1. General Information
C.I.O.S. GRUPA d.o.o. respects your privacy and protects your personal data in accordance with the best practices and obligations arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the Regulation) and other applicable statutory regulations in the area of personal data protection.
C.I.O.S. GRUPA d.o.o., as well as other members of the C.I.O.S. Group, collects and processes your personal data in a manner that ensures its adequately secure and confidential processing and the efficient application of principles of personal data protection, reduction of the amount of personal data, as well as its transparency, accessibility, integrity and accuracy.
2. Purpose of Personal Data Processing
We collect, use and process personal data in order to:
- provide you with the services you request,
- meet our legal and contractual obligations.
3. Legal Basis (Lawfulness of Personal Data Processing)
C.I.O.S. GRUPA d.o.o. processes your personal data during the legally permitted period or during a period defined by C.I.O.S. GRUPA d.o.o. as the personal data controller. Considering the diversity of legal bases and amount of processing, you should be aware of the possibility of this not being a comprehensive list, but a list intended to demonstrated the manner in which C.I.O.S. GRUPA d.o.o. manages your personal data:
- meeting the precontractual and contractual obligations with regard to business partners – C.I.O.S. GRUPA d.o.o. may conclude a contract with you and process your personal data in order to fulfil its precontractual and contractual obligations arising therefrom,
- meeting statutory obligations – C.I.O.S. GRUPA d.o.o., as well as other members of the C.I.O.S. Group, must adhere to various statutory obligations with regard to its diverse business activities, which may require the processing of your personal data,
- legitimate interest – C.I.O.S. GRUPA d.o.o. will process your personal data when necessary, for the purpose of pursuing its legitimate interests which are crucial for our operations. Personal data will be processed on this basis solely if those interests take precedence over your interests or your fundamental rights and freedoms which require the protection of personal data. Should you refuse to provide your personal data, we will not be able to provide you with our services and form a professional relationship with you.
4. Access to Personal Data
The access to your personal data is granted solely to persons authorised by C.I.O.S. GRUPA d.o.o., business partners providing us with business support (processors) and other third parties, therefore, in certain cases, your personal data may be made available to:
- process holders within C.I.O.S. GRUPA d.o.o. and the members of the C.I.O.S. Group,
- external consultants,
- accounting firms,
- public authorities,
- legislative, judicial and executive authorities,
- suppliers of goods or services,
- external providers of various services,
which require this kind of access to fulfil the indicated purposes of processing, or when we are obligated to make your personal data available in order to meet our statutory obligations or fulfil contractual obligations, as well as to protect the C.I.O.S. GRUPA d.o.o. and all its business partners.
C.I.O.S. GRUPA d.o.o. makes your personal data available solely to those processors who guarantee the satisfactory implementation of adequate technical and organisational measures so that the processing is compliant with the requirements of the Regulation and that it provides for the protection of your rights. We have concluded contracts with the aforementioned processors thoroughly defining the handling of your personal data, therefore, they may process your personal data solely upon our request and may not transfer it to third parties.
5. International Transfer of Personal Data
C.I.O.S. GRUPA d.o.o. processes your personal data solely in the Republic of Croatia and does not transfer it to third countries.
6. Period of Retention and Use of Personal Data
Your personal data will be processed until the purpose of its processing is fulfilled. After the purpose for which it was processed has ceased, your personal data will no longer be used, and it will be kept for the period prescribed by applicable statutory regulations or as warranted by our legitimate interests. After that, the data is permanently erased.
7. Personal Data Protection Measures
With regard to the nature, scope, context and purposes of processing your personal data, as well as the risks of various degrees of probability and severity to your rights and freedoms, C.I.O.S. GRUPA d.o.o. undertakes appropriate technical, organisational and personnel protection measures in order to prevent accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure, consultation or access to your personal data.
These protection measures include, but are not limited to:
- concluding contracts on professional secrecy with all the employees who have access to your personal data,
- implementing all protection measures in the systems where personal data is stored,
- performing regular checks of the security and protection measures regarding personal data,
- training of new and current employees.
8. Rights Related to Personal Data Processing
Depending on the legal basis for the personal data processing, your rights may be the following:
- the right to access personal data –you have the right to request access to personal data related to you, i.e. the right to information regarding the scope of collected data, the purpose of processing, the category of personal data being processed, the recipients of personal data and the storage period,
- the right to rectification of inaccurate personal data – you have the right to request rectification of inaccurate, or the completion of incomplete, personal data, and we are obligated to proceed in line with your request without undue delay,
- the right to erasure of personal data (right to be forgotten), if applicable,
- the right to restriction of personal data processing – e.g. in cases where you dispute the accuracy of your personal data, until we verify its accuracy,
- the right to withdraw consent, if applicable,
- the right to object to the processing of personal data – should you consider that C.I.O.S. GRUPA d.o.o. holds no legal basis for processing of your personal data, you may lodge a complaint at any time, in which case we will cease to process your personal data and will be unable to provide you with our services and maintain a professional relationship with you,
- the right to personal data portability, if applicable,
- the right to lodge a complaint with the competent supervisory data protection authority.
9. Contact Information
C.I.O.S. GRUPA d.o.o., 10 090 Zagreb, Josipa Lončara 15, PIN (OIB): 32900007680