Privacy Policy

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, p. 1, hereinafter: General Data Protection Regulation), which has been fully applicable since 25 May 2018 in the Republic of Croatia and all member states of the European Union, as well as the Law on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Law), the Labor Act (Official Gazette No. 93/14 and 127/17), the Occupational Safety Act (Official Gazette No. 71/14, 118/14, and 154/14), and the legal framework for the protection of personal data in the Republic of Croatia and the European Union, along with best European practices, DEGRAD D.O.O., registered in the Commercial Court in Rijeka (hereinafter: DEGRAD), as the data controller of its service users and customers, has developed this Privacy Policy.

The Privacy Policy is a unilaterally binding legal act based on fundamental principles of personal data processing, which regulates which user data is collected, how such data is processed, and for what purposes it is used. Additionally, the Privacy Policy informs users and/or customers about their rights regarding the collection and further processing of personal data, all to protect their broader privacy.

The Privacy Policy is based on the following principles of personal data processing: the principle of legality, transparency, and best practices, the principle of limited processing and data minimization, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of data integrity and confidentiality, the principle of accountability, the principle of trust and fair processing, the principle of purpose limitation, and the principle of anonymized processing.

The Privacy Policy applies to all services provided by DEGRAD, with the aim of clearly and transparently informing users about the processing of their personal data and their rights. Users can, at any time, request modifications, additions, and/or updates of their data, withdraw given consent, and request the cessation of further processing of personal data.

Data Controller:

DEGRAD D.O.O.

Contact Information for Data Protection: Email: [email protected]

Methods of Data Collection and Types of Collected Personal Data

Personal data is collected in the following ways:

  1. Directly from users, who voluntarily provide their data to DEGRAD as the data controller, in the scope necessary for providing appropriate services, sales, or other interactions with WWW.DEGRAD.HR.

    • For the provision of services, the user must provide DEGRAD with the necessary information to establish a contractual relationship for the provision of a specific service and/or product sale.
    • Customers may submit their data verbally or in writing at the DEGRAD office, via email, or through the DEGRAD website.

  2. From publicly available sources, including online directories, public databases, and other publicly accessible services, but only for the purposes for which they were originally collected.

  3. Automatically, through visits to the DEGRAD website, applications, and portals, where data associated with network identifiers (such as IP addresses and cookie identifiers) is collected.

Cookies

A cookie is a small data file stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience, store preferences, improve website efficiency, and track website usage.

Users can disable or block cookies while still browsing the DEGRAD website, but certain functions and features may become unavailable, or access to certain sections may take longer than usual.

Types of Personal Data Collected

The most commonly collected personal data includes:

  • Full name
  • Address
  • Personal Identification Number (OIB)
  • Phone and/or mobile contact number
  • Email address
  • ID card details
  • Bank account and card details (for payment processing purposes)

Where is Personal Data Processed?

Personal data is processed within the Republic of Croatia.

Where is the Collected Data Stored?

All or part of the customer/user data is stored in the databases of the data controller.

Obligations of the Data Controller Regarding Data Security

Technical and Integral Data Protection

The data controller implements technical and organizational measures to ensure an appropriate level of security. Measures are also taken to ensure that individuals acting under the responsibility of the data controller do not process personal data unless explicitly instructed to do so by the controller.

Considering the nature, scope, context, and purposes of processing, as well as varying risks to individual rights and freedoms, the data controller implements security policies to ensure compliance with the General Data Protection Regulation (GDPR).

Purpose of Data Collection and Further Processing

DEGRAD collects and processes personal data of users/customers to:

  • Conclude and execute contracts
  • Facilitate purchases and service interventions
  • Deliver ordered products
  • Provide customer support
  • Offer additional or extended warranties
  • Resolve complaints

Failure to provide essential personal data may result in the inability to conclude a contract or perform specific actions related to the contract’s execution.

Organizing Contests

DEGRAD may occasionally organize contests, and collected data will be used for prize notifications.

Direct Marketing

Contact information of users/customers may be used for promotional notifications regarding DEGRAD’s products and services, provided that users have given their consent.

Video Surveillance

DEGRAD uses surveillance cameras to protect persons and property.

Data Retention Period

Depending on the purpose and legal basis for collecting data, DEGRAD is required to retain certain personal data for the duration prescribed by applicable laws or until the purpose for which the data was collected is no longer valid. Upon the expiration of the mandatory retention period or cessation of purpose, the data is deleted.

If personal data is processed based on user consent, it will be retained for 10 years unless the user requests earlier deletion.

User Rights and Complaint Mechanisms

Users can exercise their rights regarding personal data processing by contacting [email protected]. They also have the right to file a complaint with the national supervisory authority.

Sharing Personal Data with Third Parties

Personal data may be shared with third parties (including competent authorities) in the following cases:

  • Legal obligations (e.g., compliance with mandatory legal requirements)
  • Contractual obligations (e.g., engaging third-party service providers when necessary)

Employment-Related Data Processing

Employee personal data is collected, processed, and shared with third parties only when required by law or necessary for employment-related rights and obligations.

GDPR and Cookies

About This Cookie Policy

This Cookie Policy explains what cookies are, how we use them, the types of cookies we use, and how you can control them.

How to Control Cookie Settings?

Users can adjust cookie settings via the “Privacy and Cookie Policy” tab on the website or through their web browser settings. More details on managing cookies can be found on Wikipedia or All About Cookies.