OUR FUNDAMENTAL PRINCIPLE IS PRIVACY AND PROTECTION OF PERSONAL DATA
The privacy of individuals and the protection of personal data are fundamental human rights.
At CRATIS, we have a duty to take care of the privacy of the persons whose personal data we process and store. Data is a responsibility, and must be collected and processed only when absolutely necessary.
CRATIS adheres to the following principles in order to protect the privacy of its clients:
We do not collect more information than is necessary
We do not use personal information for purposes not listed
We do not store personal information if it is no longer needed
We never sell, borrow or distribute or publicly disclose personal information
We do not send personal information to third parties without your knowledge
We do not use any automated processing and decision making or profiling
We do not transfer personal data outside the EU / EEA
We continuously ensure that personal information is securely stored.
If, after reading them, you will have further questions about the protection of personal data in CRATIS or you want to share your ideas and recommendations, please contact our Data Protection Officer Igor Barlek via e-mail: firstname.lastname@example.org.
This website, as well as our business and information systems, is designed to comply with the following national and EU legal frameworks regarding data protection and user privacy:
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679),
Directive on privacy in electronic communications (Directive 2002/58 / EC),
Act on the Implementation of the General Regulation on Data Protection (OG 42/18),
and will be continuously updated in accordance with the relevant legal and regulatory framework for data protection and privacy at national and EU level.
CRATIS acts in relation to personal data of you as our business partners and potential clients through this website in the role of processing manager, who determines the purposes and methods of processing your personal data, and takes care of ensuring all security measures of your personal data . Also, as a contracting party to our business partners, CRATIS is the executor of processing on behalf of business partners as the processing manager, who give us full confidence in providing a wide range of services with the highest measures of data protection and security of processing .
The manager of the processing of your personal data through this website is:
CRATIS d.o.o., Vinogradska 18, 42223 Varaždinske Toplice,
with the business address of the office: CRATIS d.o.o., Šetalište Franje Tuđmana 1, 42000 Varaždin.
HOW AND WHAT OF YOUR DATA DO WE COLLECT?
We collect your information that you make available to us when intending to enter into business cooperation or use our services, which are necessary for the execution of the contract, such as name, address, contact information (email address, telephone number), personal identification number (OIB), and we process them for the duration of our contractual relationship. This includes data necessary for the delivery of contracted services, and the issuance of invoices, data proving the authority to enter into a contract, and data collected during communication with us (eg contact information).
Although you may use our website without providing any personal information, after contacting us via our contact form or directly via our email address, CRATIS collects information about you. The information you fill in (personal information such as your name, email address, organization) or send by direct email will be processed and stored so that we can contact you and respond to your request. CRATIS will not share or allow access to your personal information with any third party. The data will be used exclusively for business contact, and with the aim of improving the content of the website and anonymously for the purpose of collecting statistical data.
AUTHORIZED EXTERNAL PROCESSING
Our selected external executors are primarily persons and companies that provide us with the delivery of services, storage of contracts and other business documents, business application maintenance services and other services related to the subject of our company, without which we would not be able to ensure our contractual obligations to you and ensure you a high level of quality of our services.
When CRATIS collects information about you, we ensure that your personal information is protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal information that is transferred, stored or otherwise processed. This is done through appropriate professional technical measures.
CRATIS has implemented security measures to protect the personal data you share with us, including physical, electronic and procedural measures.
We use the global reference platform for cloud services to ensure the highest level of data protection, both for our internal documentation and for your personal data.
This website is located with us in CRATIS on our servers within the EU and CRATIS fully provides measures for additional protection and improvement of user privacy.
All traffic (file transfer) between this website and your internet browser is encrypted and delivered via HTTPS level, while ensuring the highest level of data security.
You are free to contact us at any time in order to exercise your rights under the General Data Protection Regulation. Your rights are as follows:
Right of access
You have the right to access your personal data and to be informed which data we process and in what way, for what purpose and for what period. We provide you with the opportunity to view your personal information or to request a copy of your personal information.
The right to withdraw consent
You have the right at any time and free of charge to withdraw your consent to the processing of personal data on the basis of which CRATIS will delete your data from its systems and stop using it for the purposes for which you have given your consent. The use of personal data prior to the withdrawal of consent is lawful until the moment of its withdrawal.
The right to correction of personal data
You have the right to correct or supplement inaccurate or incomplete personal information that you have provided to us and that we have collected.
Right to delete
You have the right to ask us to delete your personal data, when the data is no longer needed to achieve the purpose for which it was collected, when you withdrew your consent to the processing of personal data, when you file a justified complaint or your personal data is processed illegally.
The right to object
You have the right to object to certain handling of your personal data. For example, you may request that we stop processing your personal information for direct marketing purposes.
The right to limit processing
You may ask us to restrict the processing of data, for example, when a deletion, correction or complaint regarding your personal data is pending and / or when we do not have a valid basis for the processing of your data and you wish to retain it. When processing is limited, your data will be stored and will not be further processed. For example, if you dispute the accuracy of your data, the processing of such data will be limited until it is ensured that the data is accurate.
The right to transfer data
When processing is performed by automatic means of processing on the basis of a contract or consent, you have the right to receive personal data that you have provided to us in a structured and commonly used form and to transfer such data to third parties.
How to apply?
If you want to exercise any of the above rights, feel free to:
send a request to the email address email@example.com or
by mail to the address CRATIS d.o.o., Šetalište Franje Tuđmana 1, 42000 Varaždin.
We will respond to your request as soon as possible, and no later than one month after receiving your request. In case of inability to securely verify your identity, we will be free to request additional verification of your identity.
The right to lodge a complaint with the supervisory authority
You can lodge a complaint directly with the competent supervisory authority at any time, especially in an EU country where you have your habitual residence, place of work or the place of the alleged breach, if you consider that our processing of your personal data is not lawful.
Direct contacts of the competent supervisory body in the Republic of Croatia are:
PERSONAL DATA PROTECTION AGENCY (AZOP)
Selska cesta 136
HR - 10 000 Zagreb
Telephone: +385 1 4609 000