Privacy Policy

KALIGRAF d.o.o. takes your privacy seriously. This Privacy Policy describes why and who we collect your personal data, how we use and protect them, who we share them with and how you can contact us with regard to the protection of your privacy and compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, Regulation).

I. Data controllerKALIGRAF d.o.o., Zagreb, Zavrtnica 17, e mail: kaligraf@kaligraf.hr
Regarding all matters related to the processing of your personal data and the exercise of rights provided by the Regulation, you can contact us by mail or at the above email address.

II. Legal basis for processing of personal data
We collect, process, and use personal data only for the intended purposes, and they include the following:
(i) The processing is required for the purpose of compliance with legal obligations of the Data controller;
(ii) The processing is required for the implementation of an agreement where the customer is a party to the agreement or for performance of actions at the request of the customer before execution of the agreement;
(iii) The processing is required for the legitimate business interests of the Data controller or a third party, unless the interests and basic rights and freedoms of the customers who request protection of personal data prevail these interests;
(iv) Pursuant to an explicit consent provided by the customer.

III. How we collect your data
We may collect your personal data in the following manners:
(i) Directly from you, e.g. data delivered for the needs of execution or implementation of an agreement, by coming to the premises of the Company, by sending your CV, by attending some of our events, via an individual phone call etc.;
(ii) Indirectly – data that are publicly available on the websites other than the company website, e.g. posts on social networks, open forums, data obtained by using cookies, links and similar technologies;
(iii) Through video surveillance of our business premises.

Information you provide
When interacting with KALIGRAF d.o.o. you may be required to provide certain data in the following
manners:
(i) By providing your CV;
(ii) By subscribing to our newsletters;
(iii) Business contacts and cooperation may serve as a source of information about our business partners or their employees with the purpose of performing the professional activity and establishing close business contacts and relationships;
(iv) If you participate in a public event, such as a manifestation or celebration, we may photograph you or make videos of you;
(v) When you use our services on our social network web pages, we may receive the content you decide to transfer, such as comments, photographs, posts in forum discussions or details on your interests and preferences that you share with us;
(vi) By representing our clients based on a contractual relationship with the client;
(vii) By signing the employment agreement in accordance with the applicable regulations;
(viii) By entering our business premises, which are under video surveillance;
(ix) By using our web center services, you may provide us with various documents and personal data for the purpose of registering with the web center and improving the quality of our services.

The information that we collect related to the social networks, web center, and web page of KALIGRAF d.o.o.
When you use some of our social networks, applications and websites, we may receive the information related to your social network accounts, e.g.:
(i) If you sign into our website using the social network account, we may receive basic data from your social network profile. The basic data that we receive depend on the privacy setting of the particular social network, but they can include your social network ID, first and last name, profile image or other data depending on the privacy settings of your social network account. We can also receive additional information from your profile of a particular social network if you grant us your relevant consent;
(ii) If you press “Like” or a similar link on our social network web pages we may record what you did. Additionally, the content you view may be published on your profile or in the social network news. We can accept the information on further interactions with the published content (e.g. if you contacts select a link in the published content) which we can then connect with your information that we store;
(iii) If you press “Like” or a similar link on our social network web pages, we can receive the information on your profile on the social network, depending on the privacy settings of your social network account;
(iv) Details on the content you view. For example, when you use our website, we may collect the information on your visit, such as pages that your brows, time and place of your activities, applications settings, errors and hardware activities;
(v) If you use our web center service, it may be used solely and exclusively in the manner we have made available, using your personal data (name, surname, and email address). By using this service, you provide us with your personal data for the purpose of registration, and documents for the purpose of ensuring the quality of our service.
We will use such collected personal data until you request their deletion. We use your CVs in accordance with your consent.

Information we collect from employees during their employment
We appreciate the privacy of all our employees and do not collect their personal data without having the legitimate interest for that. Whenever we require our employees’ (including data of close family members) for the purpose of exercising certain rights, we always ask the employees for their previous consent, if we need one and we do not have the legitimate interest.
The employees are obliged to deliver us the data set forth by the regulations on employment records and other regulations governing this segment. The employees are always obliged to update and deliver valid data in a timely manner if the delivered data changed in the meantime. The employees shall cover the damages incurred by the omission of delivering the amended data.
Employee personal data may be collected, processed, used, and shared with third parties if necessary for the fulfillment of rights and obligations arising from or related to the employment relationship. For this purpose, data may be collected, processed, used, and disclosed to third parties in accordance with accounting regulations, pension and health insurance laws, occupational health and safety regulations, and other labor-related legal provisions.
We do not share employee data with third parties without the employee’s explicit consent, except in cases of legal obligations or to fulfill contractual obligations with the employee
We will keep the employee data for as long as there is a legal requirement to do so, and we will delete/destroy such data as soon as the legal requirements for their deletions/destruction are met.

Processing of Personal Data through Video Surveillance
KALIGRAF d.o.o., as the Data Controller, monitors the entrance/exit of its business premises by video surveillance for the purpose of protecting persons and property, based on legitimate interest.
Video recordings are used exclusively for the protection of persons and property and may be provided to competent authorities (police, courts) upon request if necessary for conducting procedures under special regulations.
Video recordings obtained through the video surveillance system are stored for a maximum of one month (or longer if they are retained as evidence in court, administrative, arbitration, or other proceedings).

IV. How We Use Your Personal Data
We may use your personal data for various purposes, including:
(i) Providing services in accordance with contractual obligations;
(ii) Reviewing your job application if you contact us through our website or otherwise submit your resume;
(iii) Sending newsletters and other communications via email or other contact methods if you have given prior consent;
(iv) Creating anonymous aggregate statistics about the use of our website, which may be shared with third parties and/or made public;

(v) Recording the name of forums, time, and date whenever you post or reply on our social media pages (e.g., forums), for tailoring marketing communications to your activity. The content of your posts or messages is not used for other purposes;
(vi) Using information collected through monitoring of our website, online services, and email to protect you, our employees, and partners. Such information may be forwarded to police or other authorities if required by law. By using our website and other online services, you explicitly consent to this;
(vii) Using photos and videos taken at public events we organize for publication on our website, media, and marketing purposes of our company or clients. You will be notified in advance about such usage upon entry to the event;
(viii) Combining information from various sources to provide better customer support and personalized services, content, advertising, and offers if you have given prior consent;
(ix) Disclosing personal data to protect the health and safety of employees, property, and users when deemed necessary or appropriate;
(x) Complying with legal obligations related to reporting and data processing.

Sharing of your information
As a rule, KALIGRAF d.o.o. does not disclose your personal data to third parties without your consent, except in the following cases:
(i) We may share your personal data with providers of information and communication technology solutions and services who act as data processors. We have entered into contracts with these processors that regulate in detail the handling of personal data.
Therefore, they are not permitted to process your personal data without our instructions or forward it to third parties. Our service providers act solely according to our instructions, in accordance with our rules, and are subject to appropriate confidentiality and security obligations;
(ii) We must/may disclose information about you to third parties for legal and/or business purposes, such as to government and competent authorities in order to comply with applicable legal regulations and fulfil reasonable requests from such authorities, or to professional advisors for the purpose of exercising or defending our legal rights, etc.;
(iii) We may share anonymized, aggregated, or generalized data — which does not identify you — with any third party (e.g., partners, advertisers, media, the public, etc.);
(iv) We may disclose employee information to competent authorities for the purpose of exercising rights and obligations arising from the employment relationship (e.g., pension and health insurance institutions, etc.).

Personal data that you share
Certain mechanisms on our website or social networks will enable you to transmit and share messages, photographs, videos and other content. By publishing them, they stop being private or confidential, e.g. message boards enable you to publish comments, photographs and videos (with the name linked to your account) that are visible to other service users.

International transmission of your data
We process your data within the European Economic Area. If transmission of data is required outside this area, it will be carried out only if the European Commission confirms that a third county provides a certain level of data protection or if the appropriate protection measures are implemented in accordance with legal regulations.

Marketing Communication
If you voluntarily provide contact details for marketing purposes, communications may include information about our latest products, services, contests, etc.

Cookies
On the official websites of the Data Controller, so-called cookies are used – text files placed on the user’s computer by the web server through which the Internet Service Provider (ISP) displays the website.
Cookies are created when the browser on the user’s device loads a visited website, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends the cookie back to the web server when the user returns to the same website. Our website uses technical cookies (mandatory cookies) that cannot be disabled and are essential for the proper functioning of the website.

Child privacy
Children are considered all persons younger than 16 years of age in accordance with the applicable regulations of the Republic of Croatia. We do not collect any data from children without the consent of their parents or guardians.
Should the parent or guardian have any questions related to our processing of personal data of their children, the same rules shall apply as for the adults.

Retention Period of Personal Data
We process your personal data only as long as necessary for the purposes of processing. After the purpose is fulfilled, your personal data are no longer used but are stored in our archives as required by law.

V. How We Protect Your Personal Data

We collect and process personal data in a manner that ensures appropriate security and confidentiality in their processing, as well as the effective implementation of data protection principles, including dana minimization, the scope of processing, storage duration, and accessibility.
We take all appropriate technical and organizational protection measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, inspection, or access to the data.
We implement numerous measures to protect your data from unauthorized access and use, for example:
(i) Only employees who need your information to perform their duties have access;
(ii) Data is stored in specially designated folders and locked physical locations with clearly
defined access rights;
(iii) Implementing technical and organizational measures against loss, alteration, theft, or
(iv) Securing physical, electronic, and administrative systems for internet data protection;
(v) Securing physical, technical, organizational, and administrative measures for video
surveillance data.

VI. Your Rights Regarding Personal Data Processing
You may exercise your rights by contacting us in writing or electronically at the addresses provided in this Privacy Policy.
At any time, without negative consequences, you have the right to:
(i) Withdraw consent for marketing or any other processing;
(ii) Request confirmation of processing details (purpose, source, categories, recipients, location, storage period, automated decision-making, profiling);
(iii) Access your personal data;
(iv) Request correction or completion of your data;
(v) Object to excessive or further processing;
(vi) Block unlawful processing;
(vii) Request deletion of your personal data;
(viii) Request transmission of the personal data to another controller.

You can exercise these rights by unsubscribing from mailing lists or contacting us directly via our address or email kaligraf@kaligraf.hr.
We will review each of your requests in accordance with all applicable positive legal regulations governing the protection of personal data. We reserve the right to charge a fee for processing requests in cases where such requests are unreasonable. A response to each request will be provided no later than 30 days from the date of receipt of the request.

The right to complain to Supervisory Authority
At any time, you may file a complaint regarding the processing of your personal data if you believe that, during such processing, we have violated Croatian or European data protection regulations.
Complaints can be submitted to the competent supervisory authority, the Croatian Personal Data Protection Agency (AZOP), or, in the event of changes to applicable legislation, to another body that assumes its jurisdiction. Since May 25, 2018, you may also file a complaint with a supervisory authority within the EU.

VII. Requests by judiciary authorities
In specific cases we are allowed to share your personal data without your knowledge or consent, e.g.:
(i) Prevention or disclosing of crime;
(ii) Arrest or prosecution of perpetrators;
(iii) Assessment of collection of taxes and fees;
(iv) In accordance with a court order or any other law.

VIII. Limitation of liability
Although we implement the available technical, organisational and personnel-related measures to protect personal data from accidental or intentional misuse, destruction, loss, unauthorised modification or access, we cannot guarantee that some of the collected personal data may be accidentally disclosed contrary to the provision of this Privacy Policy.
We exclude liability for damage caused to users or third parties by accidental disclosure of personal data to the maximum extent permitted by law.
Since we do not have control over the personal data that you provide when accessing or using other portals i.e. submit directly to third parties (e.g. when participating in sponsorship activities) to the maximum extent permitted by law, we preclude the liability for damage that may incur to you or third parties as a result of provision of the personal data.
Complaints about compliance with these policies and data protection regulations will be fully investigated and resolved promptly. In case of complains related to compliance with these rules and other personal data protection regulations, we will fully investigate all elements of the complaint and try to solve them as soon as possible.

We review the information on data processing on a regular basis and verify if they reflect the manner in which process personal data. The applicable version is always available on our website. In case of any substantial changes that affect your rights and freedoms, we will inform you directly thereon.
You will be timely notified of all amendments and updates to these Privacy Policy Rules via our website in accordance with the principle of transparency.