Privacy Policy

Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, p. 1, hereinafter: General Data Protection Regulation), which has been fully applicable since 25 May 2018 in the Republic of Croatia and all EU Member States, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Act), the Labour Act (Official Gazette No. 93/14 and 127/17), the Occupational Safety Act (Official Gazette No. 71/14, 118/14, and 154/14), and the legal framework for the protection of personal data in the Republic of Croatia and the European Union, as well as best European practices, IDENTITIES D.O.O., registered with the Commercial Court in Zagreb (hereinafter: IDENTITIES D.O.O.), as the data controller of personal data of its service users and customers, has developed a Privacy Policy for the personal data of service users and customers.

The Privacy Policy is a unilaterally binding legal act based on fundamental principles of personal data processing, regulating which user data is collected, how such data is processed, and for what purposes it is used. The Privacy Policy also informs service users and/or customers about their rights concerning the collection and further processing of personal data, all to protect their privacy broadly.

The Privacy Policy is based on the following principles of personal data processing: the principle of legality, transparency, and best practices, the principle of limited processing and data minimization, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of data integrity and confidentiality, the principle of accountability, the principle of trust and fair processing, the principle of purpose limitation, and the principle of processing in an anonymized form.

The Privacy Policy applies to all services offered by IDENTITIES D.O.O., aiming to clearly and transparently inform users about the processing of their personal data and their rights. Above all, users may contact the Association at any time to request modifications, additions, and/or updates to the data relating to them, as well as to withdraw their consent and request the cessation of further personal data processing.

Responsible for the processing of personal data:
IDENTITIES D.O.O.
Contact details for data protection:
Email: [email protected]

Methods of collection and types of personal data collected

• Directly from users themselves in such a way that users provide data to IDENTITIES D.O.O. as the data controller, within the necessary scope for providing appropriate services, sales, or other interactions between users and IDENTITIESGALLERY.COM. To provide appropriate services, the user is obliged to provide IDENTITIES D.O.O. with the following data needed for establishing a contractual relationship to provide a specific service and/or sell certain products. Customers may provide data orally or in writing at the headquarters of IDENTITIES D.O.O., via email sent to one of IDENTITIES D.O.O.’s email addresses, or through the website IDENTITIESGALLERY.COM.
• From other publicly available sources of information about IDENTITIES D.O.O. and individuals in IDENTITIES D.O.O. from online portals, telephone directories containing such data, and other publicly available services, solely for the purposes for which the data was originally collected.
• Automatically by visiting the IDENTITIES D.O.O. website, applications, and portal, where data associated with network identifiers (IP addresses, cookie identifiers such as Google Analytics for tracking user interactions) is collected.

A cookie is a small data file stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience, save user preferences, make websites function more efficiently, and track and analyze usage and visits to the IDENTITIES D.O.O. website.

By disabling and/or blocking the storage of cookies, users can still browse IDENTITIES D.O.O. websites. However, certain features and functionalities of the website may not be available, or the time required to access specific functions may be longer than usual.

Network identifiers may leave traces that, in combination with other identifiers and information provided by internet service providers, may be used to identify users and/or customers.

The quantity and scope of personal data collected by IDENTITIES D.O.O. depend on the type of service provided and the legal basis for collecting the data. IDENTITIES D.O.O. continually ensures that only the necessary scope of personal data required to achieve the legally defined purpose is collected.

Types of personal data collected?
The data most commonly provided by the Customer–User includes:

• Full name
• Address
• Personal Identification Number (OIB)
• Contact telephone and/or mobile number
• Email contact details
• Personal ID information
• Bank account and card details for payment obligations

Where are personal data processed?
The personal data of Users–Customers are processed in the Republic of Croatia.

Where are collected data stored?
The data is processed so that all or part of the information about Customers–Users is stored in the data controller’s databases.

Obligations of the data controller concerning processing security
Technical and Integral Data Protection
The Data Controller implements technical and organizational measures to ensure an adequate level of security. The Controller also ensures that any individual acting under the Controller’s responsibility who has access to personal data does not process those data unless following the Controller’s instructions.

Taking into account the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of individuals, the Data Controller implements appropriate technical and organizational measures in accordance with Security Policies to ensure and be able to demonstrate that processing is conducted in compliance with the General Data Protection Regulation.

Purpose of Collecting and Further Processing Data

IDENTITIES D.O.O. collects and processes personal data of users and/or customers for the purposes of contract formation and execution, purchase realization, or service intervention on equipment, delivery of ordered products, consultation and assistance in using products, provision of appropriate additional and/or extended product warranties, handling complaints from users and/or customers, and other actions associated with the formation and execution of contracts in accordance with applicable regulations.

Processing personal data of users and/or customers for the aforementioned purposes is necessary and forms the legal basis for contract formation. If the user and/or customer refuses to provide essential data, the service will not be able to form a contract and/or perform certain actions related to executing the concluded contract.

Organization of Prize Games

IDENTITIES D.O.O. occasionally organizes prize games, and the data collected are used for notifying winners about their prizes.

Direct Promotion (Marketing)

The contact details of users and/or customers may be used to send promotional notifications about IDENTITIES D.O.O.’s products and services if the customer–user has provided their consent.

Video Recordings

IDENTITIES D.O.O. uses surveillance cameras to protect persons and property.

Duration of Data Retention

Depending on the purpose and legal basis for collecting personal data of users and/or customers, IDENTITIES D.O.O. is, in certain cases, obliged to retain personal data for the period prescribed by applicable regulations or until the purpose for which the data were collected ceases. After the expiration of the statutory period obliging IDENTITIES D.O.O. to retain specific personal data or upon the cessation of purpose, the data will be deleted.

In cases where the basis for data collection and processing is the user’s and/or customer’s consent, personal data will be retained for 10 years. Data processed based on user and/or customer consent may be deleted earlier if the user and/or customer requests such deletion or objects to such processing by submitting a written request via email to: [email protected].

Methods of Exercising Rights

Users may exercise their rights if they believe irregularities in processing their personal data have occurred by contacting the provided contact details or emailing [email protected]. Additionally, the user and/or customer has the right to lodge a complaint with the national supervisory authority.

Under What Conditions and for What Reasons Are Personal Data Shared with Third Parties?

IDENTITIES D.O.O. shares personal data of Customers–Users with third parties (including competent authorities) in the following cases:

• To fulfill legal obligations of IDENTITIES D.O.O. when such processing is necessary for protecting the vital interests of Customers–Users.
• To fulfill contractual obligations, perform tasks on behalf of the Customer–User for which engaging a third party–processor is necessary.