Hdizajn, a service and trade business (hereinafter: Hdizajn), headquartered in the Republic of Croatia, Hrvatskog proljeća 22 a, 10040 Zagreb (Croatia), VAT ID: 20668764099, Company ID: 97558478, owner of the website www.hdizajn.hr, in carrying out its activities, collects and processes personal data in compliance with all relevant laws and regulations for this area.

Protection and Security of Personal Data

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016., p. 1., hereinafter: General Data Protection Regulation), which has been fully implemented from 25 May 2018 in the Republic of Croatia and all EU member states, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Act), and in accordance with the legal framework for personal data protection in the Republic of Croatia and the European Union, and best European practices, Hdizajn, as the data controller of the personal data of its service users and customers, has developed a Privacy Policy. The Privacy Policy is a unilateral legal act based on fundamental principles in personal data processing, regulating which data of users and/or customers is collected, how such data is processed, and for what purposes it is used. The Privacy Policy also informs users and/or customers of their rights regarding the collection and further processing of personal data, all for the purpose of protecting their privacy.

The Privacy Policy is based on the following principles of personal data processing: the principle of legality, transparency, and best practice; the principle of limited processing and data minimization; the principle of accuracy and completeness of personal data; the principle of limited storage; the principle of integrity and confidentiality of data; the principle of accountability; the principle of trust and fair processing; the principle of purpose (purpose of processing); and the principle of anonymized processing.

The Privacy Policy applies to all services offered by Hdizajn, aiming to clearly and transparently inform users and/or customers about the processing of their personal data and their rights. Users and/or customers may, at any time, contact Hdizajn to request changes or updates to their data, as well as to request information on the purposes for which they do or do not wish their data to be processed.

The responsibility for the processing of personal data rests with Hdizajn, a service and trade business (hereinafter: Hdizajn), headquartered in the Republic of Croatia, Hrvatskog proljeća 22 a, 10040 Zagreb, VAT ID: 20668764099, Company ID: 97558478.

Contact for personal data protection is via email: info@hdizajn.hr

Methods of Collection and Types of Data Collected

Certain services provided by Hdizajn require the collection of personal data from users and/or customers, with basic data collected in the following ways:

1. Directly from users and/or customers: Users and/or customers provide data directly to Hdizajn with their consent as the data controller, to the extent necessary for providing the relevant services. For the purpose of providing the relevant services, the user and/or customer is required to provide Hdizajn with the following data needed to establish a contractual relationship for providing a particular service and/or selling certain products from its assortment:

a) Name and surname;

b) Address;

c) Personal identification number (VAT ID);

d) Date of birth;

e) Gender;

f) Contact phone number and/or mobile phone number;

g) Email address;

h) User and/or customer habits;

2. Automatically through visiting the Hdizajn website and online store: This involves data associated with web identifiers (IP addresses and cookie identifiers, such as Google Analytics for tracking user and/or customer interactions – more on Google Analytics functions and how it works, as well as data protection for users and/or customers).

A cookie is a small data file stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience, store user preferences, to make the website work more efficiently, and to track and analyze website usage and visits to Hdizajn’s website. Hdizajn uses the following types of cookies:

a) Persistent cookies that help remember data and settings for future visits, resulting in faster access to website content and a better user experience;

b) Session cookies that track navigation through the Hdizajn website, preventing the need to re-enter data provided by the user during the visit, allowing for uninterrupted navigation without additional authentication;

c) First-party cookies coming from the Hdizajn website visited by the user, used to store data for future visits to the Hdizajn website;

Cookies are also used to track internet usage and create user profiles, and then display personalized internet ads based on user and/or customer preferences.

Disabling and/or blocking cookies allows users and/or customers to still browse the Hdizajn website. However, some functionalities of the website may not be available, or the time required to access certain features may be longer than usual.

Web identifiers can leave traces that, combined with other identifiers and information provided by internet service servers, can be used to identify users and/or customers. Hdizajn also collects and processes the following data:

a) IP address data;

b) Data on the use of specific applications;

c) Data on user and/or customer habits – these data are created by Hdizajn for the purpose of profiling users and/or customers.

The amount and scope of personal data collected by Hdizajn depend on the type of service provided and the legal basis for data collection. Hdizajn continuously ensures the collection of only the necessary amount of personal data required to achieve the legally defined purpose for which the data is processed.

Purposes for Collecting and Further Processing Personal Data

Hdizajn collects personal data to provide, maintain, protect, and improve its services related to the purchase of certain products, to understand how users and/or customers use the provided services and the Hdizajn website, and for fulfilling Hdizajn’s contractual obligations. Such data is collected based on consent given by the user and/or customer for one or more specific purposes, as well as in one of the following cases:

Fulfilling Contractual Obligations

Hdizajn collects and processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivering ordered products, providing advice and assistance with product use, offering relevant additional and/or extended warranties for products, handling customer complaints, and other actions related to the conclusion and execution of contracts in accordance with applicable regulations. The legal basis for processing personal data of users and/or customers for the above purposes is the necessity of concluding a contract. If the user and/or customer fails to provide essential data, Hdizajn will not be able to conclude the contract and/or undertake actions related to the execution of the concluded contract.

Fulfilling Legal Obligations

Hdizajn is required, based on a written request from users and/or customers to the address of the data protection officer, to provide access to personal data processed about them, correct inaccurate personal data, delete personal data or restrict its processing, and inform them about the possibility of filing a complaint regarding data processing and the right to data portability.

Direct Marketing

Contact details of users and/or customers may be used to send promotional notices about Hdizajn’s products and services if the user and/or customer has consented to such processing or if there is a legitimate interest of Hdizajn in such activities, unless such interests are overridden by the interests or fundamental rights and freedoms of the user and/or customer requiring data protection.

Hdizajn may use contact details and personally reach out to users and/or customers whose personal data it already possesses, based on legitimate interest to send promotional notices about similar products and services it provides, using all available marketing channels, unless the user and/or customer objects to such processing.

To ensure that users and/or customers receive notifications tailored to their preferences and habits, Hdizajn needs to use certain data to create personalized marketing notifications, as long as the user and/or customer does not explicitly object to such processing or withdraws their previously given consent.

The legal basis for processing personal data for these purposes is Hdizajn’s legitimate interest, unless such interest is overridden by the interests or fundamental rights and freedoms requiring data protection.

Internal Purposes

Hdizajn uses certain data from users and/or customers solely for its internal records, to protect the legitimate interests of users and/or customers and/or Hdizajn. This includes using personal data to create offers that meet the needs and desires of users and/or customers, as well as market research and analysis.

Data on Potential Users

Hdizajn is also authorized to collect data on potential users and/or customers of its services and/or products. This data includes basic details (name and surname, email address) as well as interests of potential users and/or customers who contact Hdizajn to be informed and/or offered certain products and services.

The legal basis for collection in this case is the consent of the user and/or customer.

Duration of Storage and Processing of Personal Data

Depending on the purpose and legal basis for which personal data is collected, Hdizajn is obligated to store personal data for a period prescribed by relevant regulations or until the purpose for which the data was collected is fulfilled. Upon expiration of the legal retention period or cessation of the purpose, the data is deleted.

In cases where the basis for collecting and processing data is solely the legitimate interest of Hdizajn and/or the consent of the user and/or customer, personal data will be retained for the following time periods:

a) Data on existing users and/or customers: for the duration of the contractual relationship and 24 months after its termination.

b) Data on potential users and/or customers: 2 months.

Data processed based on the legitimate interest of Hdizajn and/or the consent of users and/or customers may be deleted before the expiration of the period specified in this Policy if such deletion is requested by the user and/or customer or if the user and/or customer objects to such processing.

Rights of Users/Customers

Right to Access Personal Data

Hdizajn, as the data controller, is committed to providing access to personal data it processes about users and/or customers based on a written request from the user and/or customer, which may also be in the form of an email. Hdizajn will inform them about the purpose of the data processing, the type of personal data being processed, the recipients or categories of recipients to whom the data has been or will be disclosed, the expected time period for processing, or the criteria used to determine that period.

Right to Rectify Inaccurate Data

Hdizajn will enable the correction of inaccurate personal data in each individual case where it is determined that the collected personal data about the user and/or customer is incorrect or has changed.

Right to Delete Personal Data

Hdizajn will delete personal data of users and/or customers in the following cases:

a) When personal data is no longer necessary for the purpose of processing, i.e., upon the cessation of the purpose of processing.

b) When the user and/or customer withdraws consent as the legal basis for data processing, and no other legal basis for processing exists.

c) When the user and/or customer files an objection to the processing of data (see more under the section Right to Object).

d) When the personal data has been processed unlawfully.

e) When the personal data must be deleted to comply with legal obligations under EU law or the law of the member state to which the data controller is subject.

f) When the personal data has been collected in relation to the offer of information society services based on the consent of a child.

Right to Restrict Data Processing

Hdizajn will ensure the restriction of the processing of personal data in cases where the user and/or customer disputes the accuracy of the data, when the processing is unlawful and the user and/or customer objects to the deletion of data and instead requests restriction of its use, when the data controller no longer needs the personal data for processing purposes but the user and/or customer requests data for the establishment, exercise, or defense of legal claims, as well as when the user and/or customer objects to the processing of personal data based on Hdizajn’s legitimate interest, including the creation of user and/or customer profiles.

Right to Data Portability

Hdizajn will facilitate the portability of personal data to another data controller upon request by the service user, provided that the user has given consent for such transfer, and the processing is carried out by automated means, and provided that such transfer is technically feasible.

Right to Object

The user and/or customer has the right to object to the processing of personal data concerning them if the data is processed for the purposes of the legitimate interest of the data controller. In such cases, Hdizajn will, as the data controller, cease processing personal data, unless it demonstrates compelling legitimate grounds for processing that override the rights of the user and/or customer or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If personal data of users and/or customers is processed for the purposes of direct marketing, the user has the right at any time to object to processing for direct marketing purposes, especially if personal data is used for profiling.

Where Personal Data is Processed

Hdizajn processes personal data of users and/or customers in the Republic of Croatia.

Hdizajn only discloses personal data to third parties in the following cases:

a) If it is necessary to disclose data for the purpose of fulfilling Hdizajn’s obligations under a contract with the user and/or customer.

b) If there is a legal obligation for Hdizajn to disclose specific data to third parties.

c) If there is consent from the user and/or customer.

Managing Consents

The active role of the user and/or customer in privacy protection is reflected in giving consent as a voluntary, specifically informed, and unequivocal expression of the individual’s (data subject’s) wishes, through a statement or clear affirmative action that signifies consent to the processing of personal data. Managing consents involves the possibility for the user and/or customer to authorize Hdizajn to collect and process certain personal data for one or more purposes (consent of the data subject) or to withdraw previously given consent for the collection and processing of personal data for one or more purposes.

Contact Information

In case of any questions about data protection by Hdizajn, users and/or customers can contact the data protection officer via email at the address provided in this privacy policy or in writing to: Hdizajn, Service and Trade Business, Hrvatskog proljeća 22 a, 10040 Zagreb.

Hdizajn reserves the right to amend and supplement this Policy at any time and to inform users of any changes.

Zagreb, November 2019.