In accordance with the regulatory requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as: the Regulation) and the Act on Implementation of General Data Protection Regulation (hereinafter: the Act), Tesla kabeli d.o.o (hereinafter: the Company) adopts the following Personal Data Protection Policy (hereinafter: the Policy). By adopting the Policy the Company undertakes to observe the rights and obligations guaranteed under the Regulation.
The organisation processing your personal data as a data controller is the Company:
By adopting this Policy the Company aims to implement data privacy protection measures in compliance with the Regulation. The Policy sets out the Company rules on data subjects’ personal data protection and rules regulating the free movement of such data. The Policy will establish appropriate processes for the protection of personal data of data subjects, i.e. clients, employees and business partners and other natural persons whose data are being processed.
Personal data protection principles
The Policy is based on the following principles:
Legality and transparency– the information or communication with the data subject has to be concise, transparent, easily accessible and easy to understand.
Accuracy– personal data have to be accurate, complete, updated when necessary and rectified in a timely manner.
Confidentiality and security – data processing has to be carried out in a way that ensures appropriate level of security of personal data, including protection from unauthorised or unlawful processing through regular testing and implementation of technical or organisational measures. Data are stored in a secure operating environment that is not publicly accessible.
Fair processing– the Company is responsible for provable legal compliance with the Act.
Storage limitation– personal data have to be stored in a way that enables identification of a data subject only for as long as necessary for the purposes of data collection.
Lawfulness of processing
In order for personal data processing to be proportional and in accordance with the requirements of the Regulation, only a minimum set of data has to be processed. That way the Company will process personal data of data subjects only based on the following legal bases:
a) if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
b) if the processing is necessary for compliance with a legal obligation to which the Company is subject (applicable legislation the Company is obligated to comply with) – any time when the law authorises or obliges the Company to process data, the Company will process personal data of data subjects on such legal basis.
c) if theprocessing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party - except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Legitimate interests include processing which serves so that the Company would improve processes, product development, operations and modernize its services.
d) if the data subject has given consent to the processing of his or her personal data for one or more specific purposes – consent has to be given on a voluntary basis, provable, written in an easily understandable language and the data subject can withdraw consent at any time (the withdrawal must be as easy as giving consent).
e) If the processing is necessary to protect the vital interests of the data subject or other natural persons.
Categories of personal data
The Company processes personal data that enable natural persons to be directly or indirectly identified (e.g. name, phone number, date of birth, bank account number, e-mail, employer or IP address) in the cases listed below:
- if you are our clients, business partners or suppliers, in accordance with our legal obligations (e.g. in accordance with accounting laws) or based on the estimated legitimate interest,
- if you are our carriers, couriers, forwarders or visitors,
- when you contact us via our contact form or e-mail,
- when you are connected and communicate with us via social networks (Facebook, LinkedIn)
- when you are our employee or we are considering your job application or you have sent us an open cover letter,
- when you visit our website and use some of its functionalities and features.
The Company will not collect personal data the data subject has not submitted voluntarily, except when collected via information systems and programs used for our website and when required for using internet communications protocols and no data will be required except those necessary for the performance of a specific activity.
Personal data processed by the Company
When entering into and during the employment relationship we collect certain personal data from our employees based on statutory requirements, employment contracts, legitimate interests or statements of consent. Specific employee data (e.g. data processed for the purpose of maintaining employee records under the Ordinance on Maintaining Employee Records) is stored permanently, as the Company is legally required to do so (name, date of birth, sex, citizenship, tax identification number, payroll records, level of education), while other data are kept for 6 years (e.g. recording of work times). Photographs, name, job position and other employee data published on the Internet are stored until the termination of employment, i.e. withdrawal of consent given for the purpose of processing of these specific data. Personal data of the employee’s family members are processed only to the extent necessary to meet legal obligations under applicable legislation (data about supported family members and child benefit) and kept until the termination of employment.
Employee personal data are forwarded to the Company’s data processors (e.g. IT system support) and public authorities (e.g. Financial Agency, Croatian Health Insurance Fund, Croatian Pension Insurance Institute, Tax Administration, Croatian Employment Service, credit institutions) and financial and legal consultants/auditors.
Job candidates – job advertisements and open cover letters
Personal data of candidates who have applied for job openings at the Company are stored until the completion of the hiring process, i.e. appeal procedure, if consent has not been given allowing a longer retention period. If the candidate has given consent, his/her personal data given in the job application will be stored for two years from the consent or until its withdrawal. If the data subject takes the initiative and sends an open cover letter to the Company, that cover letter will be stored for two years from the date of receipt. Only authorised persons at the Company have access to personal data and data can be forwarded to the companies with whom the Company cooperates in selecting the candidates to be hired and posting job vacancies.
Personal data of current and potential business partners
Further, on the Company website there is an option for sending a newsletter the Company uses to inform its current and potential business partners of new developments in its operations. In that way opportunities are created for new business cooperation and the current partners are notified of the new features and developments of the Company products. The processing of personal data collected via registration on the website is based exclusively on the data subject’s consent and the processing of personal data of the existing business partners for direct marketing purposes is based on the legitimate interest in accordance with the Electronic Communications Act.
The Company also, based on its legitimate interests, processes personal data collected from the existing and potential business partners via social media networks (Facebook and LinkedIn), such as their name, employer, job position, comments and likes.
At any time any data subject has the right to object to the Company’s legitimate interest for personal data processing for direct marketing purposes.
The Company can collect data from visitors, carriers, forwarders and any other natural person who is not its business partner, but may participate in the Company’s ordinary course of business. Personal data are erased after 11 years, as required by law.
Our website may be accessed without providing personal data (such as your name or e-mail). In such cases we also have to process certain data so as to enable access to our website. Additionally, on our website we use certain web analytics tools and we have integrated third-party functionalities (social plug-ins).
Log files: When you visit our website, our Internet server automatically stores the domain or the IP address of your communication software (most likely the computer of your Internet service provider), including the date, time and duration of your visit, URLs and information about the app(s) and terminal(s) used for navigating our website.
If you consent to cookies, Google Analytics, run by GoogleInc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (hereinafter: Google), will be activated automatically. Information is collected on your use of our website and sent to the Google data centre in Europe (or an EEA member) for the purpose of IP anonymization, which prevents identification. Only after visitor IP anonymization, the shortened IP address is sent to the Google data centre in the United States for data storage. Only in exceptional cases the complete visitor’s IP address is sent to the Google data centre in the United States and shortened there. This website uses Google Analytics that enables IP masking.
Web analysis via Mouseflow: on our website we use Mouseflow ApS, an analytics and feedback tool (Flaesketorvet 68, 1711 Copenhagen, Denmark, Mouseflow) used to record randomly selected individual visits (only with anonymous IP address). This results in click, movement and scroll maps which aim to randomly show individual visits to our website as so-called session replays and evaluations, so-called maps, introducing potential improvements for this Internet location. Data collected by Mouseflow are not personal data and will not be transferred to third parties. Collected data will be stored and processed in the EU. If you do not consent to your data being collected and processed using Mouseflow, please opt out at any web location using Mouseflow at the following link: https://mouseflow.de/opt-out/.
Addition for social networks: Our web site now includes a Facebook button (1601 South California Avenue, Palo Alto, CA 94304, SAD - www.facebook.com). The Facebook logo button is easily recognisable owing to the Facebook logo or the Like button.
Data subject rights
The Company processes personal data of data subjects observing their rights under the General Data Protection Regulation (GDPR).
Data subject rights are as follows:
Right to erasure (‘to be forgotten’) – The data subject shall have the right to obtain from the Company the erasure of personal data concerning him or her without undue delay and the Company shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing
c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing the Company can provide or the data subject objects to the processing;
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation.
Right of access- The data subject shall have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information on the purposes of processing, the categories of personal data concerned, the recipients to whom the personal data will be disclosed, etc.
Right to rectification - The data subject shall have the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her.
Right to object to processing- The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.
Right to restrict processing– The data subject shall have the right to obtain from the Company restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
(c) the Company no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims,
(d) the data subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the data subject.
In addition, the data subject has the right to lodge a complaint with the supervisory authority (in the Republic of Croatia – Data Protection Agency) and be informed of the recipients or categories of recipients who have been or will be granted access to data subject’s personal data, especially recipients in third countries.
The Company forwards personal data collected for processing to its data processors. The Company guarantees that data processors will process data in accordance with the Company’s policies, written agreements and applicable legislation. In selecting data processors, the Company employees will check and verify if the selected data processors have adequate privacy protection control measures in place, including appropriate personal data security measures. The Company and data processors will sign data processing contracts in which they will be requested to adhere to applicable policies of the Company, the Act and the Regulation. The Company will allow transfer of personal data to data processors only following the implementation of required data protection procedures in accordance with the written agreement between the parties, Company’s policies and applicable legislation.
Liability and security
The Company respects the privacy and protects the personal data of its employees, business partners or other persons with whom the Company has business cooperation and whose personal data it collects and processes in the ordinary course of business. The Company has adopted a Code of Ethics which presents the Company’s vision of conducting business in a legal and ethical manner. The Company will ensure that the personal data collected from data subjects are stored only for as long as required in relation to the purposes for which they were collected and afterwards they will be erased from all records.
The Company will implement appropriate technical and organisational measures to secure personal data and their confidentiality, i.e. prevent unauthorised access or use of personal data and technical equipment used by the Company.
This Policy comes into force on 25 May, 2018
A collection of great CSS tools and resources can be found at html-css-js.com: code beautifier, cheat sheet, style generators, useful links and more.