Recider projekt d.o.o. for services
Rapska 44, 10000 Zagreb
VAT ID: 98063863907

I. INTRODUCTION

Article 1

RECIDER PROJEKT d.o.o., with its registered office in Zagreb, Rapska 44, VAT ID: 98063863907 (hereinafter: “Recider projekt”), is subject to the application of the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (hereinafter: the “GDPR”).

In accordance with the principle of transparency, this Personal Data Processing and Protection Policy (hereinafter: the “Policy” or the “Rules”) is intended for data subjects to provide accurate and complete information on which of their personal data is collected, used, accessed, or otherwise processed by Recider projekt, as well as to what extent such personal data is or will be processed.

II. GENERAL PROVISIONS

Article 2

Pursuant to Article 4 of the GDPR, Recider projekt is the data controller who alone or jointly with others determines the purposes and means of the processing of personal data in accordance with national legislation or the law of the European Union (hereinafter: the “EU” or the “Union”).

Article 3

In accordance with the GDPR, certain terms used in this Policy have the following meanings:

“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

“data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

“recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;

“third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

“consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

“pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Article 4

Recider projekt processes personal data lawfully, fairly, and in a transparent manner.

Recider projekt processes only adequate and relevant personal data, strictly for specific, explicit, and legitimate purposes, and does not further process such data in a manner incompatible with those purposes.

The personal data processed by Recider projekt is accurate and, where necessary, kept up to date. Any inaccurate data is deleted or rectified without delay.

Recider projekt stores personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

Exceptionally, personal data may be stored for longer periods, but only if they are processed exclusively for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.

Recider projekt processes personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by implementing appropriate technical or organizational measures.

For Recider projekt,
Luka Jakopčić, CEO