Privacy policy

The company Externalis Savjetovanje d.o.o., located at Zagrebačka Street 43, 10410 Velika Gorica, OIB: 93106501633 (hereinafter referred to as “the Company”), in accordance with the provisions of Article 7 of the Personal Data Protection Act (Narodne novine, No. 106/12 – consolidated text) and the provisions of Article 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), informs all users about the processing of personal data.

Privacy Statement

Effective from: September 2022.

This Privacy Statement applies to the Company and all of its websites and other applications. This Privacy Statement describes how we collect and use information, which may include personal data that you provide on our websites, including but not limited to www.externalis-savjetovanje.hr, or any other websites or applications accessible via the internet that are within the subdomain of externalis-savjetovanje.hr through the use of a web browser, data transmission, or email communication from or to the domain externalis-savjetovanje.hr. It also describes the choices available to you regarding our use of your personal data and how you can access and update this information.

This Privacy Statement is considered an appendix to the Company’s General Terms and Conditions.

This Privacy Statement is published on the website www.externalis-savjetovanje.hr and applies to all users of the Company’s services concerning privacy, especially in relation to the Personal Data Protection Act of the Republic of Croatia and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Data Collection

The types of personal data we collect include:

Your name, surname, email address, telephone number, and home address, Personal identification number, Identification number of an ID card or passport.

You can always choose which personal data (if any) you want to provide to us. However, if you decide not to provide certain details, it may affect some of your transactions with us or result in the denial of services.

Data We Collect Automatically:

When you use our website, we also collect information automatically, some of which may be personal data. This includes data such as language preferences, IP address, location, device settings, device operating system, login information, usage time, requested URL, status report, user agent (browser version information), operating system, browsing history, user interface of external services like social media (if you consent to it and explicitly allow it), and the type of data viewed. We may also collect data automatically through cookies.

Purposes of Data Processing

Vaše podatke koristimo u sljedeće svrhe:

We use your data for the following purposes:

  1. User Reviews:
    We may use your data to send you an email invitation to write user reviews after we have provided you with a service. This can help other users choose the service that best suits them. If you submit a user review, it may be published on our website.

  2. Marketing Activities:
    We also use your data for marketing purposes to the extent permitted by law. When we use your personal data for direct marketing purposes (e.g., newsletters and marketing notifications about new products and services or other offers we believe may interest you), we include an opt-out link if you do not wish to continue receiving them.

  3. Other Communications:
    Depending on the data you have provided to us, we may contact you via email, mail, phone, or SMS for various reasons.

    • We may respond to and address your requests as needed.
    • When you use our services, we may send you a survey or invite you to write a review about your experience with our website or the provided service. We believe this additional service is beneficial to both you and us because based on your feedback, we can improve our website or the quality of the services provided.
  4. Analysis, Improvement, and Research:
    We use personal data for research and analysis purposes. We may engage third parties to conduct these activities on our behalf. We may share or disclose the results of such research (including third parties) in an anonymous, aggregated form. We use your personal data for analytical purposes to improve our services, enhance user experience, and improve the functionality and quality of our online services.

  5. Security, Fraud Detection, and Prevention:
    We use information that may include personal data to prevent fraud and other illegal or unauthorized activities. We also use this information for investigation and fraud detection. We may use personal data for risk assessment and security purposes, including user identification. Personal data may be shared with third parties such as law enforcement agencies, all in accordance with applicable laws and external advisors.

  6. Legal Purposes and Compliance:
    If we use automated means for processing personal data that result in legal effects or significantly affect you, we will take reasonable measures to protect your rights and freedoms, including the right to human intervention.

    We will never process personal data in automated decision-making that would put you in a disadvantaged position compared to other private individuals.

    In certain cases, the information you provide to us, which may include personal data, is necessary for resolving legal disputes or complaints, regulatory investigations, and compliance purposes, as well as for enforcing agreement(s) or complying with legal requirements of law enforcement agencies if legally mandated.

Legal Bases

With respect to purposes 1 – 6, we rely on legitimate interests: We use your data for our legitimate purposes, such as providing the most suitable content for the website, emails, and newsletters, improving and promoting our products and services, and the content on our website, administrative purposes, fraud detection, and legal purposes. When using personal data for our legitimate purposes, we will always prioritize your rights and interests over our rights and interests to protect your data.

With regard to purpose 6, we also rely, as applicable, on our obligation to comply with applicable laws.

If required by applicable law, we will seek your consent before processing your personal data for direct marketing purposes.

If required by applicable law, we will seek your consent. You can withdraw your consent at any time by contacting us at any of the addresses provided at the end of this Privacy Statement.

If you wish to object to the data processing outlined in purposes 1 – 4, and there is no direct opt-out mechanism available to you (e.g., in your user account settings) to the extent applicable, please contact nikola.smolcic@externalis-savjetovanje.hr.

Data Sharing

This may include personal data such as your name, contact details, and any preferences or service requests you have provided when contacting us.

We share your data with our partners, including marketing professionals, EU fund consultants, business, financial, and tax advisors, and other subcontractors necessary for service delivery. We do not sell or rent your data.

Competent Authorities

We disclose personal data to law enforcement agencies and other government authorities when required by law or strictly necessary for the prevention, detection, or prosecution of criminal activities and fraud.

International Data Transfers

The transfer of personal data described in this Privacy Statement may involve the international transfer of personal data to countries whose data protection laws are not as comprehensive as those of countries within the European Union. When European law requires it, we will only send personal data to recipients who provide an adequate level of data protection. In these situations, we enter into contracts to ensure that your personal data continues to be protected in accordance with European standards. You may request access to these contract terms using the contact information provided below.

Security

All of our business and internet applications and partners implement reasonable measures to prevent unauthorized access and misuse of information, including personal data. We use appropriate business systems and procedures to protect and safeguard information and personal data. We also employ security procedures as well as technical and physical access and usage restrictions for personal data on our servers. Access to personal data is restricted solely to authorized personnel for business purposes.

Data Retention

We will retain your data, which may include personal data, if we deem it necessary to provide you with a service, comply with applicable laws, resolve disputes with any party, and ensure regular business operations and detect and prevent fraud or other illegal activities.

All personal data we retain will be processed in accordance with this Privacy Statement. If you have questions about the specific retention periods for certain types of personal data about you that we process, please contact us using the contact information provided below.

We retain all emails permanently or for a minimum of 11 years because they may contain information related to the provision of services that could be relevant for taxation and must be presented to tax authorities in the Republic of Croatia. Email is the official form of communication, and any request for correction, deletion, or modification of data in emails that could pose undeniable tax risks will be automatically rejected.

Your Options and Rights

We want you to have control over how we use your personal data. You can do so in the following ways:

  • You can request a copy of the personal data we hold about you.
  • You can inform us of changes to your personal data or request that we correct the personal data we hold about you.
  • In certain situations, you can request that we delete, block, or restrict the processing of the personal data we hold about you, or file a complaint about how we use your personal data.
  • In certain situations, you can also request that we transmit the personal data you have provided to us to a third party.

If we use your personal data based on your consent, you have the right to withdraw that consent at any time in accordance with applicable law. Furthermore, if we process your personal data based on a legitimate or public interest, you have the right to file a complaint at any time about the use of your personal data in accordance with applicable law.

We trust you to ensure that your personal data is complete, accurate, and up to date. Please inform us immediately of any changes or inaccuracies in your personal data by contacting us at nikola.smolcic@externalis-savjetovanje.hr. We will process your request in accordance with applicable laws.

Questions or Complaints

If you have questions or complaints about our processing of your personal data or wish to exercise any of the rights you have under this notice, please feel free to contact us at nikola.smolcic@externalis-savjetovanje.hr. In case of questions or complaints, you can also contact the local data protection authority.

Changes to the Notice

Since our business is constantly changing, this Privacy Statement may occasionally change as well. If you would like to review the changes that are occasionally made to this Privacy Statement, we recommend that you open the Privacy Statement and review the changes. If we make significant changes or changes that will impact you (e.g., we begin processing your personal data for purposes not previously disclosed), we will contact you before the implementation of such changes.