Introduction
This Policy ensures the adequate support for the protection of personal data and privacy of all participants in the business processes of subjects in relation with Company: employees, employment candidates, members of board and administrative bodies, business partners, suppliers, customers, service users.
The Policy applies to the “Company”: BYTE LAB GRUPA d.o.o., Medarska ulica 69/1, Zagreb, OIB: 90076939291.
The Policy is based on the following principles of personal data processing: the principle of legality, transparency and best practices, the principle of limited processing and the reduction of the data volume, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and data confidentiality, the principle of responsibility, trust and fair processing, the principle of opportunity (processing purposes), the principle of processing in unnamed (anonymized) form.
The Policy explains all relevant information related to the collection, processing and use of Personal Data and Privacy Principles.
The Policy applies to all services offered by the Company, with the aim of the Policy in a clear and transparent way to familiarize all involved subjects with the processing of their personal data and their rights.
The Policy enters into force on the date when it is made.
The Company reserves the right to amend this Policy at any time without giving any special notice to the persons concerned. For this reason, it is recommended to all interested parties to regularly review the Website content of the Company for information on the updated content of this Policy.
The Policy applies to the “Company”: BYTE LAB GRUPA d.o.o., Medarska ulica 69/1, Zagreb, OIB: 90076939291.
The Policy is based on the following principles of personal data processing: the principle of legality, transparency and best practices, the principle of limited processing and the reduction of the data volume, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and data confidentiality, the principle of responsibility, trust and fair processing, the principle of opportunity (processing purposes), the principle of processing in unnamed (anonymized) form.
The Policy explains all relevant information related to the collection, processing and use of Personal Data and Privacy Principles.
The Policy applies to all services offered by the Company, with the aim of the Policy in a clear and transparent way to familiarize all involved subjects with the processing of their personal data and their rights.
The Policy enters into force on the date when it is made.
The Company reserves the right to amend this Policy at any time without giving any special notice to the persons concerned. For this reason, it is recommended to all interested parties to regularly review the Website content of the Company for information on the updated content of this Policy.
Rules and principles
This Policy contains basic rules on Personal Data Protection and Privacy Policy. The rules and principles are in line with the values of the European acquis and with the current regulations governing the protection of privacy and the protection of personal data. In this way, it wishes to emphasize the obligation of all involved subjects to deal with Personal Data.
All employees of the Company have a specific responsibility for compliance with the obligations set out in this Policy.
Employees are expected to be able to recognize whether they are intruding on someone's privacy or processing someone's personal data. Employees must be aware of the general rules and postulates so that in case there is a violation of these rules and principles, they may file a complaint.
This section explains the basic concepts essential to the understanding of Personal Data Protection.
CONSENT: means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
PERSONAL DATA: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Policy prescribes the following obligations for all the employees:
1. The collection and processing of Personal Data is possible if there is a legally defined basis (e.g.: agreement, consent, or law).
2. The person whose Personal Data are collected must be informed about the processes of collection and processing of the Data.
3. Personal Data collection may relate to the fulfillment of a particular business purpose (customer data, supplier information, service user data, intervention import, direct marketing, employment), and such collection may only be made with explicit notice and consent of the Data Subject.
4. Use of Personal Data is possible only in a manner that will not affect the persons to whom the Data relate unless it is provided by the law.
5. ANONIMIZATION or PSEUDONIMIZATION is used as much as possible.
ANONYMISATION: The adjustment process of personal data in which the natural persons cannot be identified.
PSEUDONYMISATION: the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, under condition that such additional information is kept separately and are subject to technical and organizational measures in order to ensure that the personal data are not attributed to an identified or identifiable natural person.
Responsible management of collected Personal Data is an essential element of the protection of such Personal Data and privacy protection. Once Personal Data are filed in any of the Personal Data Systems under any of the permitted grounds for collecting and processing, Personal Data may not be changed. Any eventual change may depend on the will of the person to whom these personal details relate, or if such changes are foreseen or permitted by law.
PREDEFINED PRIVACY (Privacy by default): ensure that only the Personal Data which are necessary for each particular purpose of processing are processed as a starting value and to ensure that Personal Data are processed only within the minimum necessary frame required for these purposes (quantity, storage period).
Every employee of Company responsible for collecting and processing Personal Data must take care of:
1. Accuracy of collected Data (from collection and processing to destruction).
2. Prohibition of sharing of personal information with other nonauthorized subjects.
3. IT security when processing and storing Personal Data.
4. Preventing the misuse of Personal Data.
5. Ensuring the tracking of the Personal Data while they are still needed.
6. Collecting and processing Personal Data while the purpose for which they were initially collected and processed still exists, and the length of processing can be defined by law.
7. Personal Data and Privacy Breach and "leaking" of Personal Data beyond Company.
All employees of the Company have a specific responsibility for compliance with the obligations set out in this Policy.
Employees are expected to be able to recognize whether they are intruding on someone's privacy or processing someone's personal data. Employees must be aware of the general rules and postulates so that in case there is a violation of these rules and principles, they may file a complaint.
This section explains the basic concepts essential to the understanding of Personal Data Protection.
CONSENT: means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
PERSONAL DATA: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This Policy prescribes the following obligations for all the employees:
1. The collection and processing of Personal Data is possible if there is a legally defined basis (e.g.: agreement, consent, or law).
2. The person whose Personal Data are collected must be informed about the processes of collection and processing of the Data.
3. Personal Data collection may relate to the fulfillment of a particular business purpose (customer data, supplier information, service user data, intervention import, direct marketing, employment), and such collection may only be made with explicit notice and consent of the Data Subject.
4. Use of Personal Data is possible only in a manner that will not affect the persons to whom the Data relate unless it is provided by the law.
5. ANONIMIZATION or PSEUDONIMIZATION is used as much as possible.
ANONYMISATION: The adjustment process of personal data in which the natural persons cannot be identified.
PSEUDONYMISATION: the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, under condition that such additional information is kept separately and are subject to technical and organizational measures in order to ensure that the personal data are not attributed to an identified or identifiable natural person.
Responsible management of collected Personal Data is an essential element of the protection of such Personal Data and privacy protection. Once Personal Data are filed in any of the Personal Data Systems under any of the permitted grounds for collecting and processing, Personal Data may not be changed. Any eventual change may depend on the will of the person to whom these personal details relate, or if such changes are foreseen or permitted by law.
PREDEFINED PRIVACY (Privacy by default): ensure that only the Personal Data which are necessary for each particular purpose of processing are processed as a starting value and to ensure that Personal Data are processed only within the minimum necessary frame required for these purposes (quantity, storage period).
Every employee of Company responsible for collecting and processing Personal Data must take care of:
1. Accuracy of collected Data (from collection and processing to destruction).
2. Prohibition of sharing of personal information with other nonauthorized subjects.
3. IT security when processing and storing Personal Data.
4. Preventing the misuse of Personal Data.
5. Ensuring the tracking of the Personal Data while they are still needed.
6. Collecting and processing Personal Data while the purpose for which they were initially collected and processed still exists, and the length of processing can be defined by law.
7. Personal Data and Privacy Breach and "leaking" of Personal Data beyond Company.
Personal data collection
Some services provided by the Company require the collection of personal information of users and/or customers, where basic data is collected in the following ways:
1. Directly by the users themselves and/or the buyers in such a way that the users and/or customers themselves deliver to the Company as a processing manager in a certain amount of information relevant to the provision of the corresponding services. For the purpose of providing the appropriate services, the user and/or customer is obliged to provide the Company with the following information that is necessary to establish a contractual relationship for the provision of a particular service and/or the sale of certain products from its range:
a) name and surname/company name.
b) address.
c) phone and/or cell phone contact.
d) contact information of the electronic mail (e-mail address).
e) bank account data for the purpose of regulating payment obligations.
2. From other sources, that is, from our business partners or from publicly available sources (for example, data available through insight into the directory and other publicly available services).
3. Automatically visit our web pages, applications, and the Web-portal, with data associated with network identifiers (internet protocol addresses and cookie identifiers, such as Google Analytics to monitor user and/or customer interaction).
A cookie is a small data file that is stored on a computer or mobile device when visiting a particular web page. Cookies are used to provide a better user experience to each user and/or customer, saving user and/or customer preferences in order to make web pages more efficient, as well as to monitor and test usage of the website of the Company. Cookies are also used to monitor the use of the Internet and create user profiles, and then display customized Internet ads based on user and/or customer preferences.
By shutting down and/or blocking cooking, the user and/or the customer can still browse the Company’s web pages. However, there is a likelihood that the time required to access some of the functions of a web page will be longer than usual.
Subject network identifiers can leave traces that, in combination with other identifiers and information provided by Internet service providers, can serve to identify users and/or customers. Also, for the stated purpose, we collect and process the following data:
a) IP address information.
b) data on the use of individual applications;
c) information about the habits of users and/or buyers – we create the above data for the purpose of profiling users and/or customers.
The quantity or scope of personal data collected by the Company depends on the nature of the service provided by the Company to its users and/or customers, as well as on the legal basis on the basis of which it collects data. The Company continuously takes care of collecting only the necessary scope of personal data that is required to achieve the legally defined purpose in which data are processed.
The Company collects personal information in order to provide, maintain, protect and improve its services related to the purchase of certain products in order to understand the ways in which users and/or customers use the services provided and use the Company’s web pages (web pages) and for the purpose of fulfilling contractual obligations. Such information shall be collected by the Company on the basis of the consent given by the involved person.
The Company collects and processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivery of ordered products, consulting and assistance in using the product, providing appropriate additional and/or extended product warranties, resolving objections from users and/or customers and other actions related to the conclusion and execution of the contract in accordance with the relevant regulations.
The legal basis for the processing of personal data of users and/or customers for the purposes indicated above represents the necessity of concluding a contract, that is, in case the user and/or the customer deny giving essential data, the Company will not be able to conclude the contract and/or take certain actions related to the execution of the concluded contract.
User and/or customer contact information may be used to send promotional product and service information to the Company if the user and/or customer has given the benefit of such processing or if there is a legitimate interest of the Company for such actions unless these interests are of greater interest or fundamental rights and freedoms of users and/or customers that require the protection of personal data.
The Company may use the contact information and personally contact the users and/or customers whose personal information already has on the legitimate interest in sending promotional notices about all the products and services provided by using all available advertising channels unless the user and/or the customer does not object to such processing.
In order for the user and / or customer to receive notices that correspond to his / her wishes and habits, it is necessary for the Company to use certain user and/or customer data to create personalized advertising notices until the user and/or customer explicitly objects to such processing or withdraw its earlier application for processing.
The legal basis for the processing of personal data for the aforesaid purposes is the legitimate interest of the Company unless such interest is a stronger interest or fundamental rights and freedoms that require data protection.
The Company uses certain customer and/or customer data exclusively for the purposes of own records, in order to protect the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data for the purpose of creating bids that meet the needs and wishes of users and/or customers, research, and market analysis.
The Company is also authorized to collect information about potential customers and/or customers of their services and/or products. These data include basic information (first and last name, e-mail address), as well as the interests of potential customers and/or customers addressing the Company with the desire to be informed and/or offered certain products and services.
The legal basis for collecting the described case is the user’s and/or customer’s attachment.
Data processed on the legitimate interests of the Company and/or the beneficiaries of users and/or customers may be deleted even before the expiration of the time limit specified in this Policy, if such deletion is required by the user and/or the buyer, i.e. when the user and / or customer objects to such processing.
For the purpose of fulfilling the statutory obligations, the Company must have in its possession the Personal Data of its employees and employment candidates. Personal Data are collected and processed to the extent as provided by laws and regulations in a transparent manner. The processing of Personal Data of the employees of the Company is in the competence of authorized persons of the competent services that perform legal affairs, personnel affairs, salary calculation and accounting and financial affairs.
In order to realize the Rights and Obligations arising from employment, and partly because of business reasons, the Personal data of employees are submitted to the relevant government bodies such as the Croatian Institute for Pension Insurance, Croatian Health Insurance Institute, the Croatian Institute for Public Health, the Tax Administration, and due to the specific activities of vocational organizations such as the Croatian Pharmacy Chamber, the Croatian Chamber of Commerce, the Croatian Employers' Association. All these institutions, for their part, will take all necessary measures to protect Personal Data.
In addition to the law, the compulsory collections of the Company have Collections of Personal Data, which they have formed by themselves, for business reasons, with the aim of better work organization and marketing purposes. These Collections are formed based on the consent of natural persons through explicit written permission, or those are the Data obtained from third parties.
Processing of Personal Data within the Company (Personal Data of all participants in the business processes of the Company: employees, employment candidates, members of the board and administrative bodies, business partners, suppliers, customers, service users) is done electronically with the appropriate manual file. All Personal Data are adequately protected. The right to access the manual files and electronic access belongs only to the authorized persons.
Processing of Personal Data can only be done if this is necessary for the business activities of the Company itself. It is not allowed to authorized persons to perform processing of Data on their own initiative, that is not in consent with the goals set by the Company. Employees are not allowed to any processing of Personal Data unless authorized to do so, by the Company.
This Policy states the contents of Personal Data Collections. For each collection, the purpose / basis of collection, locations, measures taken to keep personal data and the statutory deadline for keeping Personal Data are stated.
For all categories of Personal Data, it is common that, by expiration of the term or termination of the purpose of processing them, the Personal Data are destroyed in such a way that their renewal is not possible.
By taking into consideration all business requirements and tasks associated with doing business, it has been appealed to all the employees who come into contact with the above-mentioned Personal Data Collections to use those collections with increased attention.
If during the work process, the copies of the materials contained in the Collections occur, it is necessary to archive the mentioned material by the completion of the work process, as it is determined by positive regulations or internal acts, or to destroy them (by tearing the paper to the inability of restoration or fragmentation - destruction of the documentation).
If an employee finds some materials that are, by their content, an element of the Personal Data Collections, he / she must contact the competent employee of the Company who will archive it or determine how those found materials should be destroyed.
Employees who print or photocopy material containing personal data or represent internal documents defining SECRET DATA are obliged to take over these materials as soon as possible. This prevents unauthorized persons from having the right to inspect or manipulate those materials. If an employee finds out that the content material refers to the Secret Data, he or she must immediately destroy it and contact the competent employee of the Company.
The purpose of these actions is to reduce the risk of losing and transferring Personal Data and classified information.
Personal information of users and/or customers is forwarded by the Company to third parties (including competent bodies) only in the following cases:
a) the beneficiary of the customer and/or customer.
b) in order to fulfill the Company’s legal obligations.
c) when such processing is necessary to protect key users and/or customers’ interests.
1. Directly by the users themselves and/or the buyers in such a way that the users and/or customers themselves deliver to the Company as a processing manager in a certain amount of information relevant to the provision of the corresponding services. For the purpose of providing the appropriate services, the user and/or customer is obliged to provide the Company with the following information that is necessary to establish a contractual relationship for the provision of a particular service and/or the sale of certain products from its range:
a) name and surname/company name.
b) address.
c) phone and/or cell phone contact.
d) contact information of the electronic mail (e-mail address).
e) bank account data for the purpose of regulating payment obligations.
2. From other sources, that is, from our business partners or from publicly available sources (for example, data available through insight into the directory and other publicly available services).
3. Automatically visit our web pages, applications, and the Web-portal, with data associated with network identifiers (internet protocol addresses and cookie identifiers, such as Google Analytics to monitor user and/or customer interaction).
A cookie is a small data file that is stored on a computer or mobile device when visiting a particular web page. Cookies are used to provide a better user experience to each user and/or customer, saving user and/or customer preferences in order to make web pages more efficient, as well as to monitor and test usage of the website of the Company. Cookies are also used to monitor the use of the Internet and create user profiles, and then display customized Internet ads based on user and/or customer preferences.
By shutting down and/or blocking cooking, the user and/or the customer can still browse the Company’s web pages. However, there is a likelihood that the time required to access some of the functions of a web page will be longer than usual.
Subject network identifiers can leave traces that, in combination with other identifiers and information provided by Internet service providers, can serve to identify users and/or customers. Also, for the stated purpose, we collect and process the following data:
a) IP address information.
b) data on the use of individual applications;
c) information about the habits of users and/or buyers – we create the above data for the purpose of profiling users and/or customers.
The quantity or scope of personal data collected by the Company depends on the nature of the service provided by the Company to its users and/or customers, as well as on the legal basis on the basis of which it collects data. The Company continuously takes care of collecting only the necessary scope of personal data that is required to achieve the legally defined purpose in which data are processed.
The Company collects personal information in order to provide, maintain, protect and improve its services related to the purchase of certain products in order to understand the ways in which users and/or customers use the services provided and use the Company’s web pages (web pages) and for the purpose of fulfilling contractual obligations. Such information shall be collected by the Company on the basis of the consent given by the involved person.
The Company collects and processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivery of ordered products, consulting and assistance in using the product, providing appropriate additional and/or extended product warranties, resolving objections from users and/or customers and other actions related to the conclusion and execution of the contract in accordance with the relevant regulations.
The legal basis for the processing of personal data of users and/or customers for the purposes indicated above represents the necessity of concluding a contract, that is, in case the user and/or the customer deny giving essential data, the Company will not be able to conclude the contract and/or take certain actions related to the execution of the concluded contract.
User and/or customer contact information may be used to send promotional product and service information to the Company if the user and/or customer has given the benefit of such processing or if there is a legitimate interest of the Company for such actions unless these interests are of greater interest or fundamental rights and freedoms of users and/or customers that require the protection of personal data.
The Company may use the contact information and personally contact the users and/or customers whose personal information already has on the legitimate interest in sending promotional notices about all the products and services provided by using all available advertising channels unless the user and/or the customer does not object to such processing.
In order for the user and / or customer to receive notices that correspond to his / her wishes and habits, it is necessary for the Company to use certain user and/or customer data to create personalized advertising notices until the user and/or customer explicitly objects to such processing or withdraw its earlier application for processing.
The legal basis for the processing of personal data for the aforesaid purposes is the legitimate interest of the Company unless such interest is a stronger interest or fundamental rights and freedoms that require data protection.
The Company uses certain customer and/or customer data exclusively for the purposes of own records, in order to protect the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data for the purpose of creating bids that meet the needs and wishes of users and/or customers, research, and market analysis.
The Company is also authorized to collect information about potential customers and/or customers of their services and/or products. These data include basic information (first and last name, e-mail address), as well as the interests of potential customers and/or customers addressing the Company with the desire to be informed and/or offered certain products and services.
The legal basis for collecting the described case is the user’s and/or customer’s attachment.
Data processed on the legitimate interests of the Company and/or the beneficiaries of users and/or customers may be deleted even before the expiration of the time limit specified in this Policy, if such deletion is required by the user and/or the buyer, i.e. when the user and / or customer objects to such processing.
For the purpose of fulfilling the statutory obligations, the Company must have in its possession the Personal Data of its employees and employment candidates. Personal Data are collected and processed to the extent as provided by laws and regulations in a transparent manner. The processing of Personal Data of the employees of the Company is in the competence of authorized persons of the competent services that perform legal affairs, personnel affairs, salary calculation and accounting and financial affairs.
In order to realize the Rights and Obligations arising from employment, and partly because of business reasons, the Personal data of employees are submitted to the relevant government bodies such as the Croatian Institute for Pension Insurance, Croatian Health Insurance Institute, the Croatian Institute for Public Health, the Tax Administration, and due to the specific activities of vocational organizations such as the Croatian Pharmacy Chamber, the Croatian Chamber of Commerce, the Croatian Employers' Association. All these institutions, for their part, will take all necessary measures to protect Personal Data.
In addition to the law, the compulsory collections of the Company have Collections of Personal Data, which they have formed by themselves, for business reasons, with the aim of better work organization and marketing purposes. These Collections are formed based on the consent of natural persons through explicit written permission, or those are the Data obtained from third parties.
Processing of Personal Data within the Company (Personal Data of all participants in the business processes of the Company: employees, employment candidates, members of the board and administrative bodies, business partners, suppliers, customers, service users) is done electronically with the appropriate manual file. All Personal Data are adequately protected. The right to access the manual files and electronic access belongs only to the authorized persons.
Processing of Personal Data can only be done if this is necessary for the business activities of the Company itself. It is not allowed to authorized persons to perform processing of Data on their own initiative, that is not in consent with the goals set by the Company. Employees are not allowed to any processing of Personal Data unless authorized to do so, by the Company.
This Policy states the contents of Personal Data Collections. For each collection, the purpose / basis of collection, locations, measures taken to keep personal data and the statutory deadline for keeping Personal Data are stated.
For all categories of Personal Data, it is common that, by expiration of the term or termination of the purpose of processing them, the Personal Data are destroyed in such a way that their renewal is not possible.
By taking into consideration all business requirements and tasks associated with doing business, it has been appealed to all the employees who come into contact with the above-mentioned Personal Data Collections to use those collections with increased attention.
If during the work process, the copies of the materials contained in the Collections occur, it is necessary to archive the mentioned material by the completion of the work process, as it is determined by positive regulations or internal acts, or to destroy them (by tearing the paper to the inability of restoration or fragmentation - destruction of the documentation).
If an employee finds some materials that are, by their content, an element of the Personal Data Collections, he / she must contact the competent employee of the Company who will archive it or determine how those found materials should be destroyed.
Employees who print or photocopy material containing personal data or represent internal documents defining SECRET DATA are obliged to take over these materials as soon as possible. This prevents unauthorized persons from having the right to inspect or manipulate those materials. If an employee finds out that the content material refers to the Secret Data, he or she must immediately destroy it and contact the competent employee of the Company.
The purpose of these actions is to reduce the risk of losing and transferring Personal Data and classified information.
Personal information of users and/or customers is forwarded by the Company to third parties (including competent bodies) only in the following cases:
a) the beneficiary of the customer and/or customer.
b) in order to fulfill the Company’s legal obligations.
c) when such processing is necessary to protect key users and/or customers’ interests.
Rights and obligations
This Policy defines the rights and obligations of all natural persons (employees, employment candidates, members of the board and administrative bodies, business partners, suppliers, customers, service users) which are subject to the Personal Data entered in the Personal Data Systems in accordance with legally permitted grounds.
There are certain categories of Personal Data that must be collected by the Company to fulfill the obligations prescribed by the legal act and by laws, such as the Labor Law, the Pension Insurance Law, the Occupational Health and Safety Act, the Law on Health Care, Tax regulations etc. The Data collected based on laws and regulations must be accurate and up to date.
Individuals to whom that Data relate have an obligation that in case of any Data changes given to the Company, to report that change to the relevant Department to enable the accurately update (e.g.: change of name, address, or any other similar change of the personal status). The notification of changes must be made as soon as possible, in person or through a legal representative, and at the latest within 8 days when the change has occurred.
Any involved subject has the right to be informed by the Company about the Personal Data that the Company has upon.
He or she may exercise his/her right by submitting a written request to the Company that has the obligation to respond to that request within 30 days. (Article 19 of the Personal Data Protection Act).
Any person whose Personal Data are in the Company's Personal Data Systems has a "Right to Delete".
The „Right to Delete „initiates a procedure in which all Data about that natural person are deleted from all records in which their Personal Data have been collected based on CONSENT (exceptions are Personal Data collected based on laws and other regulations that are kept within the deadlines provided by the laws).
Any person whose Personal Data are in the Personal Data Systems of the Company shall have the right to submit a COMPLAINT on the processing of Personal Data or the RESTRICTION OF PROCESSING of Data relating to him in accordance with the Article 6 (1) (e) or (f) (Lawfulness of Processing) of the General Regulation on the Protection of Personal Data, including the Creation of a Profile based on those Terms.
The Processing Manager may no longer process Personal Data unless the Processing Manager proves that there are convincing legitimate reasons for processing that go beyond the interests, rights, and freedoms of the Data Subject or for the establishment, enforcement, or defense of legal requirements.
In the case that the Personal Data is entered incorrectly (error in writing), person has the right to request from the Company correction of this Personal Data. The correction will be realized by setting a written request to the Company. An application must be enclosed with a document containing the correct Personal Data for correction. The correction will be made as soon as possible i.e. in the shortest possible time.
The Company has the right to request a correction of the Personal Data from involved subject, if in any case, there is any suspicion that the Data may be incorrect or untruthful.
DATA PRIVACY BREACH (Data Privacy Breach) covers any unauthorized access, processing, use, disclosure, unauthorized collection, destruction, or any act that is unauthorized by an authorized person regarding Personal Data and Privacy. If the breach or the leakage occurs, each person is obliged to notify the Company on and the competent Personal Data Protection Officer for taking measures to detect the problem, prevent further breaches and remedy the resulting damage. The Company has an obligation to notify the Regulatory Authority (Personal Data Protection Agency) of any Breach that has serious consequences within 72h of the Breach.
There are certain categories of Personal Data that must be collected by the Company to fulfill the obligations prescribed by the legal act and by laws, such as the Labor Law, the Pension Insurance Law, the Occupational Health and Safety Act, the Law on Health Care, Tax regulations etc. The Data collected based on laws and regulations must be accurate and up to date.
Individuals to whom that Data relate have an obligation that in case of any Data changes given to the Company, to report that change to the relevant Department to enable the accurately update (e.g.: change of name, address, or any other similar change of the personal status). The notification of changes must be made as soon as possible, in person or through a legal representative, and at the latest within 8 days when the change has occurred.
Any involved subject has the right to be informed by the Company about the Personal Data that the Company has upon.
He or she may exercise his/her right by submitting a written request to the Company that has the obligation to respond to that request within 30 days. (Article 19 of the Personal Data Protection Act).
Any person whose Personal Data are in the Company's Personal Data Systems has a "Right to Delete".
The „Right to Delete „initiates a procedure in which all Data about that natural person are deleted from all records in which their Personal Data have been collected based on CONSENT (exceptions are Personal Data collected based on laws and other regulations that are kept within the deadlines provided by the laws).
Any person whose Personal Data are in the Personal Data Systems of the Company shall have the right to submit a COMPLAINT on the processing of Personal Data or the RESTRICTION OF PROCESSING of Data relating to him in accordance with the Article 6 (1) (e) or (f) (Lawfulness of Processing) of the General Regulation on the Protection of Personal Data, including the Creation of a Profile based on those Terms.
The Processing Manager may no longer process Personal Data unless the Processing Manager proves that there are convincing legitimate reasons for processing that go beyond the interests, rights, and freedoms of the Data Subject or for the establishment, enforcement, or defense of legal requirements.
In the case that the Personal Data is entered incorrectly (error in writing), person has the right to request from the Company correction of this Personal Data. The correction will be realized by setting a written request to the Company. An application must be enclosed with a document containing the correct Personal Data for correction. The correction will be made as soon as possible i.e. in the shortest possible time.
The Company has the right to request a correction of the Personal Data from involved subject, if in any case, there is any suspicion that the Data may be incorrect or untruthful.
DATA PRIVACY BREACH (Data Privacy Breach) covers any unauthorized access, processing, use, disclosure, unauthorized collection, destruction, or any act that is unauthorized by an authorized person regarding Personal Data and Privacy. If the breach or the leakage occurs, each person is obliged to notify the Company on and the competent Personal Data Protection Officer for taking measures to detect the problem, prevent further breaches and remedy the resulting damage. The Company has an obligation to notify the Regulatory Authority (Personal Data Protection Agency) of any Breach that has serious consequences within 72h of the Breach.
Video surveillance
Pursuant to the Act on the Implementation of the General Data Protection Regulation (GDPR) and the provision of Article 43 paragraph 1 Occupational Safety Act, as a separate law, it is regulated that employers may use surveillance devices as a means of protection at work, under the conditions prescribed by the same Act.
Video surveillance does not include i.e. it prohibits the establishment of supervision over personal hygiene facilities and rooms for the dressing of workers (dressing rooms). The rooms under the video surveillance are marked with appropriate signs that unambiguously inform and notify all the workers and third parties that the room is under the video surveillance.
Data obtained by the usage of video surveillance in accordance with the provisions of the Act on the Implementation of the General Data Protection Regulation are adequately protected because the right of an access has only the authorized person.
Third parties have no access to it.
Data may be provided to the competent entities at their request.
Video surveillance does not include i.e. it prohibits the establishment of supervision over personal hygiene facilities and rooms for the dressing of workers (dressing rooms). The rooms under the video surveillance are marked with appropriate signs that unambiguously inform and notify all the workers and third parties that the room is under the video surveillance.
Data obtained by the usage of video surveillance in accordance with the provisions of the Act on the Implementation of the General Data Protection Regulation are adequately protected because the right of an access has only the authorized person.
Third parties have no access to it.
Data may be provided to the competent entities at their request.
Contact
In the event of any questions about the protection of personal data by the Company, users and/or customers may contact the competent Personal Data Protection Officer via email at the e-mail address specified in this Privacy Policy or in writing at the following address:
Byte Lab Grupa d.o.o.
Medarska ulica 69/1
10 000 Zagreb
e-mail: babic@byte-lab.com
In Zagreb, 2024
Byte Lab Grupa d.o.o.
Medarska ulica 69/1
10 000 Zagreb
e-mail: babic@byte-lab.com
In Zagreb, 2024