The privacy and security of your personal data is important to us.
We try to protect your personal data as best as possible when collecting and processing it during your visit to our website.
This Privacy Statement has been created to refer you to how personal data is collected and processed on this website, and about the rights to you in this regard.
In the treatment of personal data TTO Thermotechnik d.o.o. comply with the General Data Protection Regulation – GDPR, full name — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter: GDPR). Detailed information about the Regulation and your rights can be found here.
For more information about your rights, visit the Personal Data Protection Agency’s website http://azop.hr/
For a better understanding of the text, below we provide definitions of the basic terms that appear in this Statement.
Personal data are all information relating to an individual whose identity has been or can be identified; an identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, personal identification number, location information, and the like.
Data processing is any process or set of procedures performed on personal data or on sets of personal data, whether by automated or non-automated means such as the collection, recording, organisation, structuring, storage, adaptation or modification, examination, performance of insight, use, disclosure by transmission, dissemination or otherwise making available, harmonising or combining, limiting, deleting or destroying.
The controller is a natural or legal person, public authority, agency or other body which determines, only or together with others, the purposes and means of processing personal data; where the purposes and means of such processing are laid down in Union or Member State law, the controller or specific criteria for his designation may be provided for by Union or Member State law.
The processor is a natural or legal person, public authority, agency or other body processing personal data on behalf of the controller.
Controller and Data Protection Officer
Controller of your personal data:
TTO Thermotechnik d.o.o.
51218 Dražice (Municipality of Jelenje)
Information on the competent supervisory authority:
Personal Data Protection Agency
Selska cesta 136
10000 Zagreb – Croatia
TTO Thermotechnik d.o.o. collects and processes different categories of data within its activities, limited to what is necessary in relation to the purpose for which it is processed.
Examples of data collected:
- basic identification information such as first and last name, personal identification number, telephone number and e-mail address, etc.,
- personal data necessary to fulfil the contract,
- personal data to which we are collected by law and other regulations,
- other data whose collection is necessary to fulfil the justified purpose for which it is collected and which you personally provide to us.
This information is collected primarily by providing us with this information yourself, for example when applying for job contests, or by submitting queries through our website.
Data can also be collected from public sources such as the trade register or the register of craftsmen, as well as by public services such as tax administration, courts or notaries, and third parties with whom we have entered into specific contracts to provide specific services, such as a portal for the publication of vacancies, etc.
TTO Thermotechnik d.o.o. processes the collected data solely to the extent necessary to fulfil the purpose for which the data was collected, including:
- Processing for the purpose of concluding employment contracts – in addition to basic identification data, we are obliged to collect personal data on whose collection we are bound by legal and other regulations, such as medical capacity, etc., personal data from which it is possible to determine acquired capabilities, such as data on earlier employment, etc., as well as other personal data depending on established needs;
- Processing for the purpose of concluding a business relationship – in the event that we enter into a business cooperation agreement with you, we must process your personal data such as information about the company/craft, the responsible person, the contact person, etc., whereby the scope of the processing of the data may depend on the terms of the contract concluded;
- Processing for the purpose of fulfilling legal obligations – in certain cases we are obliged to process your personal data under the law, for example at the request of the competent tax administration, other administrative body or court, etc.;
- Processing on the basis of a declaration of consent – if you are not our employee or business associate, nor is there a legal or other obligation to process personal data, the processing of data may be legal even when you give us your consent. The scope and content of this data processing is always determined by a specific declaration of consent that you have approved and which you may revoke at any time.
Withdrawal of consent shall have no effect on the lawfulness of the data processing until the time of withdrawal of consent.
Share data with third parties
Your personal data may be transferred to:
- third parties with which we have concluded a contract to carry out certain activities that require the sharing of personal data in order to fulfil the purpose of the contract. Third parties are contractually obliged to maintain the confidentiality of your personal data and process it only for the provision of relevant services. Examples of such third parties are IT service providers providing electronic record-keeping services for workers and/or business associates on protected servers, agency for mediation in the recruitment of workers, etc.
- public agencies and institutions in those cases where we are legally obliged to forward data. Examples of such third parties are tax administration, courts, etc.
- other third parties where necessary to fulfil the contract or under the legislation, and in cases of your consent to their transmission.
We will not transfer or store your data to countries outside the European Union.
Protect your data
In order to protect the personal data you send through this website, we use physical, technical and organizational security measures. We are constantly upgrading and testing our security technology. This includes the use of modern security programs and limited access to your personal data only to those employees who need to know this information in order to provide you with the products and services for which this information was collected. In addition, we regularly educate our employees about the importance of confidentiality of data and to safeguarding your privacy and protecting your data.
Storage and retention period
All data are stored in the database of the controller and third parties in the territory of the European Union with which the controller has concluded specific contracts for the storage and retention of data.
Your personal data is stored in any case for as long as necessary to fulfil the relevant purposes. The law also stipulates how long we have to keep the data, especially in the cases of our current and former employees. These data retention obligations may also apply when you are no longer our client or interested party.
Rights of individuals
The Regulation gives each individual the following rights as regards the protection of personal data:
- the data subject’s right to access (Article 15 of the Regulation) – you have the right to obtain from the controller confirmation whether the data relating to you are being processed, and if such data are processed, access to personal data and the following information:
- the purpose of the processing;
- categories of personal data concerned;
- recipients or categories of recipients to whom personal data have been disclosed or will be disclosed to them, in particular to recipients in third countries or international organisations;
- where possible, the en estimated period for which the personal data will be stored or, where this is not possible, the criteria used to determine that period;
- the existence of the right to require the controller to rectify or erase personal data or restrict the processing of personal data relating to the data subject or the right to object to such processing;
- the right to lodge a complaint with the supervisory authority;
- where personal data are not collected from the data subject, any available information on their source;
- the existence of automated decision-making, including the profiling of Articles 22(1) and 4 of the Regulation and, at least in those cases, meaningful information on the logic of the logic, as well as the importance and envisaged consequences of such processing for the data subject;
- right to rectification (Article 16 of the Regulation) – you have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to supplement incomplete personal data, including by making an additional statement;
- right to erasure (‘right to be forgotten’ – Article 17 of the Regulation) – you have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller has an obligation to delete personal data without undue delay if one of the following conditions is met:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you have withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the Regulation and where there is no other legal basis for processing;
- You have objected to the processing in accordance with Article 21(1) of the Regulation and there are no stronger legitimate grounds for processing, or have objected to the processing in accordance with Article 21(2) of the Regulation;
- personal data have been unlawfully processed;
- personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject;
- personal data have been collected in connection with the offer of information society services referred to in Article 8(1) of the Regulation;
- right to restriction of processing (Article 18 of the Regulation) – you have the right to obtain a restriction from the controller if one of the following is fulfilled:
- challenge the accuracy of the personal data, for a period allowing the controller to verify the accuracy of the personal data;
- processing is illegal and you oppose the deletion of personal data and instead seeks restriction of their use;
- the controller no longer needs personal data for processing purposes, but you are asking for it to set up, pursue or defend legal claims;
- You objected to the processing under Article 21(1) of the Regulation, expecting confirmation that the legitimate reasons of the controller go beyond the reasons of the data subject;
- right to data portability (Article 20 of the Regulation) – you have the right to receive personal data relating to you that you have provided to the controller in a structured, commonly used and machine-readable format, and you have the right to transfer that information to another controller without interference by the controller to whom the personal data are provided, if:
- the processing shall be based on the consent pursuant to Article 6(1)(a) or Article 9(2)(a) of the Regulation or on a contract in accordance with Article 6(1)(b) of the Regulation;
- processing shall be carried out by automated means;
- right to object (Article 21 of the Regulation) – you have the right, on the basis of your specific situation, to object at any time to the processing of personal data relating to you, in accordance with Article 6(1)(e) or (f) of the Regulation, including profiling based on those provisions. The controller may no longer process personal data unless the controller demonstrates that there are compelling legitimate grounds for processing that go beyond the interests, rights and freedoms of the data subject or to place, pursue or defend legal claims.
No matter what right you wish to exercise, you can send us an e-mail request (with a copy of your ID card) to the email address firstname.lastname@example.org
A copy of your ID card is necessary for us to verify your identity to ensure that your information does not fall into the wrong hands and that the other person cannot delete the information against your will. In case of doubt, we reserve the right to request additional information about your identity.
Your request will be processed within 7 days from the date of receipt of the request. This period may be extended by an additional 7 days in the case of particularly complex requests or the simultaneous receipt of a number of requests. In the event that your request is not resolved within 7 days from the date of receipt, we will inform you of the possibility of renewal of the application and the reasons for the renewal within 7 days of receipt of your request.
The response to your request will be forwarded via e-mail to your address.
All applications are processed free of charge, except where they are submitted for reasons which are manifestly unjustified or excessive, in which case we will seek reasonable compensation to cover the administrative costs for the application, refusal or implementation of the requested measure.
If you do not receive a response to your request within the specified period, or you believe that your data protection rights have been violated or otherwise damaged, you may lodge a complaint with the competent supervisory authority:
Personal Data Protection Agency
Selska cesta 136
10000 Zagreb – Croatia
Period of validity of the Privacy Statement
This Privacy Statement was last changed on July,17th 2020 and is valid till an new amendment.