ENHR
Get In Touch
Language:
ENHR
 Get In Touch

Privacy Policy

1. General Information

Last Revision:

Data Controller: Iteratio d.d., located at Slavonska avenija 24/6, Zagreb.

Application of the Privacy Policy: to all personal data of users that we collect and process, either directly or through our partners. This policy does not apply to anonymous data (i.e., data that cannot be linked to a specific individual).

Definition of Terms:

  • personal data – any information relating to an individual whose identity is established or can be established (“data subject”);
  • data processing – any operation or set of operations performed on personal data or on sets of personal data

Legal Basis:

The laws governing the collection and processing of personal data are:

  • The Personal Data Protection Act
  • Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data – EU GDPR
  • The Act on the Implementation of the General Data Protection Regulation

Supervisory Authority in the Republic of Croatia: Croatian Personal Data Protection Agency

The procedure for exercising rights arising from the legal obligations of the data controller:

  • In writing, to the address:
    Attn: Data Protection Officer
    Iteratio d.d.
    Slavonska avenija 24/6
    10000 Zagreb

  • By email: gdpr@iteratio.hr

 

2. Collection and Processing of Data

Method of Data Collection:

We collect information because:

  • there is a legal basis (regulated by law or contractual obligation),
  • we have obtained consent for a specific purpose
  • we need to provide you with a service after you have purchased products or services from us.

Iteratio collects your personal data in the following ways:

  • Directly:
    • if you contact us directly, e.g., through the website iteratio.hr to request information about our products and services, or if you have reached out to us via email.
    • if you purchase a product or service from us
    • through business contact or communication
    • because you have applied for a job.
  • Through marketing activities – if we collect your data as part of a marketing campaign, e.g., by entering information on our website or during one of the marketing events we organize.
  • Through a network of business partners – if our business partners have forwarded your personal data to us, collected and shared in a permitted manner.
  • if we have obtained your personal data from other sources (e.g., from publicly available registers).

If you are providing us with data on behalf of another person, you must ensure that the person is aware of these rules before doing so. If you are under the age of 16, please do not provide us with any data without the consent of a parent or guardian.

What data about you may be collected and processed

Iteratio d.d. may collect the following types of data about you, depending on the type of business collaboration and method of communication:

  • Contact details – first name, last name, address, contact number, email address.
  • Personal data – date of birth, marital status, family members, driver’s license (category), ID card number, occupation.
  • Use of the website – the way you use our site, including information collected through cookies and other tracking technologies (e.g., IP address, device and/or operating system or web browser information you use, your URL, parts of the website you visit, time spent on our website, etc.).
  • Photographs and videos – in the case of product presentations, events, and other similar activities, we may capture photographs or video recordings that we later publish on the Iteratio d.d. website and social media platforms.
  • Sales and service data – information about the purchase, including the customer’s identity, contract/invoice number, as well as data required for product delivery (name, surname, delivery address), including customer complaints and requests.
  • Data we receive from third parties – we may receive some of your data from third parties (e.g., business partners, credit reporting agencies, marketing agencies, etc.) with whom we collaborate. Additionally, we may obtain your data from other websites we manage or partners we have authorized to collect it on our behalf.
  • Cookies – more details can be found in the Cookie Policy.

Why do we collect your data?

Iteratio d.d. collects and manages personal data for the purpose of a sales relationship for products and services from its own offering, post-sale activities, to fulfill legal and regulatory obligations, as well as for the purpose of achieving its legitimate interests in lawful business operations.

In this way, Iteratio d.d. collects and processes personal data for one of the following reasons:

  • To carry out post-sales activities after you have purchased a product or service from us or our partners, such as warranty service. Providing personal data (e.g., serial number of the device) for the purpose of servicing the device is a contractual obligation, and failure to provide this data may affect the proper execution of the contract or even make it impossible to fulfill.
  • Marketing activities – To inform you about new products and services after you have shown interest and given us your consent. You can withdraw your consent at any time.
  • To inform you about the products or services you have purchased from us, or related products or services, provided you have given us your consent. You can withdraw your consent at any time.
  • Sales support – responding to inquiries and providing information and offers. Iteratio d.d. may use your purchase history or previous interests to assess which news might interest you the most and contact you regarding those offers in line with your interests, provided you have given us your consent for this. You can withdraw your consent at any time.
  • For managing the contractual relationship.
  • For managing and receiving complaints, grievances, and claims.
  • In order to hire you or consider you for employment.
  • Legal Obligations of Iteratio d.d. – This includes the transfer of your personal data for the purpose of complying with our legal obligations to law enforcement authorities, regulatory bodies, and judicial authorities. This may involve providing your data to law enforcement authorities, regulatory bodies, and judicial authorities, as well as third parties involved in legal proceedings or investigations.

Transfer to Third Parties

Iteratio d.d. will not share your personal data with third parties except in the cases specified in this section and when required by applicable regulations. When necessary for the execution of a contract for the purchase of products or services based on your order and for the performance of service activities, we will share personal data with:

  1. To delivery service providers with whom we have a permanent contract for the purpose of fulfilling orders, delivering packages, and sending mail and email correspondence. For this purpose, the following data is shared: first name, last name, address.
  2. To equipment manufacturers to whom a minimal set of necessary data (such as the serial number of the device) is forwarded for the purpose of servicing the device under warranty.
  3. To partner companies that are part of daily business processes and, due to the nature of their activities, have access to personal data collected by Iteratio d.d.

Storage and Security of Your Data

We store all your data exclusively in data centers located within the European Union or the European Economic Area. In doing so, we use various security measures, including encryption and authentication, to protect and maintain the security, confidentiality, and integrity of your data. For activities where we use external partners, we require them to adhere to high security standards, such as ISO 27001.

We also use the following measures, such as:

  • strictly limited personal access to your data based on the principle of “need to know,” and solely for the purposes you have been informed about,
  • secure transfer of collected data,
  • Setting up firewalls on IT systems to prevent unauthorized access, and
  • Continuous monitoring of access to IT systems for the detection and prevention of personal data misuse.
  • Continuous measures for monitoring and improving the security of the information system.

How long do we retain your data?

The primary principle is that we will retain your data for as long as necessary to fulfill the legitimate purpose, unless applicable regulations require a longer retention period for a specific purpose.

We will retain your data:

  1. For as long as defined by legal regulations.
  2. As long as we have a valid reason for retention.
  3. Until you request the cessation of data usage.

We may retain the minimum amount of data necessary to demonstrate that we have acted on your request to stop using your data or to delete it. For example, even after you have requested it, we are required to retain your data deletion request, even if it contains your personal data.

Personal data that is no longer needed is either irreversibly anonymized or securely destroyed, depending on the method of storage.

 

3. Exercising Your Rights

Your Rights:

Iteratio d.d. respects your legal rights concerning personal data. These are the rights you have and what Iteratio does to protect them:

Legal Right What Iteratio Does to Protect Your Rights
Right to Information Iteratio publishes its Privacy Policy to ensure you are informed about how we handle your data. We strive to be transparent in our use of your data.
Right of Access You have the right to access your data. Please contact our Data Protection Officer at gdpr@iteratio.hr if you wish to know what information we have about you.
Right to Rectification If the information we hold is inaccurate, please contact our Data Protection Officer at gdpr@iteratio.hr so that we can correct it.
Right to Erasure (Right to be Forgotten) If you would like us to delete your data and stop using it for purposes to which you have given consent, please contact our Data Protection Officer at gdpr@iteratio.hr.
Right to Restrict Processing You have the right to request how we process your data. In such cases, we may retain the data but are not permitted to process it. If you wish to restrict the processing of your data, please contact our Data Protection Officer at gdpr@iteratio.hr.
Right to Data Portability We are required, upon request, to provide you with your personal data in a way that allows you to reuse it easily and securely. Please contact our Data Protection Officer at gdpr@iteratio.hr to exercise your right or to obtain further information. We can only provide data that we have collected with your consent or to fulfill a contractual obligation.
Right to Object You have the right to object to the use and processing of your data. Please contact our Data Protection Officer at gdpr@iteratio.hr to exercise this right.
Right to Lodge a Complaint with a Supervisory Authority If you believe that Iteratio d.d. is not handling your data in a lawful and secure manner, and you are unable to resolve your concerns and/or issues with us, you have the right to file a complaint with the Supervisory Authority (Croatian Personal Data Protection Agency – AZOP, www.azop.hr).