Politika privatosti -

Data protection and privacy rules

Adaptivo Cibus d.o.o., Maretićeva ulica 16, 10000 Zagreb, a company providing food preparation and serving services, (hereinafter the company) respects the privacy and protects the personal data of its users or other persons with whom it establishes business cooperation, and whose personal data it collects and processes in its daily business.

The data protection and privacy rules are a basic document that describes the purpose and goals of collecting, processing and managing personal data, as well as ensuring an adequate level of data protection (hereinafter: 'Rules'). In order to ensure fair and transparent processing, the company provides you with clear information about the processing and protection of personal data that it collects and processes, and enables simple supervision and management of personal data and consents.

The rules were formed in accordance with the current regulations, Regulation (EU) 2016/679 of the European Parliament and Council - General Data Protection Regulation - GDPR and the Law on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

The company has appointed a data protection officer who can be contacted at the e-mail address info@adaptivocibus.hr.

DATA WE COLLECT

1.1. While visiting our website

You can visit our website and store without providing any information about yourself. In this case, we will collect technical access data that your browser will automatically transmit to our server(s) when browsing our web pages. Access data includes the following information:

– time and date of access
- time and date of access
– content of the request
– information about the used browser and operating system (versions, language settings)
– online identification data (e.g. IP address, device identification, session IDs)
– error messages, where applicable (if the requested content cannot be displayed)
– the last visited page on which you were redirected to our site via a link

When you visit our website, your access data will be automatically stored in the log files of our server(s) and subsequently anonymized by shortening or deleting your IP address. After this procedure, it will no longer be possible to draw conclusions about your person based on the server's log files.

1.2. Cookies policy

The website uses cookies to improve your user experience. A cookie is a standardized text file that your web browser stores on your computer for a period of time specified by the cookie provider. Cookies enable local storage of information such as language settings, shopping cart contents and temporary identification features that can be recalled during subsequent visits to the website to restore the appropriate settings selected by the user during the previous visit. This information can only be saved if you, as a user, enable it. Websites cannot access information without your permission and cannot access other files on your computer.

When you first visit our website, you will independently choose whether you want to store cookies on your computer and thus fully manage the process of using cookies.

You can review and delete the cookies used in your browser's security settings. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or any cookies at all.

1.3. During the order lecture

We will collect information about the products you order, as well as information collected directly in connection with the fulfillment of your orders. The data for order execution are as follows:

– information about the ordered products, such as item numbers and sizes
- name and surname
- address for delivery of goods
- e-mail address
- mobile phone number to contact for delivery
– payment information
- data on returns and complaints (e.g. reasons for return, notification of defects)
– order numbers
– shipment tracking numbers
– company name and contact person, company address and OIB (if you requested an R1 account)

1.4. When you contact us

We will collect the communication data you fill in when you contact us via the contact form on our website, by e-mail, telephone or otherwise. Depending on the channel you use, this may include e.g. contact details (e.g. email address or phone number) and the content of your message. Telephone conversations with users are not recorded.

We will also use the offers provided by social networks such as Facebook and Instagram to interact with our customers. Please note that the company has no influence on the terms of service of social networks or their data processing policies. Therefore, be sure to check the personal data you submit to us via social networks.

METHODS OF USING COLLECTED DATA

2.1. Website visit

When you visit and browse the website, we will process access data, server log files and cookies that are collected in this context in order to make our website, its contents and the functionalities you use available to you, and to ensure the stability and security of our IT system and databases.

The legal framework for the legality of data processing when visiting websites and shopping is Regulation (EU) 2016/679 of the European Parliament and Council - General Data Protection Regulation - GDPR, Article 6, paragraph 1, indent f - processing necessary for legitimate interests - technical availability of the website.

2.2. Ordering products and execution of sales contracts

We process your data in order to perform the contracts we have entered into with you and to provide you with the services and products you have requested. The purpose of the processing is based primarily on the specific contents of the contract. Additional details on the purpose of data processing can be found in the General Terms and Conditions of Use of the Web Store.

The legal framework for the legality of data processing when processing an order and executing a sales contract is Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR, Article 6, paragraph 1, subparagraph b - processing necessary for the conclusion and contract execution.

2.3. Customer support and communication within the relationship with existing customers

We process your data with the aim of providing customer support in the use of websites. This may include the following, for example:

- processing your requests that you sent to our customer service
– service communication of a non-commercial nature (e.g. security information and technical support)

2.4. Payment processing

Depending on the selected payment method, the data required for the payment will be forwarded to the contractual partner who executes the payment. The billing service provider collects data within its own application, in which case the service provider's privacy notices apply. The company does not have access to the data required for payment, nor does it store it.

The transfer of your data to external payment service providers is based on Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR, Article 6, paragraph 1, indent b - processing necessary for the conclusion and performance of the contract.

2.5. Internal marketing research, optimization and improvement of the offer

We will use the information you enter (eg information about products ordered, returns) for internal statistical purposes and for market research purposes. Before use, we will anonymize the information by removing all personal information, eg replacing your name and other information suitable for identification with random information.

In this way, we can measure which pages of our web store and products are popular, which devices our users generally use and from which regions our website is accessed. The collected data helps us continuously optimize the existing offer and develop new functionalities and services.

The legal framework for the legality of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR, Article 6, paragraph 1, subparagraph f - processing necessary for legitimate interests - improving the functionality of the website and the quality of the offer.

WEB ANALYSIS

3.1. Google Analytics

Our website uses the web analysis function "Google Analytics" provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ('Google'). Google Analytics uses cookies valid for 14 months to collect your access data when you visit our website. Google combines the access data for this purpose into pseudonymous user profiles and transfers them to a Google server located in the USA after the first anonymization of your IP address. Therefore, we cannot determine which user profiles are associated with a particular user. This means that we can neither determine nor determine how you use our website based on the data collected by Google. In addition, Google uses the privacy protection for the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) in case personal data is sent to the USA in exceptional cases. Google therefore guarantees European data privacy principles when processing data in the USA.

Google will use the data collected by cookies on our behalf so that we can analyze the use of our website and webshop and form reports on the activities and use of our website. For more information, see the Google Analytics Privacy Policy. (LINK: https://support.google.com/analytics/answer/6004245?hl=en)

You can opt out of Google web analytics at any time using one of the following options:
– you can set your browser to block Google Analytics cookies
– you can adjust your Google ad settings in Google
– you can install the opt-out plugin at the following link: opt-out of Google Analytics
(LINK: https://tools.google.com/dlpage/gaoptout/)

The legal framework for the legality of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR, Article 6, paragraph 1, subparagraph f - processing necessary for the purposes of legitimate interests - analysis of how users use the website.

3.2. Facebook

For marketing purposes, our website uses so-called conversion and retargeting tags (Facebook pixels) of the social network Facebook, services of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (‘Facebook’). We use Facebook pixels to analyze the general use of our websites and the effectiveness of Facebook ads ('conversion'). We also use Facebook pixels to show you customized ads based on your interest in our products ('retargeting'). For this purpose, Facebook processes data collected on our websites through cookies and similar technologies.

Facebook may send data collected in this context for analysis to a server located in the USA where the data is stored. Facebook uses privacy protection for the EU-US area in the event that personal data is sent to the USA, the so-called Privacy Shield (LINK: https://www.privacyshield.gov/)

If you have registered with Facebook and set the privacy settings of your Facebook account, Facebook can additionally connect the data collected about your visit to our website to your Facebook account and use it to place targeted Facebook ads. You can review and change the privacy settings of your Facebook profile at any time.

If you opt out of data processing by Facebook, Facebook will only display general Facebook ads that have not been selected on the basis of data collected about you.

You can find more detailed information about the processing method performed by Facebook on Facebook's privacy policy. (LINK: https://www.facebook.com/about/privacy/)

CASES IN WHICH WE WILL SHARE PERSONAL DATA

Basically, we will only share your information if:

- you have expressly consented to this in accordance with Article 6, paragraph 1, indent a, Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR
- sharing is necessary according to Article 6 paragraph 1 subparagraph f in order to establish, exercise or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in not sharing your data
- sharing is necessary to comply with the legal obligation from Article 6 paragraph 1, subparagraph c or e, General Data Protection Regulation GDPR, especially if we are obliged to provide information to a public body
– sharing is permitted by law and necessary under Article 6 paragraph 1, subparagraph b General Data Protection Regulation, GDPR in order to perform a contract with you or to take actions according to your request before entering into a contract.

Some of the data processing described here may be carried out by external service providers acting on our behalf. The service providers mentioned in this document may include, computer centers that store and maintain our websites and databases, IT service providers that maintain our business systems, as well as consulting companies.

If and to the extent that we share data with our service providers, this data may only be used for the purpose of performing their services. The processing of your data by contractual service providers will take place within the framework of the processing and execution of your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council - General Data Protection Regulation - GDPR. Contract service providers are carefully selected business partners. They are contractually bound by our instructions, implement appropriate technical and organizational measures to protect the rights of data subjects and are subject to regular supervision by us.

HOW LONG YOUR DATA WILL BE STORED

Unless otherwise stated herein, your data will only be stored for as long as is necessary to fulfill our contractual or legal obligations or the purpose for which the data was originally collected or for as long as we have a legitimate interest in storing such data.

In all other cases, your personal data will be deleted, except for data that we have to keep in accordance with legal retention periods. However, in such cases we will limit data processing, i.e. your data will only be used in accordance with legal obligations.

Normally, your order and payment information and other information, if applicable, are subject to legal retention obligations, so we are required to retain such information for up to ten years.

Even if the data is not subject to legal retention obligations, we may refrain from deleting your data in cases permitted by law and instead limit its processing. This can be applied especially in those cases in which this data can be requested for further processing of the contract or for the exercise of rights or for the purpose of legal defense. The duration of the processing limitation will depend on the legal limitation periods.

YOUR RIGHT TO DATA PROTECTION

You can contact our data protection officer at any time to exercise your legal data protection rights described below (contacts above in the introductory text).

You always have the right to receive information about our processing of your personal data. When providing such information, we will explain the data processing process and provide you with an overview of your personal data that we store.

If any of the data we have stored is incorrect or no longer current, you have the right to request correction of the data.

You can also request data deletion. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for the stated legal purpose.

You can also restrict data processing, for example, if you believe that the data we store is inaccurate.

You have the right to data transfer, i.e. at your request we will provide you with a digital copy of the personal data you have provided to us.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory body is the Personal Data Protection Agency, Martićeva 14, 10000 Zagreb, e-mail: azop@azop.hr.

RIGHT TO WITHDRAW CONSENT AND RIGHT TO OBJECT

If you wish to exercise your right of withdrawal or objection below, send a notification to the Data Protection Officer at the contact information provided in the introductory part of the text.

7.1. Withdrawal of consent (consent)

Article 7 paragraph 3 of the General Data Protection Regulation GDPR (EU) 2016/679 gives you the right to withdraw any consent (consent) you have previously given. This means that in the future we will no longer continue data processing that was based on your consent. Withdrawal of your consent will not affect the lawfulness of processing based on consent prior to its withdrawal.

7.2. Objection to the processing of your data

If we process your data on the basis of legitimate interests in accordance with Article 6 paragraph 1, subparagraph f of the General Data Protection Regulation GDPR (EU) 2016/679, you have the right, based on Article 21, to object to the way your data is processed if there are reasons for this arise from the specifics of your situation or if the objection is directed against direct advertising.

DATA SECURITY

We use all appropriate technical measures to ensure data security, and in particular to protect your data from risks during data transmission, as well as from unauthorized access by third parties. These measures will be adjusted from time to time in accordance with the latest developments. In order to secure the personal data you enter on our website, we use a secure transport protocol (SSL) that encrypts your data during transmission.