Personal data protection
Personal data protection policy in INA MAZIVA d.o.o.
INA MAZIVA d.o.o. takes the protection of your personal data seriously and undertakes all necessary technical and organizational measures in accordance with the best practices and obligations stipulated by Croatian laws and the General Data Protection Regulation (EC 2016/679) - GDPR.
INA MAZIVA information system is protected in line with the best practices and standards by physical solutions and applications developed by industry leaders. The logical and physical access to system components is managed in compliance with the applicable standards and the users are regularly educated and informed about the importance of information security and data protection.
The specific purpose and methods of processing of your personal data largely depend on the type of business relationship based on which we collect your data. We are guided by the basic principles of personal data protection in our business, which means that we process data lawfully, transparently and fairly, that the processing is limited to the purpose for which the data was collected, so only the data essential for that purpose are processed. We only store your personal data for as long as we have to in order to fulfil the purpose of processing, except in cases when legal regulations require us to store personal data for a longer period and in cases when the storing of data is required by our legitimate interests (e.g. establishment, exercise or protection of legal requirements). When processing your personal data, we are guided by the principles of accuracy, reliability, confidentiality and integrity. Access to your personal data is restricted only to the authorised persons at Ina and our business support providers (Processors).
In order to meet the aforementioned regulatory requirements, several different units have been engaged within our company, ensuring a multidisciplinary approach to safeguarding and protecting the privacy of our customers, business partners, job candidates and other persons whose data we collect in our business. We organize regular trainings for our employees and contract adequate protection measures with our business support providers.
KEY INFORMATION
Controller and Data Protection Officer
The data controller is INA MAZIVA d.o.o., Radnička cesta 175, 10000 Zagreb, PIN: 63988426425.
Please send all your inquiries to:
Address: Radnička cesta 175, 10000 Zagreb, attn. Data Protection Officer
E-mail address: maziva.zop@ina.hr
Purpose of processing and legal basis for processing personal data
INA MAZIVA d.o.o., as the controller, protects your privacy and only processes the personal data that are essential for the company and that has been collected as a part of its business activities, whether the data were provided by you or a third party or obtained from publicly available sources, for the following purposes:
1. fulfillment of contractual obligations - when processing is necessary to fulfill the contract that you are a party to or to take action at your request prior to concluding the contract
2. satisfaction of legitimate interests - when necessary, we process personal data beyond a specific contractual relationship, in order to satisfy our legitimate interests. For example, such legitimate interest may include the following: conducting legal proceedings and maintaining records thereof
- identifying perpetrators of criminal offences and preventing fraud
- protection of persons and property
- fulfillment of your requests so you could help us develop, deliver and improve our products and services or fulfillment of our internal needs, such as audit, data analysis and market research for the purposes of improving our products, services and communication with our users
- answering your inquiries and comments
3. essential compliance with regulatory requirements – considering its diverse business activities, INA MAZIVA d.o.o. is under obligation to comply with a multitude of regulatory requirements. For instance, we have to comply with the Anti-Money Laundering and Terrorism Financing Act, Monetary Institutions Protection Act, tax regulations, etc.
4. processing personal data for special purposes or several special purposes described by consent, solely after receiving your consent to have your personal data processed for a particular purpose. Your consent is compliant with the relevant provisions of the Regulation and given unconditionally and freely. You reserve the right to withdraw your consent at any time.
Should we process your personal data for purposes not described here or outside of the purpose to which you have consented, prior to such processing, we will provide you with information about the other purpose and all other relevant information about the processing.
Which personal data do we process and how do we collect them
We primarily process personal data collected within the scope of a business relationship, such as name, surname, PIN, address, vehicle registration number, etc. However, we also collect data from public sources (Court Register, Financial Agency-FINA) and data legitimately shared with us by other INA Group companies, other contractual partners or third parties when necessary for the performance of our business activities, even when their collection is not associated with a specific contractual or business relationship.
Are you obliged to share your personal data with us?
You are not obliged to do so. However, bear in mind that in some cases, should you refuse to provide the requested data, INA will not be able to enter into a contractual relationship with you or fulfill its legal or contractual obligations.
Period in which the data will be stored
INA MAZIVA d.o.o. will only store your personal data for as long as necessary to fulfil its legal or contractual obligation or legitimate interest, except in case your personal data are processed based on consent, when processing ceases at the moment in which you withdraw your consent. You can withdraw your consent at any time by sending your request to:
- e-mail address maziva.zop@ina.hr or
- address: INA MAZIVA d.o.o., Radnička cesta 175, 10000 Zagreb, attn. Personal Data Protection Officer.
We would like to highlight that withdrawing your consent has no effect on the legality of data processing based on the consent prior to its withdrawal.
When your personal data are no longer needed for the fulfillment of abovementioned purposes, they will be destroyed, except in cases when further storage is required by law.
Who is the recipient of your personal data?
INA MAZIVA d.o.o. undertakes to protect your personal data and will not disclose or make them available to third parties without your specific authorization, except: to service providers we hire as processors for tasks regarding the execution of contracts to which you are a party (such as the accounting company TRS d.o.o.)
- to the authorities for the purposes of activities from their scope (for example Tax Administration, Ministry of the Interior)
- when the data are requested by a court or competent state attorney’s office, or other authorities in equivalent legal proceedings
- when INA MAZIVA d.o.o. is obliged under the law to disclose such data.
What are your rights with respect to the processing of personal data?
Depending on the legal basis for processing, you may have the following rights: right to request access to personal data concerning you, which means that you have the right to be informed about the scope of collected data, purpose of processing, category of personal data that is processed, recipients that the data are delivered to, and the period of storage
- right to have incorrect personal data rectified and incomplete personal data completed, in which case we are under obligation to fulfill your request without unnecessary delay
- right to object to the processing of personal data in case they are processed based on Ina’s legitimate interest or for direct marketing purposes
- right to request erasure of data in cases when the purpose of processing has been fulfilled, when you have withdrawn your consent as the only basis for processing, when your privacy protection interest outweighs INA MAZIVA’s legitimate interest in processing, when you have lodged a complaint against the processing of data for direct marketing purposes, when it is required for purposes of compliance with legal requirements that INA MAZIVA is subject to, and in cases of any unlawful processing. The right to have the data erased is not an absolute right and does not apply, for instance, in cases when processing is necessary to exercise the right to the freedom of information and expression, compliance with legal requirements that INA MAZIVA is subject to, establishment, realization or defense of legal claims, and so on
- right to restrict the processing of data, for instance, in cases when you have disputed the accuracy of the data, for as long as it takes to verify its accuracy
- right to transfer the data to another controller if the processing is based on consent or execution of a contract to which you are a party, or if the processing is performed automatically and it would be technically feasible
- right to submit an objection to a national supervisory authority, i.e. the Croatian Personal Data Protection Agency (CPDPA).
Request access to personal data pertaining to you or requesting the rectification of your personal data.
If you wish to access your personal data or believe that there has been an irregularity in the processing of personal data, please contact the Data Protection Officer.
Lodging a complaint for the processing of personal data
If you believe that INA MAZIVA d.o.o. has no legal basis to process your personal data, you can lodge a complaint to the Data Protection Officer at any time.
In this case, we will no longer process your personal data, nor we will be able to provide our services to you or be in a business relationship with you.