WHAT IS THE PRIVACY POLICY

Significo respects the privacy and protects the personal data of its users, employees, business partners or other persons with whom it establishes business cooperation, and whose personal data it collects and processes in its daily business.

The Privacy policy is the basic act that describes the purpose and objectives of the collection, processing, and management of personal data within the companies of the Significo Group, listed in item 3.

This Policy defines the basic principles and rules of personal data protection in accordance with the business and security requirements of the Significo Group, as well as legal regulations, best practices, and internationally accepted standards. In order to ensure fair and transparent processing, the Significo Group wants to provide clear information on the processing and protection of personal data that it collects and processes, and to enable easy monitoring and management of personal data and consents.

The Privacy policy ensures an adequate level of data protection in accordance with the Act on the Implementation of the General Data Protection Regulation as well as the General Data Protection Regulation and other applicable laws related to the protection of personal data.

WHAT ARE THE OBJECTIVES OF THE PRIVACY POLICY

The purpose of this Privacy Policy is to explain to our customers, employees, business partners or other persons with whom members of the Significo Group have a business cooperation:

  • which personal data we collect and process (and which we do not process);
  • how we collect personal data, for what purposes, and what are the grounds for it;
  • how long we store them and with whom we share them;
  • what rights they have in terms of data protection and how we protect them.

ABOUT US

The Significo group consists of the following companies:

  1. Significo d.o.o., Croatia, Zagreb, Ulica grada Vukovara 269D, info@significo.hr;
  2. Significo savjetovanje d.o.o., Croatia, Zagreb, Ulica grada Vukovara 269D, info@significosavjetovanje.hr ;
  3. Moderne komunikacije d.o.o., Croatia, Zagreb, Ulica grada Vukovara 269D, info@modernekomunikacije.hr;

The Significo group is listed under this Privacy Policy in terms of each and every single member referred to in this item.

This Privacy Policy applies to all members of the Significo Group.

Each member of the group is authorized to define its own policies and additional rules for personal data protection in accordance with the business and security requirements of the group, these Rules, the General Data Protection Regulation and other applicable laws related to personal data protection.

Each member is responsible for processing the data within the Significo group for the part of the data it processes.

WHICH PRINCIPLES WE FOLLOW

The principles of data processing are the basic rules that the Significo group adheres to when processing the personal data of subjects. The Significo Group processes personal data in accordance with the following processing principles:
  • Legally, fairly, and transparently – with regard to the subjects and their rights, the Significo group will process the personal data of the subjects in accordance with the applicable laws and covering all the rights of the subjects. The Significo Group will ensure transparent processing of personal data and will provide subjects with all necessary information and, upon request, provide subjects with insight into data, explanations of processing, basics of processing and all other rights in accordance with relevant regulations. The Significo Group will provide information to subjects on how personal data relating to them are collected, used, made available or otherwise processed, as well as the extent to which such personal data is or will be processed. The subject will be informed of all relevant information in a timely manner, i.e. before data collection.
  • With purpose limitation – personal data is collected and processed only for certain, explicit, and lawful purposes and is no longer processed in a way that is not in accordance with those purposes.
  • Data reduction – Significo group uses only those data of subjects that are appropriate and necessary to achieve a certain legitimate purpose;
  • With a storage restriction – Significo Group ensures that the personal data of subjects are kept in a form that allows identification of subjects only for as long as necessary for the purposes for which personal data are processed and then deletes them from all records.
  • Accurate, complete and up to date  – the Significo Group ensures fair and transparent processing of personal data and in order to prevent possible misuse, personal data must be accurate, complete and up-to-date. It is extremely important to us that the subject immediately notify the Significo group of any change in their personal data. The Significo group applies a transparent process of communication with subjects through which correction or deletion of incorrect data can be requested.
  • Ensures integrity and confidentiality – the Significo Group collects and processes data in a secure manner, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. The subjects’ data are accessed by the employees of the Group depending on their authorizations and jobs, and other legal entities solely on the basis of legitimate interest of the Significo Group and if necessary, for the purpose of fulfilling contractual obligations. The Significo Group applies appropriate technical and organizational protection measures, has implemented systems aimed at detecting and preventing data leakage, methods of monitoring access to data and the like.

DATA WHICH WE COLLECT AND PROCESS

As part of their business, Significo Group members may collect the following categories of personal data according to the categories of subjects:

Interested parties:

  • contact information (e.g. name, surname, e-mail address, etc.),
  • data required for concluding the contract (e.g. name, surname, address, PIN, etc.).
  • Users:
  • contact information (e.g. name, surname, e-mail address, etc.),
  • data required for concluding the contract (e.g. name, surname, address, PIN, etc.),
  • data required for the execution of the contract (e.g. name, surname, e-mail, IBAN, etc.)
  • Candidates for employment:
  • contact information (e.g. name, surname, e-mail address, phone number, etc.),
  • curriculum vitae data (e.g. data on education, previous employment, length of service, photograph, etc.)
  • Test results

 

Former and current employees:

  • all data prescribed by positive regulations relating to labor relations, accounting and bookkeeping regulations (e.g. name, surname, address, PIN, year of birth, Unique citizen’s identification number (JMBG), etc.),
  • data for the need for internal communication within the company (e.g. business photos, etc.),
  • data needed to perform work tasks such as organizing a trip to a foreign country, obtaining benefits related to work, etc. (e.g. name, surname, employment, number of travel document, driver’s license, number of children, etc.).
  • External associates and business partners:
  • contact information (e.g. name, surname, e-mail address, phone number etc.),;
  • curriculum vitae data (e.g. data on education, previous employment, length of service, etc.);
  • data required for the execution of the contract (e.g. name, surname, e-mail, IBAN, etc.);
  • data required to meet the legal requirements for entry into the Republic of Croatia or another country (name, surname, employment, travel document number, etc.).

 

DATA WHICH WE DO NOT COLLECT AND PROCESS

Members of the Significo Group do not process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, health-related data or data on an individual’s sexual life or sexual orientation.

The processing of the above specific categories of personal data will be carried out by the Significo Group exceptionally under the following conditions:

  • the subject has expressly consented to the processing of such personal data for one or more specific purposes;
  • processing is necessary for the purposes of fulfilling the obligations and exercising the special rights of the Significo Group or subject in the field of labour law and social security law and social protection to the extent permitted under European Union law, Croatian law or collective agreement in accordance with the Republic of Croatia, which prescribes appropriate protective measures for the fundamental rights and interests of the subjects;
  • processing is necessary to protect the vital interests of the subject or another individual;
  • processing refers to personal data that are obviously published by the subject;
  • processing is necessary to establish, enforce, or defend legal claims.

HOW WE COLLECT PERSONAL DATA

The Significo Group may collect personal data in a variety of ways, including:

  • As part of our business processes and during the fulfillment of our legal obligations or obligations under the contract for the sale of our services;
  • During the tracking of our site including e-mail communication sent to and from the group;
  • By your completing of our surveys or online questionnaires;
  • By your responding to a job advertisement or other education;
  • When you provide us with data in the form of publication of content on our site or platforms or during your direct communication with members of the Significo Group, including personal communication and online communication via the website or e-mail.

FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA

The Significo Group may process personal data for the following purposes:

  • harmonization with legal and regulatory regulations inside and outside the territory of the Republic of Croatia;
  • contracting and using the products and services provided by the Group;
  • fulfillment of its obligations under the contract for the sale of Significo Group services and products;
  • offering Significo Group services and products on the market;
  • website analysis and administration and website usage monitoring;
  • improving the services and products of the Significo Group, measuring your satisfaction with the services;
  • managing relationships with subjects (users of the site and/or services) and other persons in the conduct of their business;
  • selection of candidates for employment or other education;

 

For marketing activities that can be:

  • Webinars;
  • Events;
  • Sending a newsletter.

WHAT IS THE BASIS FOR PROCESSING PERSONAL DATA

The Significo Group processes your personal data on the following grounds:

  • execution of a contract for the sale of services of a member of the Significo Group or another contract concluded between the subject and a member of the Significo Group;
  • legitimate interest in providing the website service and managing it, for statistical purposes, to identify, resolve disputes, and conduct proceedings between subjects and the Significo group, to share personal data with group members and third parties in accordance with these Privacy Policy, to conduct the selection process candidates for employment purposes;
  • express consent of the subjects to receive marketing messages, newsletters, e-mail notifications about services or surveys to measure satisfaction with services, to process your inquiries;
  • to fulfill the legal obligations of the Significo Group, in particular on the basis of accounting, bookkeeping, labor law regulations and other legal obligations.

HOW LONG DO WE STORE PERSONAL DATA

We store personal data only as long as we need them for the purposes for which we collect them, i.e. for the purpose of fulfilling a contractual relationship or legal obligations, and for the longest according to the following criteria:

  • We store personal data collected for the purpose of fulfilling our legal and regulatory obligations according to the prescribed deadlines;
  • Personal data collected for the purpose of selling products and services, we store for the duration of the contractual relationship;
  • We store personal data collected for the purpose of marketing activities until you withdraw your consent, cancel your subscription, request the deletion of your subscription, or after a certain period of inactivity.
  • Personal data are deleted upon termination of the contractual or employment relationship, and at the latest upon the expiration of all legal storage obligations, unless a court or other similar procedure has been initiated that requires the retention of data.
  • Upon expiration of the retention periods, we remove them from the system and archives or turn them into anonymous data so that you can no longer be identified.

WITH WHOM CAN WE SHARE PERSONAL DATA

Significo Group may, on the basis of legal obligations or its legitimate interest, share personal data between members of the Group, which may also process them for the purpose of fulfilling legal obligations, preventing abuse, improving products and services or on the basis of consent.

Members of the Significo Group shall exchange personal data with each other only if there is a need on the legal grounds set out in item 9.

The Significo Group may share your personal information with third parties only in the following cases:

  • if there is a legal obligation or explicit authority under the law;
  • if we hire another person to perform certain tasks as the so-called subcontractor, i.e. a data processor, who acts exclusively on behalf of the members of the Significo Group, whereby the Significo Group ensures all data protection measures as if it were performing these tasks itself;
  • if the data need to be passed on to third parties in order to perform the contract with the subject;
  • in the event of a change in the ownership structure of Significo Group affiliates in the future, it is possible for the Significo Group to transfer personal data to new affiliates or third parties for the purpose of conducting the Group’s business;
  • and based on the consent of the subjects.

 

Such third parties include:

  • Legislative, supervisory and regulatory authorities within and outside the territory of the Republic of Croatia;
  • Financial institutions with which Significo Group cooperates;
  • Auditors within and outside the Significo Group and other authorities authorized to audit;
  • Suppliers hired by the group to perform services in the name and on behalf of the members of the Significo group, to fulfill the obligations of the contract with the subjects;
  • Other agencies, institutions, associations, insurance companies, and partner companies with which the Significo Group has concluded a business cooperation agreement under which business customers can contract and use the products and services provided by members of the Significo Group, etc.
  • When transferring data from Significo Group subjects, the principle of processing restrictions is strictly observed with the transfer of the minimum amount of data required to realize the requested service and with respect to all other relevant data protection principles.
  • The Group has all relations with partners regulated by data processing agreements, whereby the partners are required to have at least the same level of personal data protection as within the Group members.
  • We process personal data in the Republic of Croatia. Exceptionally, we may process them in other countries (e.g. when a subcontractor from another country is hired to provide a certain service or part of a service that includes the processing of personal data), as a rule in the Member States of the European Union. We can exceptionally process them in third countries as well, but in such situations appropriate measures of personal data protection are always applied, at least in a way as if personal data are processed in the Republic of Croatia (e.g. by applying the so – called. EU Standard Contractual Clauses for data processors in third countries, other legally binding and enforceable instruments, binding corporate rules, certification, etc.

YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

The Significo group respects the right to privacy, collects and processes data only in the presence of legal grounds for processing, and subjects retain certain rights in relation to the processing of their data at all times.

At the time of collecting information from subjects, the Significo Group will provide the following applicable information:

  • identity and contact details of the data controller,
  • contact details of the data protection officer,
  • the purposes of processing for which personal data are used as well as the legal basis for processing,
  • legitimate interests,
  • recipients or categories of recipients of personal data,
  • the intention to transfer personal data to third countries (if any),
  • data storage period or the criteria that define that period,
  • consent rights,
  • and the existence of the rights listed below.
  • In case the data are not collected directly from the subjects, the source of personal data is stated in addition to the stated data.

Subjects have the following rights:

  • Right to erasure (“right to forget”) – the subject has the right to obtain from the Significo Group the deletion of personal data relating to them, and the Significo group has the obligation to delete personal data without undue delay if one of the following conditions is met:
  • storage of data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • the subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
  • the subject objects to the processing, and the legitimate reasons for exercising the right to erasure outweigh the legitimate interest of the group in processing and/or storing personal data;
  • personal data has been processed illegally;
  • personal data must be deleted in order to comply with a legal obligation.
  • Right to access data – the subject has the right to receive from the Significo group a confirmation of whether their personal data are processed and if such personal data are processed, access to personal data and purpose of processing, data categories, potential recipients to whom personal data will be disclosed, etc.
  • Right to correction – the subject has the right to obtain from the Significo group without undue delay the correction of inaccurate personal data relating to them. Taking into account the purposes of processing, the subject has the right to supplement incomplete personal data, including by giving an additional statement. In addition, subjects are required to update personal information in a business relationship with the group.
  • Right to transfer data – the subject has the right to receive personal data relating to them, provided to the Significo group in a structured, commonly used and machine-readable format, and has the right to transfer this data to another controller. It should be noted that the right of transfer applies exclusively to the personal data of the subjects.
  • Right to object – the subject has the right, based on their special situation, to object at any time to the processing of personal data relating to them. In such a situation, the Significo group may no longer process personal data unless it proves that there are legitimate reasons for the processing that go beyond the interests, rights and freedoms of the subjects or to set, exercise or defend legal claims. Furthermore, if personal data are processed for the purposes of direct marketing, the subject has the right to object at any time to the processing of personal data relating to them for the purposes of such marketing, which includes creating a profile to the extent related to such direct marketing.
  • Right to limit processing – the subject has the right to ask the Significo group to request the right to restrict processing if he or she disputes the accuracy of personal data, considers that processing is illegal and opposes the deletion of personal data and instead restricts their use, has filed an objection to the processing and is awaiting confirmation as to whether the legitimate reasons of the data controller go beyond the reasons of the subject. The subject has the right at any time to demand the exercise of any of the above rights.

 

If you believe that the processing of personal data that we carry out is contrary to the regulations on personal data protection, please inform us about it in writing to the address of any member of the Significo group or via e-mail address: osobni.podaci@significo.hr.

You can also send your complaint to the supervisory authority – the Croatian Personal Data Protection Agency, Zagreb, Martićeva 14, and from 25th May 2018 to the supervisory authority within the EU.

In case of failure to provide the necessary personal data requested by the group for the purpose of concluding and exercising rights under the contract between group members and subjects or providing our services, there is a possibility that the contract may not be concluded or services provided.

You may revoke the consent you have given for a particular processing purpose at any time in which case we will no longer use your personal data collected on the basis of the consent for the stated purposes.

You can change your consent via the website or by sending an e-mail to osobni.podaci@significo.hr

PERSONAL DATA PROTECTION

In order to protect the personal data it collects, the Significo Group implements appropriate physical, technical, and organizational protection measures, taking into account the nature, scope, context and purposes of processing, as well as risks of varying levels of likelihood and severity for subjects’ rights and freedoms.

We update and test our security technologies on an ongoing basis and continuously improve them at the group level. We use advanced tools to protect and prevent data leakage, permanently monitor critical systems within the group, encrypt certain sensitive data and protect data from unauthorized access, alteration, loss, theft and any other data breaches and misuse.

Access to data within the Significo group is limited only to those data that are necessary to perform certain business tasks and only to authorized persons who work directly on the provision or maintenance of the service, and to improve the quality and payment of the service, in accordance with clearly defined roles and responsibilities within groups. All Significo Group employees are bound by data confidentiality agreements and we only hire partners with whom we contract appropriate protection measures.

The Significo Group cannot guarantee 100% security of data transmission via the Internet, websites, mobile applications, computer systems or any other public network.

Significo is the holder of ISO certificates: ISO 9001 and ISO / IEC 27001, which additionally guarantee the quality and security of business and data management.

AUTOMATIC DATA PROCESSING

The Significo group does not perform automatic data processing. COOKIES In order for the Significo Group website to work properly, in order for us to be able to make further improvements to the website, in order to improve your browsing experience, the website must store a small amount of information (Cookies) on your computer. The cookie information is saved on your computer by the website you visit. Cookies usually save your settings and website settings, such as your preferred language or address. Later, when you open the same web page again, the internet browser sends back the cookies that belong to that page. This allows the page to display information tailored to your needs. Cookies can store a wide range of information including personal information (such as your name or e-mail address). However, this information can only be saved if you enable it – the website cannot gain access to information that you have not provided and cannot access other files on your computer. The default activities of saving and sending cookies is not visible to you. However, you can change your Internet browser settings so that you can choose for yourself whether or not to approve or reject cookie requests, delete cookies automatically when you close your internet browser, etc. You have the right to turn off cookies at any time. Internet browsers are usually programmed to accept cookies by default, but you can easily adjust this by changing your browser settings. By turning off cookies, you decide whether you want to allow cookies to be stored on your computer. For information on cookie settings, select the web browser you are using.   Chrome

DATA PROTECTION OFFICER

The Significo Group has appointed a Data Protection Officer who is independent and as such acts in the interest of protecting the rights of subjects and their personal data.

In performing their duties, the Data Protection Officer shall take into account the risk associated with the processing operations and take into account the nature, scope, context and purposes of the processing, and it is his responsibility to apply the Privacy Policy and other policies and procedures when collecting and processing subjects’ personal data.

  • The Data Protection Officer performs at least the following tasks in the Significo group:
  • inform and advise the data controller or processor and the processing staff of their obligations under the General Data Protection Regulation and other Union or Member State data protection provisions;
  • monitors compliance with the General Data Protection Regulation and other legal and regulatory obligations as well as other Union or Member State data protection provisions and the data controller’s or processor’s policies regarding personal data protection, including the allocation of responsibilities, awareness raising and training of staff processing procedures and related audits;
  • provide advice on assessing the impact on data protection and monitoring its implementation in accordance with Article 35 of the General Data Protection Regulation;
  • cooperates with the Personal Data Protection Agency as a supervisory body;
  • acting as a point of contact for the supervisory authority on matters relating to the processing of personal data, including prior consultation referred to in Article 36 of the General Data Protection Regulation and
  • advises, as appropriate, on all other matters.
  • The Data Protection Officer reports directly to the Director of each member of the Significo Group.
  • The Data Protection Officer is obliged to keep confidential all information and data that they learn in the performance of their duties. The Data Protection Officer does not receive any instructions regarding the performance of these tasks, which additionally ensures his independence.
  • The Data Protection Officer is also the primary point of contact for subjects who wish to exercise their rights (issues related to the processing of their personal data and exercising their rights under the Regulation), send an inquiry related to personal data protection, request additional information, express concern about processing their personal data, to file a complaint regarding the protection of personal data and the exercise of their rights under the General Data Protection Regulation.

The Significo Group has appointed a joint personal data protection officer for the following members: Significo d.o.o., Significo savjetovanje d.o.o. and Moderne komunikacije d.o.o. to contact if you have questions or concerns about how we handle your personal data and how we use it or would like to exercise your rights listed in item 12 of this document, to the address:

Significo d.o.o.

Data protection officer

Ulica grada Vukovara 269D

10000 Zagreb

e-mail: osobni.podaci@significo.hr;

FINAL PROVISIONS

This version of the Privacy Policy applies from 1st January 2020. You will be notified of any changes to the Privacy Policy on our website https://www.significo.hr.