Rules on Personal Data Protection on Websites
We wish to point out that all of your personal data remains confidential when visiting this website, unless you willingly wish to disclose it. We collect only the data you voluntarily provide us with and only for the purposes stated in these Rules on Personal Data Protection. When collecting personal data, we undertake to comply with the provisions of the personal data protection regulations in force.
These Rules on Personal Data Protection describe the types of data being processed and for what purposes, as well as your rights regarding personal data processing. Please read these Rules carefully before using the website. If you do not agree with any of these provisions, please do not use this website.
Processing of personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”).
We collect personal data in line with the applicable regulations in order to, for example, notify you of any changes or send you the latest news by email, include you in our give-aways, surveys, send you publications, brochures and other promotional material or answer your questions, remarks and comments.
We process your personal data only with your consent. In certain cases, the collection of your personal data may be necessary for the performance of a contract between you and Cresanka d.d., for example when purchasing products/services from our webshop. We process the following categories of personal data:
- Contact and identification details necessary for ordering products/services from our webshop;
- Information regarding webshop purchases, e.g. purchased products/services, invoice amount, selected method of payment, purchase frequency;
- Information on user interaction with the website collected with cookies.
We do not collect nor use personal data relating to minors (within reasonable limits, if we can determine the user’s age) without express permission given by the parent or guardian. If you are a minor, please do not send us your personal data (name, surname, address, telephone number, email or other identification data) because we will refuse to process such information. If, in spite of this, the minor requests to initiate contact, in case of transfer of personal data by the minor, Cresanka d.d. expressly refuses to accept any tangible or intangible requests arising from processing such information.
Purpose of personal data processing
Cresanka d.d. processes personal data for the following purposes:
- Processing webshop orders;
- Transferring commercial communications via email, mobile phone or traditional mail (within the limits of your given consent);
- Participating in surveys, questionnaires and give-aways organised by Cresanka d.d.;
- Responding to your questions or advice, comments, remarks, etc.;
- Compiling various reports/statistics on how the website is used as well as the services it offers;
- Resolving any disputes or complaints relating to or arising from the business activities of Cresanka d.d.
Communicating data to third parties
We do not sell, transfer nor disclose data collected through our website to any person outside of Cresanka d.d. without your consent, except in the following cases: (1) if it is prescribed by law or necessary for carrying out our legal obligations, (2) if it is necessary for ensuring the protection of your life or physical integrity and you are not able to give your consent to the processing of your personal data, (3) if it is necessary for carrying out tasks in the public interest, (4) if the data was disclosed by you personally and (5) if it is necessary for the protection of our legitimate interests. We will retain your personal data only as long as it is necessary for the mentioned processing purposes. Cresanka d.d. may disclose some or all of your personal data to the following recipients, in the following manner:
- Persons authorised to process personal data on behalf of and for the benefit of Cresanka d.d., i.e. to associates integral to providing and maintaining the services offered on this website (e.g. website design and maintenance service providers, associates or service providers that can best answer your questions, etc.).
- Legal successor or successors in case of changes in status as a result of a division, merger, restructuring or other transfer of control in the company.
- Other recipients to whom Cresanka d.d. is authorised or obliged to disclose personal data on individuals based on applicable regulations.
Credit card payment security
Cresanka d.d. undertakes to apply the maximum safety standards in order to protect customers’ interests and prevent any misuse of information. The products/services available in the webshop are sold through PayWay, an internet-based solution for credit card payments offered by T-Com. The confidentiality of your data is protected and ensured through SSL encryption. E-commerce websites are secured through the Secure Sockets Layer (SSL) protocol using 128-bit data encryption. SSL encryption is used to encrypt data in order to prevent unauthorised access during data transfers. This allows for secure data transfers and prevents unauthorised data access during communication between the user’s computer and T-Com service, as well as vice versa. The PayWay service and financial institutions (credit card companies) exchange data using a virtual private network (VPN), which is protected from unauthorised access. The numbers of credit cards are not stored and cannot be accessed by unauthorised persons. Cresanka d.d. cannot be held responsible for any misuse that cannot be linked to a technical and security failure by the webshop system or an oversight by Cresanka d.d. employees.
When you are contacting us electronically (via email to send a question, comment, remark, advice, etc. or via contact form on the website) and provide your personal data that can be used to identify you, we will use the data to comply with your request. We may send your email and your message/request to other associates who will be able to best answer your question. All Cresanka d.d. employees are obliged to comply with the Rules on Personal Data Protection.
Surveys, questionnaires and give-aways
We occasionally conduct surveys and questionnaires on our websites. Data collected for that purpose are used solely for the needs of Cresanka d.d.
Rights of the data subject
Giving consent to the processing of personal data is not required, but refusing to give consent to the processing of personal data, as specified above, may prevent the user from using all or some of the content offered by the website, or prevent the user from receiving information on products/services offered by Cresanka d.d. By sending personal data to Cresanka d.d., the data subject is not waiving his rights guaranteed by the regulations of the Republic of Croatia in force aimed at personal data protection, and in particular rights to request rectification or erasure of the personal data stored if the data is incomplete, inaccurate or not kept up to date or if their processing is not in accordance with the regulations of the Republic of Croatia in force. To the extent that the processing of your personal data is based solely on your consent, you are entitled to a set of rights, including the following:
a) Right of access: users whose data is being processed shall have the right to information on the purpose of the processing, the categories of personal data, the data recipients, the period for which the data will be stored, as well as other rights.
b) Right to data rectification: users shall have the right to ask for inaccurate personal data to be changed or incomplete personal data completed.
c) Right to erasure: in specific circumstances, users shall have the right to erasure of personal data concerning them.
d) Right to withdrawal of consent: Users shall have the right to withdraw their previously given consent to the processing of personal data at any moment.
e) Right to lodge a complaint with a supervisory authority: if you believe your rights have been breached, you are entitled to lodge a complaint with the Croatian Personal Data Protection Agency.
Depending on the request by the user/data subject, Cresanka undertakes to:
- Confirm to the user whether or not personal data concerning that user/data subject are being processed
- Rectify or erase, free of charge and without delay, any personal data concerning that user/data subject
- Limit or stop processing personal data concerning that user/data subject