15
N/A

Privacy Policy

We value your privacy and place special importance on the protection of your personal data. Therefore, with this document, we aim to clarify how we handle the personal data we process.

Introductory Provisions

We collect and process your data solely for the purpose of providing our services at a high level of quality, in a lawful, fair, and transparent manner. We process only those data that are necessary for the provision of a specific service, taking care to ensure their appropriate protection.

Such personal data primarily relate to natural persons with whom ANINDOL d.o.o. has a business relationship or a legitimate interest in contacting them (clients, suppliers, business contacts, employees, etc.).

When the need to process your personal data ceases, we delete all personal data or anonymize them using appropriate technical solutions for the sole purpose of statistical use.

We collect and process personal data in accordance with our values and principles, this privacy policy, and applicable European and Croatian regulations relating to personal data protection.

This privacy policy applies equally to personal data in digital or electronic form, as well as to personal data in printed (paper) form, regardless of whether they are a printout of a digital or electronic record.

Terms used in this privacy policy that have a gender meaning shall apply equally to both male and female genders.

Principles

When processing personal data, we are guided by the principles and rules established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

When processing personal data, we observe the obligation to maintain professional secrecy as regulated by the law of the European Union and the Republic of Croatia.

We process personal data:

  • lawfully, fairly, and transparently;
  • for specific, explicit, and legitimate purposes;
  • using only accurate, up-to-date, adequate, and relevant data limited to the purpose for which they are processed;
  • only for as long as necessary to achieve the purpose of processing; and
  • by protecting them against any unauthorized or unlawful processing and against accidental loss, destruction, or damage.

We process personal data of persons under 16 years of age only on the basis of consent given by a parent or guardian and only to the extent and scope in which such consent has been given.

Confidentiality and Security

We treat all personal data with confidentiality, ensuring an appropriate level of security and protection. Under no circumstances do we unlawfully collect, process, or otherwise use personal data.

Employees of ANINDOL d.o.o. protect personal data as a business secret, even after termination of employment.

Employees of ANINDOL d.o.o. process only those data for which they are authorized, in the manner and within the limits of their authorization, i.e. solely for the purpose for which the data were collected or are being processed.

In handling personal data, we follow the “need-to-know” principle to ensure that only authorized employees have access to specific personal data for a defined period of time.

Before introducing new technologies that may be used for processing personal data, we conduct a thorough analysis and adjust technical and organizational measures to ensure the application of the highest standards of personal data protection.

Guidelines for Employee Conduct

Employees of ANINDOL d.o.o., in their daily work, are guided by this privacy policy and applicable regulations relating to personal data protection.

Access to personal data is granted exclusively to employees of ANINDOL d.o.o. who require such access for the performance of their duties. Personal data will not be shared informally among employees; each access must be requested from the person responsible for the specific task or the person who issued the instruction.

ANINDOL d.o.o. organizes training at least once a year or otherwise appropriately informs its employees of their obligations and regulations relating to personal data protection, and ensures the application of good data protection practices in accordance with the recommendations of the Croatian Personal Data Protection Agency and other competent authorities in the European Union and Croatia.

Employees take appropriate organizational and technical protection measures to minimize risks to personal data, in particular:

  • using strong passwords known only to them and not shared with third parties;
  • regularly checking the accuracy and relevance of personal data, and deleting or anonymizing data that are no longer needed or cannot be updated;
  • locking computers used for processing personal data when left unattended;
  • ensuring that personal data to which they have access are not disclosed to unauthorized persons, regardless of whether they are employees of ANINDOL AUTOMOBILI d.o.o. or not; and
  • seeking advice or assistance from the responsible person when in doubt regarding any aspect of personal data protection.

Data Storage

We pay attention to the method of data storage, regardless of whether the data are stored on paper, in digital/electronic form, or in any other format.

Personal data stored on paper, including printouts of data otherwise kept in digital or electronic form:

  • are kept in locked drawers or filing cabinets accessible only to authorized persons when not in use;
  • must not be left in visible places or where unauthorized persons could access them; and
  • are destroyed using a shredder or another appropriate technical method when no longer needed.

Personal data in digital or electronic form are protected against unauthorized access, accidental alteration or deletion, and unauthorized system intrusion:

  • by using strong passwords that are regularly changed and known only to authorized persons;
  • if stored on portable media (e.g. CD, DVD, USB stick, portable HDD), such media are kept in secure locations accessible only to authorized persons;
  • storage is carried out exclusively on official media, servers, or selected cloud services that apply appropriate organizational and technical protection measures;
  • servers containing personal data are located in secure locations accessible only to authorized persons;
  • regular backups are performed to ensure data integrity, accuracy, and reliability;
  • personal data are not stored directly on mobile devices unless necessary for contract performance and only to the extent and duration required;
  • employees do not store personal data on their private devices or media; and
  • all servers and computers are protected by appropriate technical safeguards such as encryption and firewalls.

Data Processing

We process all personal data lawfully, in accordance with the conditions, principles, and standards of the General Data Protection Regulation and national legislation. Processing is primarily based on consent, contractual necessity, or legal obligations.

We do not process special categories of personal data, except in relation to employees, where such data are processed with explicit consent or for the protection of rights under labor and social security law.

ANINDOL d.o.o. does not use automated decision-making, including profiling, that would produce legal effects or significantly affect individuals.

We primarily collect personal data directly from the data subject and always inform them about the purpose, reason, and legal basis for processing.

Appropriate safeguards are applied to every transfer of personal data, taking into account the type of data and associated risks.

Personal data may be transmitted electronically with appropriate protection measures to prevent unauthorized access.

We will never disclose your data to third parties without your explicit, clear, and unambiguous consent.

Exceptionally, personal data may be disclosed to competent authorities when required by law, to protect vital interests, or upon a court order.

When acting as a data processor, ANINDOL d.o.o. ensures appropriate technical and organizational measures and processes data only according to the controller’s instructions.

International Data Transfers

We do not transfer personal data to third countries or international organizations, except in legally prescribed cases or with your explicit consent.

  • based on adequacy decisions of the European Commission;
  • with appropriate safeguards such as binding corporate rules or approved codes of conduct; and
  • with ensured legal protection for data subjects in the third country.

Accuracy and Updating of Personal Data

We ensure data accuracy through appropriate measures and encourage updates. Inaccurate or outdated data that cannot be corrected are deleted.

Retention and Deletion

Personal data are retained only as long as necessary or required by law and are then deleted or anonymized.

Data Subject Rights

Data subjects have rights to access, rectification, erasure, restriction, and withdrawal of consent. Requests can be submitted via email at info@anindol.hr.

Information is provided free of charge, except in cases of excessive or repeated requests, where a minimum fee of EUR 20 may apply.

You may also file a complaint with the competent supervisory authority.

This privacy policy is updated as needed, at least once a year.

In Zagreb, January 1, 2020

 

---

This text has been thoughtfully translated with the support of AI tools to ensure clarity and accessibility. While every effort has been made to preserve a natural tone, you may notice subtle nuances in expression.