Firmus grupa doo Emila Antica 5351266 SelceCroatia OIB: 65092215454 VIES: HR65092215454PRIVREDNA BANKA ZAGREBIBAN: HR40 234 0009 111 0643 883SWIFT: HAABHR22 Feel free to contact us: email@example.com 00385951991006 WhatsApp Name*E-mail*Inquiry*GDPR*Slažem se sa GDPR odredbamaSEND GDPR Firmus grupa dooEmila Antica 5351266 SelceOIB: 65092215454 Introductory provisionsThis Policy establishes a responsible and transparent framework for ensuring compliance with the General Regulation on Personal Data Protection. The policy applies to all organizational units of “Firmus grupa doo” (hereinafter PROCESSING MANAGER) and to all employees, including part-time employees and temporary workers, as well as to all external associates acting on behalf of the processing manager. Policy statementThe processing manager is dedicated to doing business in accordance with all laws, regulations and the highest standards of ethical business. This policy sets out the provisions for the expected treatment of employees of the processing manager and his external associates involved in the collection, use, storage, transfer, publication or destruction of any personal data belonging to employees, business partners of the processing manager and other individuals. The purpose of the policy is to standardize the protection of the rights and freedoms of the respondent by preserving the privacy of his personal data in all aspects of the business of the controller, which include personal data. This policy stipulates that the PROCESSING MANAGER will not unauthorisedly disclose personal data to third parties, nor act in a manner that endangers them. Principles of personal data processingThe controller shall adopt the following principles to be followed in the collection, use, retention, transfer and destruction of personal data: LEGITIMACY, JUSTICE AND TRANSPARENCYPersonal data will be processed legitimately, fairly and transparently towards the respondents. This means that the head of processing will inform the respondent in all relevant situations how he will process the data (transparency), and the processing will be performed exclusively in accordance with what has been said (fairness) and in accordance with the purpose prescribed in applicable law on protection. personal data (legitimacy). LIMITATION OF PURPOSEPersonal data will be collected for clearly defined and legitimate purposes and will not be processed in any way inconsistent with those purposes. This means that the controller must clearly state what the collected data will be used for and limit the processes of personal data processing to only those processes that are necessary to achieve these purposes. DATA MINIMIZATIONThe personal data collected will be relevant and limited to what is necessary to achieve the purpose of their processing. This means that the controller will not collect, process or store more personal data than is strictly necessary. ACCURACY OF DATAThe collected personal data will be accurate and up-to-date, which means that the controller will have developed procedures for detecting and resolving obsolete, inaccurate and unnecessary personal data. CAUTION STORAGEPersonal data will not be kept in a form that allows the identification of respondents for longer than is necessary for the purpose of processing. This means that the controller will, wherever possible, store personal data in a way that restricts or prevents the identification of respondents. DATA SECURITYPersonal data will be processed and stored in a way that provides adequate protection against breaches such as unauthorized and unlawful processing and accidental loss, destruction or damage to data. The controller will implement the appropriate technological and organizational measures described in the Personal Data Security Policy in order to ensure the integrity and confidentiality of personal data at all times. PRIVACY BUILT INTO SYSTEM DESIGNWhen designing new and reviewing and expanding existing processing manager systems and processes, care will be taken to apply all of these principles to maximize the privacy of respondents. Principles of personal data processingAll respondents whose data are collected and processed by the controller have the following rights: RIGHT TO ACCESS INFORMATIONEach respondent has the right to a copy of the data that the processing manager has in his archive for the purpose of insight. In addition to the right to inspect their own data, the respondent also has the right to information on: purpose of processing and legal basis for processing legitimate interest, if the processing is based on it types and categories of personal data collected to third parties to whom the data are forwarded data retention period source of personal data, if not collected from respondents All information should be provided to the respondent in clear and simple language, to ensure understanding, and must be clearly indicated and visible so that the respondent does not overlook it. There is a possibility that providing the requested information to the respondent may reveal information about another person. In such cases, it is necessary to anonymize or completely deny this information in order to protect the rights of that person. RIGHT TO CORRECT DATAEvery respondent has the right to correct inaccurate or incomplete data that the processing manager has in his archive. THE RIGHT TO FORGETRespondents may request that information about them be removed from the archives. The request will be taken into consideration and will be granted if it does not contradict the legal basis for the processing of personal data. RIGHT TO LIMIT PROCESSINGRespondents have the right to limit the scope of processing, in cases where this is applicable. RIGHT TO DATA TRANSMISSIONRespondents have the right to a copy of the data for transfer to another controller. RIGHT TO OBJECTRespondents have the right to object, especially in cases where the processing is based on the legitimate interest of the controller. It is then necessary to review the purpose of the processing and establish its legal basis and, where applicable, allow the respondent to withdraw consent to the processing of the data and / or to stop processing his data. RIGHT TO ASSESSRespondents have the right to ask the supervisory authority to assess the violation of the provisions of the Regulation and the internal policies of the processing manager. RIGHT TO OBJECT TO PROFILINGRespondents have the right to object to automatic profiling and other forms of automated decision making. In the event that the controller rejects the respondent’s request, the answer will state the reason for the rejection, which the respondents may complain to the competent authority for personal data protection (AZOP). Legal basisThe legal bases for the collection and processing of personal data of respondents are the following: LEGAL OBLIGATIONThe laws governing the business of taxpayers prescribe data sets that are necessary for the execution of a legal obligation. For the collection and processing of data prescribed by law, the controller will not seek the consent of the respondents, but will only collect data prescribed by law and will not use them for other purposes. This especially refers to the data collected on the basis of the following laws and their regulations, among which we single out: accounting law accounting law Value Added Tax Act Income Tax Act Labor Law Rulebook on the content and manner of keeping records of workers PERFORMANCE OF THE CONTRACTUAL OBLIGATIONThe personal data necessary for the fulfillment of the contractual obligation will be collected by the controller without the consent of the respondent, to the minimum extent necessary for the performance of the obligation. LEGITIMATE INTERESTThe controller will then publish a list of its legitimate interests on the basis of which it collects and processes personal data for the purpose of enabling and / or improving its services or products. PROTECTION OF VITAL INTERESTS OF RESPONDENTSThe controller may collect and process personal data without the consent of the respondent if this is for the purpose of protecting his vital interests. PUBLIC INTEREST OR EXECUTION OF THE OFFICIAL AUTHORITY OF THE PROCESSING MANAGERIn the case when the activity of the head of processing includes acting in the name of public interest or data processing is based on another type of official authority, it is not always necessary to inform the respondent about the collection of personal data. PRIVOLAIn all other cases, the controller will seek the consent of the respondent for the collection and processing of personal data in which the purpose of the processing will be clearly stated. The respondent can withdraw his consent at any time and thus his data must be automatically removed and processing interrupted. The processing manager will keep records of active and withdrawn consents in order to ensure the correctness of operations. Legitimate interestThe processing manager announces the following legitimate interests: PERSONAL DATA PROTECTION GDPRRespondents have the right to object to the processing of personal data based on these legitimate interests. Terms and definitions GENERAL REGULATION ON THE PROTECTION OF PERSONAL DATA (GDPR)The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify the personal data protection processes of all individuals within the European Union (EU). The regulation also applies to the export of personal data outside the EU. PROCESSING MANAGERAn entity that determines the purpose, conditions and manner of processing personal data. PROCESSING PERFORMERAn entity that performs data processing on behalf of the controller. PERSONAL DATA PROTECTION AGENCYA state agency whose task is to protect data and privacy, monitor the processes of application of the Regulation, and actively implement the Regulation on the Protection of Personal Data within the European Union. PERSONAL DATA PROTECTION OFFICERA data protection expert who acts independently to ensure that the business entity operates in accordance with the policies and procedures set out in the Regulation. EXAMINEEA natural person whose personal data is processed by the controller or executor of data processing. PERSONAL INFORMATIONAny information that is associated with a natural person, ie. respondent and which can be used to directly or indirectly identify a person. PROCESSING OF PERSONAL DATAAny activity carried out on personal data, automatic or not, which includes the collection, use, creation of records and the like. PROFILINGAny automated data processing for the purpose of assessing, analyzing or predicting the behavior of respondents. RIGHT OF ACCESS OF RESPONDENTSKnown as the ‘right of access’, it allows the respondent access to personal data concerning him / her which are in the possession of the controller. LegislationRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) Law on the Implementation of the General Regulation on Data Protection. Offer for business gifts We suggest: Testimonium Latinum , a project of souvenirs and gifts in one.We will be happy to fit into your ideas. MORE DETAILS Whether as a souvenir or as a personal or business gift, Testimonium Latinum has a unique content and appearance. Offer for schools Schools have recognized replicas of old maps as an incentive in teaching geography. MORE DETAILS Incentives in school teaching. Small museum for business premises An outstanding small museum for your hotel, business space, restaurant. MORE DETAILSVIDEO Exclusive content of cultural tourism Offer for souvenir shops and gift shops A popular souvenir that will further enrich your valuable offer. MORE DETAILS A souvenir that has proven itself on the market for over 20 years.