INFORMATION ABOUT THE PROCESSING OF PERSONAL INFO FOR CUSTOMERS
Since 25. May 2018 european law EU 2016/679 from European parlament and council since 27. April 2016 is in place, about protection of individuals in relation to processing of personal data and free movement of such date, and about canceling directive 95/46/EZ.
These informations have a goal to provide you with the clear inside of how your private information is used, for what purpose and on what legal justification . Also, to inform you about your rights in terms of processing of your personal data.
Čarolija drva d.o.o. is processing personal data of individuals according to stated general declaration and according to all positive regulations for personal data protection which are in place in Republic of Croatia, by highest standards that we apply in our work practice.
According to article 13 of General Regulation, Čarolija drva d.o.o. , Bisko 56E, 21240 Trilj, OIB: 24509981841, as a Controller of processing of collected data ( in further text : Controller) inform you about the following :
Company representative contact
Purpose of processing personal data
Controller is processing data for the following purposes:
- accepting orders;
- contacting of the orderer;
- communication with intrested parties;
- verification of payments;
- business communication;
- computing payrols and other necessary data;
- recruiting employees;
- sending news about products and services;
- delivery of ordered goods
Legal basis of processing personal data
Personal data of the individual is being processed based on :
- given acceptance - Art. 6/1(a) of General regulation;
- Need to fulfill a contract or necessary actions before entering into contract – Art. 6/1(b) of General regulation;
- Fulfillment of legal obligations – Art. 6/1(c) of General regulation.
Recievers of personal data
Due to fulfillment of above mentioned purposes, Your personal date is being shared/delivered to:
- DHL Croatia - in case DHL has been selected for delivery - purpose of addressing of shipments;
- DPD Croatia - in case DPD has been selected for delivery - purpose of addressing of shipments;
- Hrvatska pošta (Croatian postal service) - in case "Post" has been selected for delivery - purpose of addressing of shipments;
- E-RAČUNI d.o.o. - in purpose of issuing commercial invoices and bookkeeping of accounting data;
- SendinBlue - in purpose of sending newsletters in case customer approved to recieve these
- Paypal - in purpose of payment processor ( data processor, collector of payments);
- A2 Hosting - in purpose of providing hosting services they can in case of servicing have access to personal data;
- Goverment authorities in charge - whenever we are asked to provide data according to specific laws
about using WSPay
WSPay is a secure system for real time credit and debit card payments. WSPay ensures the buyer and the merchant with the secure card data entry and transfer, which is also confirmed by PCI DSS certificate. WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.
WSPay personal data protection
WSPay, being the processor of authorization and payment made by credit cards, uses personal data as the processor pursuant to the General Data Protection Regulation of the European Parliament and the Council no. 2016/679, and compliant with PCI DSS Level 1 Regulations for data transfers.
WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.
Personal data used for the purposes of authorization and payment are deemed to be confidential data.
The following customer's personal data are necessary to fulfil the Agreement (authorization and payment):
- Name and Surname
- Telephone number
- Post Code
- Type of credit card
- Credit card number
- Expiry date (credit card)
- CVV number for credit card
WSPay does not process or use these personal data except for the purpose of fulfilling the Agreement, the authorization and the payment.
WSPay ensures to meet the requirements determined by applicable personal data protection regulations, for the processors of personal data, especially taking all necessary technical, organizational or security measures confirmed by PCI DSS Level 1 certificate.
Processing of personal data in "third countries"
Processing of personal data is not being done in third countries, with exception of A2 Hosting company which in purpose of servicing can have access to data. With above mentioned company we have confideliality agreement and by no condition they will NOT share data with any 3rd party.
Source of personal data
We collect personal data directly from the subject on bases of above mentioned legal basis according to general regulation about data protection. If personal data is recieved from 3rd parties, individual has a right to be informed about identity of that source, and if needed, has right tobe informed if his/her personal info comes from publicly available sources.
Period of keeping data
- ACCOUNTING DATA - 11 years, according to accounting regulations
- EMPLOYEE DATA and other data collected during employer-employee relationship - PERMANENTLY, or according to legal obligations of keeping data and it's deletion
- CONTRACT DATA -5 years, according to legal overdue
- DATA ABOUT VISITORS OF OFFICIAL INTERNET WEBSITE - 4 days, except in a case of statistical date which we keep 26 months
We will collect personal date in ammount which is necessary to fulfill the purpose of processing and as long as it is necessary to fulfill the purpose of processing.
Therefore, personal data is being processed untill fulfillment of purpose or within boundary of legal overdue for obligations which might arrise from procesing of such personal data, when processing of personal data is necessary in contekst of entering into or fulfilling a contract, except in cases where we are obligated by law to keep personal data. In those cases we keep data in accordance to article of the law.
When / if personal data is being processed on the basis of person's acceptance, it will be processed until the acceptance is withdrawn.
Rights of the individual
Individual whose data we process have following rights:
- Right to be informed according to Art. 12., 13. i 14. General Data Protection Regulation – Individuals have the right to be informed and, therefore, may at any time request information and details on how the Processing Manager processes their personal data, which the Processing Manager will verbally communicate or provide in writing through the channel from which that right is claimed;
- Right to access personal data according to Art.15. General Data Protection Regulation - At any time, an individual may request access to his or her personal data held by the Processing Manager in order to be informed about the processing of his or her personal data, or to ascertain whether or not his personal data are processed by the Processing Manager and to be informed of the purpose the processing, the legal basis and the conditions under which the processing manager processes his personal data;
- Right for correction according to Art. 16. General Data Protection Regulation – At any time, individuals may request the correction of their personal information, including the completion of a supplementary statement, to ensure the accuracy, completeness or up-to-date of personal information;
- Right for deletion (“to be forgotten”) according to Art.17. General Data Protection Regulation – Individuals may request the deletion of their personal information processed by the Processing Manager if (i) it no longer exists or the purpose for which it was collected is fulfilled; (ii) the individual withdraws the consent and the processing is done on the basis of that consent, and there is no other legal basis to continue the processing; (iii) the individual opposes the processing of the data and there are no other legitimate reasons for further processing; (iv) the personal data of individuals have been processed without a valid legal basis. The personal data for which the right of erasure has been requested may be further processed in the following situations: (i) for the fulfillment of the legal obligations governing the processing, (ii) as well as for the exercise / protection of rights in court proceedings.
- Right to limitation of processing according to Art.18. General Data Protection Regulation;
- Right for transfer personal data according to Art.20. General Data Protection Regulation;
- Right to object on processing of personal data according to Art.1. General Data Protection Regulation- For reasons relating to the specific situation of individuals, they may object to the processing of their personal data based on the legitimate interest of the Processing Manager;
- Right to withdraw acceptance- in cases where processing is based on the consent of individuals, the individual may withdraw the consent at any time. Withdrawal will only have effects for future processing. The processing performed before the withdrawal of the privilege remains valid.
THE COOKIES POLICY
Cookies are small data files that most online sites store on users' devices accessing the Internet, in order to identify the individual devices that users have used when accessing. Their storage is under the full control of the user-operated browser, and cookie storage can be restricted or disabled if desired.
Why are cookies needed?
Cookies are important for providing a better user experience. Most common e-commerce features would not be possible without cookies. Cookie-friendly interaction between internet users and website is faster and easier. With their help, the website remembers the individual's preferences and experiences, which saves time and makes searching the web pages more efficient and enjoyable.
By using cookies, we collect the following information from website visitors:
- Information about your login to the site, your chosen language and currency, and statistics using the google analytics cookie
We keep the information we collect with cookies for 4 days, except in the case of statistics that we keep for 2 years
In accordance with Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, OJ EU 119 / 1) and the Electronic Communications Act (OG 73/08, 90/11, 133/12, 80/13, 71/14, 72/17) for functional, analytical and marketing cookies requires user consent before cookies are placed on the user's browser, while the necessary cookies are not required as they are essential for the functioning of the site.
YOUR SETTINGS FOR INSTALLING THE COOKIES ON OUR WEBSITE AS A COMPLETE OVERVIEW OF ALL THE COOKIES WHICH ARE LOADED ARE ALWAYS AVAILABLE AT THE BOTTOM OF OUR WEBSITE UNDER THE COOKIES SETTINGS OPTION
How are cookies controlled?
You can control and / or delete cookies as you wish. For more information, visit: aboutcookies.org. You can delete all cookies already stored on your computer, and most browser settings allow you to block cookies from being stored. If you block cookies, you may have to manually adjust some of the settings you want each time you visit the site, and certain services and features may not be available.