NOTICE ON PROCESSING OF CUSTOMERS’ PERSONAL DATA

This Notice on Processing of Personal Data of Customers of Themelia (the “Notice“) applies to processing of personal data of customers performed by THEMELIA, Palmotićeva 26, Zagreb, PIN: 92274371073 („Themelia“).

Themelia is a data controller of personal data of customers, if they are natural persons, or their employees or other representatives, if they are legal entities. The Notice does not apply to legal entities or data related to business operations of legal entities, but solely to data subjects who are natural persons.

In this Notice we are describing who we are, which categories of personal data we process, how and for which purpose we process the personal data, how we protect your personal data and which rights you have within our processing of your data.

WHAT CATEGORIES OF CUSTOMER PERSONAL DATA DOES THEMELIA COLLECT AND PROCESS?

Themelia collects and processes the following categories of personal data of its customers or their representatives:

FOR WHAT PURPOSES DOES THEMELIA PROCESS CUSTOMER PERSONAL DATA?

Themelia processes the personal data of its customers and their representatives primarily for the following purposes:

a. To conclude and perform contracts: Themelia processes personal data if customers enter into a contract with Themelia. In this case, Themelia uses personal data to deliver goods, provide services, and perform work. Themelia also processes personal data for administrative purposes, such as communication, invoicing, etc. Themelia may also use personal data to communicate with customers before the conclusion of a contract and during the contractual relationship, as well as to respond to their inquiries and requests.

b. To comply with Themelia’s legal obligations: In certain cases, Themelia processes personal data of customers to comply with laws and other regulations, i.e., to fulfill Themelia’s legal obligations. This includes obligations related to billing, taxes, and other obligations. Themelia may be obliged to provide personal data of customers to state institutions or supervisory authorities based on legal obligations.

c. For informing about services, promotions, actions, and benefits of Themelia: Themelia may process the personal data of customers and their representatives to inform them about services, promotions, actions, and special benefits offered by Themelia. Themelia informs customers about goods, services, and offers that may interest them by sending promotional messages and newsletters via email or other suitable means.

HOW LONG DOES THEMELIA RETAIN CUSTOMER PERSONAL DATA?

Themelia retains the personal data of customers (including their representatives) for as long as necessary to achieve the purposes described above. Themelia keeps the aforementioned personal data within the timeframes prescribed by law and other regulations, and in some cases, as long as it is reasonable and advisable in the context of the applicable limitation period.

It is possible that Themelia will be obliged to permanently retain certain personal data as provided for in Themelia’s internal acts and applicable regulations.

WHO HAS ACCESS TO CUSTOMER PERSONAL DATA?

Access to customer personal data may be granted to Themelia’s employees who have limited access and processing rights for the purposes of their job, particularly employees involved in administrative tasks such as preparing offers, invoicing, and collections.

Employees of Themelia who are authorized to access or otherwise process customer personal data are required to maintain the confidentiality of personal data and act in accordance with privacy notices, policies, procedures, other internal acts, and contractual obligations.

To the extent necessary and allowed by laws and regulations, Themelia may share personal data with third parties such as:

a. Service Providers: Themelia may share personal data with service providers who, under special agreements, provide certain services that may include the processing of customer personal data by Themelia. For example, providers of accounting, legal, or IT services, etc.

b. Public Authorities or Private Legal Entities: Themelia may be required to provide personal data of customers to state authorities or private legal entities when Themelia is obliged to provide such data based on legal obligations or when it is necessary for Themelia to protect its rights and interests.

HOW ARE CUSTOMER PERSONAL DATA PROTECTED?

In order to protect customer personal data, Themelia takes appropriate protection measures in accordance with applicable privacy and data protection laws. This includes requirements for Themelia’s service providers to implement appropriate measures to protect the confidentiality and security of customer personal data.

In its business, Themelia has implemented technical, physical, and organizational measures to protect customer personal data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and from all other forms of unlawful or excessive processing.

WHAT ARE THE RIGHTS OF CUSTOMERS AND HOW CAN THEY BE EXERCISED?

Within the framework of personal data protection, customers have the following rights:

a. Right to access their personal data: The right to request confirmation of whether their personal data is being processed, and if so, the right to request access and information about the processing and a copy of the personal data being processed.

b. Right to rectify inaccurate or incomplete data: The right to correct inaccurate and supplement incomplete data.

c. Right to erasure of personal data: This right exists, especially if the data is no longer necessary for the purposes for which it was collected, if it is being processed unlawfully, if there is an obligation to delete it due to legal obligations, or if the data subject has withdrawn their consent.

d. Right to restrict the processing of personal data;

d. Right to restrict the processing of personal data;

d. Right to restrict the processing of personal data:

Themelia will take all necessary measures to enable customers to exercise the above-mentioned rights, but in certain cases, the exercise of these rights may be limited or excluded.

WHO CAN YOU CONTACT WITH QUESTIONS ABOUT THE PROTECTION OF PERSONAL DATA?

For any additional information, please feel free to contact Themelia via email at:
themelia@themelia.hr.

CHANGES TO THE NOTICE AND CONSOLIDATED VERSION

This Notice applies from 20.07.2018 and may be amended from time to time. The latest version of this Notice, which will always be applicable to the processing of customer personal data, is available at the link www.themelia.hr.