Privacy Policy
Preliminary provisions
We value your privacy and attach particular importance to the protection of your personal data.
This is why we want to clarify with this document how we treat the personal data we process.
We collect and process your data exclusively for the purpose of quality provision of our services, in a legal, fair and transparent manner. We process only those data that are necessary to provide a particular service, taking care of their adequate protection.
Such personal data primarily refer to individuals with whom EX-ALTO d.o.o. has a business relationship or a justified interest in contacting them (clients, suppliers, business contacts, employees, etc.)When the need to process your personal data ceases, we delete all personal data or anonymize them by applying appropriate technical solutions for the sole use of statistical purposes.
We collect and process personal data in accordance with our values and principles, this privacy policy and valid European and Croatian regulations relating to the protection of personal data.
This privacy policy applies equally to personal data in digital or electronic form, as well as to personal data in printed (paper) form, regardless of whether it is a printout of a digital or electronic record.Terms used in this privacy policy that have a gender meaning refer equally to men and women.
Principles
When we process personal data, we are guided by the principles and rules established by Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95 /46/EC (General Data Protection Regulation). When processing personal data, we take care of the obligation to keep professional secrecy in the manner regulated by the law of the European Union and the Republic of Croatia.
We process personal data:legal, fair and transparent; for special, precisely defined and legal purposes; using only accurate, up-to-date, appropriate and relevant data that is limited to the purpose for which it is processed; only as long as necessary to achieve the purpose of the processing and protecting them from any unauthorized or illegal processing and from accidental loss, destruction or damage.We process personal data of children under the age of 16 only based on the consent of parents or guardians and only to the extent and scope in which consent was given.
Confidentiality and security
We treat all personal data with confidentiality, taking into account the appropriate level of security and protection. We do not collect, process or otherwise use personal data in any unauthorized way.
Employees of EX-ALTO d.o.o. protect personal data as a business secret, even after termination of the employment relationship.
Employees of EX-ALTO d.o.o. process only those data for which they are authorized, in the manner and within the limits of authorization, i.e. exclusively for the purpose for which the data was collected or for which it is being processed.
When processing personal data, we are guided by the "need-to-know" principle, in order to ensure that only authorized employees have access to certain personal data for a specific period of time.Before implementing new technologies that can be used to process personal data, we approach a thorough analysis and adapt technical and organizational measures to ensure the application of the highest standards of personal data protection.
Guidelines for the conduct of employees
The employees of EX-ALTO d.o.o., in their daily work, are guided by this privacy policy and valid regulations related to the protection of personal data.
Only employees of EX-ALTO d.o.o. have access to personal data, who need such access in order to perform their work, i.e. to perform their tasks. Personal data will not be shared informally among employees, but any access must be requested from the person in charge of the specific job, that is, the person who gave the order.
EX-ALTO d.o.o. at least once a year organizes training or in another appropriate way familiarizes its employees with their obligations and regulations related to the protection of personal data, and takes care of the application of good data protection practices in accordance with the recommendations of the Agency for the Protection of Personal Data and other authorities responsible for data protection in the European Union and Croatia.
Employees undertake appropriate organizational and technical protection measures in order to minimize the risk to personal data, in particular:use strong passwords, which are known only to them and are not shared with third parties; regularly check the up-to-dateness and purposefulness of personal data. If personal data are no longer needed or are not up-to-date and cannot be updated, such data is deleted or anonymized; lock the computers on which they work with personal data when they are left unattended; take particular care not to transfer or disclose personal data to which they have access to unauthorized persons, regardless of whether they are employees of EX-ALTO d.o.o. or not and seeking advice or help from a person in charge, when they are in doubt about any aspect of personal data protection.
Data storage
We take care of the way data is stored, regardless of whether it is on paper, in digital or electronic form or in some other form.
Personal data that is on paper, regardless of whether it is a printout of data that is normally stored in digital or electronic form: when not in use, they are kept in a closed drawer or filing cabinet that is accessible only to authorized persons; all employees are responsible not to leave such papers in a visible place, i.e. in a place where unauthorized persons could access personal data and when they are no longer needed, they are destroyed in a paper shredder or in another technically acceptable way, and properly disposed of.
Personal data that is in digital or electronic form is protected against unauthorized access, accidental modification or deletion, or unauthorized intrusions into the system:using strong passwords, which are changed regularly and are known only to authorized persons and are not shared with third parties; if personal data is on a portable medium (eg CD, DVD, USB stick, portable HDD...), such media are stored in a safe place that is only accessible to authorized persons; for storage, only official media and servers are used, that is, in the chosen cloud service, which applies appropriate organizational and technical protection methods; servers on which personal data are stored are located in a secure location that is accessible only to authorized persons; backup copies of data are made regularly, in order to ensure the completeness, truthfulness and accuracy of the data, and in accordance with this privacy policy and valid regulations related to the protection of personal data; personal data will not be stored directly on mobile devices (e.g. tablet, smartphone...) unless it is necessary for the performance of the contract, i.e. the fulfillment of the contracted service, and then only for the duration and scope in which it is contracted or necessary; employees do not store personal data on their own personal computers, or other own devices or media, which they use or can use for the purpose of performing work; all servers and computers that contain personal data are protected by appropriate technical protection measures, such as encryption programs, firewalls, etc.
Data processing
We process all personal data in a legal manner, in accordance with the conditions, principles and standards of the General Data Protection Regulation and national legislation. We base the processing primarily on special consents, the performance of a contractual relationship or compliance with legal obligations.
We do not process special categories of personal data, except when it comes to special categories of personal data of employees, for which employees give their express consent to be processed or are being processed in order to protect and realize the rights and interests of employees in the field of labor law and social security rights and social protection.
EX-ALTO d.o.o. does not use automated processing of personal data, including profiling, in order to make a decision that produces or may produce legal effects towards the data subject or similarly significantly affect the data subject and the realization of his rights.
We take care to collect personal data primarily from the respondents to whom the said personal data refer.
When collecting personal data, the subject is always informed about the reason and purpose of personal data processing, as well as the legal basis for such processing.
With each transfer of personal data, we use appropriate protective measures, which correspond to the categories of personal data and the risk arising from such categorization, taking care of the peculiarities of each individual case of transfer.
Personal data can be sent digitally, or electronically, keeping in mind the application of appropriate protection measures, technical capabilities, categories of personal data and risk assessment. We take special measures to prevent unauthorized access to personal data.We will never disclose your data to third parties, without your express request and clearly given, unambiguous and precisely defined consent. Exceptionally, we may disclose your personal data to competent international, state and public authorities if this is necessary for the fulfillment of legal obligations, for the protection of your life interests or the life interests of other natural persons. Likewise, at the request of the court and for the purposes of the court proceedings (regardless of the stage of the proceedings), we may disclose your personal data within the scope and limits of the court order.
When EX-ALTO d.o.o. acts as a processor on behalf of the controller, guarantees the implementation of appropriate technical and organizational measures in accordance with the General Data Protection Regulation and this privacy policy, taking care to protect the rights of the data subject. Such processing of personal data is regulated by a written contract or other legal act in accordance with the law of the European Union or the law of the Republic of Croatia, by which the data controller determines the subject and duration of the processing, the nature and purpose of the processing, the type of personal data and the category of respondents, as well as their obligations and rights.
EX-ALTO d.o.o. in that case, it processes personal data only according to explicit and clearly defined instructions, i.e. orders of the data controller. EX-ALTO d.o.o. in the capacity of executor, does not process personal data, regardless of whether it can access them or not, unless expressly requested by the controller, and even then only in the manner and to the extent requested by the controller.
We apply the same principle in providing services such as maintaining or updating websites, applications or other systems that may contain or contain personal data.
By using technical protection methods, such as encryption, and by observing and enforcing this privacy policy, we ensure that our employees do not access or otherwise come into contact with personal data that is not necessary for the provision of the contracted service.
International transfer of personal data
We do not transfer personal data to third countries or international organizations (international transfer), except exceptionally, in cases prescribed by law or upon your express request with clearly given, unambiguous and accurate consent.
Any transfer of personal data to a third country or international organization is based solely on: a list of countries and international organizations that ensure an adequate level of protection, in accordance with the publicly announced decision of the European Commission; provided by appropriate protective measures such as binding corporate rules, instruments of public authorities, approved code of conduct together with binding and enforceable obligations of the controller or processor in a third country related to the consistent application of appropriate protective measures and the existence of adequate institutional legal protection of the respondent in a third country.
Any court judgments or decisions of the administrative body of a third country that require the transfer or disclosure of personal data do not bind us, nor will we act on them, unless they are based on an international agreement that binds the Republic of Croatia, such as a mutual legal assistance agreement.
Accuracy and updating of personal data
The accuracy and up-to-dateness of personal data is of particular importance, both for the purpose of processing and for the realization of your rights and protection of personal data. We take appropriate technical and organizational measures to ensure the accuracy and up-to-dateness of personal data, in accordance with the categories of personal data and their significance for achieving the purpose of processing.
The employees of EX-ALTO d.o.o., in their daily work, take reasonable, proportionate and justified steps to ensure that the personal data they process is accurate and up-to-date to the greatest extent possible.In order to ensure the accuracy and up-to-dateness of personal data, personal data will be located or stored in as few places as possible (that is, only in those places where it is necessary), and employees will not create or use unnecessary copies, additional databases, sets or other ways of grouping personal data.EX-ALTO d.o.o. in a simple and accessible way, using examples of good practice, allows the respondent whose personal data is processed to update his personal data.If, during the processing or use of personal data, it is determined that certain personal data are incorrect or out of date, and it is not possible to update them, or such updating would result in disproportionate efforts or costs, such data will be deleted.
Retention and deletion of personal data
In accordance with the principles on which our privacy policy is based, we process your personal data only for as long as is necessary to achieve the purpose of processing, i.e. as required by law or subordinate regulations, and after we no longer need the personal data, we delete or anonymize it. If we are unable to determine the exact deadline, we retain personal data permanently, i.e. until they are deleted, and only an authorized person has access to them.
Twice a year, we control and audit the personal data we process, to ensure that all personal data whose purpose has been achieved, that is, that we no longer need, have been deleted or anonymized. This especially applies to data that we retain permanently, i.e. until deleted.
The control is carried out by an authorized employee, who is obliged to prepare a report and possible recommendations, if he determines the existence of personal data for which there is no longer any reason to retain. Exceptionally, we can keep your personal data longer than stated if it is necessary to act according to a court order or an order of an authorized authority, and for the purpose of fulfilling legal obligations, to protect your life interests or the life interests of other natural persons.
Realization of the rights of respondents
The rights of subjects whose personal data we process are extremely important for EX-ALTO d.o.o. The realization of the rights of subjects is of particular importance to us, therefore we approach every request for the exercise of rights with maximum seriousness, guided by the requirements of the General Data Protection Regulation and the principles on which this privacy policy is based.
The overview of your rights in this privacy policy has been simplified for comprehensibility and easier navigation. The General Regulation on Data Protection and national legislation regulate in detail the complex procedure for exercising rights; therefore, we suggest that you familiarize yourself with the regulations that provide a comprehensive description of your rights and how to realize them.
The respondent has the right to receive confirmation as to whether or not his personal data is being processed. If his personal data is processed, the subject can request access to his personal data, indicating the purpose of the processing, the categories of personal data in question and the possible recipients to whom the personal data has been disclosed (or will be disclosed to them on the basis of a valid legal basis).
The respondent has the right to request the correction or deletion of his personal data, or to limit the processing of personal data.
When an application or other product created by us uses third-party software:if it is necessary to register or register in order to be able to use such third-party software or application, then you should contact the manufacturer of such software or application to actualize your rightsif the use of such third-party software or applications does not require registration or login, then you can contact us to help you actualize your rights.
Realization of the rights of the respondents by EX-ALTO d.o.o. it does not affect the respondent's right to contact the Agency for the Protection of Personal Data, or another supervisory authority.
The request for the realization of the right is submitted via the electronic mail address (e-mail) ured@ex-alto.hr. EX-ALTO d.o.o. can also create a special electronic form on its website, as a standardized way of submitting a request to exercise the rights of the respondent, but this will not affect the possibility of sending the request of the respondent to the specified email address.
The request for the realization of the right sent in this way is received by the authorized employee of EX-ALTO d.o.o. or other authorized person (eg contractual data protection officer). The authorized person will take appropriate steps to establish beyond doubt the identity of the applicant before providing any information relating to personal data.Information related to the realization of rights is provided in electronic form, without charge.In the event of a request for a copy of such information or repeated requests related to substantive equal realization of rights, i.e. if it is a question of clearly unfounded or excessive requests, EX-ALTO d.o.o. will charge a fee in the amount of the actual costs of fulfilling such a request, which cannot be less than 20 euros, which is based on the actual administrative costs of fulfilling such a request.
At any time, you can withdraw your consent in a simple and transparent way and ask us to stop processing your personal data for marketing and advertising purposes.
In addition, you can request the deletion of your personal data without undue delay if: personal data are no longer necessary in relation to the purposes for which they were collected or must be deleted in order to comply with the regulations of the European Union or the Republic of Croatia.
If you think that we are not treating your personal data in an appropriate manner or you have the impression that the processing of your data conflicts with the General Data Protection Regulation and national legislation, you have the right to contact the Personal Data Protection Agency.
This privacy policy is updated as necessary and at least once a year, taking into account examples of good practice and news in the field of data protection.
We value your privacy and attach particular importance to the protection of your personal data.
This is why we want to clarify with this document how we treat the personal data we process.
We collect and process your data exclusively for the purpose of quality provision of our services, in a legal, fair and transparent manner. We process only those data that are necessary to provide a particular service, taking care of their adequate protection.
Such personal data primarily refer to individuals with whom EX-ALTO d.o.o. has a business relationship or a justified interest in contacting them (clients, suppliers, business contacts, employees, etc.)When the need to process your personal data ceases, we delete all personal data or anonymize them by applying appropriate technical solutions for the sole use of statistical purposes.
We collect and process personal data in accordance with our values and principles, this privacy policy and valid European and Croatian regulations relating to the protection of personal data.
This privacy policy applies equally to personal data in digital or electronic form, as well as to personal data in printed (paper) form, regardless of whether it is a printout of a digital or electronic record.Terms used in this privacy policy that have a gender meaning refer equally to men and women.
Principles
When we process personal data, we are guided by the principles and rules established by Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on the repeal of Directive 95 /46/EC (General Data Protection Regulation). When processing personal data, we take care of the obligation to keep professional secrecy in the manner regulated by the law of the European Union and the Republic of Croatia.
We process personal data:legal, fair and transparent; for special, precisely defined and legal purposes; using only accurate, up-to-date, appropriate and relevant data that is limited to the purpose for which it is processed; only as long as necessary to achieve the purpose of the processing and protecting them from any unauthorized or illegal processing and from accidental loss, destruction or damage.We process personal data of children under the age of 16 only based on the consent of parents or guardians and only to the extent and scope in which consent was given.
Confidentiality and security
We treat all personal data with confidentiality, taking into account the appropriate level of security and protection. We do not collect, process or otherwise use personal data in any unauthorized way.
Employees of EX-ALTO d.o.o. protect personal data as a business secret, even after termination of the employment relationship.
Employees of EX-ALTO d.o.o. process only those data for which they are authorized, in the manner and within the limits of authorization, i.e. exclusively for the purpose for which the data was collected or for which it is being processed.
When processing personal data, we are guided by the "need-to-know" principle, in order to ensure that only authorized employees have access to certain personal data for a specific period of time.Before implementing new technologies that can be used to process personal data, we approach a thorough analysis and adapt technical and organizational measures to ensure the application of the highest standards of personal data protection.
Guidelines for the conduct of employees
The employees of EX-ALTO d.o.o., in their daily work, are guided by this privacy policy and valid regulations related to the protection of personal data.
Only employees of EX-ALTO d.o.o. have access to personal data, who need such access in order to perform their work, i.e. to perform their tasks. Personal data will not be shared informally among employees, but any access must be requested from the person in charge of the specific job, that is, the person who gave the order.
EX-ALTO d.o.o. at least once a year organizes training or in another appropriate way familiarizes its employees with their obligations and regulations related to the protection of personal data, and takes care of the application of good data protection practices in accordance with the recommendations of the Agency for the Protection of Personal Data and other authorities responsible for data protection in the European Union and Croatia.
Employees undertake appropriate organizational and technical protection measures in order to minimize the risk to personal data, in particular:use strong passwords, which are known only to them and are not shared with third parties; regularly check the up-to-dateness and purposefulness of personal data. If personal data are no longer needed or are not up-to-date and cannot be updated, such data is deleted or anonymized; lock the computers on which they work with personal data when they are left unattended; take particular care not to transfer or disclose personal data to which they have access to unauthorized persons, regardless of whether they are employees of EX-ALTO d.o.o. or not and seeking advice or help from a person in charge, when they are in doubt about any aspect of personal data protection.
Data storage
We take care of the way data is stored, regardless of whether it is on paper, in digital or electronic form or in some other form.
Personal data that is on paper, regardless of whether it is a printout of data that is normally stored in digital or electronic form: when not in use, they are kept in a closed drawer or filing cabinet that is accessible only to authorized persons; all employees are responsible not to leave such papers in a visible place, i.e. in a place where unauthorized persons could access personal data and when they are no longer needed, they are destroyed in a paper shredder or in another technically acceptable way, and properly disposed of.
Personal data that is in digital or electronic form is protected against unauthorized access, accidental modification or deletion, or unauthorized intrusions into the system:using strong passwords, which are changed regularly and are known only to authorized persons and are not shared with third parties; if personal data is on a portable medium (eg CD, DVD, USB stick, portable HDD...), such media are stored in a safe place that is only accessible to authorized persons; for storage, only official media and servers are used, that is, in the chosen cloud service, which applies appropriate organizational and technical protection methods; servers on which personal data are stored are located in a secure location that is accessible only to authorized persons; backup copies of data are made regularly, in order to ensure the completeness, truthfulness and accuracy of the data, and in accordance with this privacy policy and valid regulations related to the protection of personal data; personal data will not be stored directly on mobile devices (e.g. tablet, smartphone...) unless it is necessary for the performance of the contract, i.e. the fulfillment of the contracted service, and then only for the duration and scope in which it is contracted or necessary; employees do not store personal data on their own personal computers, or other own devices or media, which they use or can use for the purpose of performing work; all servers and computers that contain personal data are protected by appropriate technical protection measures, such as encryption programs, firewalls, etc.
Data processing
We process all personal data in a legal manner, in accordance with the conditions, principles and standards of the General Data Protection Regulation and national legislation. We base the processing primarily on special consents, the performance of a contractual relationship or compliance with legal obligations.
We do not process special categories of personal data, except when it comes to special categories of personal data of employees, for which employees give their express consent to be processed or are being processed in order to protect and realize the rights and interests of employees in the field of labor law and social security rights and social protection.
EX-ALTO d.o.o. does not use automated processing of personal data, including profiling, in order to make a decision that produces or may produce legal effects towards the data subject or similarly significantly affect the data subject and the realization of his rights.
We take care to collect personal data primarily from the respondents to whom the said personal data refer.
When collecting personal data, the subject is always informed about the reason and purpose of personal data processing, as well as the legal basis for such processing.
With each transfer of personal data, we use appropriate protective measures, which correspond to the categories of personal data and the risk arising from such categorization, taking care of the peculiarities of each individual case of transfer.
Personal data can be sent digitally, or electronically, keeping in mind the application of appropriate protection measures, technical capabilities, categories of personal data and risk assessment. We take special measures to prevent unauthorized access to personal data.We will never disclose your data to third parties, without your express request and clearly given, unambiguous and precisely defined consent. Exceptionally, we may disclose your personal data to competent international, state and public authorities if this is necessary for the fulfillment of legal obligations, for the protection of your life interests or the life interests of other natural persons. Likewise, at the request of the court and for the purposes of the court proceedings (regardless of the stage of the proceedings), we may disclose your personal data within the scope and limits of the court order.
When EX-ALTO d.o.o. acts as a processor on behalf of the controller, guarantees the implementation of appropriate technical and organizational measures in accordance with the General Data Protection Regulation and this privacy policy, taking care to protect the rights of the data subject. Such processing of personal data is regulated by a written contract or other legal act in accordance with the law of the European Union or the law of the Republic of Croatia, by which the data controller determines the subject and duration of the processing, the nature and purpose of the processing, the type of personal data and the category of respondents, as well as their obligations and rights.
EX-ALTO d.o.o. in that case, it processes personal data only according to explicit and clearly defined instructions, i.e. orders of the data controller. EX-ALTO d.o.o. in the capacity of executor, does not process personal data, regardless of whether it can access them or not, unless expressly requested by the controller, and even then only in the manner and to the extent requested by the controller.
We apply the same principle in providing services such as maintaining or updating websites, applications or other systems that may contain or contain personal data.
By using technical protection methods, such as encryption, and by observing and enforcing this privacy policy, we ensure that our employees do not access or otherwise come into contact with personal data that is not necessary for the provision of the contracted service.
International transfer of personal data
We do not transfer personal data to third countries or international organizations (international transfer), except exceptionally, in cases prescribed by law or upon your express request with clearly given, unambiguous and accurate consent.
Any transfer of personal data to a third country or international organization is based solely on: a list of countries and international organizations that ensure an adequate level of protection, in accordance with the publicly announced decision of the European Commission; provided by appropriate protective measures such as binding corporate rules, instruments of public authorities, approved code of conduct together with binding and enforceable obligations of the controller or processor in a third country related to the consistent application of appropriate protective measures and the existence of adequate institutional legal protection of the respondent in a third country.
Any court judgments or decisions of the administrative body of a third country that require the transfer or disclosure of personal data do not bind us, nor will we act on them, unless they are based on an international agreement that binds the Republic of Croatia, such as a mutual legal assistance agreement.
Accuracy and updating of personal data
The accuracy and up-to-dateness of personal data is of particular importance, both for the purpose of processing and for the realization of your rights and protection of personal data. We take appropriate technical and organizational measures to ensure the accuracy and up-to-dateness of personal data, in accordance with the categories of personal data and their significance for achieving the purpose of processing.
The employees of EX-ALTO d.o.o., in their daily work, take reasonable, proportionate and justified steps to ensure that the personal data they process is accurate and up-to-date to the greatest extent possible.In order to ensure the accuracy and up-to-dateness of personal data, personal data will be located or stored in as few places as possible (that is, only in those places where it is necessary), and employees will not create or use unnecessary copies, additional databases, sets or other ways of grouping personal data.EX-ALTO d.o.o. in a simple and accessible way, using examples of good practice, allows the respondent whose personal data is processed to update his personal data.If, during the processing or use of personal data, it is determined that certain personal data are incorrect or out of date, and it is not possible to update them, or such updating would result in disproportionate efforts or costs, such data will be deleted.
Retention and deletion of personal data
In accordance with the principles on which our privacy policy is based, we process your personal data only for as long as is necessary to achieve the purpose of processing, i.e. as required by law or subordinate regulations, and after we no longer need the personal data, we delete or anonymize it. If we are unable to determine the exact deadline, we retain personal data permanently, i.e. until they are deleted, and only an authorized person has access to them.
Twice a year, we control and audit the personal data we process, to ensure that all personal data whose purpose has been achieved, that is, that we no longer need, have been deleted or anonymized. This especially applies to data that we retain permanently, i.e. until deleted.
The control is carried out by an authorized employee, who is obliged to prepare a report and possible recommendations, if he determines the existence of personal data for which there is no longer any reason to retain. Exceptionally, we can keep your personal data longer than stated if it is necessary to act according to a court order or an order of an authorized authority, and for the purpose of fulfilling legal obligations, to protect your life interests or the life interests of other natural persons.
Realization of the rights of respondents
The rights of subjects whose personal data we process are extremely important for EX-ALTO d.o.o. The realization of the rights of subjects is of particular importance to us, therefore we approach every request for the exercise of rights with maximum seriousness, guided by the requirements of the General Data Protection Regulation and the principles on which this privacy policy is based.
The overview of your rights in this privacy policy has been simplified for comprehensibility and easier navigation. The General Regulation on Data Protection and national legislation regulate in detail the complex procedure for exercising rights; therefore, we suggest that you familiarize yourself with the regulations that provide a comprehensive description of your rights and how to realize them.
The respondent has the right to receive confirmation as to whether or not his personal data is being processed. If his personal data is processed, the subject can request access to his personal data, indicating the purpose of the processing, the categories of personal data in question and the possible recipients to whom the personal data has been disclosed (or will be disclosed to them on the basis of a valid legal basis).
The respondent has the right to request the correction or deletion of his personal data, or to limit the processing of personal data.
When an application or other product created by us uses third-party software:if it is necessary to register or register in order to be able to use such third-party software or application, then you should contact the manufacturer of such software or application to actualize your rightsif the use of such third-party software or applications does not require registration or login, then you can contact us to help you actualize your rights.
Realization of the rights of the respondents by EX-ALTO d.o.o. it does not affect the respondent's right to contact the Agency for the Protection of Personal Data, or another supervisory authority.
The request for the realization of the right is submitted via the electronic mail address (e-mail) ured@ex-alto.hr. EX-ALTO d.o.o. can also create a special electronic form on its website, as a standardized way of submitting a request to exercise the rights of the respondent, but this will not affect the possibility of sending the request of the respondent to the specified email address.
The request for the realization of the right sent in this way is received by the authorized employee of EX-ALTO d.o.o. or other authorized person (eg contractual data protection officer). The authorized person will take appropriate steps to establish beyond doubt the identity of the applicant before providing any information relating to personal data.Information related to the realization of rights is provided in electronic form, without charge.In the event of a request for a copy of such information or repeated requests related to substantive equal realization of rights, i.e. if it is a question of clearly unfounded or excessive requests, EX-ALTO d.o.o. will charge a fee in the amount of the actual costs of fulfilling such a request, which cannot be less than 20 euros, which is based on the actual administrative costs of fulfilling such a request.
At any time, you can withdraw your consent in a simple and transparent way and ask us to stop processing your personal data for marketing and advertising purposes.
In addition, you can request the deletion of your personal data without undue delay if: personal data are no longer necessary in relation to the purposes for which they were collected or must be deleted in order to comply with the regulations of the European Union or the Republic of Croatia.
If you think that we are not treating your personal data in an appropriate manner or you have the impression that the processing of your data conflicts with the General Data Protection Regulation and national legislation, you have the right to contact the Personal Data Protection Agency.
This privacy policy is updated as necessary and at least once a year, taking into account examples of good practice and news in the field of data protection.