Collection and use of personal data
With this information, we want to provide you with more detailed information about the processing of your data by ANCONA GRUPA d.o.o. (hereinafter: the Company), as well as the rights you can exercise in connection with the processing of this data. Protecting your privacy is extremely important, so please read this information carefully.
1. Who is responsible for processing your personal data?
Since we determine the purpose and means of processing your data, we are, following the General Data Protection Regulation (Regulation (EU) 2016/679), principally responsible for the data processing:
ANCONA GRUPA d.o.o., Makarska Ulica 29, 31400 Đakovo, OIB: 65507156455,
Phone: +385 31 840 840; Fax: +385 31 840 841
For questions about the processing of your personal data or regarding exercising the right to data protection, please get in touch with our data protection officer:
ANCONA GRUPA d.o.o., Makarska ulica 29, 31400 Đakovo, OIB: 65507156455, with the indication “for the Data Protection Officer”
2. For what purposes and on what legal basis do we process your personal data?
We process your personal data under the provisions of the General Data Protection Regulation, the Law on the Implementation of the General Data Protection Regulation and other regulations on personal data protection.
We process your personal data for the purposes stated in this information and under the following legal bases:
2.1. Fulfillment of legal obligations
We also process your personal data to fulfil our legal obligations, such as keeping business documents, etc.
2.2. Legitimate interests
We have the right to process your data for our legitimate interests, except in cases where these interests are more substantial than your interests or your fundamental rights and freedoms that require personal data protection. In doing so, we will consider your reasonable expectations regarding processing personal data based on your contractual or other relationship with us.
Our legitimate interest is, for example, the processing of personal data to prevent and detect criminal or misdemeanour offences that could occur on the premises of the controller to avoid injury to users of the services of the controller and employees of the controller, for meeting hygiene / sanitary requirements, transfer personal data between the controller and processor to execute the contract on the use of the services of the processor and/or processor and related administrative needs (issuance of invoices, etc.).
The processing of special categories of your personal data, unless their processing is necessary for us to establish, exercise or defend against legal claims (e.g. if a court proceeding is initiated against the data controller in which the data controller would be forced to the competent authority to protect its rights and interests submit your data to the court or, unless otherwise prescribed by binding/applicable regulations, we can do so only based on your express consent. In this case, we will take appropriate measures to inform you in a timely, concise, transparent and easily accessible form about the purpose of processing your data, for which Your consent is necessary, so that you can decide whether you want to give us consent.
If we process your personal data based on your consent, we inform you that you have the right to withdraw your consent at any time, as described in the chapter “What are your rights regarding the processing of personal data?”.
3. What kind of personal data do we process?
We process personal data that we have collected from you, mainly your primary personal data (e.g. name and surname, date of birth, address, unique identification number, contact phone number, and email address).
4. To whom will personal data be disclosed?
If it is necessary for the processing referred to above, or if the binding applicable regulations establish it, we may disclose your data to natural and/or legal persons, public authorities or other bodies (recipients).
Regardless of which recipients we deliver your personal data to, we will provide only those data necessary to achieve the specific purpose of the processing.
We may, under special regulations, deliver your personal data to public authorities to carry out their official tasks, such as the Ministry of Finance, the Ministry of Internal Affairs, the competent state attorney’s office, as well as the court, notary or tax authority for the needs of the proceedings they led, etc.
We can deliver your personal data to other recipients, i.e. natural and legal persons who have a business relationship with us, in the capacity of our processors (e.g. subcontractors, delivery services, accounting service, lawyers, debt collection agencies, postal and courier providers services, IT service providers, financial institutions, authorized auditors/auditing companies, etc.).
If we engage other natural or legal persons to process your personal data, which will process your personal data exclusively on our behalf and according to our instructions (processors) based on a written contract, we will only engage those processors who sufficiently guarantee the implementation of appropriate technical and organizational measures that comply with the requirements of the General Data Protection Regulation and regulations on personal data protection and ensure the protection of your rights and the security of the processing of your personal data.
Furthermore, we may disclose your personal data or make it available to third parties in the following cases: if you expressly agree in writing to disclose certain confidential data for a specific purpose or to a particular person; if the Ministry needs the data for the Interior or the competent state attorney’s office to perform tasks within their jurisdiction; if the court or the notary public needs the data for the procedure it leads, and the presentation of this data is required in writing; if the tax authority needs these data in the procedure it carries out within its jurisdiction and in other cases under binding applicable regulations.
5. Where will your data be processed?
Your personal data is processed exclusively within the European Economic Area (EEA), and your personal data is not transferred to third countries (countries outside the EEA).
6. How long do we keep your personal data?
We store your personal data for as long as is necessary to fulfil the purpose for which it is processed unless we are bound by additional legal terms for their storage.
In connection with the Agreement on the use of the services of the manager and/or processor, the retention period is determined by the duration of that Agreement. The documentation that we must keep and the storage periods are additionally prescribed, for example, in the General Tax Act and others.
In addition, we keep personal data for as long as there is a legal possibility to make legal claims based on the contract on the use of the services of the manager and/or processor, which includes the period prescribed by Law (e.g. for the possibility of enforcement) after the legally binding termination of judicial, administrative or other of the appropriate procedure initiated to realize the rights and obligations related to the Agreement on the use of the services of the manager and/or processor or are related to that Agreement.
Suppose we process specific personal data based on consent in case of withdrawal of consent. In that case, we will delete your personal data unless there is another legal basis for processing or if the processing of your personal data is necessary for establishing, exercising or defending legal claims.
7. What are your rights regarding the processing of personal data?
In addition to the conditions prescribed by the General Data Protection Regulation, you have the following rights regarding the processing of your personal data:
- The right to access is the right to obtain information about whether we process your personal data, and if such personal data is processed, access to personal data and information, among other things, about the processed personal data, about the purpose of processing, storage period, export to third countries and PhD.
- The right to correction: Correcting incorrect and supplementing incomplete personal data is the right to correction.
- The right to deletion (“right to be forgotten”): the right to delete personal data relating to you if, among other things, the personal data are no longer necessary concerning the purposes for which they were collected or otherwise processed if you have withdrawn your consent for processing and if there is no other legal basis for processing if your data has been illegally processed, etc. This right has limitations, so it cannot be applied if processing your personal data is necessary for the establishment, realization or defence of legal claims or for compliance with our legal obligations that require processing according to the regulations that bind us.
- The right to restriction of processing: the right to ask us to restrict the processing of your personal data (e.g. when you dispute the accuracy of the data).
- The right to object: the right to object to the processing of personal data relating to you that we process based on legitimate interest. In this case, we may process personal data relating to you only if we prove that our legitimate reasons for processing exceed your interests, rights and freedoms or for establishing, exercising, or defending legal claims.
- The right to data portability: the right to receive and transfer data to another controller if you have provided us with personal data in a structured form and in a commonly used and machine-readable format, and the processing based on consent or a contract.
- The right to object to the making of automated individual decisions, including the creation of a profile – the right not to be subject to a decision based solely on automated processing, including the creation of a profile, which produces legal effects that relate to you or similarly significantly affect you, except if such a decision is necessary for the conclusion or execution of your contract of representation, if it permitted by EU law or national Law that prescribes appropriate measures to protect the rights and freedoms and legitimate interests of the respondent or based on the express consent of the respondent.
- The right to withdraw consent: if the processing of personal data is based on your consent, you have the right, without any consequences, to withdraw your consent at any time by submitting a written notice of withdrawal of consent to the data protection officer, by coming to the headquarters of the controller or via the user (web) interfaces, if applicable. In this case, we may only process your personal data if there is another legal basis for their processing. Withdrawal of consent takes effect from the moment it is declared, which means that it does not affect the legality of processing your personal data in the period from giving consent until its withdrawal.
You can contact our data protection officer to exercise all your rights regarding processing personal data.
To act on your request to exercise your rights, we can ask you for additional information to confirm your identity. We can refuse to act on your request if we cannot verify your identity. If your requests to exercise your rights are clearly unfounded or excessive, primarily due to their frequent repetition, we can charge you a reasonable fee or refuse to act on the request.
8. The right to submit a complaint to the supervisory authority
Suppose you believe that processing your personal data does not comply with the regulations on personal data protection. In that case, you have the right to file a complaint with the supervisory authority in the Member State in which you have your habitual residence, where your place of residence is or the place of violation of the regulations on personal data protection.
In the Republic of Croatia, the supervisory body to which you can submit a complaint is the Croatian Personal Data Protection Agency (www.azop.hr).
Without questioning your right to submit a complaint to the supervisory authority, we suggest you contact our data protection officer to clarify disputed issues before submitting a complaint.
Information about data processing is available at any time on the data controller’s website: https://ancona-grupa.hr.