processing and protection of your personal data in our business processes, and all as prescribed by the provisions of the General Regulation regarding transparency and provision of information to respondents.

This Notice applies to CLG in the role of controller in relation to your personal data.

Also, all important information on the processing and protection of personal data of our employees can be found in a special Notice on the processing of personal data for employees, which is part of our internal documentation.

We will inform you about changes and / or additions to the information in the Notice in a timely manner and through our regular means of communication. (via emails, via our official website and the like).

In order to make it easier to find the requested information, we provide it in relation to the categories of respondents, and for the subject categories of respondents we list the categories of personal data that we collect and process, as well as the purposes and legal basis of processing.

Candidates for employees, candidates for external associates and candidates for student work

If you are interested in working / collaborating / doing student work in / with CLG /, we collect and process your personal data, which you provided to us during the initial communication or by sending a CV and other supporting documentation (for example, applications, letters of recommendation and the like).

We collect and process the following categories of your personal data:

  • Identification data: name and surname.
  • Location data: address (street name and house number, postal code and city).
  • Contact information: telephone and / or mobile phone number, e-mail address.
  • Data on education / education / training: completed levels of education, currently attended studies (for candidates for student work), additionally completed education or training, participation in conferences and projects, etc. (varies depending on the information provided in the CV and supporting documentation of the candidate).
  • Data on work experience / work experience in student jobs: previous jobs / student jobs, previous employers, periods of work / student work with previous employers, descriptions of previous job assignments, etc. (varies depending on the information provided in the CV and supporting documentation of the candidate).
  • Data on personal characteristics / skills: language skills, communication skills, organizational skills, managerial skills, business skills, digital skills, driver’s license category, etc. (varies depending on the information provided in the candidate’s CV and supporting documentation).
  • Other data: photograph (if found in the CV and supporting documents of the candidate), other personal data contained in the curriculum vitae and other supporting documents.

We process the stated personal data for the following purposes and on the basis of the following legal grounds:

  • For the purpose of making initial contact (communication) through selected channels (for example e-mail, telephone / mobile phone, etc.). In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • In order to take the necessary actions to select the best candidate, ie gaining insight into the resume and other supporting documentation received, selection of candidates for job interview / cooperation / for student work, organization of the interview, implementation of the interview and subsequent contact of the candidate regarding the outcome of the said conversation. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of further storage (retention) of your personal data, ie CVs and accompanying documentation for future possible employment / cooperation / student affairs. In that case, the legal basis for the processing of your personal data is your consent (Article 6 (1) (a) of the General Regulation).
  • For the purpose of fulfilling our legal duties, ie compliance with applicable regulations and cooperation with competent authorities and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Customers of our products

If you are a customer of our products through our online store (www.uroni.co), we collect and process your personal data, which you provided to us during the order and purchase of our product (for example when filling out the form for ordering and purchasing products) and which we learned during our relationship (for example through communication with you).

We collect and process the following categories of your personal data:

  • Identification data: name and surname.
  • Location data: address (street name and house number, postal code and city, country).
  • Contact information: telephone and / or mobile phone number, e-mail address.
  • Financial data: card type.
  • Other data: content that the respondent decides to provide in free form (if it contains personal data).

We process the stated personal data for the following purposes and on the basis of the following legal grounds:

  • For the purpose of exercising the rights and obligations from the contractual (purchase) relationship. In that case, the legal basis for the processing of your personal data is the execution of the contract, ie taking action at the request of the respondent before concluding the contract (Article 6, paragraph 1, item b of the General Regulation).
  • For the purpose of delivery of the purchased product. In that case, the legal basis for the processing of your personal data is the performance of the contract (Article 6 (1) (b) of the General Regulation).
  • For the purpose of internal administration and easier provision of support and services to customers of our products. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of fulfilling our legal duties, ie compliance with applicable regulations and cooperation with competent authorities and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Responsible and contact persons of our corporate clients

If you are a responsible or contact person with our potential or existing client of a legal entity, we collect and process your personal data depending on the needs of our potential or existing business relationship. We collect and process those personal data that you provided to us during the initial communication or that we collected during the establishment and maintenance of our business relationship.

We collect and process the following categories of your personal data:

  • Identification data: name and surname.
  • Contact information: telephone and / or mobile phone number, e-mail address.
  • Data related to employment: relationship with the client legal entity (founder, director, employee, etc.).
  • Other data: client company of a legal entity.

We process the stated personal data for the following purposes and on the basis of the following legal grounds:

  • For the purpose of making initial contact (communication), as well as for the purpose of further regular communication through selected channels (for example e-mail, telephone / mobile phone, etc.). In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of exercising the rights and obligations from the contractual relationship with the client legal entity. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of fulfilling our legal duties, ie compliance with applicable regulations and cooperation with competent authorities and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Responsible and contact persons of our business partners of legal entities

If you are a responsible or contact person with our potential or existing business partner of a legal entity, we collect and process your personal data depending on the needs of our potential or existing business (partnership) relationship. We collect and process those personal data that you provided to us during the initial communication or that we collected during the establishment and maintenance of our business (partnership) relationship.

We collect and process the following categories of your personal data:

  • Identification data: name and surname.
  • Contact information: telephone and / or mobile phone number, e-mail address.
  • Data related to employment: relationship with a business partner legal entity (founder, director, employee, etc.).

We process the stated personal data for the following purposes and on the basis of the following legal grounds:

  • For the purpose of making initial contact (communication), as well as for the purpose of further regular communication through selected channels (for example e-mail, telephone / mobile phone, etc.). In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of exercising the rights and obligations from the contractual relationship with the business partner legal entity. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of fulfilling our legal duties, ie compliance with applicable regulations and cooperation with competent authorities and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Query senders

If you send us an inquiry using the link at the e-mail address on our website or you have obtained our contact in any other way, we collect and process your personal data. We collect and process those personal data that you provided to us during the initial communication, or that we collected during our communication.

We collect and process the following categories of your personal data:

  • Identification data: name and surname.
  • Contact information: telephone and / or mobile phone number, e-mail address.
  • Other data: content of communication (if it contains personal data).

We process the stated personal data for the following purposes and on the basis of the following legal grounds:

  • For the purpose of making contact and answering your inquiry. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).
  • For the purpose of fulfilling our legal duties, ie compliance with applicable regulations and cooperation with competent authorities and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

On our website www.uroni.co we use cookies. For more information about the cookies we use and how to manage these cookies, please read our Cookie Policy.

 

CLG has open accounts on some social networks, which can be accessed (among other things) via links on our website.

For now, we have open accounts on the following social networks:

and all for the purpose of promoting our business, getting in touch and communicating with potential and existing customers of our products, customers and the like.

Our website contains links that lead to our accounts on social networks, whose privacy policies may be different from ours. All information and materials that you provide to us through the social network, as well as all communication that takes place through the social network is at your own risk. CLG is not responsible for the actions of social network users, nor for the actions of the social network itself. Your interaction with the social network in relation to the processing of your personal data is governed by the privacy policy of that social network.

You can find more about the social networking privacy policies we use at the following links:

CLG uses a legitimate interest as a legal basisfor certain processing of your personal data. In the previous sections of this Notice, we state for which categories of respondents and personal data and for what purposes we use a legitimate interest as a legal basis.

Prior to the processing of your personal data whose legal basis is our legitimate interest, we take into account your interests and fundamental rights and freedoms, as well as your reasonable expectations about the processing of personal data in our mutual relationship.

If the provision of personal data is your legal or contractual obligation or condition necessary to enter into a contract, at the place of collection of your personal data, we will clearly inform you about whether the provision of personal data is mandatory or not, and what are the possible consequences if you do not provide personal data.

Our current business processes in which your personal data is processed do not include automated decision making or profiling based on your personal data.

We treat your personal information confidentially and protect it in accordance with applicable regulations (international, European and national) and best applicable practice.

Certain categories of recipients, to whom we disclose the personal data of the respondents, process your personal data. In the event that we disclose your personal data to the recipients in question, we take care that we have a valid legal basis and that the business of the recipient of your personal data complies with the General Regulation and other regulations on personal data protection. Also, when applicable, relations with recipients regarding the processing and protection of personal data are regulated in detail by a special contract (in addition to the basic contract).

Below are the categories of recipients of personal data with a brief description of our relationship.

Processors as recipients of your personal data

Recipients of your personal data, among other things, can be our executors of processing.

When the processors process your personal data on our behalf, we select those processors who sufficiently guarantee the implementation of appropriate technical and organizational measures during the processing of your personal data. Also, any relationship with the processor in relation to the processing of personal data is regulated by a special contract on the processing of personal data.

Our executors, who may be the recipients of your personal data, provide us with the services necessary for our daily business:

  • processing executors as our external associates who provide us with additional operational support such as the creation and maintenance of our website, storage of physical documentation (archiving), provision of accounting services and the like,
  • occasional processing executors depending on the needs of our business such as document translation services and the like.

Independent processing managers as recipients of your personal data

Recipients of your personal data, among other things, may be other independent controllers.

Namely, based on our legal obligation or legitimate interest, we enable the processing of your personal data by other independent processing managers. Given the role of independent controllers, they are obliged to independently take care of your personal data on the basis of applicable regulations, their own internal procedures and rules of the profession. In some cases, when possible and in agreement with the independent controller as the recipient of personal data, we enter into a special agreement on the protection of personal data. However, we note that the conclusion of the contract in question is not an obligation.

Independent processing managers who may be the recipients of your personal data, provide us with services important to our lawful business, as well as some other services necessary for our day-to-day operations:

  • independent processing managers as providers of services for harmonization of our business with applicable regulations such as legal advice, tax consulting, audits, etc.,,
  • independent processing managers as providers of services necessary for our daily business, such as delivery services for our product, services for enabling card payments in our online store, etc..

Competent authorities as recipients of your personal data

The recipients of your personal data may, inter alia, be the competent authorities.

The competent authorities act within the scope of their legal powers and may process your personal data on the basis of them.

CLG has a legal obligation to disclose your personal information to the appropriate authorities as recipients of your personal data (conducting surveillance, conducting inspections, setting or defending legal claims, etc.).

In our current day-to-day business, this does not happen and we try to avoid transferring your personal data to third countries or international organizations.. Third countries are all those countries that are not members of the European Union.

When determining the means and methods of processing and during the processing itself, CLG implements appropriate technical and organizational measures to protect your personal data., taking into account the latest developments, the cost of implementation and the nature, scope, context and purposes of processing.

Organizational measureswhich we apply are included and advertised in our internal procedures, regulations, operating instructions, reports and the like. The technical measures we apply include various physical security measures and information technology (IT) measures.

We continuously review and improve all our technical and organizational measures to ensure that they are appropriate and up-to-date.

The retention periods of your personal data vary depending on the categories of personal data we process, the purposes and the legal basis for the processing of your personal data.(criteria we use when calculating the period of storage of personal data). We also always keep the storage period of your personal data to a minimum.

Below are the general retention periods defined by the legal basis for the processing of your personal data, but please be aware that the subject periods may vary depending on the specific processing situations.

When the applicable regulations define the period in which we are obliged to store your personal data, we store them in the period provided by the applicable regulations and delete them in an additional period of 3 (three) months.

When we have concluded a contract with you and there is no period defined by applicable regulations in which we are obliged to store your personal data, we store them for the entire duration of our contractual relationship and delete within an additional period of 3 (three) months from the date of termination.

When we process your personal data on the basis of the legal basis of our legitimate interest, we store it for the entire period of our legitimate interest and delete it for an additional period of 3 (three) months from the termination of our legitimate interest. The period of existence of our legitimate interest is determined individually in relation to each individual process of personal data processing for which the legitimate interest is the legal basis of processing.

When we process your personal data based on your consent, we store it until you withdraw your consent. When you withdraw your consent, we will delete your personal data as soon as possible. If you have given us your consent for a certain period, at the end of the period in question, we will delete your personal data as soon as possible.

We store certain business documentation that may contain some of your personal data permanently as part of our business documentation or for a longer period of time as proof of the existence and termination of our relationship and for setting, realizing and defending against legal requirements.

After the expiration of the storage period of your personal data, we delete or anonymize it.

As a respondent whose personal data we process, you have the right to exercise the rights listed below and described.

You can exercise your rights by sending or making a request through the contacts listed in the first point (“About us”) of this Notice.

In order to be able to act on your request and provide you with accurate and complete information as soon as possible, we ask that your request contain the following:

The title of an email or written request:

“Request for exercising the rights of respondents”

Necessary information about your identity:

For example, your name, surname, OIB, etc., all in order to be able to find your personal data and act on your request.

Name of the rights you want to exercise:

See names and descriptions of rights below

Request description:

A detailed description of your request to ensure we handle it properly

Information about the contact you want us to send you our answer to:

For example, if you would like us to reply to you by email, please state this in your request and provide us with your email address.

When applying for the exercise of rights, in case of reasonable doubt as to your identity, we have the right to ask you to provide additional information that is necessary to confirm your identity.

We will respond to your request within one month from the date of receipt of your request. We can extend the deadline by an additional two months if it is a complex request or more than your requests. We will inform you in time about the extension of the deadline for responding to your request and the reasons for the extension.

All information we provide to you in relation to your claim, as well as our communication, is provided free of charge. However, if we repeatedly receive your unfounded and excessive requests, we may charge a reasonable fee for our administrative costs incurred in providing information and handling the request, or we may refuse to act upon your request.

When you exercise your rights by submitting a request, we process your personal data in order to be able to comply with your request, all in accordance with the provisions of the General Regulation.

The right to access information

As a respondent, you have the right to ask us to confirm whether we process your personal data and if we process them, access to your personal data and relevant information in relation to the same (information on the purposes of processing, categories of your personal data we process, categories of recipients we disclose your personal data , anticipated periods of storage of your personal data and the like).

We also provide you with a free copy of your personal data that we process, provided that this does not adversely affect the rights and freedoms of others. We may charge a reasonable fee for our administrative costs for all additional copies requested.

Right to correction

As a respondent whose personal data we process, you have the right to obtain a correction of your inaccurate personal data. Taking into account the purposes of processing, you have the right to request the addition of your incomplete personal data, inter alia by giving an additional statement.

Right to erase (“right to forget”)

As a respondent whose personal data we process, you have the right to obtain the deletion of your personal data if one of the following conditions is met:

  • Your personal information is no longer necessary in relation to the purposes for which it was collected or processed,,
  • you withdrew your consent which was the only legal basis for the processing of your personal data,,
  • you have objected to the processing of your personal data based on a legitimate interest, ie if it is processing for the purposes of direct marketing,,
  • Your personal data has been processed illegally,,
  • Your personal data must be deleted in order to comply with the legal obligation arising from the law of the European Union or the Republic of Croatia,,
  • the personal data you request to be deleted is collected in connection with the provision of information society services directly to the child.

The right to limit processing

As a respondent whose personal data we process, you have the right to obtain a restriction on the processing of your personal data if one of the following conditions is met:

  • you dispute the accuracy of your personal information for the period in which we verify the accuracy of your personal information,,
  • the processing of your personal data is illegal, but you oppose the deletion of the same,,
  • We no longer need your personal information, but you are looking for it in order to make, realize or defend legal claims,,
  • you have objected to the processing of your personal data based on a legitimate interest and you expect confirmation of the strength of the legitimate reasons.

Despite your request to exercise the right to limit processing, we may continue to process your personal data with your consent, to set, exercise or defend legal claims, protect the rights of another natural or legal person and the important public interest of the European Union or a Member State.

Right to portability

As a respondent whose personal data we process, you have the right to receive your personal data in a structured, commonly used and machine-readable format and pass it on to another controller if the processing of your personal data is based on consent or contract and processing is automated.

At your request and if technically feasible, we may transfer your personal data directly to another controller.

The right to the portability of your personal data must not adversely affect the rights and freedoms of others.

The right to object

As a respondent whose personal data we process, you have the right to object to the processing of your personal data based on your special situation, which we process based on our legitimate interest and / or for the purposes of direct marketing, which includes the creation of profiles.

The right to withdraw consent

As a respondent whose personal data we process on the basis of consent as a legal basis, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of your personal data on the basis of consent, prior to its withdrawal.

The right to object to the supervisory body

As a respondent whose personal data we process, you have the right to object at any time to an independent public authority for the protection of personal data.

The independent public authority in the Republic of Croatia is the Agency for Personal Data Protection (AZOP) with its registered office at Selska cesta 136, 10 000 Zagreb, Croatia. You can contact AZOP by e-mail at azop@azop.hr, by calling 00385 (0) 1 4609-000 or in writing at the registered office address.

More information about AZOP can be found on their website www.azop.hr.