Data privacy
PRIVACY POLICY
(GDPR)
Introductory provisions
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016., p. 1., hereinafter: General Data Protection Regulation), which has been fully applicable since 25 May 2018 in the Republic of Croatia and all member states of the European Union, as well as the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: Act) and in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and the best European practices, the company LB Automotive limited liability company for trade and services, based in the Republic of Croatia, City of Zagreb, Šetalište 150. brigade 6, registered in the court register of the Commercial Court in Zagreb under the registration number (MBS): 05114080, personal identification number (OIB): 15547464822 (hereinafter: Company), as the data controller of the personal data of its service users and customers, has created a Privacy Policy for service users and customers. The Privacy Policy is a unilateral binding legal act based on fundamental principles in the processing of personal data, which regulates which data of users and/or customers are collected, how such data is processed, and for what purposes they are used. The Privacy Policy also informs service users and/or customers of their rights in the collection and further processing of personal data, all for the purpose of protecting their privacy in a broader sense.
The privacy policy is based on the following principles of personal data processing: the principle of legality, transparency and best practices, the principle of limited processing and data minimization, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and confidentiality of data, the principle of accountability, the principle of trust and fair processing, the principle of purpose (processing purposes), the principle of processing in an unidentifiable (anonymized) form.
The privacy policy applies to all services offered by the Company, with the aim of clearly and transparently informing users and/or customers about the processes of processing their personal data and their rights. Above all, users and/or customers can at any time contact the Company with a request for modification or supplementation and/or updating of data that relates to them, as well as with a request for clarification on the purposes for which they want or do not want their data to be processed.
The Company is responsible for the processing of personal data:
LB Automotive limited liability company for trade and services, based in the Republic of Croatia, City of Zagreb, Šetalište 150. brigade 6, registered in the court register of the Commercial Court in Zagreb under the registration number (MBS): 05114080, personal identification number (OIB): 15547464822
Contact details of the data protection officer:
e-mail: info@lb-automotive.com
Method of collection and types of data collected
Certain services provided by the Company require the collection of personal data from users and/or customers, whereby basic data is collected in the following ways:
1. Directly from the users and/or customers themselves in a way that users and/or customers provide them to the Company as the data controller to a certain extent of data that is essential for providing appropriate services. In order to provide appropriate services, the user and/or customer is required to provide the Company with the following data that is necessary for establishing a contractual relationship for the provision of a specific service and/or sale of certain products from its range:
a) name and surname;
b) address;
c) personal identification number (OIB)
d) date of birth;
e) gender;
f) contact phone number and/or mobile number;
g) contact email address;
h) data from the identity card;
i) data on bank account and card number for the purpose of settling payment obligations;
j) data on the habits of users and/or customers;
2. From other sources or from our business partners or from publicly available sources (for example, data available from the telephone directory and other publicly available services);
3. Automatically when visiting online (web) pages, applications, and the Company's Web-shop portal, where the data is associated with online identifiers (internet protocol addresses and cookie identifiers, such as Google Analytics for tracking user and/or customer interactions – more about the functions and operation of Google Analytics, as well as the protection of personal data of service users and/or customers can be found at this link.
A cookie is a small data file that is stored on a computer or mobile device when visiting a specific website. Cookies are used to provide a better user experience for each user, to save user preferences, with the aim of making websites work more efficiently, as well as for tracking and analyzing the usage and traffic of the Company's website. We distinguish the following types of cookies that the Company uses:
a) Persistent Cookies, which help in remembering data and settings during future visits to the Company's website, resulting in faster access to content on the website and a better user experience;
b) Session Cookies, which allow tracking movement through the Company's website, in such a way that there is no need to re-enter data that the service user provides when visiting the website, enabling seamless navigation without the need for additional authentications;
c) First Party Cookies, which come from the Company's website that the service user visits, and are used to store data for the next visit to the Company's website;
d) Third Party Cookies, which come from ads on other websites and are found on the Company's website, and are used for tracking and analyzing usage and traffic for marketing purposes. Since these cookies do not come from the Company's website, it is recommended that service users and/or customers inquire about their rights regarding personal data protection with each individual entrepreneur whose products are related to such cookies.
Cookies are also used for tracking internet usage and creating user profiles, and then for displaying personalized online ads based on user and/or customer preferences.
By disabling and/or blocking the storage of cookies, the user and/or customer can still browse the company's websites. However, there is a likelihood that certain options and/or functionalities of the website will not be available to such a user and/or customer, or that the time required to access certain functions of the website will be longer than usual.
The relevant online identifiers may leave traces that, in combination with other identifiers and information provided by internet service servers, can be used to identify the user and/or customer. For this purpose, the company also collects and processes the following data:
a) data on the IP address;
b) data on the use of specific applications;
c) data on the habits of users and/or customers – the company creates this data for the purpose of profiling users and/or customers.
The amount, or scope, of personal data that the company collects depends on the type of service the company provides to its users and/or customers, as well as on the legal basis on which it collects data. The company continuously ensures that only the necessary scope of personal data required to achieve the legally defined purpose for which the data is processed is collected.
For what purposes personal data is collected and further processed
The company collects personal data in order to provide, maintain, protect, and improve its services related to the purchase of certain products, to understand how users and/or customers use the provided services and the company's websites, and for the purpose of fulfilling the company's contractual obligations. The company collects such data based on the consent given by the user and/or customer for one or more specifically defined purposes, as well as in one of the following cases:
Execution of contractual obligations
The company collects and further processes personal data of users and/or customers for the purpose of concluding and executing contracts, delivering ordered products, providing advice and assistance in using the products, offering appropriate additional and/or extended warranties for the products, resolving complaints from users and/or customers, and other actions related to the conclusion and execution of contracts in accordance with applicable regulations.
The legal basis for processing personal data of users and/or customers for the aforementioned purposes is the necessity of concluding a contract, that is, in the event that the user and/or customer withholds essential data, the company will not be able to conclude a contract and/or undertake certain actions related to the execution of the concluded contract.
Fulfillment of legal obligations
The company is obliged, based on the submitted written request of the user and/or customers, to provide access to personal data it processes about them, correction of inaccurate personal data, deletion of personal data, or restriction of processing of personal data, as well as to inform them of the possibility to object to the processing of personal data and the right to data portability.
Direct promotion (marketing)
Contact information of users and/or customers may be used to send promotional notifications about the products and services of the Company if the user and/or customer has given consent for such processing or if there is a legitimate interest of the Company in such actions, unless there are stronger interests or fundamental rights and freedoms of the user and/or customer that require the protection of personal data.
The Company may use contact information and personally reach out to users and/or customers whose personal data it already possesses, based on the legitimate interest in sending promotional notifications about similar products and services it provides, using all available promotional channels, unless the user and/or customer opposes such processing.
In order for the user and/or customer to receive notifications that correspond to their wishes and habits, it is necessary for the Company to use certain data of the user and/or customer to create personalized promotional notifications, as long as the user and/or customer does not explicitly oppose such data processing, or withdraws their previously given consent for processing.
The legal basis for processing personal data for the stated purposes is the legitimate interest of the Company, unless there are stronger interests or fundamental rights and freedoms that require data protection.
Internal purposes
The Company uses certain data of users and/or customers exclusively for its own records, for the purpose of protecting the legitimate interests of users and/or customers and/or the Company. For example, this includes the use of personal data for the purpose of creating offers that meet the needs and desires of users and/or customers, market research and analysis.
Data on potential users
The Company is also authorized to collect data on potential users and/or customers of its services and/or products. This data includes basic information (name and surname, email address) as well as the interests of potential users and/or customers who contact the Company with the desire to be informed and/or to be offered certain products and services.
The legal basis for collection in the described case is the consent of the user and/or customer.
Duration of retention and processing of personal data
Depending on the purpose and legal basis on which the personal data of users and/or customers is collected, the Company is in certain cases obliged to retain personal data for a duration (period) prescribed by applicable regulations for each specific purpose or until the purpose for which they were collected ceases. Upon the expiration of the legal period that obliges the Company to retain certain personal data or upon the cessation of the purpose, the data is deleted.
In cases where the basis for collecting and processing data is solely the legitimate interest of the Company and/or the consent of the user and/or customer, personal data is retained for the following time periods:
a) data on existing users and/or customers: for the duration of the contractual relationship and 6 months after its termination;
b) data about potential users and/or customers: 3 months.
Data processed based on the legitimate interest of the Company and/or the consent of the users and/or customers may be deleted even before the expiration of the period specified in this Policy, in the event that such deletion is requested by the user and/or customer or when the user and/or customer opposes such processing.
Rights of users/customers
Right to access personal data
The Company, as the data controller, is obliged, based on the submitted written request of the user and/or customer, which request may also be in the form of electronic mail, to provide access to the personal data it processes about them, inform them about the purpose of processing personal data for which it is processed, about the type of personal data being processed, about the recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, about the expected duration of processing or about the criteria used to determine that duration.
Right to rectify inaccurate data
The Company, as the data controller, will enable the correction of inaccurate personal data in each individual case when it is determined that the collected personal data about the user and/or customer is not accurate or there has been a change in the data of the user and/or customer.
Right to deletion of personal data
The Company will delete the personal data of the user and/or customer in the following cases:
a) when the personal data of the user and/or customer is no longer necessary for the purpose of processing, that is, upon the cessation of the purpose of processing;
b) when the user and/or customer withdraws consent as the legal basis for data processing, and there is no other legal basis for data processing;
c) when the user and/or customer lodges a complaint regarding the processing of data (see more under the title Right to lodge a complaint)
d) when personal data has been processed unlawfully;
e) when personal data must be deleted to fulfill legal obligations under the law of the European Union or the law of the member state to which the data controller is subject;
f) when personal data has been collected in relation to the offer of information society services concerning the consent of the child.
Right to restrict data processing
The Company will ensure the limitation of processing personal data in cases where the user and/or customer disputes the accuracy of the data, when the processing is unlawful and the user and/or customer opposes the deletion of the data and instead requests the limitation of their use, when the data controller no longer needs personal data for processing purposes but the user and/or customer requests the data for the establishment of legal claims, as well as in cases where the user and/or customer lodges a complaint regarding the processing of personal data based on the legitimate interest of the Company, including profiling of users and/or customers.
Right to data portability
The transfer of personal data to another data controller will be carried out by the Company at the request of the service user, provided that the user has given their consent for such transfer, and the processing is carried out automatically, as well as provided that such transfer is technically feasible.
Right to lodge a complaint
The user and/or customer has the right to lodge an objection to the processing of personal data concerning them if the data is processed for the purposes of the legitimate interests of the data controller. In that case, the Company, as the data controller, will cease processing the personal data unless it demonstrates that there are compelling legitimate grounds for the processing of personal data in relation to the rights of the user and/or customer, or in cases where the processing of data is necessary for the establishment, exercise, or defense of legal claims.
If the personal data of the user and/or customer is processed for the purposes of direct marketing, the user has the right to object to the processing for direct marketing purposes at any time, especially if the personal data is used for profiling.
Where personal data is processed
The Company processes the personal data of users and/or customers in the Republic of Croatia.
Under what conditions personal data is forwarded to third parties
The Company forwards the personal data of users and/or customers to third parties only in the following cases:
a) if it is necessary to forward the data for the purpose of fulfilling the obligations of the Company under the contract concluded with the user and/or customer;
b) if there is a legal obligation of the Company based on which it is required to forward certain data to third parties;
c) if there is consent from the user and/or customer.
Managing consents
The active role of the user and/or customer in privacy protection is reflected in giving consent as a voluntary, specifically informed, and unambiguous expression of the individual's (respondent's) wishes, whereby they give consent for the processing of personal data through a statement or clear affirmative action. Managing consents implies the possibility for the user and/or customer to authorize the Company to collect and process certain personal data for one or more purposes (respondent's consent), or to withdraw previously given consent for the collection and processing of personal data for one or more purposes in the same manner.
Whom to contact
In case of any questions regarding the protection of personal data by the Company, users and/or customers can contact the data protection officer via email at the address provided in this Privacy Policy or in writing at the following address:
LB Automotive d.o.o.
n/r Data Protection Officer
Šetalište 150. brigade 6
10 090 Zagreb
Amendments and supplements to the Privacy Policy
The company reserves the right to amend and supplement this Policy at any time and to inform service users of the changes.
In Zagreb, May 2019.
LB Automotive d.o.o.