The Privacy Policy of BebaBox d.o.o., Savska cesta 106, Zagreb, Croatia protects the privacy of its clients, employees, business partners and other persons with whom it realizes business cooperation and handles concerns about personal data by the General EU Regulation on the Protection of Personal Data 2016/679/EC (Regulation) and the Law on Implementation of General EU Regulation on the Protection of Personal Data NN 42/2018. The Privacy Policy of BebaBox d.o.o. obliges the processing of personal data to be carried out solely according to the principles of the Regulations.
BebaBox d.o.o. respects the privacy and protects personal information of our users, employees, business partners, and other individuals with whom they have entered into a business cooperation and whose personal data is collected and processed as part of our daily business activities.
A Privacy Policy is a fundamental act that describes the purpose and objectives of collecting, processing and managing personal data within BebaBox d.o.o.
This Policy defines basic principles and rules for the protection of personal data in accordance with business and security requirements of BebaBox d.o.o. as well as legal regulations, best practices and internationally accepted standards. In order to ensure fair and transparent data processing, BebaBox d.o.o. strives to provide clear information regarding processing and protection of collected and processed personal data, and to ensure simple control and management of personal data and privacy.
This Privacy Policy provides an adequate level of data protection in accordance with the EU General Data Protection Regulation (GDPR) and other applicable privacy protection laws and regulations.
The objective of this Privacy Policy is to explain to our users, employees, business partners, and other individuals with whom members of BebaBox d.o.o. have entered into a business corporation, the following:
1. Which personal data we collect and process (and which we do not process);
2. How we collect personal data, for what purpose and what are our reasons for doing so;
3. How long do we store such data and with who do we share it;
4. What rights do the data subjects have regarding data protection and how are we engaged on safeguarding them.
Data processing principles are the basic rules that BebaBox d.o.o. adheres to when processing personal data collected from data subjects. BebaBox d.o.o. processes personal data in accordance with the following principles of data processing:
Lawfulness, fairness and transparency
BebaBox d.o.o. shall process personal data lawfully, fairly and in a transparent manner in relation to data subjects and all their rights, and in accordance with applicable laws and regulations. BebaBox d.o.o. shall ensure transparent processing of personal data as well as provide data subjects with all required information, upon request, and give access to such data, reasons for processing, basis for processing and ensure all other rights are respected in accordance with relevant regulations. BebaBox d.o.o. shall ensure that data subjects are give information on how personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. Data subjects will be given all relevant information in a timely manner, that is before their data is collected.
Purpose limitation
personal data are collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization
BebaBox d.o.o. uses only those data subjects’ data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Storage limitation
BebaBox d.o.o. ensures that the personal data of data subjects are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed and deletes such data from all records after said period.
Accurate, complete and up to date
BebaBox d.o.o. ensures a fair and transparent processing of personal data that have to be accurate, complete and up to date to avoid any possible misuse. It is extremely important that the data subject informs BebaBox d.o.o. of any changes to his/her personal data. BebaBox d.o.o. has implemented a transparent communication process with data subjects that enables them to request rectification or deletion of inaccurate data.
Integrity and confidentiality
BebaBox d.o.o. collects and processes personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. Data subjects’ personal data are made available to employees depending on their authorization and position, as well as other legal persons solely on the basis of legitimate interest pursued by BebaBox d.o.o. and, if necessary, for the fulfilment of contractual obligations, all in accordance with specific purposes for which the personal data have been collected and the purposes of the intended processing. BebaBox d.o.o. adopted appropriate technical and organizational protection measures and implemented systems for the purpose of detecting and preventing data leaks, data access control methods, and so on.
Within the scope of their business activities, members of BebaBox d.o.o. may collect the following categories of personal data according to categories of data subjects:
Interested parties:
- contact information (e.g. first name, last name, e-mail address, etc.),
- data required for concluding contracts (e.g. first name, last name, address, PIN (OIB), etc.).
Users:
- contact information (e.g. first name, last name, e-mail address, etc.),
- data required for concluding contracts (e.g. first name, last name, address, PIN (OIB), etc.),
- data required for the execution of contracts (e.g. first name, last name, e-mail address, IBAN, etc.).
Job candidates:
- contact information (e.g. first name, last name, e-mail address, mobile phone number, etc.),
- data included in the curriculum vitae (e.g. education information, previous employment, work experience, photograph, etc.),
- test results.
Former and current employees:
- all data prescribed by positive regulations related to employment-legal relationships, accounting and bookkeeping regulations (e.g. first name, last name, address, PIN (OIB), year of birth, Unique Master Citizen Number (JMBG), etc.),
- data required for internal company communications (e.g. official company photos, etc.),
- data required to perform job-related tasks and activities such as organizing travel to a foreign country, obtaining job-related benefits, etc. (e.g. first name, last name, employment status, travel document number, number of children, etc.).
External associates and business partners:
- contact information (e.g. first name, last name, e-mail address, mobile phone number, etc.),
- data included in the curriculum vitae (e.g. education information, previous employment, work experience, etc.),
- data required for the execution of contracts (e.g. first name, last name, e-mail address, IBAN, etc.),
- data required to meet legal conditions for entering the Republic of Croatia or another country (first name, last name, employment status, travel document number, etc.).
BebaBox d.o.o. members do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or data concerning an individual's sex life or sexual orientation.
Processing the aforementioned special categories of personal data will be carried out by BebaBox d.o.o. only under following conditions:
- the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of BebaBox d.o.o. or of the data subject in the field of employment and social security and social protection law in so far as it is authorized by European Union law or law of the Republic of Croatia or a collective agreement pursuant to law of the Republic of Croatia providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
- processing is necessary to protect the vital interests of the data subject or of another natural person;
- processing relates to personal data which are manifestly made public by the data subject;
- processing is necessary for the establishment, exercise or defense of legal claims.
BebaBox d.o.o. collects personal data in various ways, including:
- when viewing our website and engaging in e-mail communication addressed to and from BebaBox d.o.o.,
- when you complete our surveys or online questionnaires,
- when you apply for a job opening,
- when you provide us with information by posting content on our website or platforms or through direct communication with BebaBox d.o.o. members, including private communication and online communication via the website or e-mail;
BebaBox d.o.o. may process personal data for the following purposes:
- compliance with legal and regulatory provisions and regulations within and outside the territory of the Republic of Croatia;
- contracting and using products and services provided by BebaBox d.o.o.;
- discharging obligations under the sales contract for the provision of services and products of BebaBox d.o.o.;
- offering services and products of BebaBox d.o.o. on the market;
- website analysis and administration, and website monitoring;
- improving the services and products of BebaBox d.o.o., measuring your satisfaction with provided services;
- relationship management with data subjects (users of websites and/or services) and other individuals as part of regular business activities;
- selecting candidates for employment;
Marketing activities, including:
- webinars
- events
- sending newsletters
BebaBox d.o.o. processes your personal data on the following basis:
- executing a sales contract for the provision of BebaBox d.o.o.’s services or any other contract concluded between data subjects and BebaBox d.o.o. members;
- legitimate interest in providing access and managing the website for statistical purposes, for the purposes of identifying, resolving disputes and conducting proceedings between the data subject and BebaBox d.o.o., for the purpose of sharing personal data with members and third parties in accordance with this Privacy Policy, for the purpose of selecting candidates for employment;
- explicit consent given by data subjects to receive marketing messages, newsletters, email notifications regarding services, or service satisfaction surveys, for processing your inquiries;
- meeting legal obligations of BebaBox d.o.o., in particular with regard to accounting, bookkeeping, labor law regulations and other legal obligations.
We store personal data as long as they are necessary in relation to the purposes for which they are collected, that is, for the purpose of discharging contractual or statutory obligations, and no longer then defined by the following criteria:
- Personal data collected for the purpose of meeting legal and regulatory obligations are stored according to the prescribed deadlines,
- Personal data collected for the purpose of sale of our products and services are stored for the duration of the contractual relationship;
- Personal data collected for the purpose of marketing activities are stored until you withdraw your consent, cancel your subscription or request that your subscription be terminated, or until a specific period of inactivity has passed.
Personal data will be deleted upon termination of contractual or employment relationship, and no later than the expiration of any statutory obligation to store such data, except in the event of court proceedings or other similar proceedings being initiated which require data retention.
Upon the expiration of aforementioned deadlines regarding data storage, we will remove them from our systems and archives or convert them into anonymous information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable.
On the basis of our legitimate interest, BebaBox d.o.o. may share personal data between members, which may also process such data for the purposes of meeting legal obligations, preventing misuse, improving products and services, or on the basis of received consent.
BebaBox d.o.o. members will exchange personal data with each other only if such action is required based on legitimate grounds.
BebaBox d.o.o. may share your personal data with third parties only in following situations:
- if there is a statutory obligation or explicit authorization pursuant to the law;
- if another person is used to carry out specific activities as a so-called subcontractor, i.e.
the processor, who acts solely pursuant to orders given by BebaBox d.o.o. members, whereby BebaBox d.o.o. is responsible for the implementation of all data protection measures as if BebaBox d.o.o. itself is carrying out said activities;
- if the data have to be forwarded to third parties for the purpose of executing the contract with the data subject;
- on the basis of consent given by the data subject.
Such third parties include:
- Legislative, supervisory and regulatory bodies within and outside the territory of the Republic of Croatia
- Financial institutions with which BebaBox d.o.o. cooperates
- Internal and external auditors of BebaBox d.o.o., as well as other authorized audit bodies
- Suppliers used by BebaBox d.o.o. to carry out services in the name and on behalf of BebaBox d.o.o., for the purpose of discharging contractual obligations with data subjects
- Other agencies, institutions, associations, insurance companies and partner enterprises with whom BebaBox d.o.o. has concluded a business cooperation agreement based on which enterprise users may contract and use products and services provided by BebaBox d.o.o., etc.
When transferring personal data given to us by data subjects, BebaBox d.o.o. strictly adheres to the principle of restriction of processing which stipulates that only the minimum amount of data needed to provide the requested service is transferred, as well as all other relevant data protection principles.
We process personal data in the Republic of Croatia. We may exceptionally process personal data in other countries (e.g. should a specific service or part of a service which involves the processing of personal data be carried out by a subcontractor from another country), and such country is generally a Member State of the European Union. Exceptionally, personal data may be processed in third countries as well, but in such situations, appropriate personal data protection measures are always applied, at least in the way that personal data are processed in the Republic of Croatia (e.g. using the so-called Standard EU contract clauses for third-country processors, other legally binding and enforceable instruments, binding corporate rules, certification, etc.
BebaBox d.o.o. respects the right to privacy and collects and processes data only on legitimate grounds for processing whereby data subjects retain specific rights in relation to the processing of their data at all times.
At the time when personal data are obtained, BebaBox d.o.o. will provide the data subject with all of the following information:
- the identity and contact details of the controller,
- the contact details of the data protection officer,
- the purposes of the processing for which the personal data are intended as well as the legal
basis for the processing,
- the legitimate interests,
- the recipients or categories of recipients of the personal data,
- the intent to transfer personal data to a third country (where applicable),
- the period for which the personal data will be stored or criteria used to determine that period,
rights related to consent,
- the existence of rights mentioned below.
Right to erasure (“right to be forgotten”)
The data subject shall have the right to obtain from BebaBox d.o.o. the erasure of personal data concerning him or her without undue delay and BebaBox d.o.o. shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing
- data subject objects to the processing and the legitimate grounds for pursuing the right to erasure supersede the legitimate grounds of BebaBox d.o.o. to process and/or store personal data
- personal data have been unlawfully processed
- personal data have to be erased for compliance with a legal obligation
Right of access
The data subject shall have the right to obtain from BebaBox d.o.o. confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and purposes of the processing, categories of personal data concerned, possible recipients to whom the personal data have been or will be disclosed, etc.:
Right to rectification – The data subject shall have the right to obtain from BebaBox d.o.o. without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. In addition, data subjects are required to update their personal data used in their business relationship with BebaBox d.o.o.
Right to data portability – The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to BebaBox d.o.o., in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. It should be taken into account that the right to data portability relates exclusively to the personal data of the data subject.
Right to object – The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. BebaBox d.o.o. shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Furthermore, where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to restriction of processing – The data subject shall have the right to obtain from BebaBox d.o.o. restriction of processing where the accuracy of the personal data is contested by the data subject, the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, and if the data subject objected to the processing and expects conformation that the legitimate grounds of the controller supersede the legitimate grounds of the data subject. The data subject has the right at any time to request that the aforementioned rights be exercised.
If you consider that the processing of personal data carried out by us is against privacy protection regulations please let us know by writing to any member of BebaBox d.o.o. or sending an email to: This email address is being protected from spambots. You need JavaScript enabled to view it..
You can address your objection to the competent supervisory authority – Croatian Personal Data Protection Agency, Zagreb, Martićeva 14, and after 25 May 2018 to the supervisory authority within the EU.
In the event that personal data requested by BebaBox d.o.o. for the purpose of concluding and exercising contractual rights between BebaBox d.o.o. and data subjects or providing our services have not been given, there is a possibility that the contract may not be concluded nor services provided, and that you will not be able to access specific content, tenders or educational courses.
You may withdraw your consent regarding processing at any time in which case your personal data collected on the basis of such consent will no longer be used for the purposes mentioned.
You may change your consent by using a web interface or sending an email This email address is being protected from spambots. You need JavaScript enabled to view it..
In order to protect collected personal data, BebaBox d.o.o. implements appropriate physical, technical and organizational protection measures, taking into account the nature, context, scope and purposes of the processing, as well as varying likelihood and severity of the risk to the rights and freedoms of the data subject.
We continuously update and test our security technologies and improve them at the BebaBox d.o.o. level. We use advanced tools to protect and prevent data leakage, constantly monitor critical systems within BebaBox d.o.o., encrypt certain sensitive data, and protect data from unauthorized access, alteration, loss, theft, and any other violations and misuse of data.
Access to data within BebaBox d.o.o. is limited only to data required for performing specific business tasks, and exclusively given to authorized persons directly involved in providing or maintaining services, and improving the quality and payment of services, in accordance with clearly defined roles and responsibilities within the BebaBox d.o.o. All BebaBox d.o.o. employees are bound by confidentiality agreements and we exclusively cooperate with and use partners with whom appropriate protection measures are contracted.
BebaBox d.o.o. may not 100% guarantee the security of data transferred over the internet, websites, mobile apps, computer systems or any other public network.
BebaBox d.o.o. does not use automated means of data processing.
In order for BebaBox d.o.o.’s website to function properly, and for us to be able to further improve our website and your browsing experience, website has to store a small amount of information (Cookies) on your computer.
Cookies are information saved to your computer by the websites you visit. Cookies usually contain your preferences and website settings, such as your selected language or address. When you visit the same website again, your internet browser sends back cookies that belong to that website. This enables the website to display customized information, tailored to your needs.
Cookies can store a wide range of information, including personal data (such as your name or email address). However, such data may only be stored if you allow it – websites cannot access data that you have not provided and cannot access other files on your computer.
Default settings for saving and sending cookies are not visible to you. However, you can change your Internet browser settings and choose whether or not to approve or reject cookie requests, delete cookies automatically when exiting your internet browser, etc.
You have the right to turn off cookies. Internet browsers are typically setup so they accept cookies by default, but you can easily change this behavior by modifying your browser settings.
By turning off cookies, you decide whether to allow cookies to be stored on your computer. For more information about cookie settings, select your internet browser.
Bear in mind that by disabling cookies you may not be able to use specific website features.
Additional information is available by using the following links:
http://www.aboutcookies.org/
This Privacy Policy has been in force from 1 March 2019.
Any amendments to this Privacy Policy will be published on our website: https://bebabox.hr