COOKIE POLICY

Method of collection and types of data collected

Certain services provided by the Company require the collection of personal data of users and / or customers, whereby basic data are collected in the following ways:
 
1. Directly by the users and / or customers themselves, so that the users and / or customers deliver them themselves with the consent of the Company as the processing manager in a certain range of data that is important for the provision of appropriate services. For the purpose of providing appropriate services, the user and / or customer is obliged to provide the Company with the following information necessary for the establishment of a contractual relationship in order to provide a particular service and / or sell certain products from its range:
a) name and surname;
b) address;
c) personal identification number (OIB)
d) date of birth;
e) gender;
f) contact telephone and / or mobile phone number;
g) contact details of e-mail (e-mail address);
h) data from the identity card;
i) data on the bank account and card number for the purposes of regulating the payment obligation;
j) data on the habits of users and / or customers;
 
2. From other sources or from our business partners or from publicly available sources (for example, data available by accessing the telephone directory and other publicly available services);
 
3. Automatic visits to the Company's web pages, applications and Web-shop portal, which are data associated with network identifiers and Internet cookie identifiers, such as Google Analytics to track user and / or customer interaction - More about the functions and mode of operation for Google Analytics, as well as the protection of personal data of service users and / or customers can be found atthis link

What is a cookie

A cookie is a small data file that is stored on a computer or mobile device when you visit a particular website. Cookies are used to provide a better user experience for each user, to store user preferences, in order to make the website work more efficiently, as well as to monitor and test the use and traffic to the Company's website. We distinguish the following types of cookies used by the Company:
 
a) Persistent Cookies, which help to store data and settings during future visits to the Company's website, resulting in faster access to the content on the website and a better user experience;
b) Session Cookies, which enable tracking of movement through the Company's website, so that there is no re-search and re-entry of data provided by the service user when visiting the website, allowing unhindered movement without the need for additional authentication;
c) First Party Cookies, which come from the Company's website visited by the service user, and are used to store data during the next visit to the Company's website;
d) Third Party Cookies, which come from advertisements on other websites and are located on the Company's website, and are used for the purpose of monitoring and testing the use and traffic and for marketing purposes. As these cookies do not come from the Company's website, it is recommended that service users and / or customers inquire about the rights of each individual company whose products such cookies apply to regarding their personal data protection rights.
 
Cookies are also used to track internet usage and create user profiles, and then to display customized online ads based on user and / or customer preferences.
 
By disabling and / or blocking the storage of cookies, the user and / or customer can still browse the Company's website. However, it is likely that certain features and / or functionalities of the website will not be available to such user and / or customer, or that the time required to access certain features of the website will be longer than usual.
 
The network identifiers in question may leave traces which, in combination with other identifiers and information provided by Internet service servers, may be used to identify the user and / or customer. Also, for this purpose, the Company collects and processes the following data:
a) IP address information;
b) data on the use of individual applications;
c) data on the habits of users and / or customers - these data are created by the Company for the purpose of profiling users and / or customers.
 
The amount or scope of personal data that the Company collects depends on the type of service that the Company provides to its users and / or customers, as well as on the legal basis on which it collects data. The Company constantly takes care of collecting only the necessary range of personal data that is necessary to achieve the statutory purpose for which the data is processed.

For what purposes personal data is collected and further processed

Your privacy is important to us. Therefore, we have developed a Privacy Policy for visitors to our website that describes how and for what purposes Project Amber d.o.o. collects and uses your personal information. Please familiarize yourself with our privacy practices and let us know if you have any questions.

Execution of contractual obligations

The Company collects and further processes personal data of users and / or customers for the purpose of concluding and executing contracts, delivery of ordered products, advice and assistance in using products, providing appropriate additional and / or extended product warranties, resolving customer and / or customer complaints and others. actions related to the conclusion and execution of contracts in accordance with applicable regulations.
 
The legal basis for the processing of personal data of users and / or customers for the above purposes is the need to enter into a contract, ie, in case the user and / or customer refuses to provide relevant data, the Company will not be able to enter into a contract and / or take certain actions. execution of the concluded contract.

Fulfillment of legal obligations

Based on the written request of users and / or customers submitted to the above address of personal data protection officers, the Company is obliged to provide them with access to personal data, correct personal data, delete personal data or restrict the processing of personal data. with the possibility of objections to the processing of personal data and the right to data portability.

Direct marketing

Contact details of users and / or customers may be used to send promotional notices about the Company's products and services if the user and / or customer has consented to such processing or if there is a legitimate interest of the Company in such actions, unless those interests are stronger or fundamental rights and freedoms of users and / or customers that require the protection of personal data.
 
The Company may use contact information and personally contact users and / or customers whose personal information it already possesses, based on a legitimate interest in sending promotional notices about similar products and services it provides, using all available advertising channels, unless the user and / or the buyer does not object to such processing.
 
In order for the user and / or customer to receive information that suits his wishes and habits, it is necessary for the Company to use certain user and / or customer data to create personalized promotional information, until the user and / or customer explicitly objects to such data processing. that is, he withdraws his previously submitted application for processing (consent).
 
The legal basis for the processing of personal data for these purposes is the legitimate interest of the Company, unless that interest is stronger than the interest or fundamental rights and freedoms that require data protection.

Internal purposes

The Company uses certain data of users and / or customers exclusively for the purposes of its own records, in order to protect the legitimate interests of users and / or customers and / or the Company. For example, this includes the use of personal data for the purpose of creating offers that meet the needs and desires of users and / or customers, market research and analysis.

Data on potential users

The Company is also authorized to collect data on potential users and / or customers of its services and / or products. This information includes basic information (name and surname, e-mail address) but also the interests of potential users and / or customers who contact the Company with the desire to inform them and / or to offer them certain products and services.

The legal basis for collection in the described case is the consent of the user and / or buyer.

Time duration of storage and processing of personal data

Depending on the purpose and legal basis on which the personal data of users and / or customers are collected, the Company is in some cases obliged to keep personal data for a period of time (period) prescribed by relevant regulations or until the end of the purpose for which they were collected. Upon the expiration of the legal deadline that obliges the Company to keep certain personal data or the termination of the purpose, they are deleted.
 
In cases where the basis for data collection and processing is solely the legitimate interest of the Company and / or the consent of the user and / or customer, personal data is stored for the following periods:
a) data on existing users and / or customers: for the duration of the contractual relationship and 6 months after termination;
b) data on potential users and / or customers: 3 months.
 
Data processed based on the legitimate interest of the Company and / or the consent of users and / or customers may be deleted before the expiration of the period specified in this Policy, in case such deletion is requested by the user and / or customer or when the user and / or customer objects to such process.

User / customer rights

The right to access personal data

Based on the submitted written request of the user and / or customer, which may be in the form of e-mail, the Company undertakes to provide access to personal data it processes, inform them about the purpose of processing personal data in which they are processed, the type of personal data the data being processed, the recipients or categories of recipients to whom personal data have been or will be disclosed, the estimated time period of processing or the criteria used to determine that period.

The right to correct inaccurate data

As the processing manager, the Company will enable the correction of inaccurate personal data in each individual case when it is determined that the collected personal data on the user and / or customer are inaccurate or there has been a change in user and / or customer data.

The right to delete personal data

Pravo na brisanje osobnih podataka
a) when the personal data of the user and / or customer are no longer necessary for the fulfillment of the purpose of processing, ie the termination of the purpose of processing;
b) when the user and / or the customer withdraws the consent as a legal basis for data processing, and there is no other legal basis for data processing;
c) when the user and / or customer objects to the processing of data (see more under the heading Right to object)
d) when personal data have been illegally processed;
e) where personal data must be deleted in order to fulfill legal obligations under European Union law or the law of the Member State to which the controller is subject;
f) when personal data have been collected in connection with the provision of information society services in relation to the consent of the child.

The right to restrict data processing

Restrictions on the processing of personal data will be provided by the Company in cases where the user and / or customer disputes the accuracy of data, when processing is illegal and the user and / or customer opposes the deletion of data and instead requests restrictions on their use, when the controller no longer needs personal data. processing needs but the user and / or customer requests data to meet legal requirements, as well as in case the user and / or customer objects to the processing of personal data based on the legitimate interest of the Company, including the creation of user and / or customer profiles.

The right to data portability

The Company will transfer the transfer of personal data to another controller at the request of the service user, provided that he has given his consent to such transfer, and the processing is carried out automatically, as well as provided that such transfer is technically feasible.

The right to object

The user and / or the customer has the right to object to the processing of personal data relating to him if the data are processed for the legitimate interest of the controller. In that case, the Company, as the controller, will stop processing personal data, unless it proves that there are compelling legitimate reasons for processing personal data in relation to the rights of users and / or customers, or in the case where data processing serves to set, realize or defend legal requirements.
 
If the personal data of the user and / or customer are processed for the purposes of direct marketing, the user has the right at any time to object to the processing for the purposes of direct marketing, especially if personal data is used for profile purposes.

Where personal data is processed

The Company processes personal data of users and / or customers in the Republic of Croatia.

Under what conditions personal data is passed on to third parties

The Company forwards personal data of users and / or customers to third parties only in the following cases:
a) if the data need to be forwarded for the purpose of fulfilling the Company's obligations under the contract concluded with the user and / or the buyer;
b) if there is a legal obligation of the Company on the basis of which it is obliged to forward certain data to third parties;
c) if there is the consent of the user and / or the buyer.

Consent management

The active role of the user and / or customer in protecting privacy is reflected in giving consent as a voluntary, specially informed and unambiguous expression of the wishes of the individual (respondent) to whom he gives a statement or clear affirmative action consent to the processing of personal data. Consent management implies the possibility that the user and / or customer by active and unambiguous action authorizes the Company to collect and process certain personal data for one or more purposes (consent of respondents), or to withdraw previously given consent to collect and process personal data, in one or more purposes.