PRIVACY POLICY RENAISSANCE CAPITAL

Members of the RENAISSANCE CAPITAL Group, as managers of your personal data, use and protect all information that Users provide when using the website https://www.renaissance.hr and our other services, especially with regard to the processing of personal data in the provision of their services.

Personal data is any information relating to a specific or identifiable natural person. In particular, personal data is considered to be all data that establishes the identity of the user (for example, name and surname, e-mail address, address of residence, etc.).

Processing is any operation or set of operations carried out on personal data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, withdrawal, consultation, use, disclosure by transmission, publication or otherwise made available, classification or combination, blocking, erasure or destruction, and the performance of logical, mathematical and other operations with that data.

How we collect your personal data

We collect your personal data in the following cases:

• when registering on our site with your personal data via the application form for the procurement process;
• when submitting documentation through our website in procurement procedures;
• when browsing our site (IP address, domain name, browser type, number of visits, time spent on the site);
• if our partners provide us with your data in a permitted manner.

What personal data we collect

In the above cases, we collect the following personal data:

• Name and surname;
• Address;
• OIB (other personal identification number assigned in the country where the person has residence / stay);
• Working place;
• E-mail (which includes the person's first and/or last name);
• Telephone number;
• Account number (if the account number of a natural person is submitted);
• Internet IP address;
• domain name;
• browser type;
• number of visits;
• time spent on the pages.

How data can be used

The use of personal data in accordance with the regulations on the protection of personal data must be justified on the basis of one of the legal bases. Below we set out the basics for the use of the personal data we collect through the website.

The justified grounds for data processing are, inter alia:

• legitimate interest;
• contractual obligation;
• legal basis;
• сonsent;

We use processing based on legitimate interest to promote and provide information about our services, in order to maintain the highest standards of sales of products from our offer. The fundamental rights and freedoms of existing and potential users are measured in relation to our interest in processing data for this purpose.

Personal data may be transferred to third parties provided that there is a justified basis for the transfer, such as service fulfillment, forwarding of data concerning and relating to our group members, transportation and so on.

Consent for direct marketing, which would eventually be requested from you, can be withdrawn at any time.

We are subject to and comply with the laws of the Republic of Croatia, as well as supranational regulations, including providing your information to law enforcement authorities, regulatory and judicial authorities, and third parties to litigation in connection with proceedings or investigations anywhere in the world where required. Where permitted, we will directly make such a request to you or notify you prior to responding, unless this could affect the prevention or detection of crimes.

Providing personal data for the purpose of compliance with binding requests for your data is a legal obligation that depends on the specific request.

How we keep your data safe

We use a variety of security measures, including encryption and authentication, to protect and maintain the security, integrity and availability of your data.

Among other things, we use the following measures:

• strictly limited personal access to your data on the basis of "necessary access";
• secure transfer of collected data;
• installing firewalls on IT systems for the purpose of prohibiting unauthorized access;
• permanent monitoring of access to IT systems in order to detect and prevent misuse of personal data.

All your data is stored on our secure servers and the secure servers of our partners and accessed and used in accordance with our policies and security standards. The protection of the privacy of your data is permanent, and we take all measures necessary to protect it. We process personal data in a secure manner, including protection against unauthorized or unlawful processing and loss.

By registering or filling out any contact form on the https://www.renaissance.hr website, we will ask for consent to process your personal data listed in the contact form for a specific purpose(s). The purposes we can highlight in the contact forms require separate consent each separately.

We undertake to protect the privacy of your personal data and to treat them in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and the Act on the Implementation of the General Data Protection Regulation (OG 42/2018) and other applicable regulations. The collected personal data of users and visitors of the website must not and will not be unauthorized to use or make available to third parties, except in cases where a special law allows it, if it constitutes our legal obligation or is necessary for the purpose of fulfilling contractual obligations.

We undertake not to misuse personal data from registration forms or collected through cookies, nor to hand them over to third parties without your permission, except in cases where the law expressly prescribes this and in cases where it is necessary to fulfill obligations. Personal data is considered to be all data used to determine the identity of the User (for example, first and last name, e-mail address, residential address, etc.), and which is used to carry out the procurement process in which you signed up via registration on our site, or which site collected about you as site visitors through the Cookies that our site uses, and the use of which you agreed to by managing the settings of our Cookies.

All user information is strictly confidential and available only to employees who need this information to perform their job. All employees and business partners are responsible for respecting the principles of privacy protection. We undertake to protect your personal data by collecting only the basic data that is necessary to fulfill the purpose of the given consent or legitimate interest, contractual or legal basis. The data that are automatically recorded by accessing the website (IP address, domain name, browser types, number of visits, time spent on the site, etc.) will be used exclusively for the purpose of evaluating the number of visitors to the website and to improve its content and functionality, i.e. for statistical purposes.

We inform Users about how to use the collected data and use it for marketing campaigns exclusively according to specially obtained consent.

According to applicable national and supranational legislation, in order to protect the confidentiality of personal data, we undertake in particular to:

• treat your data in accordance with the law and in good faith;
• collect data exclusively for specific and lawful purposes;
• not forward the data to any third party without your prior consent;
• do not forward personal data to a country outside the EU if that country does not ensure an adequate level of data protection;
• ensure adequate, secure storage of personal data, in such a way that it does not exceed the purpose for which the data were collected and for which they are processed;
• ensure the accuracy of personal data;
• ensure the processing of personal data only for the time and purpose for which it is necessary;
• take all necessary and appropriate technical and organizational measures to prevent the destruction, damage or loss of personal data of the User.

Your rights are as follows:

• Right of access to data. You have the right to request information whether we process your personal data, what data we process and to request access (insight) to your personal data that we process. If there is a larger amount of data, we could request a more precise specification of the request for the submission of certain groups of data.
• Right to rectification. If you notice that we process inaccurate or incomplete data about you, or you wish to change them, you have the right to request the rectification of this data or the completion of incomplete personal data. In order to ensure that we always process only accurate personal data, it is necessary to inform us without delay any changes thereof.
• Right to erasure (oblivion). Deletion of personal data may be requested for example if you have withdrawn your consent to the processing of certain data, when your personal data are processed unlawfully or when they are no longer necessary in relation to the purposes for which they were collected or processed in any way. However, please take into account the fact that we will not be able to delete the data if it is necessary to fulfill legal obligations, contractual obligations or other legal grounds under the General Data Protection Regulation.

In all situations where possible, we will irrevocably delete all your personal data from our systems and leave only general statistics that cannot be linked to your identity.

• Right to restriction of processing. You have the right to obtain the restriction of the processing of your personal data, which may be requested for example if you have objected to the processing of the data, if you doubt the accuracy of the personal data being processed or the lawfulness of their processing, but you do not want these data to be erased, or if they are still necessary to achieve legal requirements.
• Right to data portability. If the processing is based on your consent or is carried out for the purpose of performing a contract concluded with you, and at the same time it is performed by automated means, you have the right to receive your personal data that we have received from you. If you request this, we will transfer your personal data directly to another controller, if this is technically feasible.
• Right to object.At any time, given your particular situation, you are authorized to object to the processing of personal data relating to you, which is why we will restrict the processing thereof. We will also delete this data and stop processing it, unless we prove that there are reasoned and justified legal grounds for retaining it. In addition, at any time you have the right to object to the processing of your personal data for direct marketing purposes. After submitting the complaint, your personal data will cease to be processed for the stated purpose.
• Right to withdraw consent. If the processing of your personal data is based on your consent, you have the right to withdraw it at any time, without any negative consequences.

In case you no longer want us to process your data in any way, request the deletion, correction or transfer of your data, please inform us of this by e-mail to the e-mail address of the Data Protection Officer: [email protected]. The officer may contact you to verify the authenticity of the request.

At any time, you can ask us to:

• possibility of access to the Privacy Policy;
• confirmation of whether the data is processed in relation to you and the possibility of viewing the personal data contained in the personal data storage system;
• forwarding your personal data contained in the data storage system;
• providing lists of third parties to whom personal data have been transferred, when they were transferred to them, on what basis and for what purpose;
• providing information on the sources on which the records are based which personal data the storage system contains about the individual and the method of processing;
• providing information on the purpose of the processing and the type of personal data being processed, as well as any necessary explanations in this regard;
• explanation of technical or logical-technical decision-making procedures if performs automated decision-making processing of personal data of an individual.

The retention period for User data submitted through the registration form lasts 5 (in letters: five) years, or until the request for deletion is received by the individual to whom the personal data refers, after which the personal data is deleted. We keep personal data for longer than the specified period only if this is binding under the current regulations in the Republic of Croatia or supranational legislation.

For analytical purposes, we keep the data indefinitely.

Personal data that is no longer needed is either irreversibly anonymized or destroyed in a secure manner.

If you object to the processing of your data, you can file your complaint with the competent state authority, i.e. the Personal Data Protection Agency, Zagreb, Selska cesta 136, in accordance with the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.