Data Protection Policy
Personal data is the information that makes it possible to identify a natural person. This includes in particular name, date of birth, address, telephone number, e-mail address but also your IP address. Anonymous data exists if no personal reference can be established to the user.
Presenta Nova is processing your personal data lawfully, fair and transparent, and generally does not collect or process the personal data of individuals under age of eighteen.
DATA CONTROLLER WITHIN THE MEANNG OF GDPR:
Presenta Nova d.o.o.
10 000 Zagreb
PIN:22441920890, Court reg. No.: 080446080
Presenta Nova d.o.o
Head Office & Production
t +385 1 6524 048
f +385 1 6524 049
PURPOSES AND LEGAL BASIS OF DATA PROCESSING
When processing your personal data, the regulations of the EU-GDPR and all other valid data protection regulations are kept. The legal basis for data processing results in particular from Art. 6 EU-GDPR.
We use your data for business initiation, to fulfil contractual and legal obligations, to execute the contractual relationship, to offer products and services as well as to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent is also a permission regulation for data protection. Here we inform you about the purposes of data processing and your right of revocation. If the consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent.
Processing of special categories of personal data in the sense of Art. 9 Paragraph 1 EU-GDPR only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of processing predominates.
Disclosure to third parties
We will only pass on your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, no data is forwarded to third parties, unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of data / categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfil their contractual and legal obligations.
Data is generally collected, processed and used by us, in particular, if we guarantee it. In certain cases, however, your data is also collected, processed and used by other affiliate companies within EU or by service providers having a business relationship with us. In the last-mentioned cases, however, we will see to it that the relevant legal data protection requirements and the obligations resulting from this privacy notice will be complied with. Any further access to your information by third parties is not intended by us. In particular, we will not sell your data or use it in any similar way. We will comply with our duty of notification as required by law or authorities; in these cases, we will forward the relevant information to the public authorities.
In many cases, service providers support our specialist departments in performing their tasks. The requisite data protection agreements have been concluded with all service providers. This includes in particular the conclusion of contracts for order processing, as well as the listing of all relevant service providers.
Third-country transfer / Intention to transfer data to a third country
Data is generally not transferred to third countries (outside the European Union or the European Economic Area). Any external data storage devices we may use are hosted within the European Union. Should a data transfer take place in third countries in individual cases, this will be indicated in each case. All data protection requirements are fulfilled, and an EU standard contract is concluded with the business partner in these individual cases.
Duration of storage of the data
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data must be stored further on. This applies in particular to commercial or tax storage obligations. If there are no further storage obligations, the data will be deleted as a matter of routine once the purpose has been fulfilled.
Furthermore, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the statutory limitation periods of up to thirty years; The regular limitation period is five years.
Secure transfer of your data
To protect the information stored in our company against accidental or deliberate manipulations, loss, destruction or access by unauthorized parties, we have implemented the corresponding technical and organizational safety measures. The security level is constantly being checked in cooperation with security experts and adapted to new security standards.
The data exchange from and to our website is always encrypted. We offer HTTPS as a transmission protocol for our website, using the current encryption protocols in each case. The encryption techniques used at the moment can be viewed via the lock symbol of the browser address line. It is also possible to use alternative communication channels (e.g. by post).
Obligation to provide data
Various personal data is necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated statutory and contractual obligations. The same applies to the use of our website and the various functions it provides.
We have compiled the details for you in the course of this Data Protection Policy. In certain cases, data also has to be collected and made available due to statutory provisions. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
Categories, sources and origin of data
The respective context determines which data we process: This depends on whether you place an order online or enter an enquiry in our contact form, whether you send us an application or submit a complaint.
Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when uploading application documents or for a contact enquiry (mandatory or optional details).
VISITING AND USE OF THE WEB SITE
Visiting of our web site is conditioned by accepting our term of use. We collect and process the following data when you visit our website:
- Name of the internet service provider
- Information about the website from which you are visiting us
- Web browser and operating system used
- IP address assigned by our internet service provider (in anonymous form)
- Requested files, transferred data volume, downloads/export of files
- Information about the websites you visit within our internet presence, including date and time
Processing of personal data in relation to visiting and use of our web site is based on Art. 6 Para. 1 lit. b.
Our websites utilize cookies in several places. They serve to make our service more user-friendly, effective and safe. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive).
Cookies allow the analysis of use of the website. The analysis enables to tailor the content of the site to the requirements of the user. Cookies also make it possible to measure the effectiveness of a particular advert and show us where best to place it depending, for example, on the topics the user is interested in.
Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are deleted from your computer automatically when their period of validity has expired or if you delete them yourself before they expire.
Necessary cookies enable the operability of the website, their basic functions as navigation and access to protected parts. Website cannot function properly without these cookies and by using the website you agree to their placement on your device
The necessary cookies used by this website are:
PHPSESSID, purpose: identifying session of the user – for normal use of the website, expires after one year, type HTTP.
CONTACT / CONTACT FORM ENQUIRY
We collect and process the following data for a contact enquiry:
- Name, first name
- Company, department
- Address (street, house number, postal code, city, country)
- Phone, fax
- Your message
- Value-added tax identification number
- Customer ID
- Web site address (if contains personal data)
The scope of the requested information may differ in the individual forms. A distinction is made between mandatory and optional details.
We collect and process the following data for online applications:
- Name, first name
- Contact details
- Curriculum vitae, photo, employer's references, if necessary further attachments which you make available to us.
The data will be stored by us for a period of 5 years. If you give us permission to do so, the data will be stored for longer periods.
Processing of personal data in relation to contact enquiry is based on Art. 6 Para. 1 lit. f EU-GDPR.
RELATIONS WITH BUSINESSES
We offer and sell our products and services to business partners and process personal data of individual merchants and other persons authorized for representation of the legal entities (like directors or other employees), as well other contact details of persons ordering our products and services.
The business partners provide us with different services like transportation of goods, freight forwarding services, production of packaging, leasing services, delivery services, car maintenance and alike. In operation of said business we process personal data of individual merchants and other persons authorized for representation of the legal entities as well other contact details of persons employed in these persons.
We also order and purchase various products from our business partners – individual merchants or legal entities and process the personal data of contact persons receiving our orders.
We collect and process the following data to enable cooperation with our business partners.
- Name, first name
- Telephone number
- E-Mail address
- Contact details
- Tax number
- Web site address (if contains personal data)
The data will be stored by us for a period of 5 years. If you give us permission to do so, the data will be stored for longer periods.
Processing of personal data in relation to businesses is based on Art. 6 Para. 1 lit. b and f EU-GDPR.
We collect and process the following data for newsletters:
- Name, first name
- E-mail address
- Telephone contact details
Newsletter distribution operates over newsletter mailing platform “MailChimp”.
If you subscribe to a newsletter offered on our website, the data provided in the newsletter subscription will be used primarily for sending the newsletter.
If you have subscribed to the Presenta Nova newsletter, you may easily unsubscribe any time. To do so, go to this subscribe/unsubscribe page / button and follow the instruction in order to unsubscribe from newsletter. The same shall be regarded as the withdrawal of your consent.
The data will be stored by us until you withdraw your consent.
Processing of personal data in relation to sending of newsletter is based on Art. 6 Para. 1 lit. A of EU-GDPR.
More about Mailchimp
Newsletter distribution takes place via the newsletter mailing platform “MailChimp” from the U.S. provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. MailChimp is a service which, among other things, allows the sending of newsletters to be organized and analyzed. MailChimp has certification in accordance with the “EU-US Privacy Shield”.
MailChimp uses this data for the following purposes:
- The distribution of newsletters on our behalf;
- Newsletter analysis on our behalf (e.g. to determine the recipients’ residential location)
- According to their own statements, MailChimp is able to use this information to improve its services (e.g. for the technical optimization of newsletter distribution and display)
MailChimp does not use the data collected itself for making contact or for disclosure to third parties.
Statistical collection and analysis
Mailed newsletters contain a so-called “web beacon”. This is a pixel-sized file which is activated when the newsletter is opened from MailChimp’s server. This file collects the following technical information:
- Opening of the newsletter
- Time of accessing
- Links clicked on
In addition, technical information is retrieved which is not able to be matched to a particular user:
- IP address
- Browser type
- Operating system
Purpose of the data processing
This information is used to improve our service on the basis of technical data or the determination of the target group and their reading behaviour on the basis of their retrieval location (identifiable by their IP address) and access times. Individual users are not monitored or in any way analysed, either by us or by MailChimp. An analysis is only done to identify users’ reading habits and adapt the content to them, or to send differing content corresponding to users’ interests.
The user’s email address is collected for the purposes of mailing the newsletter. The collection of other personal data as part of the registration process is done to prevent the misuse of our services or the email address used.
The legal basis for the processing of the data after registration for the newsletter by the user is the presence of the user’s consent (Art. 6, para. 1, lit. a of EU GDPR).
The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. The user’s email address and their other above-mentioned details are therefore retained for as long as the newsletter subscription is active. After cancellation of the newsletter, the data is deleted both from our servers and from those of MailChimp.
It is necessary to unsubscribe from the newsletter if you do not agree that your details will be shared with MailChimp for analytical purposes, or if you want to revoke your consent.
SOCIAL MEDIA PLUG-INS
The following social plug-ins are used on our website:
Facebook button (including Instagram),
These social media plug-ins can collect personal data of the website user. When you access the website, the buttons are deactivated. You can recognise this by the grey colour of the button. In this state no personal data is collected by these buttons. This only happens when you actively click on one of the buttons. In this case you will be forwarded to the respective service. Details of the respective social plug-ins can be found below:
Use of Facebook social plug-ins
Our website uses social plug-ins (“plug-ins”) of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plug-ins are marked with a Facebook logo or the addition “Facebook social plug-in”. When you visit a website of our internet presence containing such a plug-in, you browser may establish a direct connection with the Facebook servers in case of an activated button. The content of the plug-in is then transmitted directly from Facebook to your browser and integrated to the website.
By clicking on the button, it becomes active and your browser establishes the described connection with the Facebook servers. The click on the button thus means that you give your consent to the transfer of data to Facebook. After activating the plug-in, Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign your visit to your Facebook account, even if you do not activate the Facebook button a second time. If you interact with the plug-ins, for example by clicking the “Like” button another time or leaving a comment, the respective information is directly transmitted from your browser to Facebook and stored there.
Even if you do not have a Facebook account, Facebook may collect information about you, e.g. your IP address. The purpose and scope of data collection and the further processing and use of the data by Facebook as well as your relevant rights and setting options for the protection of your privacy can be found in the Facebook privacy notice: If you do not want Facebook to collect data about you via our website, you must log out of Facebook before visiting our website. In addition, you can use add-ons to install appropriate blockers for your browser.
On our homepage you will find functions of the provider Twitter. They are provided by Twitter, Inc. 1355 Market Street Suite 900. San Francisco, CA 94103. By using Twitter and the “Re-Tweet” function, the websites visited by you are linked with your Twitter account and made public to other users. Data is also transmitted to Twitter.
By clicking on the button it becomes active and your browser establishes a direct connection with the Twitter servers. One click on the button thus means that you give your consent to the transfer of data to Twitter.
After activating the plug-in, LinkedIn receives the information that you have accessed the corresponding page of our website. If you are logged in to Twitter, Twitter can assign your visit to your Twitter account, even if you do not activate the Twitter button a second time. If you interact with the plug-ins, for example by tweeting, the respective information is directly transmitted from your browser to Twitter and stored there.
This website uses the embedding function of YouTube to display and play videos of the provider “YouTube”, which is part of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google“).
Google LLC with its head office in the USA is certified for the US-European data protection convention “Privacy Shield”, which guarantees the compliance with data protection levels in force in the EU.
You can find further information about data protection at “YouTube” in the provider’s data privacy statement at:
We only process the data provided by you within the scope of the order form for the execution or processing of the contractual relationship, unless you agree to further use.
The principle of data economy and data avoidance is observed by you only having to give us the data that we absolutely need to execute the contract or to fulfil our contractual obligations:
- your title, first name, surname
- company, department
- VAT / PIN identification number
- address, country, telephone number
- as well as the payment data required for the selected payment method
- or data which we are legally obliged to collect.
Moreover, your IP address is processed for technical reasons and for legal protection. Without this data, we unfortunately have to refuse the conclusion of the contract, as we will then not be able to execute it or may have to terminate an existing contract. Of course you are free to enter more data on your own accord if you wish.
In our online shop, we offer users the opportunity to create a customer account by entering their personal data. The advantage in particular is that you can see the order history and that your entered data is stored for the order form. When you place an order again, you do not have to enter your data again.
The creation of a customer account is therefore either necessary or possible to fulfil a contract with you or to carry our pre-contractual measures. In doing so, the principles of data economy and data avoidance are observed, as only the data required for registration is collected (see above at online shop). Data is subdivided into compulsory data and optional data. Optional data is marked as “optional”.
For orders in our online shop we also need information on your billing address for delivery. If the delivery address deviates from the billing address, the above information for the delivery address must also be provided. By registering on our website, the IP address of the user, the date and the time of the registration are also stored (technical background data). By activating the button “Create” you consent to the processing of your data.
Please note: The password used by you is stored in encrypted form. Employees of our company cannot read this password. This is why they cannot give you any information if you have forgotten your password.
In this case please use the function “Forgotten your password?”. Using this function you will receive an automated link from us. You can then change your password by using this link. No employee is entitled to ask you for your password by telephone or in writing. This is why you should never give your password if you receive such requests.
After the creation of the customer account has been completed, your data is stored with us for the use of the protected customer area. As soon as you log in to our online shop with your e-mail address as user name and your password, this data is provided in our online shop for actions performed by you. Performed orders can be traced in the order history. You can enter changes to the billing or delivery address here.
Registered persons are free to make changes / corrections to the billing or delivery address on their own. You can also delete your customer account. The FAQ section of the online shop describes in detail how to delete your account.
Payment/disclosure of data within the scope of the online shop
A transfer of your personal data to third parties will only happen insofar as this is necessary for the fulfilment of our contractual obligations or for the execution of the contract. When paying in our online shop, in connection with this, we will pass on the payment data you have provided to a payment service provider appointed by us (the transmission is TLS/SSL-encrypted), who executes the transaction (available payment methods are: invoice, credit card, PayPal). Your data will only be used by the payment service provider for this purpose.
The data will be stored by us for a period of 5 years after deletion of your User account. If you give us permission to do so, the data will be stored for longer periods.
Processing of personal data in relation to online shop is based on Art. 6 Para. 1 lit. b EU-GDPR
YOUR RIGHTS AS A DATA SUBJECT
First we would like to inform you about your rights as a data subject. These rights are standardised in Articles 15 - 22 of EU-GDPR. This comprises:
- Right of access (Art. 15 EU-GDPR),
- Right to erasure (Art. 17 EU-GDPR),
- Right to rectification (Art. 16 EU-GDPR),
- Right to data portability (Art. 20 EU-GDPR),
- Right to restriction of processing (Art. 18 EU-GDPR),
- Right to object to processing of data (Art. 21 EU-GDPR).
1. The data subject may request information on which personal data relating to him/her has been stored, how the data was collected, and for what purpose.
2. If personal data is transmitted to third parties, information must be given about the identity of the recipient or the categories of recipients.
3. If personal data is incorrect or incomplete, the data subject can demand that it be corrected or supplemented.
4. The data subject can object to the processing of his or her data for purposes of advertising or market/opinion research. Please see details below.
5. The data subject may request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons.
You have a right of appeal to a data protection supervisory authority. If you already are a customer, supplier or employee or former employee of Presenta nova or affiliated company, you are also welcome to contact your known contact person. This may be the case, for example, if you wish to notify us of changes regarding your contact details.
The exercise of any right is free of charge and can be made form-free, if possible to: email@example.com
Rights to object
Please note the following when it comes to rights of objection:
If we process your personal data for direct advertising purposes, you have the right to object to this data processing at any time without giving reasons. The same applies to profiling in so far as it is connected with direct advertising.
If you object to the processing of data for direct advertising purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made form-free, if possible to: firstname.lastname@example.org
In case we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons arising from your particular situation; The same applies to profiling based on these provisions.
We will then no longer process your personal data, unless we can prove compelling reasons worth being protected for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
CONFIDENTIALITY OF PROCESSING
Personal data is subject to data secrecy. Any unauthorized collection, processing, or use of such data by employees is prohibited. Any data processing undertaken by an employee that he/she has not been authorized to carry out as part of his/her legitimate duties is unauthorized. Employees may have access to personal information only as is appropriate for the type and scope of the task in question. This requires a careful breakdown and separation, as well as implementation, of roles and responsibilities. Employees are forbidden to use personal data for private or other commercial purposes, to disclose it to unauthorized persons, or to make it available in any other way. Our supervisors inform their employees at the start of the employment relationship about the obligation to protect data secrecy. This obligation shall remain in force even after employment has ended.
Zagreb, 25th of May 2018