Data controller and legal framework
The data controller is the enterprise NORD PRODUKT d.o.o. with its registered seat in Samobor, Bobovica 8/A, OIB: 22489825038 (hereinafter: NORD PRODUKT or Data controller)
The Data controller is under the obligation to protect your personal data. The collection and storage of data is carried out in compliance with the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the Regulation), the Act on the Implementation of the General Data Protection Regulation (OG 42/2018) and other regulations that regulate this domain and that are applied in the Republic of Croatia.
This Policy applies to all the personal data processing being carried out by NORD PRODUKT as the Data controller, unless stipulated otherwise for certain individual processing activities by some other policy or document of the Data controller. In any case, the basic principles of personal data processing, the contact details of personal data protection officers and other provisions set out in the General Part of this Policy apply without exception to any processing of personal data regardless of whether such processing is specifically referred to in the Special Part of this Policy. The Special Part of the Policy deals in more detail with special cases of data processing, which represent the majority of all processing by the Data controller.
Data Protection Officer
NORD PRODUKT has appointed a Personal Data Protection Officer available to you at all times via: firstname.lastname@example.org via post to the address: NORD PRODUKT
- with its registered seat in Samobor, Bobovica 8/A, OIB: 22489825038 – with the note “za Službenika za zaštitu osobnih podataka” (for the Personal Data Protection Officer), for all issues relating to personal data protection and the exercise of the rights guaranteed under the Regulation.
All requests that are not related to personal data protection, which are sent to the address of the Data Protection Officer, e.g. offers of candidates for employment or inquiries related to online commerce, shall be forwarded directly to the relevant departments of NORD PRODUKT without a special response from the Data Protection Officer to the sender.
Personal data protection principles
NORD PRODUKT pays special attention to compliance with the principles of personal data processing as the basic value that must be complied with during the entire personal data processing cycle, from data collection to data destruction or another form of termination of processing. NORD PRODUKT processes the data:
- Legally – processing is only possible when it is legal and within the limits stipulated by the law.
- Honestly – with observance of the specific nature of any relationship, by applying adequate personal data and general privacy protection measures and not preventing the Data subjects exercising their rights.
- Transparently – by informing the Data subjects about personal data processing. From data collection, when the Data subjects were informed about all the aspects of data processing until the termination of processing, the Data subjects are provided with simple and fast access to their personal data, which includes the possibility of reviewing the data and obtaining a copy in accordance with the Regulation. Certain information may only be limited when so stipulated by the law or necessary to protect third persons.
- With the limitation of purpose – by processing the personal data only for the purposes for which it was collected, and for other purposes if the conditions stipulated by the Regulation have been met. The data can only be processed for corresponding purposes by taking into consideration (a) every connection between the purpose of the personal data collection and the purpose of intended processing continuation; (b) the context in which the personal data was collected, in particular in terms of the relationship between the Data subject and the Data controller; (c) the nature of the personal data, in particular whether special categories of personal data are being processed in accordance with Article 9 of the Regulation or personal data referring to convictions and criminal acts in accordance with Article 10 of the Regulation; (d) the possible consequences of the intended continuation of processing for the Data subjects; and (e) the existence of adequate protective measures.
- With the limitation of storage – by storing the data in a form that allows for the identification of Data subjects only to the extent necessary for the purposes for which the personal data is being processed, or longer only when permitted by the Regulation.
- With the reduction of the amount of data – by processing the data if it is adequate, relevant and limited to what is necessary. Special attention is paid to the prevention of the collection of data for which there is no justified need for processing.
- With accuracy in mind – by making sure that the data is accurate and up-to-date and by deleting the incorrect data whenever possible.
- With integrity and confidentiality in mind – by ensuring the adequate security of personal data through technical and organizational measures, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage by the application of appropriate technical or organizational measures. The relevant measures are applied while taking into consideration the risk of any data processing.
The lawfulness of personal data processing
In order to comply with the lawfulness of personal data processing, NORD PRODUKT only processes the personal data if and to the extent that at least one of the following applies:
- processing is necessary for the performance of a contract to which the Data subject is party or in order to take steps at the request of the Data subject prior to entering into a contract; this is the most frequent purpose of processing for Data subjects where the basis is the existing or the potential contractual relationship.
- processing is necessary for compliance with a legal obligation to which the Data controller is subject. The Data controller, as a legal subject, has numerous obligations prescribed by various regulations. These obligations include the collection, but often also the submission of data to State bodies.
- Processing is necessary for the purposes of the legitimate interests pursued by the Data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, in particular where the data subject is a child. When applying this legal basis, NORD PRODUKT assesses whether the processing is adequate in terms of its business needs, while making sure that the processing is not invasive and that the interests of the Data subjects are not overpowering the legitimate interests of NORD PRODUKT or the third party. An example of this type of processing is the processing for administrative purposes, for the purpose of preserving the safety of computer networks, for the purpose of direct marketing and improving our business operations. The Data subject in these situations always has the right to object to such processing.
- The processing is necessary in order to protect the vital interests of the data subject or of another natural person. The right to personal data protection is not an absolute right and NORD PRODUKT balances this right against other fundamental rights, in accordance with the principle of proportionality. NORD PRODUKT recognizes that sometimes it is necessary to process personal data in order to protect the vital interests of the data subjects or of another natural person.
- The data subject has given his/her consent for the processing of personal data for one or more special purposes. Where processing is based on consent, NORD PRODUKT shall pay special attention that these are situations where there are no formal or informal consequences arising from giving, denying or withdrawing consent. Where processing is based on consent, the data subject may withdraw his/her consent at any time, without any negative consequences. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
In certain extraordinary situations, NORD PRODUKT may process data that would not be processed in normal situations, for example, collecting data based on the recommendations of the Croatian Institute of Public Health in case of an epidemic and the like.
Types of personal data being processed
Special categories of personal data: special categories of personal data are only processed when the conditions are met as stipulated by Article 9 of the Regulation. For example, NORD PRODUKT shall process employee data that falls into special categories of personal data, such as data on religious or philosophical beliefs (for example, when exercising the right to additional non-working days for religious holidays, if the individual has voluntarily disclosed such data for such a purpose), or data relating to health (for example, according to special regulations on safety at work, keeping records of employees or when special health certificates are required for certain jobs, etc.)
Data relating to criminal convictions and offences: when there are legal powers, NORD PRODUKT may also process personal data relating to criminal convictions and offences, such as Certificates of no criminal conviction for the employees.
Personal data that does not belong in the previous two groups: such personal data makes up the largest part of the processed data, and this is most often identification and contact data such as the name and surname, OIB, and data generated based on movement in the area under video surveillance.
Most of the personal data collected by NORD PRODUKT is provided by the data subjects themselves and so we ask that you do not provide sensitive information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.) when this is not necessary. If you do provide sensitive information for any reason whatsoever, you are giving your express consent for the collection and use of such information in the manner described in these Policies or in the manner described at the time the information is disclosed.
Delivery of data to third parties
NORD PRODUKT only shares personal data with third persons when so prescribed and/or permitted by the law, while observing adequate levels of legal protection of the data subjects’ rights and freedoms, for example:
- employee data sent to competent institutions: the Croatian Pension Insurance Institute, the Croatian Health Insurance Institute, the Tax Administration, banks used for the payment of salaries, creditors in accordance with enforcement regulations, business entities for the purpose of providing specific services such as health examinations of employees (contracted occupational medicine), institutions that organize legally prescribed education (safety at work) or auditing companies when conducting mandatory audits, notaries when certifying, the Financial Agency for the purpose of obtaining business certificates, further for the purposes of granting and using business cards, business mobile devices or for fuel purchase, etc.;
- business partners who provide IT services, who keep the data in their databases or have the possibility of reviewing the personal data before it is processed;
- business partners engaging in logistics, transport and delivery services and/or partners engaging in repair and installation;
- service providers and associates in the domain of marketing and promotion, who act as our personal data processors.
In cases where the processing of personal data is performed by NORD PRODUKT’s partners as Data processors, NORD PRODUKT has concluded contracts with them in accordance with the Regulation, which prescribe the details of personal data processing, and therefore such partners are not authorized to process your personal data without our order or to pass your data to third parties. If data is transferred to third countries as part of data processing, NORD PRODUKT ensures compliance with the highest possible standards of personal data protection, in accordance with the strict requirements of the Regulation.
Data storage period
The data subjects’ data is processed and stored in accordance with applicable legal regulations when the retention obligation is prescribed (for example, the basis for issuing invoices must be retained for 10 years), and in situations where NORD PRODUKT is authorized to set the retention periods, the data is stored as long as necessary for the purposes for which the personal data is processed, taking into account the purpose of processing, the legitimate interests of NORD PRODUKT and the interests of the data subjects to delete the data.
Rights of the data subjects
Regardless of the basis of data collection, the data subjects may exercise the following rights free of charge, within the limits stipulated by the Regulation:
Right to be informed: the data subject has the right to be informed about the processing and the purpose of such processing. NORD PRODUKT makes sure that it provides the data subject with all the information necessary to ensure honest and transparent data processing bearing in mind the context of such processing.
Right to erasure (“right to be forgotten”): the data subject has the right to ask NORD PRODUKT to erase his/her personal data without undue delay, in accordance with the provisions of the Regulation. To exercise such a right, you need to send us, the Data controller, a request in a written form, including electronic forms of communication. Please note that the request needs to precisely specify what you want to be deleted, as we may keep your data on different legal grounds; for example, the data subject may be both our customer and a job candidate. You have the right to seek the erasure of your personal data if one of the following grounds applies:
- your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you have withdrawn the consent on which the processing is based and there is no other legal ground for the processing;
- you have objected to the processing of your personal data and there are no overriding legitimate grounds for the processing;
- the personal data has been unlawfully processed;
- the personal data has to be erased for compliance with a legal obligations.
In some cases, it will not be possible to fully comply with the request for deletion; for example, when there is a legal obligation to keep the data, when the legitimate interest of the Data controller outweighs the interest of the Data subject, when there is an interest of the Data controller to submit, exercise or defend legal claims.
Right of access to data: At the request of the data subject, NORD PRODUKT will provide a confirmation of whether his/her personal data is being processed and, if such personal data is being processed, the company would provide a confirmation about the access to personal data and the purpose of processing, the categories of data, potential recipients to whom personal data will be disclosed and other data in accordance with the Regulation. The data subject may also get a copy of the personal data being processed. Access to personal data may only be restricted in cases prescribed by the law, i.e. when such a restriction complies with the basic rights and freedoms of other people.
Right to rectification: the data subject has the right to ask NORD PRODUKT to rectify inaccurate personal data relating to the data subject. Taking into consideration the purpose of processing, the data subject has the right to supplement the incomplete personal data. To exercise such a right, you need to send us, the Data controller, a request in a written form, including electronic forms of communication. We note that the request has to precisely specify what is incorrect, incomplete or out-of-date and how the data should be rectified, and it has to be accompanied by the documents necessary to prove the claims.
Right to data portability: The data subject has the right to receive his/her personal data in a structured, usually used and machine-readable form, in accordance with the Regulation.
Right to object: when NORD PRODUKT processes the data on the basis of its legitimate interests that outweigh the interests of the data subject, then the data subject has the right to object to the processing of his/her personal data at any time based on his/her specific situation.
The right to restrict the processing: the data subject has the right to ask NORD PRODUKT to exercise his/her right to restrict processing if he/she disputes the accuracy of the personal data, believes the processing is illegal or opposes the deletion of the personal data but instead seeks the restriction of their use, and if the data subject has lodged a complaint regarding the processing and awaits confirmation as to whether the legitimate reasons of the Data controller outweigh the reasons of the Data subject.
In any case, the data subjects also have the following rights:
- to submit an objection to the Personal Data Protection Officer,
- to submit a complaint to the supervisory body (Personal Data Protection Agency) if they believe that they personal data protection rights have been violated.
You can address your written request to the Personal Data Protection Officer at: email@example.com i.e. by mail to NORD PRODUKT d.o.o., Samobor, Bobovica 8/A Republika Hrvatska – za Službenika za zaštitu osobnih podataka (for the Personal Data Protection Officer).
NORD PRODUKT, as the Data controller, has the right to protect the interests of the Data controller and to protect the data subjects, and accordingly has the right to implement activities designed to discover the identity of the applicant.
On request, NORD PRODUKT shall provide information on the activities taken in order to exercise the rights of the data subjects, without undue delay, and in any case within one month from the date of receipt of the request. This deadline can be extended by an additional two months, if necessary, based on the complexity and the number of requests. NORD PRODUKT shall notify the data subject about such an extension within one month from the date of receipt of the request, and shall provide an explanation for such an extension.
If the data subject has submitted the request in electronic form, NORD PRODUKT would provide the information in electronic form, if possible, unless the data subject instructs otherwise.
The requests of data subjects are generally free of charge, but if the requests of data subjects are obviously unfounded or excessive, in particular because of their frequent repetition, NORD PRODUKT has the right to charge a reasonable fee based on administrative costs or to refuse to act on such request.
Sources of personal data
In some cases, NORD PRODUKT collects data from publicly available sources, when the publication has been done for the purpose of establishing contact for a specific purpose.
Technical and integrated data protection
NORD PRODUKT, as the Data controller, makes sure that the highest organizational and technical personal data protection standards are applied. The company thus implements adequate technical and organizational measures to enable the efficient implementation of data protection principles.
Furthermore, NORD PRODUKT also implements adequate technical and organizational measures aimed at providing an integrated manner of processing only the personal data necessary for each individual purpose of processing. NORD PRODUKT implements this measure on the quantity of collected personal data, the scope of processing of such data, the storage period and its availability. Access to data is restricted and only granted to those employees who require such access in order to execute their business activities.
Treatment of personal data breaches
NORD PRODUKT, as the Data controller, ensures that in the event of a personal data breach, it shall inform the competent supervisory authority about the personal data breach without undue delay and, if feasible, no later than 72 hours after becoming aware of the breach, unless it is probable that the personal data breach would result in a risk to the rights and freedoms of individuals.
The report submitted to the supervisory authority must contain all the information prescribed by the Regulation.
In case of a personal data breach that is likely to cause a high risk to the rights and freedoms of individuals, NORD PRODUKT, as the Data controller, shall notify the data subject about the personal data breach without undue delay. Sometimes, in cases stipulated by the Regulation, the notifying of data subjects is not mandatory.
EMPLOYMENT CANDIDATES AND EMPLOYEES
This part of the Policy regulates the protection of personal data primarily relating to recruitment and employment. In this sense, the data subjects are primarily former and current employees, job seekers, interns (students), persons engaging in professional development, students who work on the basis of a so-called student contract, scholarship holders and other persons whose data is processed within the framework of employment, legal and related relations.
As part of data processing related to employment, NORD PRODUKT processes the data for the following purposes: personnel selection, concluding employment contracts and related contracts, exercising material and other rights of employees, executing contracts, educating employees, informing employees about processes relevant for performing tasks, the protection of property and persons (video surveillance and records of arrival and departure), data protection and other purposes as needed.
The database of NORD PRODUKT on former and current employees and other persons in employment, legal and other relationships is kept within a separate application. An adequate contract has been concluded with the application maintenance and support provider, as the personal Data processor.
NORD PRODUKT, as a potential employer, collects, processes and stores the employment candidate data based on their voluntary application.
NORD PRODUKT may obtain information on candidates indirectly, from domestic and foreign employment agencies, in which case these agencies are obliged to inform the candidates about the processing of their personal data by NORD PRODUKT.
The candidates send their applications based on announced job vacancies or in the form of an unsolicited job application.
The data from the unsolicited job application is stored in the database of candidates and deleted after one year.
The candidate data for an individual job vacancy is stored in the candidate database for two months after the end of the vacancy, and can be stored for up to 1 year with the special explicit consent of the candidate, which the Data controller may seek during the employment process.
NORD PRODUKT has a legitimate interest to use the received e-mail addresses, but also other contact data, to contact the candidates for employment purposes. For example, after the application, the candidates may receive an automatic response saying that their application has been received and that they will be contacted if their qualifications and experiences match the requirements of a specific vacant position. Furthermore, after the application, the candidates may receive a message via phone with a proposed interview date, a message specifying the documents needed for employment, etc.
The data being stored is provided by the candidates themselves, but NORD PRODUKT, based on the legitimate interest of finding the best candidates, creates personal data related to employment activities, such as job interview results, the results of tests and assessments, and collects personal data from third parties, primarily by verifying the data obtained during the recruitment process by contacting relevant third parties (for example, employment agencies, education and training providers) or using publicly available sources.
Employment and other comparable relations
NORD PRODUKT, as the employer, collects, processes and stores all the employee data in the employee database kept in the IT program and physical files of the employees. The data being collected is prescribed by the Rulebook on the content and manner of keeping employee records, published by the Ministry in charge of labour and the pension system.
The data necessary for establishing an employment relationship is usually the following: a copy of the ID card, a copy of the current account card or payment instructions from the bank, a copy of the protected account (if the employee has one), OIB, proof of education (copy of a certificate or diploma), e-booklet: certificate of pensionable service (obtained from the HZMO or via the e-Građani service), Electronic record of the tax card form, so-called PK form (obtained from the Tax Administration or via the e-Građani service; first-time employees do not have an electronic record of the tax card form and must open it at the Tax Administration), the birth certificate or ID card of a child if the child is under 15 years of age.
The data necessary for concluding student contracts is usually the following: a certificate from the faculty for the current year as proof of student status or a copy of the student’s transcript confirming the enrolment for the current year, a copy of the ID card, a certificate of registration with the Student Centre (not all student centres), one photo or X, OIB.
Apart from this data, NORD PRODUKT may keep other data in the employee’s file that was collected during the employment process, as well as the other data collected during employment, as stipulated by the rules of NORD PRODUKT (for example, awards, cautions, certificates, etc.).
All the employee data are kept in the employee database from the date of establishing the employment relationship until the termination of employment, stored as documents of permanent value in accordance with the relevant regulations.
In its database, NORD PRODUKT also keeps the data of other persons in a business relationship comparable to the employment relationship or of persons attending traineeship and professional training, from the beginning of their engagement and keeps such databases up-to-date until the termination of engagement, after which the data is kept in accordance with relevant regulations. The data of students engaging in practical work, who may be underage, represent a special case that requires special attention and must be kept in accordance with the applicable regulations, with the approval of the school and the parents.
The data on salaries and payslips must comply with the necessary storage regulations. In any case, all the employees and other persons in business relationships comparable to employment or persons attending practical work and professional education have the rights of data subjects.
NORD PRODUKT, as the Data controller, can also use the services of various service providers who can process data on employees, and who can perform certain types of processing for the Data controller under a contract (e.g. accounting services, etc.). In such a case, the Data controller would agree on all the basic elements of such processing with the Data processor in the form of a Processing contract, in accordance with the Regulation.
NORD PRODUKT, as the Data controller, has a legitimate interest to implement video surveillance measures in order to protect property and people. NORD PRODUKT has marked all the places covered by video surveillance, as prescribed.
NORD PRODUKT is aware that videos may contain personal data of all the persons moving in front of the camera (customers, employees, business partners, etc.) and therefore keeps them with special care, which implies the use of safety systems, availability and a deletion policy for the videos, regulated by the internal safety rules of NORD PRODUKT.
The videos are regularly written over, so they are automatically deleted after 15 days from recording. In exceptional cases, the videos are kept for longer if they are evidence in procedures before the competent state bodies. The exempt videos will be stored with exceptionally restricted access.
In case of court and/or criminal procedures, NORD PRODUKT may use the said videos. The right to review the personal data on videos may also be given to third parties, data processors, contractual partners of NORD PRODUKT that are registered and competent for the provision of protection services of persons and property, who in no way use the data on their own, but take care of the security of the central surveillance and alarm systems. All the details relating to video surveillance are regulated by special regulations regulating this domain.
NORD PRODUKT has a database of business partners in which the personal data of natural persons is processed (in cases when the natural person is a business partner; for example, craftsmen, architects, photographers, etc., or when the natural person represents a legal person with which we have a business relationship: e.g. directors, delivery staff, persons receiving orders, etc.).
The purpose of collecting personal data is primarily to execute the contracts in order to take action before concluding the contract and to inform existing and potential business partners about the products and services provided by NORD PRODUKT or about the need to purchase certain products or services for the purpose of concluding a contract. In addition to the specified purposes, the personal data may also be processed for other specific purposes, but always within the framework prescribed by the law or if the processing is necessary to exercise the employment rights and obligations.
The data being collected includes the following: name and surname, e-mail, phone number, data on the function within the legal person of the partner, bank account number (IBAN) when the natural person is a business partner and other data depending on the nature of the business relationship (e.g. citizenship, membership in associations when relevant for the payment of fees, etc.).
NORD PRODUKT collects the data from the data subjects, the business partners who provide the data for their employees, but also from publicly published data.
The data on the data subject who are natural persons in a business relationship are kept in accordance with the applicable legal regulations, and in cases where we are authorized to determine the retention period, we keep them until the purpose is met or for up to 5 years from the termination of the business relationship.
The business partners are obliged to inform their employees about the processing of their data by NORD PRODUKT if their data is being forwarded.
VISITORS AT NORD RETAIL OUTLETS
NORD PRODUKT uses video surveillance at its retail outlets to protect persons and property, which is described in more detail in the chapter Video Surveillance.
In case of the purchase of our products, we process your data in the following cases:
- if you are purchasing based on a pro-forma invoice, in which case we need your data (name, surname, address);
- if you are paying using the contactless modes of payment, in which case we need data about the type of card you use and other data in accordance with the conditions specified by the bank with which we have a contract, which is the issuer of your card;
- if you seek delivery or installation of the purchased products, in which case we need your name, surname, contact (phone number and/or e-mail) and delivery/installation address;
all for the purpose of executing the purchase, installation and delivery contract.
NORD PRODUKT has also concluded franchise contracts with its partners who operate retail outlets, in which case your data is also processed by our franchise partners
DATA SUBJECTS THAT CONTACT US
You can contact us directly at retail outlets, by calling our phone number, sending mail, e-mail, via social networks or by filling in the contact form on our website, for various reasons, for example, for reporting the availability of a product, inquiries about a purchased product, for the purpose of filing a complaint or even praise or any other purpose you specify, in which cases we collect the information you provide to us, and this information usually includes the name, surname and contact data (phone number and/or e-mail) and the content of the correspondence. If you contact us via the contact form on one of our websites, we would collect the following data for such purposes: name and surname, e-mail address and some other data about which you would be informed.
In these cases, we collect personal data for the purpose of a prompt and individualized response, based on your request and our legitimate interest, then for the purpose of monitoring satisfaction with our products and services, which is also our legitimate interest, and in case of complaints under the Consumer Protection Act and to comply with our legal obligations.
NORD PRODUKT publishes information that is relevant for existing and potential employees, business partners and customers through its websites, social media profiles, advertisements in newspapers and advertisements in other media. Such announcements may contain only a limited set of personal data, such as the name and surname, position, etc.
The legal basis for processing is our legitimate interest and for marketing purposes, but also for the purpose of responding to potential queries. Sometimes, the explicit consent of the data subject may serve as the basis.
The announcements are permanent in character, but the processing will cease if it is determined that the data subject’s objection is justified or if the data subject has withdrawn his/her consent in situations where the consent is used, in a way that can be enforced.
NORD PRODUKT has an interest in sending information about its products and services via e-mail (newsletter). The newsletters are sent:
- based on legitimate interest, the data subjects who have a business relationship with us (previous customers, people who have inquired about our products, etc.) or could have such a relationship given their profession (architects, etc. and the data were made public for this purpose), in which case each data subject has the right to object to the processing of such data, and
- based on the consent, in cases when data subjects voluntarily subscribe for newsletters via a form available on the websites or otherwise seek to receive newsletters, in which case the data subjects have the right to withdraw their consent at any time.
The personal data being collected primarily include the name, surname and e-mail address. The period of processing the personal data for the purpose of sending a newsletter is 10 years starting from:
- the date of the business relationship with us, from which date the newsletters are sent based on our legitimate interest,
- the date of your consent for the newsletters to be sent to you based on your consent.
At any time, regardless of the legal basis for the receipt of the newsletter, you can opt out by using the unsubscribe option in the Newsletter. In case of cancellation, we will no longer process the data we have collected for such purposes.
NORD PRODUKT may use the technical services of external business partners for the delivery of newsletters.
During the creation of a webshop Uredi Dom user account at the website www.uredidom.hr, we process the personal data you have provided in the web form, in particular the following: name, surname and e-mail; the field for gender is not compulsory. During the purchase process, the registered user must also provide the delivery/invoicing address and contact phone number.
The legal basis for data processing is the conclusion and execution of a one-off remote purchase contract. The data is used for the purpose of identifying you as the buyer and for the purpose of establishing contact for delivery purposes, sending the contract confirmation, invoice, order confirmation and other notices closely related to the specific purchase.
The entry and transfer of personal and credit card data is protected by the highest security standards provided by the WSPay online credit card authorization system in accordance with the requirements of cardholders and card brands and the PCI DSS standard. The authorisation and collection from credit cards is done via the WSPay system for authorisation and collection from cards in real-time.
If the customer requests the delivery of the product (either at a retail outlet or a webshop), we ask for the following information: name, surname, delivery address and contact information (phone and/or e-mail), which we keep for 5 years from the delivery.
In certain cases, we may have to provide your data to the courier service providers with whom we have contracts, all for the purpose of executing the delivery at your request.
If the customer requests the servicing of the product, he/she can contact our service centre by phone, at which point we collect the following customer data: name, surname, contact information (phone and/or e-mail), address if it is necessary to perform the service at the customer’s address and information about the malfunction, which we keep for 5 years from the performed service.
In some cases, your data would also be provided to our servicing and delivery partners with whom we have contracts, all for the purpose of executing the servicing at your request.
If the customer requests the installation of the product, we ask for the following information: name, surname, installation address and contact information (phone and/or e-mail). During the installation, it is possible that the assembled product will be photographed in your premises based on our legitimate interest in order to prove the performed service, but also to show to other potential customers (without providing your personal data). We shall keep the data for 5 years from the installation, while the photographs shall be kept indefinitely for archiving purposes.
In some cases, your data would also be provided to our external installation partners with whom we have contracts, all for the purpose of executing the installation at your request.
NORD PRODUKT may occasionally organize prize contests and giveaways, in which case we would only collect your personal data if you choose to participate in the contest/giveaway. The data collected in such a way is necessary for the participation and may differ, depending on the Rules. The data collected based on the contractual obligations shall be used for the purpose of organizing the contest or giveaway, and shall be deleted within 5 years after the end of such contest or giveaway.
When a visitor visits the NORD PRODUKT websites www.nordprodukt.hr and www.uredidom.hr, NORD PRODUKT may obtain personal data that is used for the purposes for which they were provided in accordance with the information provided at the time of collection (or an obvious purpose that can be derived from the context of collection). The users have control over the personal data being entered into the web forms, with the exception of automatic processing due to the cookies at the website, as explained below.
At the website, you have the opportunity to subscribe for Newsletters, to address us via a contact form or to purchase something at our webshop. In any such case, you provide the information that we need to fulfil the purpose in each individual case, and the legal basis for the processing of such personal data is a legitimate interest or consent if the data subject is required to give consent.
NORD PRODUKT automatically collects the data from the computer of each visitor to the websites www.nordprodukt.hr and www.uredidom.hr. The data from the computer may include the IP address, the date and time of the website visit, information about the hardware, software and browser used by the visitor to access the Internet, information about the operating system on the visitor’s computer, and the application version and language settings. Also, information about website clicks is also collected via Google Analytics.
What is a cookie?
Every time a user opens a certain website, the Internet server can read the values previously stored in the cookies. The cookies are mainly used to identify visitors, to record specific user preferences, to help with the entry of information that was entered during previous visits, and to collect data for analyses and marketing campaigns.
Types of cookies
There are several classifications and types of cookies.
The cookies can be essential (help with the basic technical features of a website), analytical (used to analyse the use of the website) and marketing cookies (used to monitor user interests).
Session cookies are temporarily stored on the computer and automatically deleted after the closing of the web browser. With temporary cookies, the website collects temporary data, such as comments or the cart balance for shopping. These cookies are only used for the webshop www.uredidom.hr.
Persistent cookies remain stored on the user’s computer for a specific period of time. They are used to store data, such as the user name and password, so that the user does not need to log in on every visit. These cookies are only used for the webshop www.uredidom.hr.
“First-Party cookies” are set by the domain provider, while “Third-Party cookies” are set by an external domain (e.g. Facebook and Google Analytics). The data collected via Google Analytics and Facebook Pixel are stored for no more than 180 days.
The visitor may decide which cookies to accept in the web browser’s settings. However, if you choose not to accept certain cookies, you will not be able to use all the functions.
Website traffic analysis
Nord Produkt uses Google Analytics – a service for website traffic analysis. If you wish to disable the cookies set by this service provider, you can ban them by following the link: Google Analytics – https://tools.google.com/dlpage/gaoptout
Additional information on disabling of cookies
There are several websites that allow you to turn off the storage of cookies for various services. You may find additional information at the following links:
Each web browser has its own procedure for the deletion of cookies; below are the procedures for the most popular web browsers.