Privacy Policy

Srimac
the Services
Ulica Pave Crvelina 8
22240 Tisno, Croatia
Tel. +385 95 392 66 33
Email: info@srimac.com
Web: www.srimac.com

This Privacy Policy describes and provides information on how Srimac Services (Obrt za usluge, hereinafter: Ou Srimac) processes your personal data as the data controller.

Ou Srimac is a business established on the basis of the Business Law (Official Gazette No. 143/13, 127/19 and 41/20) with the aim of providing interested persons with guided tourist tour services led by licensed tourist guides.

  1. Contact Details of the Data Protection Officer

Regarding questions about personal data protection, you can contact the personal Data Protection Officer by phone at +385 95 392 66 33, or email: info@srimac.com

  1. Purpose and Legal Bases for Personal Data Processing

2.1 We process your personal data that are necessary for the purpose of performing the activities and powers of the Ou Srimac in terms of Article 6(1)(e) of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as: General Data Protection Regulation or GDPR). These activities and powers are prescribed by the provisions of the General Data Protection Regulation and the Act on the Implementation of General Data Protection Regulation, namely:

  • responding to inquiries received;
  • taking action to check compliance with the General Data Protection Regulation;
  • handling complaints and grievances received.

2.2 We process your personal data in compliance with our legal obligations under Article 6(1)(c) of the General Data Protection Regulation for the purpose of:

  • responding to requests for exercising the right to access information;
  • employment with the Ou Srimac.

As part of the performance of legally prescribed activities in the field of Ou Srimac activities, personal data are collected via the eVisitor system. All information on data processing via eVisitor can be found at the following link: https://www.evisitor.hr/eVisitorWiki/Javno.Opci-uvjeti-koristenja.ashx#HB_Vrste_podataka_18

2.3 We process your personal data on the basis of a legitimate interest within the meaning of Article 6(1)(f) of the General Data Protection Regulation, for the purpose of:

  • participation in our training and lectures;
  • inclusion in the business partners database;
  • participation in fairs, study trips, and events organised by the Ou Srimac;
  • audio and video recording of sessions of Ou Srimac bodies for the purpose of organising and monitoring sessions.

 2.4 We process your personal data on the basis of consent within the meaning of Article 6(1)(a) of the General Data Protection Regulation, for the purpose of:

  • better functioning of all website features and enabling a better user experience.

The Ou Srimac may publish certain decisions within its scope (for example, contract award decisions, decisions on granting aid, etc.) on its website, and if such decisions contain personal data of natural persons, care shall be taken to publish only the necessary scope of personal data to achieve the purpose for which the data were given or collected.

The Ou Srimac may publish individual reports in which statistical data can be found but without the possibility of identifying the parties themselves.

 

  1. Processing of Personal Data through Audio and Video Recording of Sessions of Ou Srimac Bodies
    • purpose: organisation and monitoring of sessions
    • legal basis: legitimate interest of the Ou Srimac as the controller for the processing of personal data
    • recipients: video recordings can be submitted on request to the competent authorities (police, court) if necessary for the implementation of proceedings under special regulations
    • retention: we retain the data for a maximum of three months after the acceptance of the minutes from the session to which the audio and video recording refers or longer if they are exempt as evidence in court, administrative, arbitration or other proceedings.

 

  1. Use of Cookies

The Ou Srimac may collect and process anonymous data on access to its website and searches conducted by visitors. Such anonymous data is used for internal purposes to improve products and services, as well as to produce internal statistics.

For this purpose, the official website www.srimac.com and related subdomains use cookies – text files hosted on the user’s computer by an Internet server through which the Internet Service Provider (ISP) displays a web page, which collects information about your e-mail address, domain name, and the date and time of access to the pages. Cookies cannot be used to reveal your identity.

Cookies are created when the browser loads the visited network destination on the user’s device, which then sends the data to the browser and creates a text file (cookie). The browser retrieves and sends a cookie to the website server when the user returns to it.

Our website uses technical cookies (necessary cookies, cannot be turned off) that are necessary for the functioning of the website.

 

  1. Your Rights Regarding the Processing of Personal Data

The General Data Protection Regulation regulates the processing and protection of personal data, as well as, inter alia, the rights that the data subject may exercise.

Your rights under the General Data Protection Regulation are:

5.1 Right of Access to Personal Data

The data subject shall have the right to access their personal data that we process and they may request detailed information, in particular on the purpose of their processing, on the type or categories of personal data processed, including access to their personal data, on recipients or categories of recipients and on the envisaged period for which the personal data will be stored. Access to personal data may be restricted only in cases prescribed by EU law or our national law, or where such restriction respects the fundamental rights and freedoms of others.

 
5.2 Right to Have Personal Data Rectified

The data subject shall have the right to request the rectification or completion of their personal data if the collected data are not accurate, complete and up-to-date. To exercise this right, the data subject should send their request to us as the controller in writing, including by e-mail.

We note that in the request it is necessary to specify which data are not accurate, complete or up-to-date and in what sense the above should be corrected and submit the necessary documentation in support of their statements.

5.3 Right to Erasure

The data subject shall have the right to request the erasure of personal data concerning him or her where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject has withdrawn consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
  • the data subject has objected to the processing pursuant to Article 21(1) of the General Data Protection Regulation and there are no overriding legitimate grounds for the processing by the Ou Srimac;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

 

5.3.1 Exceptions to the exercise of this right are provided for in Article 17(3) of the General Data Protection Regulation

The above rights shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

 
5.4 Right to Restriction of Processing of Personal Data

The data subject shall have the right to obtain the restriction of processing where:

  • the accuracy of the personal data is contested by the data subject;
  • the processing is unlawful and the data subject opposes the erasure of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  • the data subject has objected to the processing of their personal data.

 
5.5 Right to Object

The data subject shall have the right to object to the processing of personal data concerning him or her unless the processing is necessary for the performance of a task carried out for reasons of public interest or unless we demonstrate compelling legitimate grounds for the processing.

5.6 Right to Lodge a Complaint

 If the data subject believes that his or her right guaranteed by the Act on the Implementation of General Data Protection Regulation (Official Gazette, No 42/2018) and the General Data Protection Regulation has been violated, he or she may submit a request to the Personal Data Protection Agency to establish the violation.

 

  1. Recipients of Personal Data

The Ou Srimac hereby explicitly declares that it shall not sell, share or otherwise disclose your personal data to third parties, except as provided and in the manner set forth in this Privacy Policy. The Ou Srimac reserves the right to occasionally provide your personal data for further processing to third parties hired to provide certain services on behalf of or for the account of the Ou Srimac or in connection with other business activities, solely and exclusively for the purpose that coincides with the original purpose of data collection for which you have given your consent, of which the Ou Srimac will take particular care.

In certain cases, access to your personal data may be provided to providers of ICT services in the capacity of data processors, providing IT solutions support services for the controller. We have entered into agreements with data processors in which the handling of personal data is prescribed in detail, rendering them unable to process your personal data without our order or pass it on to third parties.

Under certain circumstances, we are obliged to submit your data to the competent authorities (police, court) on the basis of a lawful request if this is necessary for the purpose of carrying out proceedings prescribed by law. The legal obligation may arise from national or EU law.

For example, when organising trade fairs, it is necessary to provide your personal information to other recipients to the extent necessary to achieve the specified purpose.

Your personal data will not be shared with third parties for direct marketing purposes.

  1. Security of the Processing of Personal Data

We collect and process personal data in a way that ensures adequate security and confidentiality in their processing and enables the effective application of data protection principles, reducing the amount of data, the scope of their processing, storage period and their availability.

We take all appropriate technical and organisational safeguards to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, and all employees of the controller are bound by secrecy or confidentiality of personal data by signing a confidentiality statement.

  1. Retention Period for Personal Data

We shall process your personal data until the purpose of the processing is met. After the cessation of the purpose for which they were collected, we shall no longer use your personal data, they shall remain in our storage system and we shall retain them as long as we are obliged to by legal regulations on the preservation of archival material.

Data collected on the basis of consent are stored in the controller’s system while consent is active. After the consent is withdrawn, the data are deleted from the system.

  1. Contact Information

If you have any questions regarding the processing of your personal data, you can contact us by e-mail or the following contact details:

E-mail: info@srimac.com, Tel. +385 95 392 66 33.

  1. Amendments to the Privacy Policy

We shall regularly update the Privacy Policy to ensure that it is accurate and up-to-date, and we reserve the right to change its content if we deem it necessary. You will be informed in a timely manner about any changes and amendments through our website in accordance with the principle of transparency.

By accessing our website and profiles managed by the Ou Srimac on social networks (Facebook, Instagram, etc.) and communication channels available to the general public, you agree to the collection and use of your personal data in accordance with this Privacy Policy.

COOKIE POLICY

ABOUT COOKIES AND SIMILAR TECHNOLOGIES

The Ou Srimac (referred to in this Notice as „we” or „us”) uses cookies and similar technologies („cookies”). Cookies are small data files that are downloaded to your device when you visit a website or mobile application. Cookies allow the website or mobile application to collect and store a range of data on your devices. Some cookies are strictly necessary, while others allow us to enhance your experience, personalise content and ads on your devices, and provide insight into how our website and mobile apps are used.

We use session cookies that will automatically expire at the end of your browser visit to our website and mobile applications. They are generally used for security purposes or to facilitate the use of our website or mobile applications. For example, we use site-visitation cookies to analyse traffic to our website, but also to remember the content of your preferences.

We may also use persistent cookies that will be stored for a long time depending on the nature of their purpose. For example, persistent cookies are used to remember your preferences and choices when you use our website or for targeted advertising purposes.

Strictly Necessary Cookies

Basic cookies provide basic functionality such as setting user preferences. Our website and mobile applications cannot function properly without these cookies. Therefore, we do not ask your permission to use the strictly necessary cookies.

We also use essential cookies for security, network management, accessibility, and fast loading of the website. They help us monitor the interactions that give results at the end of the process.

Google Analytics

Google Analytics helps us understand how you interact with our website by collecting and reporting data anonymously. We use Google Analytics to help us analyse the information we collect. It also reports on website trends without identifying individual visitors. You can turn off Google Analytics without affecting how you visit our website – for more information on turning off tracking by Google Analytics on all the websites you use, visit: http://tools.google.com/dlpage/gaoptout.

Amendments to the Policy

This Notice supersedes all previous versions. We may change the notice at any time, so check our website regularly for any updates. If the changes are significant, we will provide a prominent notice on our website, including, if we deem it appropriate, an electronic notice of changes to the Cookie Notice.

Learn more about who we are, how we process your personal information and how you can contact us in our Privacy Notice

Last updated: April 2023