DATA PROTECTION AND PRIVACY POLICY
1. General Information
The document “Data Protection and Privacy Policy” of the Misli More d.o.o. company (hereinafter referred to as: Privacy Policy) refers to services and business operations of Misli More d.o.o., Valica 15, 52000 Pula (hereinafter referred to as: Misli More or Company). This Privacy Policy describes the types of personal data we collect, the way we process them and the purposes we use them for, as well as your rights pertaining thereto.
We have prepared and adopted this document because we take the protection of your personal data very seriously. It is at the core of all processes and corporate management of Misli More d.o.o. as the framework of how we treat all of your personal data we collect in relation to our business operations, passed as one of the organisational measures in compliance with requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as: Regulation).
This Privacy Policy does not concern third parties, service providers and suppliers. In the case we use external service providers for the processing of personal data and if the said personal data is processed at their behest, we will still be liable for your personal data protection as data controller.
This Privacy Policy is aimed at making sure we comply with legal requirements and take care of all our users and visitors with the objective of:
• Implementation of valid personal data protection laws;
• Protection of the personal data we have access to;
• Openness and transparency for all users and data subjects;
• Reducing the risk of personal data breach;
• Educating and informing all our users and data subjects;
• Increasing transparency of personal data processing.
All the data we gain access to or process will be treated confidentially, for a specific purpose, ensuring the highest level of safety standards.
Data processing responsible entity:
Name: Misli More d.o.o.
Address: Valica 15, Pula
PIN (OIB): 62558167556
E-mail: info@mislimore.com
2. Types of personal data
Personal data is any data which refers to an individual whose identity is either known or can be determined. An individual whose identity can be determined is a person who can be identified either directly or indirectly, particularly by means of identifiers such as a name, an identifier number, location data, network ID or by means of one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the respective individual.
In our regular business operations, we use the following categories of personal data:
a) Basic personal data: Identification data (first name, last name, social security number (JMBG), PIN (OIB), citizenship, address, photograph); financial information; Online identifiers (cookies, IP address, MAC address, user identification, system logs); Location data (latitude, longitude, altitude, travel direction, recording time); information on the type of contractual relation;
b) Aggregated traffic and transaction data, excluding the content of transaction or communication and the identification of the participant natural persons. We collect data about the use of our products and the manner of their use;
3. Who do we collect personal data from?
In the ordinary course of our business, we collect personal data from several categories of data subjects. According to the purpose and the legitimate interest in each processing, we have divided data subjects into the following categories:
i) Clients – business information about end-users of our services collected under the purchase agreement.
ii) External collaborators – Your data is collected on the basis of a Business Collaboration and Business Communication Agreement. Basic personal data is processed solely on the basis of a legitimate interest in the contract execution. External collaborators comprise: employment handled by the Student Service, external consultants, contractual external collaborators and project partners. We require that each external collaborator should sign a confidentiality agreement concerning all data and information disclosed through business relations with Misli More. External collaborators also comprise our external service providers with whom we have long-term business collaboration agreements.
iii) Third parties – as data processors, we collect and process personal data in compliance with the requirements and instructions provided by our data controller, i.e. our principal.
iv) Public interest or execution of official duties – for the purpose of public interest or if required to perform official duties in compliance with legal requirements, we will process only that personal data which is strictly necessary.
4. Security
We have outlined the principles of security of the information system and set up basic guidelines we apply in all aspects of our business operations whereby we ensure high levels of security of the information system and personal data processing. Your personal data is processed so as to secure the appropriate level of security, including protection against unauthorized or illegal processing and accidental loss, unavailability or disclosure through use of organisational and technical measures, protocols and procedures.
Furthermore, we strive to have our security measures continuously upgraded in compliance with technology developments and changes in the business environment and our surroundings.
In our business operations and corporate culture and information security, we carry on the following information and organisational and technical measures:
• protecting the system against internal and external risks
• protection against unauthorized access
• data protection in the physical form
• minimizing processing, pseudonymization
• setting rules – data protection policy
• competence and liability of data holders
• continuous training and education of employees
5. How we collect your personal data
Each collecting of personal data is carried out for a legitimate interest and business-oriented purpose and hence each processing of personal data is legitimate, fair and transparent as regards the subjects’ rights.
The subject will be informed about each processing of personal data concerning the way in which the data concerning him or her is collected, used, submitted for review, processed in some other way or about to be processed. We will make each piece of information or communication concerning the processing of personal data available to the subject in a straightforward language easy to understand.
We will always provide the subject with the information about the identity of data controller and the processing purposes on the website of the data controller or on the headquarters premises/business office of the data controller. We will provide the subject with the information about the risks, rules, protection measures and rights pertaining to the processing of personal data on the website of the data controller or on the headquarters premises/business office of the data controller.
We collect data based on:
• Consent agreement on platform (legitimate interest for the purpose of the processing)
• Realization of employment rights (employer’s legitimate interest
• Realisation of collaboration with external collaborators (necessity of contract execution)
• Realisation of third-party business relationships (suppliers, project partners and clients (necessity of contract execution)
6. Principles and purposes of personal data processing
For each processing in which we are either data controllers or data processors, we always perform lawful processing. Depending on the purpose, we process only the quantity of personal data indispensable for the realization of the purpose of personal data processing.
In the processing, we apply automated processes of applicative processing, and, where this is not possible, we undertake manual personal data processing. The data collected will not be forwarded to third parties (neither directly nor through other representatives) unless otherwise provided for in a third-party agreement or with your explicit agreement. There is a possibility of disclosing your personal data in compliance with legal regulations, provided that public authorities should request so in compliance with the law (police, judiciary).
In our business operations, we do not collect or process special categories of personal data.
7. Cookies
Our website offers options of using cookies – small text files stored on your device through the browser which web servers can later access in the domain that had set up the cookie. We use cookies to save your selected settings, help upon registration, provide targeted advertisements and website operations analysis. Click here for more information about the technical data of the cookies used.
Our service provider and we use the said information for your security, optimized navigation and exchange of information, and personalization of your experience while using our site. Cookie files cannot be used to launch programmes or transfer viruses to your computer. Cookies are issued individually, and they can be read only by the server of the website in the domain that recorded the said file.
8. Data retention period
Your data will be kept for as long as it is needed to meet the obligations and provide the services you granted your consent for, unless otherwise provided for by law or a contractual relationship.
We cannot delete the data:
i. If it is necessary for the performance of contractual obligations or other legal requirements (e.g. the Accounting Act)
ii. If the data is actively used in the processes on the basis of a legitimate data processing purpose.
iii. If we are legally obliged to reject your request, we will do so and inform you about the reasons thereof.
9. User rights
You are authorized to obtain information about your personal data in our possession at all times and to ask for rectification or upgrade of the said data. Prior to your accessing the data, we will determine the identity of the requester and the circumstances of each request. You have the right to withdraw your consent to process your personal data at all times. You only have to send a request at the below address.
Prior to your accessing the data, we will determine the identity of the requester and the circumstances of each request. In case of doubt, we may ask for additional information for purposes of verifying your identity. If we are legally obliged to reject your request, we will do so informing you about the reasons thereof.
If submitted in conformity with the above instructions, all your requests will be received and processed in compliance with our Rules and the Regulation Guidelines for the purposes of protecting your rights. Should you be using any of the said rights too often and with the obvious aim to abuse, we can charge an administrative fee or reject your request.
In compliance with the Regulation, you can exercise the following rights at all times with your personal data:
a) Right to rectification:
If we process your personal data which is incomplete or inaccurate, you can ask us to rectify or amend it at all times.
b) Right to erasure:
You can ask us to delete your personal data if we have processed it unlawfully or if the said processing represents a disproportionate invasion of your protected interests. Please be aware that there are reasons which make it impossible for us to instantaneously delete the data, such as in the case of legal archiving obligations.
c) Right to access:
We can issue a confirmation stating whether your personal data is being processed. If the said personal data is being processed, you can access such data and the information concerning the purpose of data processing, the categories of the respective personal data, recipients or categories of recipients the personal data has been or will be disclosed to, the planned period of keeping the personal data or the criteria of defining the said period, the existence of your rights stated herein, the existence of automated decision-making, including the creation of a profile and the information about the logic of processing, the importance and the anticipated consequences of processing, protective measures if personal data is forwarded to third countries or international organisations.
d) Right to restrict processing:
You can ask us to restrict processing your data:
• If you refute the accuracy of data within the period which allows us to check the accuracy of the said data
• If we no longer need the data for the planned purposes, but you still need it to exercise a legal claim
• If you have objected to the distribution of the said data
e) Right to possibility of data transfer:
You can ask us to send the data you entrusted us with for the purposes of its archiving in a structured format, in the usual machine-readable format:
• if the said data is processed based on the consent you granted us which you can revoke
• for the purpose of contract execution
• if the processing is carried out using automated processes.
f) Right to object to processing:
If we distribute your data for the purpose of executing tasks in the public interest or tasks of public authorities or if we rely upon our legitimate interests in the course of processing, you can object to such data processing if there is an interest in protecting your data.
g) Right to complaint:
If you believe that we have violated the Croatian or European data protection regulations during the processing of your data, please contact us to clarify any queries you may have. You are absolutely entitled to lodge a complaint with the Croatian Personal Data Protection Agency.
h) Exercising your rights:
You can exercise some of the above rights at all times. Please contact us through our communication channels for personal data protection.
i) Identity confirmation:
Prior to your accessing the data, we will determine the identity of the requester and the circumstances of each request. In case of doubt, we may ask for additional information for purposes of verifying your identity. If we are legally obliged to reject your request, we will do so informing you about the reasons thereof.
j) Abuse of rights:
If submitted in conformity with the above instructions, all your requests will be received and processed in compliance with our Rules and the Regulation Guidelines for the purposes of protecting your rights. Should you be using any of the said rights too often and with the obvious aim of abuse, we can charge an administrative fee or reject your request.
10. Forwarding personal data
Your personal data we collect in compliance with provisions of this Privacy Policy can be forwarded to companies for the purpose of the data controller of personal data processing, within the scope of providing services we deliver. The said companies are allowed to use the data exclusively in the way set forth in this Statement. For instance, if we process your personal data based on consent, consent withdrawal will also apply to the said companies.
11. Transfer of data outside the EU
When we act as data controllers, we do not transfer personal data outside the EU. In the case of need to transfer the processing of personal data outside the EU, we will undertake all necessary activities and controls in compliance with Chapter V of the Regulation. In the case of transferring the data to the data processor, we will inform you thereof upon collecting your data.
For each data transfer to third countries, outside the EU, Misli More will secure adequate levels of protection and enable the subjects to take advantage of all enforceable rights and effective court protection in the territory of the said countries.
12. How to contact us
If you have any questions about collecting and processing your personal data or if you want to gain an insight into your personal data in our possession for the purpose of its verification, rectification or erasure, feel free to contact us writing us at the following address:
Name: Misli More d.o.o.
Address: Valica 15, Pula, Hrvatska
You can also contact the Head of the Office for Personal Data Protection: info@mislimore.com
Your request will be treated confidentially, and we will get back to you as soon as possible once we analyse it. We have set out detailed rules regarding the processing of personal data requests in the Regulations on Processing Requests and other applicable internal acts of the Misli More d.o.o company.
13. Changes to privacy policy and protection of personal data
Privacy Policy and personal data protection regulations entered into force on 25 May 2018. For the purpose of a continuous management of information security, protection of personal data processing and legal amendments, we will adjust all our internal safety management acts, including the Data Protection and Privacy Policy. The regulations are published on the website of the Data Controller and publicly accessible. We reserve the right to change this document with no special announcement, and we therefore advise that you occasionally check and read this Data Protection and Privacy Policy.