circles

Privacy Policy

Version 1, June 2022, Zagreb


OUR INFORMATION

We are Zeraxo d.o.o., Zagreb, Petrova 53 4, PIN 25157435812 (hereinafter: "Zeraxo").

If you have any questions regarding our processing and protection of your personal data, as well as questions regarding this Privacy Policy, please feel free to contact us in writing at the address of our headquarters or by e-mail at: zeraxo@zeraxo.com.

We will inform you about changes and/or additions to the information in the Privacy Policy in a timely manner and via our website.


IMPORTANT TERMS

In order to fully understand this Privacy Policy, we kindly ask you to carefully read the definitions of the terms listed below:

General Regulation means REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of the 27th of April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation);

Processing means any operation or set of operations carried out on personal data or on sets of personal data, whether automated or non-automated, such as collecting, recording, organizing, structuring, storing, adapting or modifying, finding, inspecting, using, detecting by transmission, disseminating or otherwise making available, harmonizing or combining, restricting, deleting or destroying;

Personal data means all data relating to an individual whose identity has been established or can be established (respondent);

Respondent means an individual whose identity has been established or can be established; an identifiable individual is a person who can be identified directly or indirectly, in particular by means of identifiers such as name, identification number, location data, network identifier or by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that individual;

Controller means a natural or legal person, public authority, agency or other body which alone or together with others determines the purposes and means of processing personal data;

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Recipient means a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not;

Third party means a natural or legal person, public authority, agency or other body other than the respondent, controller, processor or persons authorized to process personal data under the direct authority of the controller or processor;

Consent of the respondent means any voluntary, special, informed and unambiguous expression of the respondent's wishes by which he gives his consent or processing of personal data relating to him by a statement or clear affirmative action;

Violation of personal data means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed;

Supervisory authority means an independent public authority established by a Member State; in the Republic of Croatia, it is the Agency for Personal Data Protection (AZOP), Selska cesta 136, 10 000 Zagreb, Croatia.


CATEGORIES OF RESPONDENTS AND PERSONAL DATA AND PURPOSES AND LEGAL BASIS FOR PERSONAL DATA PROCESSING

Candidates for employees and candidates for student work

If you are interested in working / doing student work at Zeraxo, we collect and process your personal data, which you provided during the initial communication or by sending a CV and other supporting documentation (for example, applications, letters of recommendation, etc.).

We collect and process the following categories of your personal information:

Identification data: name and surname.

Location data: address (street name and house number, postal code and city, country).

Contact information: telephone and/or mobile phone number, e-mail address.

Data on education/training: varies depending on the data provided in the CV and supporting documentation of the candidate.

Data on work experience/student work experience: varies depending on the data provided in the CV and supporting documentation of the candidate.

Data on personal characteristics/skills: varies depending on the data provided in the CV and supporting documentation of the candidate.

Other data: photo (if it is in the CV and supporting documents of the candidate), other personal data contained in the CV and other supporting documents of the candidate.

We process the above-mentioned personal data for the following purposes and on the basis of the following legal grounds:

For the purpose of making initial contact (communication) through selected channels (for example e-mail, telephone / mobile phone, etc.) and for the purpose of taking actions necessary to select the best candidate (for example gaining insight into the CV and other received supporting documents for work / student work and the like). In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).

For the purpose of further storage (retention) of your personal data, i.e. CVs and accompanying documentation for future possible employment / student jobs. In that case, the legal basis for the processing of your personal data is your consent (Article 6 (1) (a) of the General Regulation).

For the purpose of fulfilling our legal duties, i.e., compliance with applicable regulations and cooperation with competent bodies and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Responsible and contact persons of our business partners

If you are a responsible or contact person with our potential or existing business partner, we collect and process your personal data depending on the needs of our potential or existing business (partner) relationship. We collect and process personal data that you provided during the initial communication or that we collected during the establishment and maintenance of our business (partner) relationship.

We collect and process the following categories of your personal information:

Identification data: name and surname.

Contact information: telephone and/or mobile phone number, e-mail address.

Information related to the employment relationship: relationship with the business partner (founder, director, employee, etc.).

We process the above-mentioned personal data for the following purposes and on the basis of the following legal grounds:

For the purpose of establishing initial contact (communication), as well as for the purpose of further regular communication through selected channels (for example e-mail, telephone / mobile phone, etc.) and for the purpose of exercising rights and obligations from the contractual relationship with a business partner. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).

For the purpose of fulfilling our legal duties, i.e., compliance with applicable regulations and cooperation with competent bodies and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Query submitters

If you send us an inquiry, we collect and process your personal data. We collect and process personal data that you provided during the initial communication, or that we collected during our communication.

We collect and process the following categories of your personal information:

Identification data: name and surname.

Contact information: telephone and/or mobile phone number, e-mail address.

Other data: the content of the communication (if it contains personal data).

We process the above-mentioned personal data for the following purposes and on the basis of the following legal grounds:

For the purpose of making contact and answering your inquiry. In that case, the legal basis for the processing of your personal data is our legitimate interest (Article 6 (1) (f) of the General Regulation).

For the purpose of fulfilling our legal duties, i.e., compliance with applicable regulations and cooperation with competent bodies and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).

Website visitors

If you are a visitor (user) on our website www.zeraxo.com , we collect and process your personal data, which you provided yourself during the visit to our website or which we collected with regard to your activity on our website.

We collect and process the following categories of your personal information:

Information regarding the use of our website: information on access and activities on the Internet, information on interaction with our website, IP address, session ID and the like.

We process the above-mentioned personal data for the following purposes and on the basis of the following legal grounds:

In order to enable your visit and your use of our website and its functionalities (enabling the normal functioning and availability of all parts of our website). In that case, the legal basis for the processing of your personal data is performance of contract (Article 6 (1) (b) of the General Regulation).

In order to improve the functionality and efficiency of our website, as well as personalize its content in accordance with your interests. In that case, the legal basis for the processing of your personal data is your consent (Article 6 (1) (a) of the General Regulation).

For the purpose of fulfilling our legal duties, i.e., compliance with applicable regulations and cooperation with competent bodies and services. In that case, the legal basis for the processing of your personal data is compliance with our legal obligations (Article 6 (1) (c) of the General Regulation).


WEBSITE AND SOCIAL NETWORKS

We use cookies on our website www.zeraxo.com. For more information on the cookies we use and how to manage these cookies, please read our Cookie Policy.

Zeraxo has accounts on some social networks, which can be accessed (among other things) through links on our website.

For now, we have open accounts on the following social networks: https://www.instagram.com/zeraxo.agency/; https://www.facebook.com/zeraxo/ ; https://hr.linkedin.com/company/zeraxo

Our website contains links that lead to our accounts on social networks, whose privacy policies may differ from ours. All information you provide through the social network, as well as all communication that takes place through the social network is at your own risk. Zeraxo is not responsible for the actions of social network users, nor for the actions of the social network itself. Your interaction with the social network in relation to the processing of your personal data is governed by the privacy policy of that social network.


LEGITIMATE INTEREST

Zeraxo uses legitimate interest as the legal basis for certain processing of your personal data. In the previous sections of this Privacy Policy, we indicate for which categories of respondents and personal data and for which purposes we use a legitimate interest as a legal basis.

Prior to the processing of your personal data whose legal basis is our legitimate interest, we take into account your interests and fundamental rights and freedoms, as well as your reasonable expectations about the processing of personal data in our relationship.

Our legitimate interest may vary, depending on which business process is needed, that is which process of personal data processing we are using.


OBLIGATION TO PROVIDE PERSONAL DATA

If the provision of personal data is your legal or contractual obligation or condition necessary for the conclusion of the contract, we will clearly inform you at the place of collection of your personal data whether the provision of personal data is mandatory or not, and what are the possible consequences if you do not provide personal data.


RECIPIENTS OF PERSONAL DATA

In the event that we disclose your personal data to recipients, we take care that we have a valid legal basis and that the business of the recipient of your personal data is in accordance with the General Regulation and other regulations on personal data protection. Also, when applicable, relations with recipients regarding the processing and protection of personal data are regulated in detail by a special contract (in addition to the basic contract).

Recipients of your personal data, among others, can be our processors, who provide us with services necessary for our daily business, such as our external associates who provide us with additional operational support such as maintenance and upgrades of information systems and software solutions, development and maintenance our website and the like.

Recipients of your personal data may, among others, be other independent processors, who provide us with services important to our lawful business and other services necessary for our day-to-day operations, such as providers of services complying with applicable regulations such as legal advice. tax consulting, auditing and the like.

The recipients of your personal data may, among others, be the competent authorities acting within the scope of their legal powers and may process your personal data on the basis thereof. ZORI has a legal obligation to disclose your personal data to the competent authorities as recipients of your personal data (conducting surveillance, conducting inspections, setting or defending legal claims, etc.).


TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

When using certain tools (functionalities) on our website, which we need for our regular business and daily tasks, the transfer of your personal data to third countries may occur. The country to which your personal data may be transferred is the United States of America. The European Commission and the United States of America have reached an agreement in principle on a new transatlantic framework for personal data protection, which should enter into force soon - read more at: https://ec.europa.eu/commission/presscorner/detail/hr/ip_22_2087.

Currently, in the case of a transfer, we use two steps to authorise the transfer in question. The first step consists of identifying the legal basis of the transfer (your consent), while the second step provides additional measures to protect the transfer, all in accordance with the provisions of Chapter V of the General Regulation.


SECURITY OF PERSONAL DATA

Zeraxo implements appropriate technical and organizational measures to protect your personal data when determining the means and methods of processing and during the processing itself, taking into account the latest achievements, implementation costs and the nature, scope, context and purposes of processing.

We are constantly reviewing and improving all our technical and organizational measures to ensure that they are appropriate and up-to-date.

We divide our technical and organizational measures into three groups: measures to ensure confidentiality, measures to ensure integrity and measures to ensure the availability of personal data, and the resilience of our processing systems.

Measures to ensure the confidentiality of your personal data include, but are not limited to, general physical access control, general logical access control, special access control to personal data, separation of personal data and the like.

Measures to ensure the integrity of your personal data include, but are not limited to, control in the case of personal data transfer, control when entering personal data into our processing systems and the like.

Measures to ensure the availability of your personal data and the resilience of our processing systems include, but are not limited to, availability control, resilience of our processing systems, periodic audits, assessments and evaluations of our business in relation to personal data protection and the like.


RETENTION PERIODS

The retention periods of your personal data vary depending on the categories of personal data we process, the purposes and legal bases of the processing of your personal data (criteria we use when calculating the period of storage of personal data). We also always keep the retention period of your personal data to a minimum (the "retention period limitation" principle).

Below are the general retention periods defined by the legal basis for the processing of your personal data, but please be aware that the subject periods may vary depending on the specific processing situations.

If you would like more detailed information about the retention periods of your personal data, you can contact us at our contacts listed in the first point ("Our Information”) of this Privacy Policy.

When the applicable regulations define the period in which we are obliged to retain your personal data, we retain them in the period provided by the applicable regulations and delete them in an additional period of 1 (one) month.

When we have signed a contract with you and when there is no applicable period defined by applicable regulations in which we are obliged to retain your personal data, we retain them for the entire duration of our contractual relationship and delete them within an additional period of 1 (one) month from the date of termination.

When we process your personal data based on the legal basis of our legitimate interest, we retain it for the entire period of our legitimate interest and delete it after an additional period of 1 (one) month from the termination of our legitimate interest.

When we process your personal information based on your consent, we store it until you withdraw your consent. When you withdraw your consent, we will delete your personal data as soon as possible. If you have given us your consent for a certain period, at the end of the period in question, we will delete your personal data as soon as possible.

Certain business documents that may contain some of your personal data (for example, contracts, contract annexes, statements, certificates, etc.) are stored permanently as part of our business documents or for a longer period as proof of the existence and termination of our relationship and for setting, exercising and defending against legal demands.


YOUR RIGHTS

As a respondent whose personal data we process, you have the right to exercise the rights listed and described below. However, you can exercise some rights only under certain conditions in accordance with the provisions of the General Regulation, so those would be exceptions to the exercise of rights. For example, you cannot exercise the right to erasure under certain conditions defined in Article 17 (3) of the General Regulation and the like.

You can exercise your rights by sending a request to our e-mail address zeraxo@zeraxo.com or by sending it by mail to the address of our headquarters - Petrova 53 4, Zagreb, Croatia.

In order to be able to act on your request and provide you with accurate and complete information as soon as possible, please make your request contain the following: necessary information about your identity (name, surname, OIB, etc.), name of rights you want to exercise, detailed description of your request and contact information to which you would like us to send our response.

When applying for the exercise of rights, in case of reasonable doubt about your identity, we have the right to ask you to provide additional information necessary to confirm your identity.

We will respond to your request within one month from the date of receipt of your request. We may extend the deadline by an additional 2 (two) months if it is a complex request or there are more than one of your requests. We will inform you in time about the extension of the deadline for responding to your request and the reasons for the extension.

Right to access information - as a respondent, you have the right to ask us to confirm whether we are processing your personal data and, if we are processing it, access to your personal data and relevant information in relation to them. We also provide you with a free copy of your personal data that we process, if this does not adversely affect the rights and freedoms of others.

Right to correction - as a respondent whose personal data we process, you have the right to obtain a correction of your inaccurate personal data. Taking into account the purposes of processing, you have the right to request the amending of your incomplete personal data, including by giving an additional statement.

Right to erasure ("right to forget") - as a respondent whose personal data we process, you have the right to obtain the erasure of your personal data if one of the conditions of Article 17 (1) of the General Regulation is met. Please note that the right of erasure cannot be exercised under certain conditions defined in Article 17 (3) of the General Regulation.

Right to limit the processing - as a respondent whose personal data we process, you have the right to obtain a restriction on the processing of your personal data if one of the conditions of Article 18 (1) of the General Regulation is met.

Right to portability - as a respondent whose personal data we process, you have the right to receive your personal data in a structured, commonly used and machine-readable format and transfer it to another controller if the processing of your personal data is based on consent or contract and processing is automated.

Right to withdraw consent - as a respondent whose personal data we process on the basis of consent as a legal basis, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of the processing of your personal data on the basis of consent before its withdrawal.

Right to object - as a respondent whose personal data we process, you have the right to object to the processing of your personal data based on your special situation, which we process based on our legitimate interest and/or for direct marketing purposes, including profile creation.