GDPR
1.
Introduction
The company
PERDISACCA, established at Bale, Valade 1, 52211, OIB No. 91715951334
(Perdisacca in further text), in running its business needs to collect and use
certain personal data.
Perdisacca
is primarily engaged in the production and sale of olive oil and other related products.
In its business, Perdisacca must collect and process certain data about
individuals and is therefore the head of personal data processing.
This policy
has been written and implemented to assure that Perdisacca operates in
accordance with its legal, organizational and technical obligations regarding
the protection of personal data.
All
Perdisacca’s employees are fully informed of the contents of this Policy. They
assure its application when handling and processing personal data. The
employees whose tasks include handling and processing personal data have been
properly trained on their duties regarding protection of personal data.
This Policy
applies to all personal data stored by Perdisacca, relating to any natural
person, regardless of her relation to the business, whether she is, she was or
she might become a client, a supplier or a contact-person. This policy does not
apply to anonymous data. Anonymous data is data that has been modified in such
a way that it cannot be linked to a specific natural person or cannot be linked
without disproportionate effort and therefore, in accordance with the
applicable regulations, is not considered personal data.
This policy
is designed to improve Perdisacca’s services to its users, to protect users
with respect to the confidentiality of their personal information when
providing services, and to prevent potential harm to Perdisacca and its
employees, as well as to ensure that the processing of personal data by
Perdisacca is fully in line with Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of individuals
with regard to the processing of personal data and on the free movement of such
data and repealing Directive 95/46 / EC (General Data Protection Regulation)
(GDPR) and other applicable regulations. The personal data that Perdisacca
processes in its business are not shared with unauthorized persons, are not
offered, are not sold or transferred outside the Republic of Croatia, to third
countries or to humanitarian organizations.
2.
Definitions and Scope
‘Personal
data’ means any information relating to an identified or identifiable natural
person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier
or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
‘Processing’
means any operation or set of operations which is performed on personal data or
on sets of personal data, whether or not by automated means, such as
collection, recording, organization, structuring, storage, adaptation or
alteration, retrieval, consultation, inspection, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction as well as any application of
logical, mathematical and other operations on such data.
The
categories of personal data that Perdisacca processes in its business are name
and surname, address, PID number, year of birth, e-mail address and other
personal data for certain categories of subjects.
Perdisacca
collects and processes personal data mostly for providing services within the
scope of its business or in fulfilling legal or contractual obligations. The
legal basis for the processing of personal data is the contractual relationship
between Perdisacca and the subject, the legal obligation of Perdisacca or the
consent of the subject. Perdisacca handles this personal information in an appropriate
manner, regardless of whether the data are obtained, recorded, stored and used
in a paper copy, on a computer or any other media.
To protect
persons and property, Perdisacca collects certain data by video surveillance in
its facilities or external surfaces of facilities, while clearly alerting
subjects to the installed video surveillance signs when entering the perimeter
of the recording. Only the responsible person at Perdisacca and the person
authorized by the responsible person have access to the stated data under all
conditions prescribed by the Act on the Implementation of the General
Regulation on Data Protection (NN 42/18).
When a
subject sends an e-mail to Perdisacca with personally identifiable information,
via an e-mail with a question or comment, Perdisacca uses this information to
fulfill the subject's request or inquiry regarding the provision of Perdisacca
services. In case that the subject does not wish to provide his personal data
necessary to provide these services, meet the subject's request or respond to
the subject's inquiry, Perdisacca will not be able to process such request or
inquiry or provide the service.
Perdisacca
processes certain personal data of the subject for marketing purposes (name and
surname, e-mail address) in order to provide information on promotions and
benefits of Perdisacca services and products, but only based on the subject's
consent given voluntarily by entering his e-mail address in the designated
field, and by confirming that he is familiar with this Policy. Perdisacca
allows each subject to withdraw consent for such data processing, in accordance
with the respondent's rules below.
When giving
her data to Perdisacca, the subject consents that Perdisacca process her
personal data in accordance with the declared purpose. Subject’s data privacy
is permanently protected. At any moment, subject can exercise her rights, as
listed and explained below.
Perdisacca
keeps the personal data of employees from the employment relationship and in
connection with the employment relationship permanently. Perdisacca keeps
personal data from accounting or bookkeeping documents (per example: invoices
to customers or guests, but also received invoices from suppliers) for at least
11 years in accordance with accounting regulations. Perdisacca keeps the
personal data of guests necessary for the provision of accommodation services
for at least two years after the end of the calendar year in which they are
entered in the Guest Book or Tourist List, in accordance with regulations on
the content and manner of keeping the Guest Book or Tourist List. The contact
details of the subjects for the provision of marketing services (newsletter)
are processed by Perdisacca until the withdrawal of consent based on which they
are processed.
In order to
carry out its business process, Perdisacca has the right to entrust certain
data processing tasks to data processing executors, but only to those who
comply with the technical, logical and organizational personal data protection
measures provided by Perdisacca.
Perdisacca
stores the collected data appropriately and assures their confidentiality.
Perdisacca shall not forward collected data to third parties without a
subject’s consent, except when it may be needed to fulfill Perdisacca’s legal
obligations, (per example: to the Tax Administration, the Croatian Pension
Insurance Institute, the Ministry of Tourism and other competent authorities),
when it is necessary to fulfill tasks of public interests or when the subject
herself has made these data publicly available and/or in other cases when it is
imposed by applicable regulations
Regarding
her personal data processed by Perdisacca, subjects have the following rights.
Rights of the data subject:
Explanation
Right to Information
At any moment, data subject have right to demand information whether her personal data are being processed and for what purposes, who is the data controller, the contact-data of the Data protection officer, which categories of personal data are being processed, for what period they are being processed or stored, who or what is the source of her personal data, who are receivers of her personal data and the right to information about her other rights listed in this Policy (right to access, right to rectification, right to deletion, right to restriction and other).
Right to Access
Every data subject has right to ask and obtain from Perdisacca a confirmation if personal data related to her are being processed, obtain access to these data and to the information on: - the purposes of the processing; - the categories of personal data being processed; - the recipients or the categories of recipients to whom the personal data have been or will be disclosed; - where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from Perdisacca rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; - the right to lodge a complaint with a supervisory authority; - where the personal data are not collected from the data subject, any available information as to their source; - existence of an automated decision-making, including profiling and its consequences.
Right to rectification
The data subject shall have the right to obtain from Perdisacca without undue delay the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure / right to be forgotten
Data subject have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent and there is no other legal basis for processing of these data, if the respondent objects to the processing, if the data have been unlawfully processed, if the data need to be erased to comply with the applicable Union law or national regulation of the member state having jurisdiction over Perdisacca, if the data have been collected in relation to offering of services of the society to a child.
This is not applied if the data processing is necessary (and to the necessary extent) in order to exercise the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the Perdisacca is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Perdisacca, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, for the establishment, exercise or defense of legal claims
The right to lodge a complaint with a supervisory authority
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him including profiling where the processing of the personal data is necessary for the performance of a task carried out in the public interest or in the exercise of legitimate Perdisacca's or third parties interest. Perdisacca shall no longer process the personal data unless Perdisacca demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing
Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to Perdisacca, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Perdisacca if data processing is based on his or her consent and the data are being automatically processed
Where technically feasible and when it does not impair other people's rights and freedoms, the data subject has the right to have the personal data transmitted directly from Perdisacca to another.
Rights pertaining to automated decision making and profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her except if it is necessary for entering into, or performance of, a contract between the data subject and Perdisacca, when expressly authorized by Union or Member State law to which the Perdisacca is subject or it is based on the subject’s express consent
Right to consent withdrawal
The subject's consent is one of legal basis for processing the data concerning a data subject. The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
Right to restriction of processing
Data subject has the right to demand restriction of processing of his or her personal data if he or she contests the accuracy of the personal data, for a period enabling Perdisacca to verify the accuracy of the personal data; if his or her data have been unlawfully processed and he or she does not demand deletion, but only restriction of processing; if Perdisacca does not need his or her data any more, but it needs their exist to exercise or execute its legal claims. If he or she objected to processing of his or her personal data, the subject has the right to demand restriction of processing for the period needed to establish whether the Perdisacca's legitimate grounds of the controller override his or her rights from his or her objection
Rights of the data subject:
Explanation
Right to Information
At any moment, data subject have right to demand information whether her personal data are being processed and for what purposes, who is the data controller, the contact-data of the Data protection officer, which categories of personal data are being processed, for what period they are being processed or stored, who or what is the source of her personal data, who are receivers of her personal data and the right to information about her other rights listed in this Policy (right to access, right to rectification, right to deletion, right to restriction and other).
Right to Access
Every data subject has right to ask and obtain from Perdisacca a confirmation if personal data related to her are being processed, obtain access to these data and to the information on: - the purposes of the processing; - the categories of personal data being processed; - the recipients or the categories of recipients to whom the personal data have been or will be disclosed; - where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from Perdisacca rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; - the right to lodge a complaint with a supervisory authority; - where the personal data are not collected from the data subject, any available information as to their source; - existence of an automated decision-making, including profiling and its consequences.
Right to rectification
The data subject shall have the right to obtain from Perdisacca without undue delay the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure / right to be forgotten
Data subject have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent and there is no other legal basis for processing of these data, if the respondent objects to the processing, if the data have been unlawfully processed, if the data need to be erased to comply with the applicable Union law or national regulation of the member state having jurisdiction over Perdisacca, if the data have been collected in relation to offering of services of the society to a child.
This is not applied if the data processing is necessary (and to the necessary extent) in order to exercise the right of freedom of expression and information, for compliance with a legal obligation which requires processing by Union or Member State law to which the Perdisacca is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Perdisacca, for reasons of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes, for the establishment, exercise or defense of legal claims
The right to lodge a complaint with a supervisory authority
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him including profiling where the processing of the personal data is necessary for the performance of a task carried out in the public interest or in the exercise of legitimate Perdisacca's or third parties interest. Perdisacca shall no longer process the personal data unless Perdisacca demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing
Right to data portability
The data subject has the right to receive the personal data concerning him or her, which he or she has provided to Perdisacca, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Perdisacca if data processing is based on his or her consent and the data are being automatically processed
Where technically feasible and when it does not impair other people's rights and freedoms, the data subject has the right to have the personal data transmitted directly from Perdisacca to another.
Rights pertaining to automated decision making and profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her except if it is necessary for entering into, or performance of, a contract between the data subject and Perdisacca, when expressly authorized by Union or Member State law to which the Perdisacca is subject or it is based on the subject’s express consent
Right to consent withdrawal
The subject's consent is one of legal basis for processing the data concerning a data subject. The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal
Right to restriction of processing
Data subject has the right to demand restriction of processing of his or her personal data if he or she contests the accuracy of the personal data, for a period enabling Perdisacca to verify the accuracy of the personal data; if his or her data have been unlawfully processed and he or she does not demand deletion, but only restriction of processing; if Perdisacca does not need his or her data any more, but it needs their exist to exercise or execute its legal claims. If he or she objected to processing of his or her personal data, the subject has the right to demand restriction of processing for the period needed to establish whether the Perdisacca's legitimate grounds of the controller override his or her rights from his or her objection
To exercise
his or her rights, the data subject should contact the Data Protection Officer,
by sending a written notice or a request to the Perdisacca's Data Protection
Officer, by e-mail, using the e-mail address he or she obtained from
Perdisacca, or by street mail to the address: Valade 1, 52211 Bale, Istria,
Croatia, i.e. to the physical address of Perdisacca LLC under condition that I
request the exercise of my rights by an e-mail to the above mentioned. Perdisacca
reserves the right to make additional requests regarding the identification of
the person seeking the exercise of his rights, all in order to prevent or
prevent the abuse of the rights of the respondent in relation to the protection
of his personal data.
Perdisacca
has designated its personal data protection officer and each subject has the
right to contact him or her regarding the protection of his or her personal
data via:
Phone No +38598435383
E-mail: info@perdisacca.com
All
inquiries regarding the protection of personal data should be addressed to the
Data Protection Officer.
4.
Principles Relating to the Protection of Personal Data
Perdisacca
acknowledges the importance of lawful and proper handling of personal data, so
it makes its best efforts to assure that personal data are treated lawfully and
properly. With this in mind, Perdisacca fully accepts and complies with the
principles of Data Protection.
The general
data protection principles require that data:
·
are
processed fairly and legally, especially that they must not be processed if
legal requirements are not fulfilled;
·
are
collected for one or a limited number of specified, legal purposes and should
never be processed further or in a way that would be incompatible with these
purposes
·
processing
must be appropriate, relevant and should not exceed the purpose or the purposes
for which data are being processed, and the data should be accurate and up to
date;
·
should
not be kept for longer time than needed for the accepted purpose;
·
should
be processed in respect of data subjects’ rights in accordance with the
applicable regulations:
·
appropriate
technical and organizational measures should be taken to protect the personal
data from unauthorized and illegal processing, as well as accidental loss,
destruction, or damage;
·
should
not be transferred to another country or a territory outside the EU unless that
country or territory assure an adequate protection of subject's rights and
freedoms relating to the protection of personal data.
5.
Perdisacca’s Activities Regarding Data Processing
Perdisacca
does:
·
Fully
respect the conditions of rightful and fair collection and processing of
personal data;
·
Observe
its obligation to specify the purpose for which the personal data are being
processed;
·
Collect
and process appropriate personal data, only to the extent to which it is
necessary to fulfill operational requirements and in accordance with all
applicable legal requirements
·
Submit
all necessary data to the Personal Data Protection Agency;
·
Strictly
control the duration of storage of personal data;
·
Take
all due care to enable the execution of the rights of the persons whose data
are being processed
·
Undertake
all appropriate technical and organizational safety measures to protect
personal data;
·
Ensure
that personal data are not transferred to other countries without adequate
protection;
·
Treat
all people fairly and honestly whatever their age, confession, disabilities,
gender, sexual preference or ethnic origin, when reacting to their requests
concerning the right to information;
·
Establish
clear procedures to react to the requests based on the right to information
Perdisacca
can publish, on their web site, the contents of the cookies used to advertise
and produce statistics of web traffic based on interests and information from
the web page visitors from social networks. If a data subject uses Perdisacca’s
social network or application content, a cookie from these sites or application
could be stored on a subject’s device used to access the Perdisacca’s web page.
Visitors have right to disable the cookies. Web browsers are usually set so
that they accept cookies by default, but the data subjects can easily change
this setting in their browsers. If a data subject wants to limit or block all
cookies including Perdisacca's web sites and applications (which can be prevent
the use of some parts of these web sites) or other web sites or applications,
the subject can do it in his or her web browser settings
When the
personal data breach is likely to result in a high risk to the rights and
freedoms of natural persons, Perdisacca shall communicate the personal data
breach to the data subject without undue delay unless Perdisacca has
implemented appropriate technical and organizational protection measures, and
those measures were applied to the personal data affected by the personal data
breach, in particular those that render the personal data unintelligible to any
person who is not authorized to access it, or unless Perdisacca has taken
subsequent measures which ensure that the high risk to the rights and freedoms
of data subjects is no longer likely to materialize or if it would involve
disproportionate effort. In this, latest case, Perdisacca will use public
communication or a similar measure to assure that the data subjects be informed
in an equally efficient way
6. Review and
Verification
Perdisacca
reserves its right to update this Policy as deemed necessary to maintain the
best practices and to assure its compliance to any changes or amendments
regarding the protection of personal data
Last
updated: June 2023
COOKIE POLICY
Controler:
OPG Cergna
Valade 1, 52211 Bale
Mail: info@perdisacca.com
What is a cookie?
A cookie is a small text file containing a unique identification number that is transferred (through your browser) from a website to the hard drive of your computer's hard drive or mobile device when you visit the website. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. These files are then used by websites to identify when you revisit that website.
Cookies are mostly used to allow websites to function, or to function more efficiently, as well as to provide information to website owners. Cookies can also be used to establish anonymised statistics about the browsing experience on our sites. The information does not usually directly identify you, but it can give you a more personalised web experience. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
Use of cookies
We use cookies for many different reasons. We may collect information about your computer, including your IP address, operating system and browser type, for system administration purposes. This is statistical data about your browsing actions and patterns and does not identify you as an individual. We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.
The website uses cookies to distinguish you from other users of the website. This helps us to deliver a better and more personalised service to you when you browse the website and also allows us to improve the website.
Different types of web cookies:
Essential and non-essential cookies
Cookies can be classified as either 'essential' or 'non-essential'.
Essential cookies are cookies that are either:
used solely to carry out or facilitate the transmission of communications over a network; or
strictly necessary to provide an online service (e.g. our website or a service on our website) which you have requested.
Non-essential cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website ('performance' cookies) or cookies used to display advertisements to you ('targeting' cookies).
Session and persistent cookies
Cookies can be classified as either 'session' or 'persistent', depending on how long they last after they are placed on your browser.
Session cookies: session cookies last for as long as you keep your browser open. They expire when you close your browser.
Persistent cookies: persistent cookies expire at a fixed point in time or if you manually delete them from your browser, whichever occurs first.
First and third party cookies
Cookies by source. Cookies can be classified as 'first party' or 'third party'.
First party cookies: these are cookies placed on your device by our website domain.
Third party cookies: these are cookies placed on your device by third party website domains.
Cookies by function
Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance (or Analytical) Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Targeting (or Advertising) Cookies
These cookies may be set through our site by our carefully selected and monitored advertising partners (third parties). They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
If you require further information about cookies in general, please visit www.aboutcookies.org.
Adapt Browser Settings To Cookies
If you are the only person using the computer, you may set long terms of expiry for browsing history. If you share the computer, you may consider setting the browser to delete the browsing data each time when you close the browser.
How Can I Stop The Cookies?
Most internet browsers are initially set up to automatically accept cookies.
You can configure your browser to reject all the cookie files or to alert you when cookies are sent to the device.
It is important to note that the deactivation or refusal to receive cookies can make certain sections difficult to view and use.
All the modern browsers offer the possibility to change the settings of cookies. Rather than blocking all cookies, you can choose to only block third-party cookies which will still allow our website to function as intended.
Updates to the cookies policy
We reserve the right to make any changes to this policy, particularly in response to legislative requirements.
Your rights
To exercise your right to query, access and amend your personal data, you can contact us by email at info@perdisacca.com