Applicon d.o.o., Ivice Sudnika 7, Samobor 10430
We appreciate your privacy and attach particular importance to the protection of your personal data.
Therefore, we want to explain to you in this document how we treat the personal data we are processing.
We collect and process your data exclusively for the purpose of quality provision of our services, in a lawful, fair, and transparent manner. We process only those data which are necessary for the provision of a particular service, taking into account their proper protection.
Such personal data primarily relate to people with whom Applicon d.o.o. has a business relationship or a legitimate interest in contacting them (clients, suppliers, business contacts, employees, etc.).
When the need to process your personal data ceases, we erase all personal data or use appropriate technical solutions to anonymize them for exclusive use for statistical purposes.
When processing personal data, we shall follow the principles and rules established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
When processing personal data, we take into account the obligation of professional secrecy in the manner governed by the law of the European Union or the Republic of Croatia.
Personal data are processed:
• legally, fair and transparent;
• for specific, precisely defined and legitimate purposes;
• using only accurate, up-to-date, appropriate and relevant data limited to the purpose for which they are processed;
• only for as long as necessary to achieve the purpose of processing; and
• protecting them against any unauthorised or unlawful processing and against accidental loss, destruction, or damage.
Personal data under 16 years of age are processed only on the basis of parental or custodial consent and only to the extent to which consent is given.
Confidentiality and security
We approach all personal data with confidentiality, taking into account the appropriate level of security and protection. We do not collect, process or otherwise use personal data without authorization.
Applicon d.o.o. employees protect personal data as a business secret, even after the termination of their employment.
Applicon d.o.o. employees process only those data for which they are authorized, in the manner and within the limits of authorization, i.e. solely for the purpose for which the data were collected or for which they are processed.
In working with personal data, we conduct the “need-to-know” principle in order to ensure that only authorised employees have access to certain personal data for a specific period of time.
Before introducing new technologies that can be used for processing personal data, we approach a thorough analysis and adaptation of technical and organisational measures, in order to ensure the application of the highest standards for personal data protection.
Guidelines for employee behaviour
Only Applicon d.o.o. employees have access to personal data, and they need such access for the performance of their work, i.e. for the performance of their tasks. Personal data will not be distributed informally among employees, but any access must be requested from the person in charge of the specific work, i.e. the person who issued the order.
Applicon d.o.o. organizes education at least once a year or otherwise meets its employees with their obligations and regulations related to the protection of personal data and takes into account the application of good data protection practices in accordance with the recommendations of the personal Data Protection Agency and other data protection authorities in the European Union and Croatia.
Employees shall take appropriate organisational and technical protection measures to minimise the risk to personal data, in particular by:
• useing powerful passwords (machine password), which are known only to them and are not shared with third parties;
• regularly checking the updating and purpose of personal data. Where personal data are no longer necessary or are up to date and without the possibility of updating, the data gets deleted or gets anonymized;
• locking computers on which they work with personal data when they leave them unattended;
• taking into account that personal data they have access to are not leased or disclosed to unauthorized persons, whether or not they are Applicon d.o.o. employees; and
• seeking advice or assistance from the competent person, when they find themselves in doubt over any aspect of personal data protection.
Storage of data
We take into account the way data is stored, regardless of whether they are on paper, in digital or electronic or any other form.
Personal data contained on paper, regardless of whether it is a printout of data normally stored in digital or electronic form:
• when not used, they are kept in a closed drawer or a briefcase closet accessible exclusively to authorised persons;
• all employees are in charge of keeping such papers invisible, i.e. in a place where unauthorized persons could access personal data; and
• when no longer necessary, they are destroyed in a paper cutter or in another technically acceptable way and properly disposed of.
Personal data that are in digital or electronic form shall be protected against unauthorized access, accidental modification or deletion, or unauthorized intrusions into the system:
• using strong passwords (machine passwords), which are regularly changed and which are known only to authorised persons and are not shared with third parties;
• if personal data are on a portable medium (e.g. CD, DVD, USB stick, HDD portable …), such media shall be stored in a secure place accessible exclusively to authorised persons;
• only official media and servers are used for storage, i.e. in the selected cloud service, which applies appropriate organizational and technical protection methods;
• the servers where personal data are stored are in a secure location accessible exclusively to authorised persons;
• personal data will not be stored directly on mobile devices (e.g. tablet, smartphone …) unless this is necessary for the performance of the contract, i.e. for the fulfilment of the service agreed and only for the duration and extent to which it is contracted or necessary;
• employees do not store personal data on their own personal computers, that is, other own devices or media, which they use or can use for business purposes;
• All servers and computers containing personal data are protected by appropriate technical protection measures, such as encryption programs, firewall etc.
All personal data are processed in a lawful manner, in accordance with the conditions, principles and standards of the General Regulation on Data Protection and national legislation. Processing is primarily based on special consent, execution of contractual relationship or compliance with legal obligations.
We do not process specific categories of personal data, except for specific categories of personal data of employees, for which employees give explicit consent to be processed or processed in order to protect and exercise the rights and interests of employees in the field of labor law and social security and social protection law.
Applicon d.o.o. does not use automated processing of personal data, including the creation of profiles, to make a decision that produces or may produce legal effects against the respondent or similarly significantly affect the respondent and the exercise of his rights.
We take into account that we collect personal data primarily from the examinee to whom the aforementioned personal data relate. When collecting personal data, the data subject shall always be informed of the reasons and purpose of the processing of personal data and of the legal basis for such processing.
For each transfer of personal data, we use appropriate safeguards, corresponding to the categories of personal data and the risk arising from such categorization, taking into account the specificities of each transfer case.
Personal data may be transmitted digitally or electronically taking into account the application of appropriate safeguards, technical possibilities, categories of personal data and risk assessment. We take special measures to avoid unauthorized access to personal data.
We will never reveal your data to third parties without your explicit request and clearly, unambiguously and precisely specific consent.
Exceptionally, we can reveal your personal data to competent international, state and public bodies if necessary for the fulfilment of legal obligations, in order to protect your life interests or the life interests of other natural persons. Likewise, at the request of the court and for the purposes of the court proceedings (regardless of the stage of the proceedings), we may disclose your personal data to the extent and limits of the court order.
Such processing of personal data shall be governed by a written contract or other legal act in accordance with the law of the European Union or the law of the Republic of Croatia, by which the controller determines the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and the category of data subjects, and its obligations and rights.
In this case, Applicon d.o.o. processes personal data only according to explicit and clearly defined instructions, i.e. orders from the controller. As executors, Applicon d.o.o. does not process personal data, regardless of whether it can access them or not, unless explicitly requested by the controller, and only then in the manner and to the extent requested by the controller.
We apply the same principle in providing services such as maintenance or updating of websites, applications or other systems that may contain or contain personal data.
International transfer of personal data
We do not transfer personal data to third countries or international organisations (international transfer), except exceptionally, in statutory cases or on your express request with a clear, unambiguous and accurate consent.
Any transfer of personal data to a third country or an international organisation shall be based solely on:
• a list of countries and international organisations which ensure an adequate level of protection, in accordance with a publicly published decision of the European Commission;
• provided for by appropriate safeguards such as binding corporate rules, public authorities’ instruments, an approved code of conduct together with binding and enforceable obligations of controllers or processors in a third country relating to the consistent application of appropriate safeguards; and
• the existence of an adequate institutional legal protection of data subjects in a third country.
Any judgments of a court or decision of an administrative authority of a third country requiring the transfer or disclosure of personal data shall not bind or treat us unless they are based on an international agreement obliging the Republic of Croatia, such as a mutual legal assistance agreement.
Accuracy and updating of personal data
The accuracy and updating of personal data is of particular importance, both for the purpose of processing and for the purpose of exercising your rights and protecting personal data. We take appropriate technical and organizational measures to ensure the accuracy and updating of personal data, in accordance with the categories of personal data and their importance for the purpose of processing.
Applicon d.o.o. employees, in their daily work, take reasonable, proportionate and justified steps to ensure that personal data they process are accurate and up-to-date to the greatest possible extent.
In order to ensure the accuracy and updating of personal data, personal data will be located or stored in as few places as possible (i.e. only in those places where necessary), and employees will not create or use unnecessary copies, additional databases, sets or other means of grouping personal data.
Applicon d.o.o. in a simple and accessible way, using examples of good practice, enables the data subject whose personal data are processed to update his personal data.
If, during the processing or use of personal data, it is established that certain personal data are incorrect or out of date and cannot be updated or such an update would result in disproportionate efforts or costs, such data will be erased.
Retention and deletion of personal data
If we are unable to set a specific deadline, we will keep personal data permanently, that is, until the deletion, and access to it is reserved exclusively by an authorised person.
Twice a year we conduct the control and revision of personal data that we process, in order to ensure that all personal data whose purpose is realized, that is, which we no longer need, are erased or anonymised. This particularly refers to the data that we keep permanently, that is, until the deletion.
Control is carried out by an authorised employee, who is obliged to prepare a report and any recommendations, if he establishes the existence of personal data for which there is no longer any reason for retention.
Exceptionally, we can keep your personal data longer than indicated if it is necessary for the purpose of acting on a court order or an authorized body order, for the purpose of fulfilling legal obligations, in order to protect your life interests or the life interests of other people.
Exercise of data subjects’ rights
The data subject has the right to obtain confirmation whether his or her personal data are being processed or not. Where his or her personal data are processed, the data subject may request access to his or her personal data, indicating the purpose of the processing, the categories of personal data in question and any recipients to whom the personal data have been disclosed (or will be disclosed to them on the basis of a valid legal basis).
The data subject has the right to request the rectification or erasure of his personal data, or restriction of the processing of personal data.
When an application or other product that we have created uses software or a third party application (third-party) software:
• If registration or application is necessary for such software or third-party application to be used, then you should contact the manufacturer of such software or application for the exercise of your rights;
• If the use of such software or third-party application does not require registration or application, then you can contact us in order to help you exercise your rights.
The exercise of the data subject’s rights by Applicon d.o.o. does not affect the right of the data subject to contact the Agency for personal Data Protection or other supervisory authority
The application for the exercise of the right shall be submitted by e-mail address of the firstname.lastname@example.org. Applicon d.o.o. may also create a special electronic form on its web pages, as a standardized way of submitting the application for the exercise of the data subject’s rights, but this will not affect the possibility of sending the data subject’s request to the said e-mail address.
Such a request for the exercise of rights is received by an authorised employee of Applicon d.o.o. or other authorised person (e.g. contractual data protection officer). The authorised person shall take appropriate steps to unequivocally establish the identity of the applicant before providing any information relating to personal data.
Information relating to the exercise of rights shall be provided in electronic form, free of charge.
In the event of a request for a copy of such information or repeated requests relating to the substantially equal exercise of rights, that is, in the case of unfounded or excessive claims, Applicon d.o.o. will charge a fee in the amount of the actual costs of fulfilling such a request, which cannot be less than EUR 20, based on the actual administrative costs of fulfilling such a request.
At any time you can withdraw your consent in a simple and transparent manner and ask that we stop processing your personal data for marketing and promotion purposes.
In addition, you may request the deletion of your personal data without undue delay if: personal data are no longer necessary in relation to the purposes for which they were collected or have to be deleted in order to comply with the regulations of the European Union or the Republic of Croatia.
If you think that according to your personal data we are not treating you properly or you think that the processing of your data is contrary to the General Regulation on Data Protection and national legislation, you have the right to contact the Agency for personal Data Protection.
In Samobor, 9 March 2022.