PRIVACY STATEMENT

Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the non-application of Directive 95/46 / EC (Official Journal of the European Union L 119 , 4.5.2016, p. 1, hereinafter: the General Data Protection Regulation), which is in full application since 25 May 2018 in the Republic of Croatia and all the Member States of the European Union, as well as the Law on Implementation According to the legal framework for the protection of personal data in the Republic of Croatia and the European Union and the best European practice, the Byte Lab Grupa d.o.o. company, with headquarters in the Republic of Croatia, Zagreb (Official Gazette 42/18, hereinafter: the Law) , Dragutina Golika 63, registered in the court register of the Commercial Court in Zagreb under the registration number MBS: 02824485, Personal Identification Number (OIB): 90076939291 (hereinafter: Company) of the personal data of its users and customers, has developed a Privacy Policy for Customer Services and Customers. Privacy Policy is a unilateral binding legal action based on the basic principles of processing personal data, which regulates which user’s customer’s data is collected, how this information is processed, the purposes for which they are used. Privacy Policy also informs users of services or customers with their rights in collecting and further processing of personal information, in order to protect their privacy in the broader sense.

Privacy Policy is based on the following principles of personal data processing: the principle of legality, transparency and best practices, the principle of limited processing and the reduction of the data volume, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and data confidentiality, the principle of responsibility, trust and fair processing, the principle of opportunity (processing purposes), the principle of processing in unnamed (anonymised) form.

Privacy Policy applies to all services offered by the Company, with the aim of the Policy in a clear and transparent way to familiarize users and/r customers with the processing of their personal data and their rights. First and foremost, users and/or customers may at any time contact the Company with a request for modification or update the information that they relate to, as well as with the request for an explanation of the purposes for which they want or not want their data is processed.

The Company that is responsible for processing personal data:

Byte Lab Grupa with limited liability company, Zagreb, Dragutina Golika 63, registered in the court register of the Commercial Court in Zagreb under registration number MBS: 02824485, Personal Identification Number (OIB): 90076939291

Personal Data Protection Officer Contact Information:

e-mail:

How to Collect and Collect Data Type

Some services provided by the Company require the collection of personal information of users and/or customers, where basic data is collected in the following ways:

1. Directly by the users themselves and/or the buyers in such a way that the users and/or customers themselves deliver to the Company as a processing manager in a certain amount of information relevant to the provision of the corresponding services. For the purpose of providing the appropriate services, the user and/or customer is obliged to provide the Company with the following information that is necessary to establish a contractual relationship for the provision of a particular service and/or the sale of certain products from its range:

a) Name and surname/company name

b) address;

c) phone and/or cell phone contact;

d) contact information of the electronic mail (e-mail address);

e) bank account data for the purpose of regulating payment obligations;

2. From other sources, that is, from our business partners or from publicly available sources (for example, data available through insight into the directory and other publicly available services);

3. Automatically visit our web pages, applications, and the Web-portal, with data associated with network identifiers (internet protocol addresses and cookie identifiers, such as Google Analytics to monitor user and/or customer interaction ).

A cookie is a small data file that is stored on a computer or mobile device when visiting a particular web page. Cookies are used to provide a better user experience to each user and/or customer, saving user and/or customer preferences in order to make web pages more efficient, as well as to monitor and test usage of the website of the Company. Cookies are also used to monitor the use of the Internet and create user profiles, and then display customized Internet ads based on user and/or customer preferences.

By shutting down and/or blocking cooking, the user and/or the customer can still browse the Company’s web pages. However, there is a likelihood that the time required to access some of the functions of a web page will be longer than usual.

Subject network identifiers can leave traces that, in combination with other identifiers and information provided by Internet service providers, can serve to identify users and/or customers. Also, for the stated purpose, we collect and process the following data:

a) IP address information;

b) data on the use of individual applications;

c) information about the habits of users and/or buyers – we create the above data for the purpose of profiling users and/or customers.

The quantity or scope of personal data collected by the Company depends on the nature of the service provided by the Company to its users and/or customers, as well as on the legal basis on the basis of which it collects data. The Company continuously takes care of collecting only the necessary scope of personal data that is required to achieve the legally defined purpose in which data are processed.

For what purposes personal information is collected, it continues to be processed

The Company collects personal information in order to provide, maintain, protect and improve its services related to the purchase of certain products in order to understand the ways in which users and/or customers use the services provided and use the Company’s web pages (web pages) and for the purpose of fulfilling contractual obligations Society. Such information shall be collected by the Company on the basis of the consent given by the user and/or the buyer.

Execution of contractual obligations

The Company collects and processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivery of ordered products, consulting and assistance in using the product, providing appropriate additional and/or extended product warranties, resolving objections from users and/or customers and others actions related to the conclusion and execution of the contract in accordance with the relevant regulations.

The legal basis for the processing of personal data of users and/or customers for the purposes indicated above represents the necessity of concluding a contract, that is, in case the user and/or the customer deny giving essential data, the Company will not be able to conclude the contract and/or take certain actions related to execution of the concluded contract.

Fulfillment of legal obligations

Company is obliged to provide access to personal data processed by them, correction of inaccurate personal data, deletion of personal data, or limitation of personal data processing, as well as to acquaint them on the basis of submitted written request of users and / or customers to the above address of the data protection officer with the possibility of complaints about personal data processing and the right to transfer data.

Direct marketing (marketing)

User and/or customer contact information may be used to send promotional product and service information to the Company if the user and/or customer has given the benefit of such processing or if there is a legitimate interest of the Company for such actions unless these interests are of greater interest or fundamental rights and freedoms of users and/or customers that require the protection of personal data.

The Company may use the contact information and personally contact the users and/or customers whose personal information already has, on the legitimate interest in sending promotional notices about all the products and services provided by using all available advertising channels unless the user and/or the customer does not object to such processing.

In order for the user and / or customer to receive notices that correspond to his / her wishes and habits, it is necessary for the Company to use certain user and/or customer data to create personalized advertising notices until the user and/or customer explicitly objects to such processing, or withdraw its earlier application for processing.

The legal basis for the processing of personal data for the aforesaid purposes is the legitimate interest of the Company unless such interest is a stronger interest or fundamental rights and freedoms that require data protection.

Internal Purposes

The Company uses certain customer and/or customer data exclusively for the purposes of own records, in order to protect the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data for the purpose of creating bids that meet the needs and wishes of users and/or customers, research and market analysis.

Potential users information

The Company is also authorized to collect information about potential customers and/or customers of their services and/or products. These data include basic information (first and last name, e-mail address), as well as the interests of potential customers and/or customers addressing the Company with the desire to be informed and/or offered certain products and services.

The legal basis for collecting the described case is the user’s and/or customer’s attachment.

Time to store and process personal data

Depending on the purpose and the legal basis on which the user and/or customer’s personal information is collected, the Company is in some cases obliged to keep personal data in the time period (period) that for a particular purpose are prescribed by applicable regulations or the termination of the purpose for which they were collected. By passing a statutory deadline binding on the Company for the custody of certain personal data or termination of the purpose, the same shall be deleted.

In cases where the basis for data collection and processing is legitimate interest of the Company or the beneficiary of the user and/or customer, the personal data is kept in the following time periods:

a) data on existing users and/or customers: during the contractual relationship and 6 months after termination;

b) data on potential customers and/or customers: 3 months;

Data processed on the legitimate interests of the Company and/or the beneficiaries of users and/or customers may be deleted even before the expiration of the time limit specified in this Policy, if such deletion is required by the user and/or the buyer, ie when the user and / or customer objects to such processing.

User / customer rights

The right to access personal information

As a processing manager, the Company undertakes, on the basis of the submitted written request of the user and / or the customer, which request may also be in the form of electronic mail, to provide access to the personal data processed by them, to inform them about the purpose of processing the personal data in which they are processed, the data being processed, the recipients or recipient categories with which the personal data are disclosed or will be disclosed, the estimated timing of the processing or the criteria used to determine that period.

Right to correct inaccurate data

As a processing manager, the Company will allow for correction of incorrect personal data in each individual case when it is determined that the personal data collected on the user and/or customer are incorrect or that the user and/or customer data has changed.

Right to delete personal data

The Company will delete the personal data of the user and/or customer in the following cases:

a) when the user and/or customer personal data are no longer necessary for the purpose of processing or termination of the processing purpose;

b) when the user and/or customer withdraws the privation as a legal basis for the processing of data, and there is no other legal basis for data processing;

c) when the user and/or the customer objects to the processing of the data (see the title Right to complain)

d) when personal data is processed unlawfully;

e) when the personal data have to be deleted in order to fulfill the legal obligations of the European Union law or the Member State to which the data processing manager is subject;

f) when personal information is collected regarding the provision of information society services in relation to the child’s privation.

Right to Restrict Data Processing

Limitation of personal data processing will be provided by the Company in cases where the user and/or customer disputes the accuracy of the data when the processing is illegal and the user and/or customer is opposed to the deletion of the data and instead requires a restriction on their use when the processing manager no longer needs personal data processing needs but the user and/or customer requests data for the fulfillment of legal requirements as well as when the user and/or customer objects to the processing of personal data based on the legitimate interests of the Company, including the user profile and/or customer profiles.

Right to Invoke Complaints

The user and/or customer has the right to file an objection to the processing of personal data relating to him if the data is processed for the legitimate interests of the processing manager. In this case, the Company will cease processing personal data as processing manager unless it demonstrates that there are convincing legitimate reasons for processing personal data in relation to the user and/or customer rights, that is, in case the processing of data serves to establish, exercise or defend legal requirements.

If the customer and/or customer personal information is processed for direct marketing purposes, the user has the right at any time to file an objection to processing for direct marketing purposes, especially if the personal data are used for the purpose of creating a profile.

Where personal data is processed

The Company’s personal information is processed by the Company in the Republic of Croatia.

Under what conditions personal data is passed on to third parties

Personal information of users and/or customers is forwarded by the Company to third parties (including competent bodies) only in the following cases:

a) the beneficiary of the customer and/or customer;

b) in order to fulfill the Company’s legal obligations;

c) when such processing is necessary to protect key users and/or customers’ interests.

Manage approvals

An active role of the user and/or the customer in privacy is reflected in the disclosure as a voluntary, particularly informed and unambiguous expression of the wishes of the respondents who, by declarations or by a clear acknowledgment of action, give consent to the processing of personal data. Management of privates implies the possibility that the user and/or customer may, through an active and unambiguous act, authorize the Company to collect and process individual personal data for one or more purposes (deprive the respondent), or to withdraw the prior privilege for the collection and processing of personal data, in the same way, one or more purposes.

Who to talk to

In the event of any questions about the protection of personal data by the Company, users and/or customers may contact the Personal Data Protection Officer via email at the e-mail address specified in this Privacy Policy or in writing at the following address:

Byte Lab Grupa d.o.o.

Data Protection Officer

Dragutina Golika 63

10000 Zagreb

Amendments to the Privacy Policy

The Company reserves the right to amend this Policy at any time without giving any special notice to the persons concerned. For this reason, it is recommended to all interested parties to regularly review the Website content of the Company for information on the updated content of this Policy.

In Zagreb, May 2018.

Byte Lab Grupa d.o.o.