The company POD d.o.o., Dežanovac 234, 43500 Daruvar, OIB: 03398907795 (hereinafter: POD d.o.o.) shall take all reasonable measures in order to protect your personal data and has aligned its business operations with the General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Directive or GDPR) and with the Act on General Data Protection Regulation Implementation (Official Gazette “Narodne novine” no. 42/2018).
According to the Regulation, personal data means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
According to the Regulation, processing is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
POD d.o.o. will keeps personal data secret, will not distribute, publish or give it to third parties for use or make it available to any third party in any other way without your prior consent or contrary to GDPR rules.
The controller is the company POD d.o.o.. The controller has appointed a data protection officer who you as a customer/user may contact regard to all issues related to the processing of your personal data and to the exercise of your rights.
You can contact the controller and/or data protection officer at the following e-mail address: firstname.lastname@example.org
The following may constitute a legal basis for collecting personal data:
If the processing is based on your consent, you shall have the right to withdraw the consent at any time. The withdrawal of the consent must be notified to the controller at the contact e-mail address email@example.com, and the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Cookies are small files that are automatically downloaded via your browser and stored on your device (computer, laptop, tablet, smartphone, etc.) when you visit our website. Cookies will not cause damage to your device, they do not contain viruses, Trojan horses or other malware. Cookies store information about your device. This information does not constitute personal data.
Most browsers accept cookies automatically. You can configure your browser so that it does not store cookies on your device or to always notify you about cookies before they are stored on your device. Completely deactivating cookies may prevent the proper functioning of our website.
The length of time during which cookies are stored depends on the type of cookies. We use:
For the purposes of legitimate interests, within the meaning of Article 6(1)(f) of the Regulation, to optimise our websites, we use Google Analytics, a website analysis service provided by Google LLC from the USA (hereinafter: Google). Google places cookies to enable us to monitor the use of our website. The cookies are used to collect data on your use of our website, which data is transferred to Google’s servers and stored there, including data on:
The above data is used to evaluate the use of the website, create reports on activities on the website and provide services related to the use of the website and internet for the purpose of market research and website management.
Cookies are persistent. There is no link to your personal data. Your IP address is never linked to other Google data because the IP addresses are anonymized (so-called IP-Masking).
The above data can be transferred to third parties under contract or law.
You can disable the storing of cookies on your device in the settings of your browser, but please note that this might affect the proper functioning of our website. In addition, you can disable the recording of data collected by cookies related to your use, including your IP address, as well as its further processing by Google, by downloading the Google Analytics Opt-out Browser Add-on. This will store an opt-out cookie on your device that will prevent the future recording of your data when you visit the corresponding website using the same browser. In other words, the opt-out cookie is only valid for the same browser on the same device and only for our website. If you delete this cookie in your browser, you will need to opt out of Google Analytics again. You can find more information about data protection within Google Analytics here.
We use targeting measures, i.e., directing our marketing and promotional activities to target groups of customers, and retargeting measures, i.e., displaying our marketing and promotional adds on the websites of third parties.
Targeting is done using advertising cookies that contain information about our products in which you have already expressed interest. They allow for you to be shown adds that are potentially of interest to you, and they are used to limit the number of instances that a certain add is displayed to you, which helps us to measure the effectiveness of our marketing and promotional activities.
The legal basis for targeting or re-targeting is our legitimate interest within the meaning of Article 6(1)(f) of the Regulation, i.e., adapting our marketing and promotional activities to the target group of our customers. We do not want to offer you content that is of no interest to you. Targeting and retargeting is performed in a pseudonymized manner, i.e., in a manner that does not allow us to identify you, meaning that this data is not linked to your identifying personal data.
You can turn off targeting and retargeting cookies in the settings of your browser.
Our website can also contain cookies of third parties – our business partners, used to show you their marketing and promotional material. Those cookies track your choices when visiting our website and based on that, you see certain advertising from our partners.
The legal basis for using third-party cookies is our legitimate interest within the meaning of Article 6(1)(f) of the Regulation to have our marketing and promotional activities adapted to the target group of our customers and to offer them products and/or services of our business partners that might interest them, which partners also offer our products on their websites or with whom we share an interest in another business cooperation.
Such third-party advertising cookies do not allow you to be identified because they are not linked to your identifying personal data. You can also turn off this type of cookies in the settings of your browser. Otherwise, such cookies are automatically deleted after 38 months.
When you leave comments on our website or social media, we collect the data that you entered in the comments form, as well as your nickname, e-mail address and/or IP address.
If you leave comments on our website, you can agree to have your name/nickname, e-mail address and IP address saved using cookies. The option is available for practical reasons, so that you do not have to fill in your information again to leave a new comment. Those cookies will be valid for a year.
If you visit our login page, we will place a session cookie to determine whether your browser accepts cookies. The cookie does not contain personal data and it will be deleted when you close your browser. When you log in, we will also place a few cookies to store your login information and your screen display choices. Login cookies are valid for two days and display settings cookies are valid for a year. If you select Remember me, your login will last for two weeks. If you log out of your user account, the login cookies will be removed.
If you edit or publish a comment, an additional cookie will be stored in your browser. The cookie does not contain personal data and refers only to the post ID of the comment that you just edited or published. The cookie will expire after a day.
If you leave a comment, the comment and the associated metadata of the comment are retained indefinitely. That way, we can automatically recognise and approve all subsequent comments instead of holding them in the moderation queue.
When it comes to users who registered on our website (as applicable), personal data provided in the user profile may be published with the comment.
For legitimate interests, within the meaning of Article 6(1)(f) of the Regulation, to further promote our products, we place social media plugins for Facebook and Instagram on your website. The provider of the respective social network shall be responsible for personal data protection. Social media plugins are activated by double-clicking.
Our website uses a social media plugin for Instagram offered by the company Instagram Inc. from the USA. The Instagram Feed plugin is a WordPress plugin that allows the photographs published on your Instagram profile to be displayed on websites. When you activate such a plugin (first click), your browser links directly to Instagram servers. The content of the plugin is sent directly to your browser and integrated in our website. Using such integration, Instagram collects data that your browser accessed one of our web pages. That data (including your IP address) is sent via your browser directly to Instagram servers, which may also be located in the USA, and is stored there.
When you visit our website or use our mobile app, certain data regarding the manner of your use is automatically sent, via the browser you use on your device, to our website or app server and is temporarily stored in the so-called log files.
This includes the following data that is sent, stored and deleted automatically, without our intervention:
An IP address indicates the location of your device (e.g., computer, tablet, mobile phone, etc.) online, and a URL is a link to specific content online.
You cannot be identified from the aforementioned information. Therefore, this information does not constitute personal data, other than in exceptional cases when an IP address can be considered personal data.
Processing this type of data, especially your device’s IP address, is necessary for the purposes of the legitimate interests of POD d.o.o. or third parties within the meaning of Article 6(1)(f) of the Regulation.
We collect and process the above data for the following purposes:
Our legitimate interests consist of providing you with a better user experience when you visit our website or use our mobile apps.
If you have enabled or given your consent to our app, in your browser or operating system or other relevant settings on your device, to collect data on your geolocation, we will collect that data to offer you a customised service related to your current location. We do not process geolocation data for any other purpose than the one stated above.
When entering a purchase and sale contract, we need data such as first and last name, address (country/region, city/town and postal code, street and house number), phone number and e-mail address to fulfil the obligation to deliver products and services.
This website is used for remote retail sales of our products in the online store. In connection with that, we process your personal data necessary for the conclusion and performance of the contract, in particular:
The legal basis for this processing of your personal data is provided in Article 6(1)(b) of the Regulation, because the processing is necessary for the performance of the contract to which you are a party or to take actions at your request before entering into such a contract with you.
We will process and store your personal data for the aforementioned purposes until the performance of the relevant contract and for 5 (say: five) years thereafter, for evidentiary purposes in the event of any disputes, or for longer if so prescribed by law or another regulation adopted on the basis of law (e.g. for tax purposes).
For example, under the regulations currently in force in the Republic of Croatia, we are obliged to keep, for accounting and tax purposes, all data about orders / purchase orders for a period of 11 years, which begins to run at the end of the last day of the business year in which the invoice for the customer’s order was issued.
When you buy something from us and leave us your contact information in connection with the purchase and sale of our products, we manage you as our customer. We shall handle your personal data conscientiously and with the due care and diligence of a prudent businessman, including implementing technical, organisational, security and protective measures, while restricting access to the data only to our authorised employees or employees processors who we contracted to provide us with certain services regarding the processing of your data (e.g. our marketing agencies, postal service providers, etc.).
We will process your personal data for marketing purposes, for which we will ask for your explicit consent when you submit a registration form on our website. We will use your personal data to notify you about our marketing activities such as discounts, promotional offers or prize competitions, about our offer, e.g., new products available in the online store, as well as to communicate with your if you contact us with questions, suggestions or remarks regarding our products. In addition, we can use your personal data for the purposes of internal analysis and reporting on the behaviour of our customers to improve our offer and carry out marketing and promotional activities for the purpose of optimising our business. In such cases, we can use automated means of processing personal data for the purpose of so-called profiling.
Providing personal data for the purposes is voluntary, but we need this data to achieve those purposes, i.e., to inform you about our marketing and promotional activities or to answer your questions, remarks or requests.
Therefore, if you do not provide us with all or some of the data, you will not be able to participate in certain benefits programmes, i.e., you will not receive the marketing content in the manner for which you have not given your consent.
Sending our advertising (promotional) materials means sending notices primarily via e-mail and exceptionally via SMS messages or social media messages.
We will give you a clear and unambiguous option to lodge a free and simple objection to such use of your e-mail address and/or phone number, when we collect the data, but also each time you receive an e-mail from us. Therefore, you can inform us at any time that you no longer wish to receive our advertising (promotional) materials, and we will immediately cease such communication and delete your personal data from our systems in accordance with the rules on retaining and deleting personal data detailed below.
We will not process your personal data for any other purpose without specific prior notification thereof and, if necessary, without your separate consent.
Profiling is a form of automated processing of personal data for the purpose of analysing your consumer habits in correlation with our offer, marketing, promotional activities and our business. However, no decision is made based on the profiling of our customers and their consumer habits that would be based solely on the results of automated processing, nor a decision that would produce legal effects for you.
You have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing, which includes profiling. After we receive your objection, we will stop processing your personal data for such purposes. You can send an objection to the following e-mail address: firstname.lastname@example.org, requesting that we unsubscribe you from our list of customers for direct marketing or for profiling. You can also unsubscribe from direct e-mail marketing by using the unsubscribe link available in every e-mail that we send you.
We offer the possibility of subscribing to our newsletter on our website. In order to make sure that no error occurred in the process of entering the e-mail address, we may ask you to verify the e-mail address. After you enter your e-mail address in the provided registration field, we will send you a registration link to the address. We will record your e-mail address on our newsletter e-mail list only after you click that link to confirm the registration. You can withdraw your registration and consent for receiving our newsletter at any time by using the unsubscribe link available in every e-mail sent to you or by sending the corresponding request to the following e-mail address: email@example.com.
We will keep your personal data for the time needed to achieve the respective purposes or until you withdraw the consent that you have given us for specific purposes. After you opt out, we will keep your personal data for a maximum of 6 (say: six) months from the date of receipt of your opt-out, for records purposes in case of any subsequent inquires, requests or disputes, unless a separate (shorter or longer) period of retention of your personal data has been prescribed for certain purposes based on applicable legal regulations, either to protect our or your legitimate interests, or third-party interests.
If we receive your opt-out, withdrawal of consent, request for the restriction of processing of your personal data, or any similar objection, we will immediately stop any marketing communication to you and deactivate your personal data, and its retention for a specific period will be the only way your data is processed before it is permanently deleted or destroyed in another manner.
We have ensured that your personal data is processed and used in a secure manner and in compliance with the applicable legal regulations and standards of practice. The security of your data is extremely important to us. We shall implement appropriate technical, physical and organisational measures to protect data from security risks such as accidental, unauthorised, unlawful or other unwanted access to data, its destruction, loss or disclosure, and we shall ensure the level of security that corresponds to the risks of data processing.
We may disclose your personal data, i.e. provide access to your personal data, to competent authorities in compliance with legal regulations, to some of our business partners, e.g. marketing agencies that we hire to organise certain promotional activities or to IT service providers that maintain our information and communication networks and systems, to business banks and bank card service providers in connection with the execution of the purchase and sale. We have concluded contracts with such partners to ensure that appropriate technical and organisational measures for the protection of your personal data are implemented, that the data is processed exclusively in compliance with our instructions and that it is kept confidential, and that the use of your personal data for any purposes other than those specified in the corresponding contract is prohibited.
Our website is hosted in the Republic of Croatia. We do not transfer your data outside the borders of the European Economic Area, whose Member States provide an adequate level of personal data protection. If you access our website from another region, by using our website you explicitly consent to having your personal data transferred to the Republic of Croatia and processed there in compliance with Croatian regulations governing the protection of your personal data.
By way of exception, data collected using various social media cookies and cookies of other third parties from the United States of America (USA) may be transferred to their servers, which may be located in the USA. In this case, the transfer of personal data shall be carried out either within the European-American privacy protection system Privacy Shield or based on contracts with the recipients of your personal data in such countries, which contracts have been harmonised with the standard contractual clauses for personal data transfers approved by the European Commission, in order to guarantee the level of protection of your personal data that is in compliance with the requirements of European personal data protection law.
Your rights regarding our processing of your personal data are as follows:
If you wish to send a complaint or objection and if you wish to resolve any misunderstanding, ambiguity or doubt regarding your personal data processed by POD d.o.o., please do so by using the following contact information:
POD d.o.o. will respond to your request without undue delay, and no later than within 30 days, by either complying with your request or providing a valid reason why it cannot comply with the request.
POD d.o.o., Dežanovac 234, 43500 Daruvar