The data controller
- WERXE d.o.o.
- Rijeka, Šetalište trinaeste divizije 17
The data protection officer
- Email: email@example.com
- Phone: +385 95 3472130
Scope of the Privacy Statement and types of the data we process
This Privacy Statement applies to the processing of personal data through websites on the werxe.eu domain, on social networks, and during participation in business meetings, fairs, presentations, trainings, and similar events. We process your personal data through collection, storage, delivery, recording, structuring, and other forms of processing. The list of personal data we collect includes but is not limited to: name, surname, age, address, phone number, email address, job position, photo, video, and location. We will also process the data we receive directly from you, such as your qualifications, intention to develop cooperation, etc. Also, while particularly respecting the principle of minimization of personal data processing, on social networks through our official profiles:
Processing means any operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or making available in any other way, alignment or combination, restriction, erasure, or destruction.
Why do we collect your personal data?
We will not process your personal data through cookies.
We will not further process your personal data for purposes different from those for which they were collected without previously providing you with more information about this other purpose, especially considering your rights, the purpose and the legal basis for data processing. We will process your data collected on the basis of a legitimate interest or contract for the duration of the same purpose and we will delete them from our internal storages at the latest one year from the last applicable activity, except for the data we are obliged to keep.
Based on a legitimate interest, we process your personal data that are necessary to inform you about business opportunities and other benefits that can be achieved through the services we provide.
Based on a legitimate interest, we may occasionally collect and publish your personal data (photos and videos from fairs, presentations and similar events that we organize and in which we participate) publicly on our website, and on social networks where we officially present ourselves, e.g. for the purpose of displaying the activities we conduct or a similar purpose. The controllers who manage social networks independently regulate their privacy rules and you can find more about them on the social networks themselves. When selecting photos or videos that we publish for this purpose, we pay special attention to your personal data, e.g. in a way that a certain person does not stand out when it is not desirable and similar.
We collect your data before concluding and during the execution and when necessary after the termination of the contract we have concluded with you.
Organizational and technical measures
We take special care of your personal data and through the application of appropriate organizational and technical measures we ensure the appropriate security and confidentiality of personal data. In order to ensure an appropriate level of security, the following measures have been introduced:
- Pseudonymisation and encryption of personal data, especially when there is an increased risk of unauthorized data access.
- Ensuring accurate data, permanent confidentiality, integrity, availability and resilience of the system and data processing services.
- Ability to timely restore the availability of personal data and access to them in the event of a physical or technical incident, through appropriate data backup and restore processes.
- Regular testing of technical and organizational measures to ensure the security of processing.
You have the right to access, rectification, erasure, restriction of processing, data portability, and the right to withdraw consent. In exercising your rights, there are exceptions to the realization of rights according to the provisions of the General Data Protection Regulation. For example, in the case of entering into a contractual relationship, there will be no automatic obligation to comply with your right to erase certain personal data.
A complaint and request for information is submitted in writing or electronically to the addresses listed at the beginning of this document. In the case of a complaint or request for information, we may request your participation in security checks (in terms of identity verification) before we comply with the request, during which it will not affect the realization of your right. The deadline for responding to the request is within a month of the request, and if it is complex or a large number of requests have been received in a short period of time, the deadline will be extended for up to two more months with the obligatory notification of the individual.
Right to access data: you can request confirmation whether personal data related to you are being processed and if such personal data are processed, information on access to personal data and information, among other things, about processed personal data, about the purpose of processing, storage period, export to third countries.
Right to deletion ("right to be forgotten"): you have the right to obtain the erasure of personal data related to you without unnecessary delay. We will delete personal data without unnecessary delay if, among other things, personal data are no longer necessary in relation to the purpose of processing, personal data have been processed unlawfully, and in similar situations. If we have publicly posted your photos/videos and if there is such a justified request, we will delete the disputed personal data. If we have posted a photo or other personal data on social media, you have the right to request the erasure of personal data directly from the social network.
Right to correction/supplement: you have the right to request the rectification of inaccurate personal data related to you, and considering the purposes of processing, you have the right to complete incomplete personal data.
Right to restriction of processing: in certain situations when the accuracy of the data is disputed or when you want us not to delete the data or when personal data are no longer needed for the basic purpose but cannot be deleted due to legal grounds, or when you are waiting for the decision of your objection to the processing, you have the right to request that processing be restricted with the exception of storage and some other types of processing;
Right to data portability: you have the right to receive your personal data that you previously provided to us in a structured form and in a commonly used and machine-readable format and if applicable you have the right to transmit these data to another controller without hindrance if the processing will be carried out automatically and based on consent or contract;
Right to withdraw consent: You have the right to withdraw your consent at any time if you provide it for the processing of your personal data. The withdrawal of consent does not affect the legality of processing based on consent before its withdrawal. We will inform you about this before giving consent. Withdrawal of consent is made as simple as its provision.
Right to lodge a complaint with a supervisory authority (Data Protection Agency): If you believe that we are violating regulations related to the protection of your personal data, you can file a complaint with the Data Protection Agency as the competent supervisory authority for the area of personal data protection.
- Data Protection Agency, Selska cesta 136, 10 000 Zagreb
- E-mail: firstname.lastname@example.org
- Fax number: 01/ 46-090-99
Information about data recipients, categories of recipients, data transfers to third countries and international organizations
We take special care not to provide your personal data to recipients more than is necessary for the previously described processing purposes.
We will provide your data to recipients in cases of certain activities such as public posting on social networks, data storage on a web server, i.e. providers of IT-communication solutions and services acting as data processors. In this case, processing will be performed via trusted external services i.e. our processors who will be located within or outside the European Economic Area. When performing tasks, these services and social networks may themselves collect certain personal data necessary for the provision of the service itself, during which they can act as separate data controllers and process these data according to their internal rules, i.e. purposes and methods of processing. In these cases, we protect the security of your personal data by carrying out risk and impact assessments on the protection of your personal data and where applicable, protective measures in accordance with the requirements of the General Data Protection Regulation.
We have the right to change the content of the Policy and other internal documentation depending on whether the types of data we process and the type of processing have changed. In such a case, we will ensure that all the information we provide to you is accurate and up to date through the necessary documentation update.
We will timely distribute notice of all changes and additions via the official website or other means i.e. newsletters.
Last modification - 30.05.2023