1. Purpose of this policy
We respect your privacy and aim to comply with all data protection regulations that apply to our handling and processing of personal data. At the end of the policy, we give definitions of important terms such as Personal data, Processing, Controller, and Processor.
2.1 Who and what this policy applies to
The policy explains who we are, how we collect, share and use personal data you provide us with, what your data protection rights are, and how can you exercise such rights.
There are separate privacy policies if you apply for a job with us or work for Oradian currently. You may also be asked to sign a separate contract about extra data you give to us through using our products and services.
2.2 Who we are
Registered name: ORADIAN doo.
Registered address: Oradian, Hebrangova ul. 32, 10000, Zagreb, Croatia. Registered with the court register of the Commercial Court in Zagreb, under registration number (MBS): 080761088, PIN: 98019965582.
2.3 Information we collect about you
Personal data is information that may be used to identify you. When using our services, filling out forms on our website or while attending our events, via e-mails and social media and customer support we may collect this information from you:
· Your contact details: email and postal address, telephone number;
· Other personal data: name, surname, country of residence
· Information about your financial institution and your job: name of the financial institution, your job title and similar data.
2.4 What information you give and what information we collect
3. How your data is collected and used
3.1 Data that you give to us
The data you give to us is generally collected when you complete and submit forms on our website and social media such as Facebook and LinkedIn, fill out our questionnaires or when you contact us directly. Data that you give is based on your consent, which you can withdraw at any time.
3.2 Data that we collect
We may also collect your personal data through:
· Cookies and similar technologies: we may collect your usage data such as site preferences whenever you interact with our websites and services, provided that you have agreed to cookies and similar technologies
· Third parties: we may collect your personal data held and processed by third parties such as Google AdWords, Facebook, LinkedIn, MailChimp, if you have given the consent to those third parties to share your personal data with us
3.3 How we use your data
We may use your personal data for the following purposes:
· To provide any services you request, or to carry out any aspect of the contract you have entered into with us, or want to enter into with us
· For marketing and sharing information on social sites, with your consent. This includes content that you upload
· To send you information that you ask for, or to respond to your questions or complaints
· To operate, improve and tailor our websites and social sites
4 Legal basis for using your data
We have a legal basis for collecting and using your data. Generally, this legal basis is one of the following reasons:
· You have given your permission for us to process your personal data for a specific purpose
· Processing your data is necessary for a contract that you have entered with us or want to enter with us, or because we have asked you to take specific actions before entering into a contract with us (referred to as ‘performance of contract’)
· Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, as long as these do not outweigh your data protection rights and interests. These legitimate interests include (but are not limited to):
· Getting information from your behaviour on our website or on any of our apps, or in opening any of our emails
· Creating and implementing our products and services
· Finding out about our customer segments and customers so that we can improve our products and services
· Getting information so that we can improve our marketing and sales campaigns
· improving data security
· Comply with any relevant legal or regulatory requirements.
5 How your data is stored and shared
5.1 Sharing your data
We generally do not disclose your personal data to third parties that are not directly linked to us. We may share your personal data with the following:
· Our affiliated companies
· Third-party service providers and partners who provide data processing services to us such as accountants, technical support providers, etc.
· Any competent law enforcement body, regulatory authority, government agency, court of law or other third party where a disclosure is necessary either to comply with any law or regulatory obligations or to exercise and protect our legal rights and interests;
· A potential or actual buyer in relation to any potential or actual purchase, merger or acquisition of a whole or any part of our business
· Any person as long as you have given your consent for us to disclose your personal data to them
5.2 Sharing your data outside of the European Economic Area
Some of the service providers that we use in connection with our website, marketing and the services we provide are based outside the European Economic Area (EEA). This means that certain personal data may be transferred outside the EEA.
Where your personal data is transferred from within the EU to outside the EEA, we have undertaken security measures and appropriate safeguards to protect your data. These are as follows:
· The country outside the EEA to which your personal data is transferred has been confirmed by the European Commission to give an adequate degree of protection for your personal data;
· We have entered into a standard contract with service providers situated outside the EEA, ensuring the similar degree of protection
· Any service provider in the US that we cooperate with, is self-certified under the EU-US Privacy Shield Framework. This Framework requires the provision of an adequate degree of protection for your personal data.
5.3 How we keep your data secure
We strive to protect your personal data by undertaking appropriate physical, technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Please note that even though we take all necessary steps to use and improve various safeguards, no system is completely secure.
We limit access to your personal data to employees that have a need to access your personal data. They only access and process your personal data on our instructions and they are required to keep your personal data confidential.
5.4 Automated decision-making system
5.5 How long we keep your data
We store your personal data only for as long as necessary for the purposes we collected the data for and to comply with any legal, accounting or reporting requirements. For example, we keep the data collected for the purposes of direct marketing for five years. Once your data is no longer needed, we will securely delete it.
6. Your rights
You have a number of rights in relation to the personal data we collect and process about you. Please find the summary of your rights below.
· Right to access your personal data: you have the right to request access to and be provided with a copy of personal data we hold and process about you. Specifically, you have the right to get more information about why we process your personal data, the type of personal data we collect and store, the people or types of people (or third parties) that we disclose your data to, and how long we will store your data for.
· Right to correct any data that’s inaccurate: you have the right to ask us to correct any inaccurate or incomplete personal data collected and processed about you.
· Right to erasure (“right to be forgotten”): you have the right to ask us to erase or remove any personal data held about you in the event we no longer have a justifiable reason for processing your personal data or in case you have exercised your right to object.
· Right to restrict the use of your data: you have the right to ask us to temporarily suspend the processing of your data, especially in cases where the accuracy of your personal data is under question, the processing may be unlawful or we no longer need the personal data for the purposes of processing.
· Right to object to use of your personal data: you have the right to object to our holding of any personal data about you which is being processed based on our legitimate interests or for marketing purposes.
· Right to port your data: you have the right to receive or ask that we transfer a copy of personal data we hold about you in a structured, commonly used and machine-readable format to a third party, if their holding and processing of your personal data is based on your consent or on the performance of a contract entered into with you.
· Right to lodge a complaint: if you have a complaint regarding the handling and processing of your personal data, you can contact us on the details provided. We will do our best to solve the problem. On the occasion that the problem could not be solved in a satisfactory way, you can contact Croatian Personal Data Protection Agency – Croatian data protection regulator, as well as any other EU supervisory authority related to the processing of personal data.
7.1 Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
8. Contact us