Privacy policy

Personal data protection is very important to the Projektp.hr website. This website may be used without providing any personal data. However, if the data subject wishes to use some of the website’s services, processing of personal data may be necessary. If processing of personal data is necessary, but there is no legal basis for it, a data subject will always be asked for his or her consent.
Processing of personal data such as name, surname, address, e-mail address or telephone number of the data subject will always comply with the General Data Protection Regulation and the legislation of the member state applicable to the Projektp.hr website. We would like to use this Privacy policy to inform you of the nature, scope and purposes of the personal data being collected and processed. Furthermore, we would also like to inform you of your rights.
As the data controller, the Projektp.hr website implemented a number of technical and organisational measures to ensure full protection of the personal data being processed. However, there can be security gaps when transferring data online, which is why we cannot guarantee 100% protection. For this reason, each data subject may deliver his or her personal data by alternative methods, e.g. by telephone.

1. Definitions

The Privacy policy of the Projektp.hr website is based on the terminology used by EU legislation for drawing up and adopting the General Data Protection Regulation. The Privacy policy is legible and comprehensible to the general public.

This Privacy policy, inter alia, uses the following terms:

a) Personal data

Personal data means any information relating to an identified natural person. An identified natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is subject to processing by the data controller responsible for processing of personal data.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing means marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Data controller or a person acting as a data controller

A data controller or a person acting as a data controller means a natural or legal person, public authority, agency or other body which, by itself or in cooperation with someone else, determines the purpose and manner of processing of personal data; where the purpose and manner of processing of personal data are regulated by the legislation of the EU member state, the criterion for selecting the controller will be regulated by the legislation of the EU member state.

h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

i) Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or member state law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

j) Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons, who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent

Consent of the data subject means any specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Data controller general data:

Pursuant to the General Data Protection Regulation and any other acts concerning personal data protection applicable in EU member states, the data controller is:
Projekt P j.d.o.o.
Giuseppea Duella 14a, Rijeka
Hrvatska/Croatia
Telephone: +385 51 568 466
E-mail: info@projektp.hr
Website: www.projektp.hr

3. Cookies

The Projektp.hr website uses cookies. Cookies are text files stored on the computer system by the browser.

Cookies are used by many websites and servers. Many cookies contain a so-called cookie ID. A cookie ID is a unique cookie identifier. It consists of a character string through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows the visited websites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, a website can provide its users with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via any Internet browser. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

4. Collection of general data and information

The Projektp.hr website collects general data and information when a data subject or an automated system accesses it. This general data and information is then stored on the server in the form of log files. The following is collected: (1) type of the Internet browser and its version; (2) operation system; (3) website used to access our website (the so-called referrers); (4) subpage; (5) date and time of accessing the website; (6) IP address; (7) internet service provider; (8) other similar data and information which may be used in case of an attack on the information system.

When using this general data and information, no conclusions are drawn regarding the data subject. To the contrary, this information is necessary for: (1) proper loading of the website content; (2) optimization of the website content and marketing; (3) ensuring long-term sustainability of the system and the website; (4) providing required help to national authorities in case of criminal prosecution for a cyberattack. Therefore, the Projektp.hr website statistically analyses the anonymously collected data and information with the aim of increasing data security and protection, and ensuring an optimal level of protection of all the collected personal data it processes. Anonymous data from server log files is stored separately from data subjects’ personal data.

5. Contact through the website

The Projektp.hr website contains information which enable quickly contacting us through electronic media, as well as direct communication, which also includes our e-mail address. If a data subject contacts the data controller by e-mail or a contact form, the personal data transferred is stored automatically. The personal data transferred voluntarily by the data subject to the data controller is automatically stored for the purpose of further processing or communication with the data subject. This type of personal data is never transferred to third parties.

6. Routine erasure or blocking of personal data

The data controller will process and retain the data subject’s personal data only during the period necessary to achieve the objectives of retaining personal data or within the period allowed by EU legislation or other legislators under whose jurisdiction the data controller is.
If the objective of storing personal data cannot be achieved or the retention period determined by EU legislation or other competent legislators expires, personal data of data subjects will be routinely blocked or erased in accordance with legal requirements.

7. Rights of data subjects

a) Right to confirmation whether personal data is being processed

Pursuant to EU legislation, each data subject has a guaranteed right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right to confirmation, he or she may at any time contact the data controller.

b) Right of access to personal data

Pursuant to EU legislation, each data subject has a guaranteed right to obtain information, free of charge, from the data controller about his or her personal data being stored, as well as a copy of the personal data concerned. Furthermore, European provisions and directives allow data subjects to access the following information:
• The purposes of processing of personal data;
• The types of personal data concerned;
• The recipients or types of recipient to whom the personal data have been disclosed, in particular recipients in third countries or international organisations;
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the data subject’s right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where the personal data are not collected directly from the data subject, any available information as to their source;
• The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the General Data Protection Regulation and, at least in those cases, available information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Moreover, where personal data are transferred to a third country or to an international organisation, the data subject has the right to be informed of this. In this case, the data subject has the right to be informed of the safeguards implemented during data transfer.
If a data subject wishes to exercise this right of access, he or she may contact the data controller at any time.

c) Right to rectification of personal data

Pursuant to EU legislation, each data subject has a guaranteed right to obtain from the data controller the rectification of inaccurate personal data at any time. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may contact the data controller at any time.

d) Right to erasure (right to be forgotten)

Pursuant to EU legislation, each data subject has a guaranteed right to obtain from the data controller the erasure of personal data concerning him or her without undue delay. The data controller has the obligation to erase personal data without undue delay where one of the following grounds applies, provided that processing is not required:
• The personal data are no longer necessary in relation to the purposes for which they were collected or processed.
• The data subject withdraws consent on which the processing is based according to Article 6(1) or Article 9(2) of the General Data Protection Regulation, and where there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the General Data Protection Regulation, and there are no legal grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the General Data Protection Regulation.
• The personal data have been unlawfully processed.
• The personal data have to be erased for compliance with a legal obligation in EU or member state law of which the controller is citizen.
• The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the General Data Protection Regulation. If at least one of the abovementioned reasons applies and the data subject requests erasure of his or her personal data collected by the Projektp.hr website, he or she may contact the data controller. The data controller will ensure immediate erasure of the personal data concerned.

At those places where the data controller made personal data public, and Article 17(1) requires erasure of the said personal data, the data controller will take reasonable steps, taking into account technical feasibility and costs of application, including technical measures, to inform the other data controllers of the data subject’s request to erase any link to, or copy or replication of, those personal data, provided that processing of such data is no longer required. The data controller will ensure implementation of the aforementioned measures on the Projektp.hr website in each individual case.

e) Right to restriction of processing of personal data

Pursuant to EU legislation, each data subject has a guaranteed right to obtain from the data controller restriction of processing of personal data where one of the following applies:
• The accuracy of the personal data is contested by the data subject, enabling the controller to verify the accuracy of the personal data.
• The processing of personal data is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
• The data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) of the General Data Protection Regulation pending the verification whether the legitimate grounds of the controller override those of the data subject.

If at least one of the abovementioned reasons applies and the data subject requests restriction of processing of his or her personal data collected by the Projektp.hr website, he or she may contact the data controller. The data controller will ensure restriction of processing of the personal data concerned.

f) Right to personal data portability

Pursuant to EU legislation, each data subject has a guaranteed right to receive the personal data concerning him or her from the data controller in a structured, commonly used and machine-readable format. A data subject has a right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of the General Data Protection Regulation, or on a contract pursuant to point (b) of Article 6(1) of the General Data Protection Regulation; and where the processing is carried out by automated means, provided that processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Moreover, pursuant to the existing right to personal data portability set out in Article 20(1) of the General Data Protection Regulation, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible and where it does not adversely affect the rights and freedoms of others.
In order to exercise his or her right to personal data portability, the data subject may at any time contact the data controller of the Projektp.hr website.

g) Right to object

Pursuant to EU legislation, each data subject has a guaranteed right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the General Data Protection Regulation. This may also apply to profiling based on this Regulation.

In case a data subject objects, the Projektp.hr website will not continue processing his or her personal data, except in case there are serious legal grounds for processing of personal data which can override the data subject’s interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the Projektp.hr website processes personal data for marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the Projektp.hr website will no longer process his or her personal data for such purposes.

Moreover, where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the General Data Protection Regulation, the data subject, on grounds relating to his or her particular situation, has the right to object to the Projektp.hr website processing personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may at any time contact the data controller of the Projektp.hr website. Furthermore, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

h) Automated decision-making, including profiling

Pursuant to EU legislation, each data subject has a guaranteed right not to be subject to a decision based solely on automated processing of personal data, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision (1) is not a part of an agreement between the data subject and a data controller; or (2) is not authorised by EU or member state law which lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or (3) is not based on the data subject’s explicit consent.

If a decision (1) is necessary for a contract between the data subject and a data controller; or (2) is based on the data subject’s explicit consent, the Projektp.hr website will implement suitable measures to safeguard the data subject’s rights, freedoms and interests, at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.

If a data subject wishes to exercise his or her right regarding automated individual decision-making, e or she may at any time contact the data controller of the Projektp.hr website.

i) Right to withdraw and cancel consent

Pursuant to EU legislation, each data subject has a guaranteed right to withdraw and/or cancel his or her consent to the processing of personal data at any time.
If a data subject wishes to exercise his or her right to withdraw and/or cancel his or her consent, he or she may contact the data controller of the Projektp.hr website at any time.

8. Provisions on personal data protection in relation to Facebook

The data controller integrated components of Facebook on the Projektp.hr website. Facebook is a social network.
A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook enables social network users to create private profiles, upload photos and network via friendship requests, among other things.

Facebook is operated by Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the data controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of the Projektp.hr website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the data subject’s Internet browser will automatically display the respective Facebook component. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/ During the course of this technical procedure, Facebook is made aware of what specific subpage was visited by the data subject.

If the data subject is at the same time logged on to Facebook, Facebook detects with every call-up to the Projektp.hr website by the data subject—and for the entire duration of their stay on our Internet site—which specific subpage of our website was visited by the data subject. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on the Projektp.hr website, for example the “Like” button, or the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook receives information via the Facebook component that the data subject has visited the Projektp.hr website whenever the data subject is logged on to Facebook at the same time as accessing our website. This happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted, they can prevent it from being transmitted by logging out of their Facebook account before calling up the Projektp.hr website.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

9. Data protection provisions about the application and use of Google Analytics (with anonymisation function)

The data controller has integrated the Google Analytics component (with anonymisation function) on the Projektp.hr website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come, which subpages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The Google Analytics component is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

For the purpose of web analytics via Google Analytics, the data controller uses the suffix “_gat._anonymizeIp”. By means of this suffix, Google shortens and anonymizes the IP address of the data subject when accessing the Projektp.hr website from an EU member state or from another state party to the European Economic Area.

The purpose of the Google Analytics component is to analyse the traffic on the Projektp.hr website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide reports which show the activities on our website, and to provide other services concerning the use of our website for us.

Google Analytics places a cookie on the computer system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual subpages of the Projektp.hr website is called up, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject (which serves to understand the origin of visitors and clicks, and subsequently to create commission settlements).

The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits to our website by the data subject. With each visit to the Projektp.hr website, such personal data, including the IP address of the data subject, will be transmitted to Google and stored there. Google may disclose personal data collected through the technical process to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used. Such an adjustment would also prevent Google Analytics from setting a cookie on the computer system of the data subject. In addition, cookies already set may be deleted at any time via an Internet browser or other software programs.

Furthermore, it is possible for the data subject to object to and prevent the collection of personal data generated by Google Analytics relating to the use of the Projektp.hr website. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered a valid objection to personal data collection by Google. If the person’s information technology system is deleted, formatted or reinstalled at a later time, the data subject has to reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s personal data protection guidelines can be found at https://www.google.com/intl/en/policies/privacy/ and http://www.google.com/analytics/terms/us.html. Google Analytics is further explained at https://www.google.com/analytics/.

10. Provisions on personal data protection in relation to Google+

The data controller integrated the Google+ button as a component on the Projektp.hr website. Google+ is a so-called social network. A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the Internet community to provide personal or company-related information. Google+ enables social network users to create private profiles, upload photos and network via friendship requests, among other things.

Google+ is operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each time one of the individual pages of the Projektp.hr website is accessed, which is operated by the data controller and on which a Google+ button has been integrated, the data subject’s Internet browser will automatically display the respective Google+ component. During the course of this technical procedure, Google is made aware of what specific subpage was visited by the data subject. More information about the Google+ social network can be found at https://developers.google.com/+/.

If the data subject is at the same time logged on to Google+, Google detects with every call-up to the Projektp.hr website by the data subject—and for the entire duration of their stay on our Internet site—which specific subpage of our website was visited by the data subject. This information is collected by the Google+ component and assigned to the respective Google+ account of the data subject.

If the data subject clicks one of the Google+ buttons integrated on the Projektp.hr website and thereby makes a Google+1 recommendation, Google assigns this information to the personal Google+ user account of the data subject and stores this personal data. Google stores the Google+1 recommendation of the data subject and makes it publicly available in accordance with the conditions accepted by the data subject. A Google+1 recommendation made by the data subject on the website will subsequently be stored and processed together with other personal data, such as the name of the Google+1 account used by the data subject and the photo stored in this account in other Google services, such as the search engine results of the Google search engine, the data subject’s Google account or in other places, such as on websites or in connection with advertisements. Furthermore, Google is able to link a visit to the Projektp.hr website with other personal data stored by Google. Google also records this personal information for the purpose of improving the various services provided by Google.

The Google+ button informs Google that the data subject has visited the Projektp.hr website whenever the data subject is logged onto Google+ at the same time as they visit the Projektp.hr website. This will happen regardless of whether or not the data subject clicks the Google+ button.

If the data subject does not want personal data to be transmitted to Google, they can prevent such a transmission by logging out of their Google+ account before visiting the Projektp.hr website.
Further information and Google’s personal data protection guidelines can be found at https://www.google.com/intl/en/policies/privacy/. More information about the Google and Google+1 buttons can be found at https://developers.google.com/+/web/buttons-policy.

11. Provisions on personal data protection in relation to Twitter

The data controller integrated components of Twitter on the Projektp.hr website. Twitter is a multilingual public microblogging service on which users can publish and distribute the so-called tweets, i.e. short messages limited to 280 characters. These short messages are available to everyone, including people who are not registered on Twitter. Tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time the data subject accesses the Projektp.hr website, which is operated by the data controller and on which a Twitter component (Twitter button) has been integrated, the data subject’s Internet browser will automatically display the respective Twitter component. During the course of this technical procedure, Twitter is made aware of what specific subpage was visited by the data subject. The purpose of integrating the Twitter component is to make the content of the Projektp.hr website known to our users and to increase the number of its visitors.

If the data subject is logged on to Twitter at the same time, Twitter detects with every call-up to the Projektp.hr website by the data subject—and for the entire duration of their stay on our Internet site—which specific subpage of our website was visited by the data subject. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. If the data subject presses one of the Twitter buttons integrated on our website, the data and information thus transmitted will be assigned to the personal Twitter user account of the data subject and stored by Twitter.

Twitter receives information via the Twitter component that the data subject has visited our website whenever the data subject is logged on to Twitter at the same time as accessing our website. This will happen regardless of whether or not the data subject clicks the Twitter button. If the data subject does not want this information to be transmitted, they can prevent it from being transmitted by logging out of their Twitter account before visiting the Projektp.hr website.

Further information and Twitter’s personal data protection guidelines can be found at https://twitter.com/privacy?lang=en.

12. Legal basis for processing

Pt. (a) of Art. 6(1) of the General Data Protection Regulation serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on point (b) of Article 6(1) of the General Data Protection Regulation. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If a legal or natural person is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on pt. (c) of Art. 6(1) of the General Data Protection Regulation. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured on the premises of the owner of this website and his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on pt. (d) of Art. 6(1) of the General Data Protection Regulation. Finally, processing operations could be based on point (f) of Article 6(1) of the General Data Protection Regulation. This legal basis is used for processing operations which are not covered by any of the above mentioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by the owner of the Projektp.hr website or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a client of the data controller.

13. Legitimate interests pursued by the data controller or a third party

Where the processing of personal data is based on point (f) of Article 6(1) of the General Data Protection Regulation, our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders, if any.

14. Storage period of personal data

The criteria used to determine the period of storage of personal data is the respective maximum storage period prescribed by law. After expiry of that period, the corresponding data is routinely erased, as long as it is no longer necessary for the fulfilment or initiation of a contract.

15. Provision of personal data as a statutory or contractual requirement to enter into a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide them

We would like to clarify that provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if the data subject provides us with personal data which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when the owner of the Projektp.hr website signs a contract with him or her. Failure to provide personal data means that a contract with the data subject cannot be concluded. Prior to the provision of personal data by the data subject, the data subject must contact the owner of the Projektp.hr website. He will inform the data subject whether provision of personal data is required by law or contract or required for the conclusion of a contract, whether there is an obligation to provide personal data and what are the consequences of failing to provide personal data.

16. Existence of an automated decision-making process

The Projektp.hr website does not use an automated decision-making process nor profiling.

17. Erasure of personal data on request

Data subjects may send a direct request for erasure to the e-mail address info@projektp.hr regarding erasure of personal data which was stored by the Projektp.hr website during the respective data subject’s use of the website.

18. Miscellaneous

This website may contain links to other websites. The Projekt P j.d.o.o. company is not responsible for the contents of privacy policy of those websites.