2. Definitions and application
‘Personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an the online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as the implementation of logical, mathematical and other operations with these data.
Arbiana collects and processes personal data primarily to provide its business services. For this reason, Arbiana needs to collect and process certain types of data about individuals who come into contact with Arbiana (data subjects). Arbiana undertakes to handle these data appropriately, regardless of how the data has been collected, recorded, stored and used – on paper, computer, or other material.
At the time of submitting his or her data to Arbiana, the data subject agrees that Arbiana may process his or her data for the indicated purpose. The privacy of the data subject’s personal data is protected permanently, and the data subject may exercise his or her rights, which are listed and explained below, at any moment.
Arbiana collects and processes personal data in accordance with the Personal Data Protection Act (Narodne novine official gazette nos. 103/03, 118/06, 41/08, 130/11, 106/12), other Croatian regulations, Directive 95/46/EC, and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016). Arbiana stores the collected data in an appropriate way and ensures its confidentiality. Arbiana may not forward the collected data to third parties without the data subject’s consent, except when this is necessary to fulfill Arbiana’s legal obligations when this is necessary to complete tasks that are carried out in the public interest when the data subject has personally published these data, and in other cases determined by the relevant regulations.
The data subject has the following rights regarding the processing of his or her personal data by Arbiana:
Rights of the data subject:
Right to information
The data subject has the right to obtain information at any time as to whether or not his or her personal data are being processed, and, if so, for what purpose, who the data controller is, the contact details of the data protection officer, which personal data categories are being processed, for which period the data are being processed or stored, who the source for obtaining his or her personal data is, and who the recipients of his or her personal data are, and also the right to information about his or her other rights under this policy (right of access, right of rectification, right to erasure, right to restriction of processing, etc.).
Right of access
The data subject shall have the right to obtain from Arbiana confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing;
the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or the criteria used to determine that period; the existence of the right to request from Arbiana rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, and the consequences.
Right to rectification
The data subject shall have the right to obtain from Arbiana without undue delay the rectification of inaccurate personal data concerning him or her. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure/right to be forgotten
The data subject shall have the right to obtain from Arbiana the erasure of personal data concerning him or her without undue delay and Arbiana shall have the obligation to erase personal data without undue delay where one of the following grounds applies: the personal
data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; the data subject objects to the processing; the personal data have been unlawfully processed; the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Arbiana is subject; the personal data have been collected in relation to the offer of information society services to a child.
The above shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which Arbiana is subject or for the
performance of a task carried out in the public interest or in the exercise of official authority vested in Arbiana; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes; or for the
establishment, exercise or defense of legal claims.
Right to lodge a complaint with a supervisory authority
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling, if processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in Arbiana, or if processing is necessary for the purposes of the legitimate interests pursued by Arbiana or by a third party. Arbiana shall no longer process the personal data unless Arbiana demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Arbiana, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without
hindrance from Arbiana where the processing is based on his or her consent and where the processing is carried out by automated means.
The data subject shall have the right to have the personal data transmitted directly from Arbiana to another controller, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
Rights related to automated individual decision-making and profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except if the decision is necessary for entering
into, or performance of, a contract between the data subject and Arbiana; is authorized by Union or Member State law to which Arbiana is subject; or is based on the data subject’s explicit consent.
Right to withdraw consent
The data subject’s consent is one of the legal bases for the processing of his or her data. The data subject has the right to withdraw his or her consent at any time. The withdrawal of the consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to restriction of processing
The data subject shall have the right to obtain from Arbiana restriction of processing where one of the following applies: the accuracy of the personal data is contested by the data subject, for a period enabling Arbiana to verify the accuracy of the personal data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; Arbiana no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; the data subject has objected to processing until it is established whether the legitimate grounds of Arbiana override those of the data subject.
To exercise his or her rights, the data subject must contact the data protection officer by sending a written notice or request to the data protection officer of the Arbiana d.o.o. company by e-mail, using the e-mail address that they gave to Arbiana d.o.o., by post to Ante Starčevića bb, 34310 Pleternica, or by submitting a personal statement directly at the business premises of Arbiana d.o.o. after prior notification by telephone on +38534638333 and supplying proof of identification with a valid personal document.
3. Data protection officer
Arbiana has appointed a data protection officer.
Telephone: +385 34638333
Any questions regarding the protection of personal data should be submitted to the data
4. Personal data protection principles
Arbiana believes that the lawful and proper handling of personal data is very important and therefore ensures that personal data are treated lawfully and correctly. For this purpose, Arbiana completely supports and adheres to the principles of data protection.
The principles of data protection require that personal data:
- must be processed rightfully and lawfully and in particular that they must not be processed if the conditions stipulated by the regulations are not met;
- are collected only for one or more specific and legitimate purposes and must not be further processed in any way that would be incompatible with these purposes;
- are subject to processing that is adequate, relevant and not excessive in terms of purpose, and that the data are accurate and up to date;
- must not be kept longer than necessary for an applicable purpose;
- must be processed in accordance with the rights of the data subject and in accordance with the applicable regulations;
- are protected by appropriate technical and organisational measures against unauthorized or unlawful processing as well as against accidental loss, destruction or damage;
- must not be transferred to a country or territory outside the EU, unless that country or territory provides an adequate level of protection of the rights and freedoms of the data subject with regard to the processing of personal data.
5. The activities of Arbiana regarding data processing
Arbiana undertakes to:
- fully respect the conditions of fair collection and processing of personal data;
- fulfill its obligation to specify the purpose for which the personal data are being processed;
- collect and process personal data only to the extent necessary to meet its operational needs or in accordance with all legal requirements;
- provide all necessary data to the Personal Data Protection Agency;
- perform strict verification of the duration of the storing of personal data;
- ensure that the rights of the person whose data is being processed can be completely exercised in accordance with personal data protection;
- adopt appropriate technical and organisational security measures for the protection of personal data;
- ensure that personal data are not transmitted abroad without insurance coverage;
- treat all persons lawfully and fairly, regardless of their age, religion, disability, gender, sexual orientation or ethnicity when acting in connection with a request for notification;
- establish clear procedures for responding to requests for notification.
On its website, Arbiana may use advertising and traffic statistic tracking cookies based on the interests and information of Arbiana website visitors from social networks. If a data subject uses content on Arbiana social networks or applications, a cookie from these networks and applications may be stored on the data subject’s device used to access the Arbiana website. Visitors have the right to turn cookies off. Web browsers are usually programmed in such a way as to accept cookies by default, but data subjects may change this by altering their web browser’s settings. If a data subject wishes to restrict or block all cookies that include Arbiana websites/applications (which can disable the use of certain parts of the website) or other websites/applications, he or she may do so via the web browser settings.
In the event of a personal data breach that will probably cause a high risk to the rights and freedoms of the data subject, Arbiana will inform the data subject of the breach without undue delay, unless Arbiana has taken appropriate technical and organizational protection
measures and these measures have been applied to the personal data affected by the breach, especially measures that make personal data incomprehensible to any person not authorized to access these data, or if Arbiana has taken further measures to ensure that it is no longer likely that there will be a high risk to the rights and freedoms of the data subject, or if this would require a disproportionate effort, in which case Arbiana will issue a public notification or take similar measures to inform data subjects in an equally efficient way.
6. Review and check