NOTICE ON THE PROCESSING OF PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS OF THEMELIA

This Notice on the Processing of Personal Data of suppliers and business partners (“Notice”) applies to the processing of personal data of individuals and representatives of legal entities who are suppliers and business partners of THEMELIA, located at Palmotićeva 26, Zagreb, OIB: 92274371073 (“Themelia”).

Themelia is the data controller for the personal data of suppliers and business partners, including individuals and their workers or other representatives. This Notice does not apply to data related to legal entities or data concerning the activities of legal entities.

In this Notice, we describe who we are, what categories of your personal data we process, how and for what purposes we process them, how we protect your personal data, and what rights you have regarding our processing of your personal data.

WHAT CATEGORIES OF PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS DOES THEMELIA COLLECT AND PROCESS?

Themelia collects and processes the following categories of personal data of its suppliers and business partners or their representatives:

FOR WHAT PURPOSES DOES THEMELIA PROCESS PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS OR THEIR REPRESENTATIVES?

Themelia processes the personal data of suppliers and business partners when they collaborate with Themelia or communicate and engage in business cooperation with Themelia.

Themelia processes the personal data of suppliers and business partners for the following purposes:

a. To conclude and perform contracts: Themelia processes the personal data of suppliers and business partners if they collaborate with Themelia. In this case, Themelia uses personal data for the delivery of goods, provision of services, and execution of work by suppliers and business partners. Themelia also processes personal data of suppliers and business partners, including their representatives, for administrative purposes, such as communication, invoice issuance, or payment.

In this context, Themelia processes the identification and contact data of suppliers, business partners, and their representatives, as well as payment data. Themelia processes these personal data because such processing is necessary for the conclusion and execution of contracts that Themelia enters into with suppliers and business partners and to take appropriate actions at their request before entering into a contract.

b. To comply with regulations by Themelia: In certain cases, Themelia will process the personal data of its suppliers and business partners to comply with laws and other regulations or to fulfill its legal obligations as a data controller. This particularly relates to obligations related to invoicing, taxes, and other duties.

Consequently, Themelia may process the personal data of suppliers and business partners, including their representatives, to conduct appropriate checks of suppliers and business partners and their offers, as well as to make decisions on the possible acceptance of offers. Themelia may be obliged to provide the personal data of suppliers and business partners to state institutions or supervisory authorities based on legal obligations.

In this context, Themelia may process the identification data, payment data, and other data provided by suppliers and business partners during the duration of the contractual relationship.

HOW LONG DOES THEMELIA RETAIN PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS?

Themelia retains the personal data of suppliers and business partners, including their representatives, for the period necessary to achieve the purposes described above.

Themelia keeps the mentioned personal data within the timeframes prescribed by law and other regulations, and in some cases, as long as it is reasonable and advisable in the context of the applicable limitation period. It is possible that Themelia will be obliged to permanently retain certain personal data of suppliers and business partners as provided for in Themelia’s internal acts and applicable regulations.

The retention periods for personal data and other rules for the retention of personal data are specified in Themelia’s Personal Data Retention Policy.

Themelia will maintain the personal data of suppliers and business partners as accurate and up-to-date based on the information provided by the respective supplier or business partner. After the expiry of the time necessary or prescribed for processing personal data, Themelia will securely delete or destroy the personal data of suppliers and business partners.

WHO HAS ACCESS TO THE PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS?

Access to personal data of suppliers and business partners, as well as their representatives, may be granted to Themelia’s employees who have limited access and processing rights for the purposes of their job, particularly employees involved in administrative tasks such as collecting offers, contract management, payment, etc.

Employees of Themelia who are authorized to access or otherwise process personal data of suppliers and business partners are required to maintain the confidentiality of personal data and act in accordance with privacy notices, policies, procedures, and other internal acts and contractual obligations of Themelia.

To the extent necessary and permitted by laws and regulations, Themelia may share personal data with third parties such as:

a. Service Providers: Themelia may share personal data with service providers who, under special agreements, provide certain services that may include the processing of personal data of suppliers and business partners of Themelia. For example, providers of accounting, legal, or IT services, etc.

b. Public Authorities or Private Legal Entities: Themelia may be required to provide personal data of suppliers and business partners to state authorities or private legal entities when Themelia is obliged to provide such data based on legal obligations or when it is necessary for Themelia to protect its rights and interests.

HOW ARE THE PERSONAL DATA OF SUPPLIERS AND BUSINESS PARTNERS PROTECTED?

In order to protect the personal data of suppliers and business partners, Themelia takes appropriate protection measures in accordance with applicable privacy and data protection laws. This includes requirements for Themelia’s service providers to implement appropriate measures to protect the confidentiality and security of personal data of suppliers and business partners.

In its business operations, Themelia has implemented technical, physical, and organizational measures to protect the personal data of suppliers and business partners from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and from all other forms of unlawful or excessive processing.

WHAT RIGHTS DO SUPPLIERS AND BUSINESS PARTNERS HAVE AND HOW CAN THEY BE EXERCISED?

Within the framework of personal data protection, suppliers and business partners have the following rights:

a. Right to access their personal data: The right to request confirmation of whether their personal data is being processed and, if so, the right to request access and information about the processing and a copy of the personal data being processed.

b. Right to rectify inaccurate or incomplete data: The right to correct inaccurate and supplement incomplete data.

c. Right to erasure of personal data: This right exists, especially if the data is no longer necessary for the purposes for which it was collected, if it is being processed unlawfully, if there is an obligation to delete it due to legal obligations, or if the data subject has withdrawn their consent.

d. Right to restrict the processing of personal data:

e. Right to object to the processing of personal data:

f. Right to lodge a complaint with the Croatian Personal Data Protection Agency:

Themelia will take all necessary measures to enable customers to exercise the above-mentioned rights, but in certain cases, the exercise of these rights may be limited or excluded.

WHO CAN YOU CONTACT WITH QUESTIONS ABOUT THE PROTECTION OF PERSONAL DATA?

For any additional information, please feel free to contact Themelia via email at:
themelia@themelia.hr.

CHANGES TO THE NOTICE AND CONSOLIDATED VERSION

This Notice applies from 20.07.2018 and may be amended from time to time. The latest version of this Notice, which will always be applicable to the processing of customer personal data, is available at the link www.themelia.hr.