PRIVACY POLICY

DALEKOVOD d.d. respects your privacy and is committed to protecting your personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation (OG 42/2018), and other relevant regulations applicable in the Republic of Croatia.

DALEKOVOD d.d. takes the protection of your personal data seriously and undertakes all necessary technical and organizational measures in accordance with best practice and the obligations prescribed by Croatian law and the General Data Protection Regulation (EC 2016/679) – GDPR. The specific purpose and methods of processing your personal data depend on the type of business relationship on the basis of which we collect your data.

The information system of DALEKOVOD d.d. is protected in accordance with best practices and standards by physical solutions and applications of leading global manufacturers. Logical and physical access to system components is managed in accordance with applicable standards, and users are regularly trained and informed about the importance of information security and data protection.

Principles of data protection

DALEKOVOD d.d. processes data:

  • Lawfully – if the processing is permitted by law and within the limits prescribed by law
  • Fairly – respecting the specifics of the relationship with you, applying all measures for the protection of personal data and facilitating the exercise of your rights
  • Transparently – by providing all information in a clear and easily accessible manner within the limits set by the General
  • Data Protection Regulation
  • With purpose limitation – by processing personal data for the purposes for which they were collected
  • With storage limitation – keeping data in a form that allows identification of the individual only for as long as necessary for the purposes for which the personal data are processed, and longer only if permitted by the Regulation
  • With data minimization – relevant and limited to what is necessary
  • Ensuring accuracy – taking care of the accuracy and up-to-dateness of data and deleting inaccurate data in accordance with the requirements of the Regulation

Ensuring integrity and confidentiality – through technical and organizational measures taking care of the security of personal data depending on their risk, including protection from unauthorized or unlawful processing and from accidental loss, destruction or damage through the application of appropriate technical or organizational measures

Lawfulness

 Lawfulness, i.e. the legal bases for data processing, may be:

  • fulfilment of a legal obligation of DALEKOVOD d.d.
  • your consent
  • our legitimate interest insofar as it outweighs the interest of the data subject not to have the data processed or
  • another legal basis in accordance with the Regulation


Purposes of processing
Performance of contractual obligations – when processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract
Satisfaction of legitimate interests – when necessary, we process personal data to satisfy legitimate interests crucial to our business operations. For example, such a legitimate interest may be:

  • fulfilling your requests to help us develop, deliver and improve our products and services or for our internal needs, such as audit, data analysis and market research to improve our products, services and communication with users
  • responding to your inquiries and comments
  • conducting legal proceedings and keeping records thereof
  • identifying perpetrators of criminal offences and preventing fraud
  • protection of persons and property

other purposes about which individuals are informed in accordance with the provisions of the General Data Protection Regulation

Recipients
DALEKOVOD d.d. undertakes to keep your personal data and will not disclose or make them available to third parties without your specific consent, except:

  • service providers we engage as processors for tasks related to the performance of a contract to which you are a party (for example, consultants, etc.)
  • market research agencies as our service providers when personal data are used for contacting purposes for market research
  • competent authorities in the course of exercising their competences (for example, the Tax Administration, the Ministry of the Interior)
  • when DALEKOVOD d.d. is legally obliged to provide such data

DALEKOVOD d.d. will regulate the contractual relationship with third parties in detail and ensure that personal data are protected appropriately and in accordance with the requirements of the Regulation.

If the processing of data also involves international transfer thereof, DALEKOVOD d.d. will inform you of its intention to transfer personal data to a third country or an international organization and of the existence or absence of an adequacy decision by the European Commission, as well as of appropriate safeguards and how to obtain their copies if the transfer is subject to appropriate safeguards under Article 46 of the Regulation, the application of binding corporate rules under Article 47 of the Regulation or, if applicable, under Article 49(1)(2) of the Regulation. Any transfer of personal data to third countries will be carried out in accordance with Chapter V.

Your rights
Regardless of the legal basis for data processing, you have the right to:

  • access, rectify or supplement data
  • erasure (“right to be forgotten”) of personal data
  • restriction of processing or objection to processing of your data
  • data portability to you or to third parties
  • if the data are given on the basis of consent, you may always withdraw that consent without negative consequences
  • lodge a complaint with the competent supervisory authority – in Croatia this is the Croatian Personal Data Protection Agency (more at www.azop.hr)

All rights are subject to proportionate limitations in accordance with the Regulation.

Please send your written request to osobnipodaci@dalekovod.hr or by post to DALEKOVOD d.d., Marijana Čavića 4, 10000 Zagreb.

Data retention
DALEKOVOD d.d. retains certain data as long as necessary to fulfil contractual or legal obligations or legitimate interest.

If we process data on the basis of your consent, we retain the data until you withdraw your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If we collected the data through registration for a specific event, we destroy the data shortly after the end of the event, and at the latest after 30 days.

Additional information

Technical and integrated data protection
DALEKOVOD d.d. protects your data and, taking into account the latest developments, the cost of implementation, and the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of individuals resulting from data processing, at the time of determining the means of processing and at the time of the processing itself, implements appropriate technical and organizational measures to enable effective application of data protection principles.

DALEKOVOD d.d. also implements appropriate technical and organizational measures to ensure that, in an integrated manner, only personal data that are necessary for each specific processing purpose are processed.

Records of processing activities

As a controller, DALEKOVOD d.d. keeps records of processing activities which contain:

  • name and contact details of the controller
  • purposes of processing
  • description of categories of data subjects and categories of personal data
  • where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and, where appropriate, the appropriate safeguards
  • where possible, the envisaged time limits for erasure of different categories of data

where possible, a general description of the technical and organizational security measures

Handling of personal data breaches
DALEKOVOD d.d. ensures that in the event of a personal data breach, without undue delay and, if feasible, not later than 72 hours after becoming aware of the breach, it reports the personal data breach to the Croatian Personal Data Protection Agency in accordance with the Regulation, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of individuals.

Where required by the Regulation, DALEKOVOD d.d. will also notify data subjects of the personal data breach without undue delay.

Data protection impact assessment
DALEKOVOD d.d. does not carry out data processing that is likely to result in a high risk to the rights and freedoms of data subjects. However, if exceptionally certain processing meets high-risk criteria, DALEKOVOD d.d. will, prior to processing, carry out an impact assessment of the envisaged processing operations on the protection of personal data in accordance with the requirements of the Regulation.