1. Objective of the Policy
1.1. The objective of this Policy is to set forth the privacy and data management principles applied by, and regarded as binding upon, maxcom (“Data Manager”) and the Data Manager’s privacy and data management policy.
1.2. In establishing the present rules, the Data Manager considered in particular the provisions set forth in Act No. CXII of the year 2011 on Informational Self-Determination and Freedom of Information (“Infotv.”) and Act No. CXIX of the year 1995 on the Use of Name and Address Information Serving the Purpose of Research and Direct Marketing.
1.3. Details of the Data Manager:
Company name: maxcom d.o.o.
Abbreviated company name: maxcom
Seat: 42000 Varaždin, Croatia
Registering company court: Varaždin
Company registry number: 070070436
Tax number: 34090513589
European Community tax number: HR34090513589
Web address: https://maxcom.hr
Privacy registry number: National Privacy and Freedom of Information Authority NAIH-68326/2013
2. Scope of personal data managed
2.1. Newsletter: For registered users, obtained in the course of registration: name, phone number, e-mail address, billing address, delivery address and auxiliary details.
2.2. Auxiliary details during the order process: Auxiliary details include data and information not necessarily required for the Data Manager’s activities and, for this reason, not requested by the Data Manager that Users think may help order fulfilment and, in particular, delivery. Auxiliary details do not necessarily pertain to the scope of personal data and data; information or conditions specified as such may by no means whatsoever modify the legal relationship of supply between the User and the Data Manager the rules of which are established in our Terms and Conditions.
2.3. Technical data: Data technically recorded in the course of system operation are as follows: data of the User’s log-in computer (such as IP address, operating system, browser type, etc.) generated during the use of the service and recorded by the Data Manager’s system as an automatic result of technical processes. The data recorded automatically is automatically logged by the system upon log-in and log-out without any separate statement or action of the User. This data may not be linked with other personal data of Users except when required by law. Data may be accessed exclusively by the Data Manager.
The Data Manager uses the following cookies:
– Session cookie: session cookies are automatically deleted after the visit of the Data Subject. The purpose of the cookies is to facilitate a more effective and safe operation of the Data Manager’s website, so they are inevitable for the proper functioning of given features of the website or of given applications.
– Persistent cookie: the Data Manager uses persistent cookies to enhance the user experience (e.g. by providing optimised navigation). Such cookies are stored for a longer period in the cookie file of the browser. The length of this period depends on the browser settings of the Data Subject.
– Cookie used in a password-protected session.
– Cookie necessary for the cart.
– Safety cookie.
The ‘Help’ function to be found in most web browser’s menu provides information on how the Data Subject can do the following in their own browser:
– block cookies
– accept new cookies
– instruct their browser to set up new cookies, or
– turn off other cookies.
3. Legal ground, purpose and method of Data Management
3.1. The legal ground of Data Management is as follows: Voluntary consent of the person concerned pursuant Item a) of Paragraph (1) of Article 5 of the Infotv. Data Management occurs based on voluntary, informed statements by Users of the contents at the https://ctengine.net. Such statement shall include Users’ express consent to the use of their Personal data provided in the course of using the website.
3.2. The purpose of Data Management is to provide the commercial services available at https://ctengine.net.
3.3. The purpose of the data recorded automatically (see Item 2.3) is to ensure provision of the services available at the web pages of the Data Manager, to improve the IT system from a technical point of view and to protect Users’ rights. Data provided by Users in the course of their use of the services may be used by the Data Manager to compile statistics, establish user groups and display targeted contents and/or advertisements to these groups at the Data Manager’s website.
3.4. The Data Manager may not use any Personal data provided to it for any other purpose than those set forth in these items. Personal data may only be disclosed to any third party or authority if the User concerned has preliminarily given his/her express consent unless otherwise stipulated by law.
3.5. The Data Manager shall not verify Personal data provided to it. It is the sole responsibility of the person providing data to ensure that such data is valid. When providing their e-mail address, Users assume responsibility to ensure that exclusively they will use the services from such address. Due to this, all responsibility related to log-ins using an e-mail address shall be borne by the User who has registered that address.
4. Principles Data Management
4.1. The Data Manager manages personal data only for a determined purpose, in order to exercise a right and fulfil an obligation.
4.2. The Data Manager manages any personal data to be able to provide the service only if it is required for the purpose of the Data Management and suitable for reaching that purpose.
5.1. Personal data required by all means for the use of the Data Manager’s services shall be used by the Data Manager based on a consent of those concerned and exclusively for the purpose set forth.
5.2. The Data Manager hereby agrees to manage personal data obtained by it in accordance with the provisions of the Infotv. and the privacy principles set forth herein and not to disclose such data to any third party. As regards data transfer, the following shall constitute exceptions to the provision set forth in this Item:
use of the data in statistically aggregated form that may not contain names of the users concerned or any other data suitable for identification,
within the framework of data transfer required for the Data Manager’s business operations, data transfer to persons performing tasks related to delivery (mail-order and delivery services), as well as invoicing, accounting, debt management, copyright and other right enforcement, and
obligatory data transfer to authorities requesting such data as stipulated by law.
5.3. The Data Manager’s web store system may collect data on Users’ activities which may not be linked with personal data provided by Users upon registration nor with any data generated through the use of other websites or services.
5.4. Prior to the commencement of Data Management, the Data Manager shall inform Users unambiguously and in detail on all facts related to the management of their data, in particular, the purpose and legal ground of data management, the persons entitled to data. Such information covers Users’ rights related to data management and the legal remedies available for them.
6. Duration of Data Management
6.1. Personal data provided by Users shall managed until the User requests its deletion via e-mail or mail.
Personal data shall be deleted within 10 workdays following receipt of the User’s deletion request. In case of unlawful, fraudulent use of personal data, any crime committed by a User or an attack against the system, the Data Manager shall be entitled to delete the User’s data without delay and, at the same time, terminate such User’s registration. Nevertheless, in case of a suspected crime or civil liability, the Data Manager shall be entitled to preserve personal data for the duration of a legal action to be conducted.
6.2. Data recorded automatically in the course of system operation shall be stored in the system for a duration reasonable from the point of view of ensuring system operation but data will be deleted after 6 years the latest. The Company shall ensure that this data recorded automatically may not be linked with other personal data of Users except when required by law.
7. Data processing
7.1. The Data Manager shall not retain any external data processor. It shall process the personal data managed by it on its own. If payment via credit card is selected, the Data Subject is automatically redirected to the payment website where they have to provide the required data to make the payment transaction successful. The Provider is not informed about the data on the payment website, i.e. about the credit card data, these are not provided to the Provider by the Bank, at the same time the Provider does not forward any data to the Bank except for the sum to be paid. To enable payment by credit card, the Data Subject’s browser has to support the SSL encryption.
The Data Manager rents storage for the purpose of storing data from maxcom (HR Zagrebačka 89, 42000 Varaždin) and Google Inc. (USA CA 94043 Mountain View, 1600 Amphitheatre Parkway). No personal data shall be transferred to these companies.
Designation of Data Processors:
Company seat: Varaždin, Croatia
E-mail address: firstname.lastname@example.org
8. Data transfer
8.1. The Data Manager shall be entitled and obliged to transfer all personal data available to it and stored by it according to the rules to competent authorities in case obliged to transfer such data by any legal provision or an authorities’ obligation with binding force. The Data Manager may not be held liable for such data transfer and the consequences thereof.
8.3. In order to verify the lawfulness of data transfer and to inform the persons concerned, the Data Manager shall keep records on data transfers. Such records shall include the date and time of transfer of personal data managed by it, the legal ground and recipient of data transfer, a definition of the scope of personal data transferred, as well as other data set forth in the legal provision requiring Data Management.
9. Users’ rights related to their personal data managed by the Data Manager
9.1. Right to information
Upon request of the User concerned, the Data Manager shall provide information on personal data managed by it and processed by it or a data processor retained by it, the source of such personal data, the purpose, legal ground and duration of data management, the name and address of the data processor and its activities related to data management, as well as the legal ground and recipient of data transfer if personal data of the person concerned is transferred. In order to protect the rights of the person concerned and to create proof of the request for information, it is recommended that information be requested in writing by way of a recommended or return-receipt letter or a registered e-mail sent to email@example.com.
Upon receipt of questions related to Data Management, the Data Manager shall provide information in an easy-to-understand form within the shortest delay possible but not more than 30 days following submission of such request. Such information shall be free of charge if the requester has not submitted another request for information related to the same scope of data during the same year. Otherwise the Data Manager may request reimbursement of its expenses.
The Data Manager may only deny information to the person concerned as stipulated by law. In case such information is denied, the Data Manager shall inform the person concerned on available legal remedies at a court and by contacting the National Privacy and Freedom of Information Authority (“Authority”). The Data Manager shall inform the Authority on denied requests until 31 January of the year following the year in question.
9.2. Data Subject can request deletion, rectification or blocking of their data.
Data Subject has the right to request the rectification or deletion of their incorrectly recorded data via the contact details provided below. The Data Manager deletes the data within 5 working days from the day the request is received, in this case, deleted data cannot be restored. Data that must be retained under law will not be deleted permanently, the Data Manager will retain them until required.
Furthermore, the Data Subject may request the blocking of their data. The Data Manager blocks personal data if the Data Subject requests this or if – based on the available information – it can be assumed that the deletion would violate the rightful interests of the Data Subject. The personal data blocked in this way may only be managed as long as the data management purpose which ruled out the deletion of the personal data persists.
About the rectification, blocking and deletion, the Data Subject and those that received the data for data management have to be notified. Notification may be waived if this with concern to the purpose of data management does not undermine a legitimate interest of the Data Subject.
If the Data Manager does not grant the rectification, blocking or deletion request within 30 days from the date of receipt, they shall communicate the factual and legal reasons of the refusal of the rectification, blocking or deletion request in writing.
9.3 Data Subject can oppose to the management of their personal data
Data Subject can oppose to the management of their personal data. The Data Manager examines the objection as soon as possible but in maximum 15 days, decides about its justification and notifies the applicant in writing about their decision.
If the Data Subject provided data of a third party during the registration or the order process or caused damage in any way while using the website, Data Manager has the right to claim compensation from the Data Subject. In such a case, the Data Manager gives all the necessary assistance to the determining authorities in establishing the identity of the infringer.
10. Available legal remedies
10.1. Users may validate their rights at court based on the Infotv. and Act No. V of the year 2013 (Civil Code). Furthermore, they may request the assistance of the National Privacy and Freedom of Information Authority in any issue related to personal data. In addition, the Data Manager’s employees may also be contacted at firstname.lastname@example.org.
in case of any question or comment related to Data Management.
11. Amendments of the data management policy
11.1. The Data Manager reserves the right to amend this Data management policy any time by its unilateral decisions. Following amendments of this Data management policy, all Users shall be informed appropriately about the modification (in a newsletter, in a pop-up window upon log-in). The service may only continue to be used in case the amended Data management policy is accepted.