Privacy Policy
“Privacy Policy for Personal Data Protection at Plavi Tim
GENERAL PRINCIPLES
Plavi Tim d.o.o. (hereinafter: Plavi Tim) takes the protection of your personal data seriously and implements all necessary technical and organizational measures in accordance with best practices and obligations prescribed by Croatian laws and the General Data Protection Regulation (EC 2016/679) – GDPR.
Plavi Tim processes personal data in line with the prescribed privacy by design-default principles.
The information system of Plavi Tim is protected according to best practices and standards with physical solutions and applications from leading global manufacturers. Logical and physical access to system components is managed in accordance with applicable standards, and users are regularly trained and informed about the importance of information security and data protection.
The specific purpose and methods of processing your personal data largely depend on the type of business relationship through which we collect your data. In our business, we adhere to fundamental principles of personal data protection, which means that data is processed lawfully, transparently, and fairly, and processing is limited only to the purpose for which the data was collected. We only retain your personal data for as long as necessary to fulfill the purpose of processing, except when we are required by certain regulations to store personal data for a longer period or when our legitimate interests demand it (e.g., for establishing, exercising, or defending legal claims). Accuracy, reliability, confidentiality, and integrity of your personal data are also principles we follow in processing. Only authorized personnel of Plavi Tim and partners who provide us with business support (data processors) have access to your personal data.
To meet the above regulatory requirements, a multidisciplinary approach to preserving and protecting the privacy of our customers, business partners, job applicants, and other individuals whose data we collect in our business is ensured. We regularly educate our employees, and with partners who provide us with business support, we contract appropriate protection measures.
If you do not agree with Plavi Tim’s Privacy Policy, please do not use our website or provide your personal information. Any changes to Plavi Tim’s privacy policy will be posted on this website.
KEY INFORMATION
Data Controller and Data Protection Officer
The data controller for personal data is Plavi Tim d.o.o., Zagreb, Ul. grada Vukovara 18, 10000 Zagreb, OIB: 11651581989.
The Data Protection Officer at Plavi Tim is Davor Petrovicki.
You can send your inquiries to the following contact:
Address: Ul. grada Vukovara 18, Zagreb, c/o Data Protection Officer
Email address: PlavITim.Zop@plavitim.hr
Purpose of Processing and Legal Basis for Processing Personal Data
Plavi Tim, as the data controller of personal data, protects your privacy and processes only those personal data that are necessary and obtained in the course of its business activities, whether the data is obtained from you, from third parties, or from publicly available sources, for the following purposes:
– Performance of contractual obligations – when processing is necessary for the performance of a contract of which you are a party or for taking action at your request prior to entering into a contract.
– Fulfillment of legitimate interests – when necessary, we process personal data beyond the specific contractual relationship, for the satisfaction of our legitimate interests.
For example, such a legitimate interest may include:
– Conducting legal proceedings and keeping records of them.
– Detecting criminal offenders and preventing fraud.
– Protecting individuals and property.
– Fulfilling your requests to help us develop, deliver, and enhance our products and services, or for our internal purposes, such as auditing, data analysis, and research – to improve our products, services, and customer communication.
– Responding to your inquiries and comments.
– Complying with legal obligations – given the various business activities of Plavi Tim, we must adhere to numerous legal obligations. For example, we are obliged to comply with the Law on the Prevention of Money Laundering and Terrorist Financing, the Law on the Protection of Financial Institutions, tax regulations, etc.
– Processing personal data for a specific purpose or more specific purposes described by consent, only after we have received your consent to process personal data for a specific purpose. Your consent complies with relevant provisions of the Regulation, is not conditioned, and is given freely. You also have the right to revoke your consent at any time.
If we process your personal data for purposes that are not described here or outside the purpose for which you have given consent, we will provide you with information about the other purpose and all other relevant information about the processing.
What personal data do we collect and how do we obtain it?
Primarily, we process personal data that we collect during the business relationship, such as your name, surname, OIB (Personal Identification Number), address, vehicle registration number, etc. However, if necessary for the execution of our business activities, unrelated to a specific contractual or business relationship, we collect data from public sources (Court Register, FINA) or they are legitimately disclosed to us by other INA Group companies, other contractual partners, or third parties.
Are you obligated to provide us with personal data?
You are not obliged to. However, please note that in certain cases, if you refuse to provide the requested data, Plavi Tim will not be able to establish a contractual relationship with you or fulfill its legal and contractual obligations.
Period for which the data will be stored
Plavi Tim will retain your personal data only for as long as necessary to fulfill its contractual or legal obligations or legitimate interests, except in the case of processing personal data based on consent, which ceases when you withdraw your consent. You can withdraw your consent at any time by sending a request to:
– email address PlavITim.Zop@plavitim.hr, or
– address Plavi Tim d.o.o., Ul. grada Vukovara 18, Zagreb, c/o Data Protection Officer. Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
If your personal data are no longer needed to fulfill the aforementioned purpose, they will be destroyed, unless further retention is required by law.
Who are the recipients of your personal data?
Plavi Tim commits to safeguard your personal data and will not disclose or make them available to third parties without your specific approval, except to:
– Service providers that we engage as data processors for tasks related to the performance of a contract of which you are a party (e.g., accounting service, TRS d.o.o.).
– Competent authorities for the purpose of performing their duties (e.g., Tax Administration, Ministry of the Interior).
– When such data are required by a court or competent state attorney’s office, or other equivalent legal proceedings.
– When Plavi Tim is legally obliged to provide this data.
Does the international transfer of your personal data occur?
Apart from transfers that are expected to take place during the execution of a contract you have concluded with Plavi Tim, Plavi Tim does not transfer your personal data to third countries. If the need for such a transfer arises, Plavi Tim will inform you appropriately and make the transfer only in accordance with applicable regulations.
What are your rights related to personal data processing?
Depending on the legal basis of the processing, your rights may include:
- Requesting access to personal data concerning you, meaning you have the right to information about the extent of collected data, the purpose of processing, categories of personal data processed, recipients to whom the data is disclosed, and the retention period.
- Requesting the correction of inaccurate or incomplete personal data, and in such cases, we are obliged to act in accordance with your request without undue delay.
- Objecting to the processing of personal data in cases where the processing is based on Ina’s legitimate interests or for direct marketing purposes.
- Requesting the deletion of data when the purpose of processing is fulfilled, when you withdraw your consent as the sole basis for processing, when your privacy protection interest prevails over Plavi Tim’s legitimate interest in processing, when you object to processing for the purpose of direct marketing, when it is necessary to comply with the legal obligations to which Plavi Tim is subject, and in case of any unlawful processing. The right to deletion is not an absolute right and does not apply, for example, in cases where processing is necessary to exercise the right to freedom of information and expression, to comply with legal obligations to which Plavi Tim is subject, to establish, exercise, or defend legal claims, and similar.
- Restricting data processing, for example, when you dispute the accuracy of the data, until we verify their accuracy.
- Transferring data to another data controller if the processing is based on consent or the performance of a contract to which you are a party, or if the processing is carried out automatically and is technically feasible.
- Filing a complaint with the national supervisory authority, the Agency for Personal Data Protection.
Requesting access to personal data concerning you or requesting the correction of your personal data
If you want to access your personal data or believe that there is an error in the processing of personal data, please contact the Data Protection Officer.
Filing an objection to the processing of personal data
If you believe that Plavi Tim does not have a legal basis to process your personal data, you can file an objection with the Data Protection Officer at any time. In this case, we will no longer process your personal data, nor will we be able to provide you with our services or maintain a business relationship with you.
Internal Reporting of Irregularities Procedure and Appointment of a Confidential Person
On March 31, 2020, Plavi Tim d.o.o. adopted the Decision on the appointment of a confidential person in accordance with the Whistleblower Protection Act in Plavi Tim d.o.o.
You can download the Decision here. Download the Regulations here. The official email address according to the Decision and the Regulations is: povjerljivaosoba@plavitim.hr