Privacy Policy

1. DATA CONTROLLER
DUNICOM d.o.o.
25 Augusta Šenoe Street
40320 Donji Kraljevec
OIB: 30189840892
Tel.: +385 1 336 6625
Email: info@dunicom.hr
Web: www.dunicom.hr

2. DATA PROTECTION OFFICER
Tel: +385 98 9592 091
Email: info@expera.hr

3. PROCESSOR AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
The data controller respects the privacy of each individual whose personal data it collects and processes (hereinafter referred to as the Data Subject) and is committed to protecting personal data. In order to carry out its activities, DUNICOM d.o.o., as the data controller, processes the personal data of the Data Subject in accordance with the General Data Protection Regulation (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016) and the Law on the Implementation of the General Data Protection Regulation (NN 42/2018 of April 27, 2018). Based on Article 6, paragraph 1, point (b) of the General Regulation, according to which processing is lawful if it is necessary for the performance of a contract to which the Data Subject is a party or to take steps at the request of the Data Subject before entering into a contract, and based on Article 6, paragraph 1, point (c) according to which processing is lawful if it is necessary for compliance with a legal obligation to which the data controller is subject, the data controller processes the personal data of the following categories of Data Subjects:

• Employees
• Business partners of natural persons
• Contact persons of business partners
• Candidates participating in the employment process.

The data controller seeks the consent of the Data Subject only in cases where there is no other legal basis for the lawfulness of processing personal data.

4. RIGHTS OF THE DATA SUBJECT REGARDING THE PROCESSING OF PERSONAL DATA
In accordance with the General Data Protection Regulation, the rights of the Data Subject include:

Right to access – The Data Subject has the right to obtain confirmation from the data controller as to whether personal data concerning him or her are being processed, and to have access to his or her personal data.

Right to rectification – The Data Subject has the right to obtain from the data controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject has the right to complete incomplete personal data, including by providing an additional statement.

Right to erasure (“right to be forgotten”) – The Data Subject has the right to obtain from the data controller the erasure of personal data concerning him or her, and the data controller has the obligation to erase personal data without undue delay, unless there is a legitimate reason (e.g., legal obligation of the data controller).

Right to restriction of processing – The Data Subject has the right to obtain from the data controller restriction of processing where the conditions set out in Article 18 of the Regulation are met.

Right to data portability – The Data Subject has the right to receive personal data concerning him or her, which he or she has provided to the data controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided.

Right to object – The Data Subject has the right, at any time, to object to the processing of personal data concerning him or her based on Article 6, paragraph 1, point (e) or (f), including profiling based on those provisions.

Automated individual decision-making, including profiling – The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

5. SHARING OF PERSONAL DATA
The personal data of the Data Subject are disclosed to other recipients when the data controller is obliged by relevant regulations to the extent necessary to achieve the specified purpose. The data controller provides the personal data of the Data Subject to legal entities and bodies in accordance with legal regulations. The data controller provides the personal data of the Data Subject to other recipients for the purpose of performing accounting and accounting services, services related to occupational safety, and other services necessary for the conduct of business and the fulfillment of legal and contractual obligations of the data controller. The data controller has concluded contracts with all data processors specifying in detail the handling of personal data. The data controller does not transfer personal data of the Data Subject to third countries.

6. USE OF COOKIES
Cookies are small files that a website visited by a user stores on the user’s computer for its own needs. These needs can vary, so data such as the language the user has chosen, a list of items in the shopping cart in an online store, the user’s IP address, username and password, email address, user geolocation, etc., can be stored. Cookies are classified according to duration, source, and function. According to duration, cookies can be:

Persistent Cookies: These are cookies that remain on the computer even after closing the Internet browser. They are used to store data, such as login name and password, language settings, or cookie settings, so that the user does not have to enter them again during each subsequent visit. Persistent cookies can remain on the computer for days, months, or even years.

Session Cookies: These are cookies that are removed from the computer upon closing the Internet browser. They are used to store temporary data, such as the last few pages the user opened on the visited website or items in the shopping cart in the case of an online store.
According to the source, cookies can be:

First-party cookies: These are cookies stored by the website that the user primarily visits.

Third-party cookies: These are cookies stored by other websites or web services that are parts of the primary website visited by the user. They are usually used to track user habits on the primary website or can be used by web services to provide quality service.

According to function, there are several types of cookies:

Technical/necessary cookies: These are cookies that are necessary for the functionality of the website, such as the session identifier of the current user visit or the content of the shopping cart that the user “filled” when purchasing products through an online store.

Functional cookies: These are cookies that enable the website to provide enhanced functionality and personalization, such as remembering the language in which the content of the website is displayed.

Statistical cookies: These are cookies that collect information about how users visit the website. Generally, data is collected in aggregate form without identifying the individual user.

Marketing cookies: These are cookies that collect information about the habits and behavior of users on the website in order to display personalized advertisements.

Only technical/necessary cookies can be used without the consent of the Data Subject.

On the website www.dunicom.hr, technical cookies are used that are necessary for the functioning of the site (mandatory cookies that cannot be disabled).

7. SECURITY OF PERSONAL DATA
The data controller collects and processes personal data in a manner that ensures appropriate security and confidentiality in their processing, enabling the effective application of data protection principles, reducing the amount of data, the scope of their processing, the storage period, and their availability. The data controller takes all appropriate technical and organizational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorized use, disclosure, or access to data. All employees of the data controller are committed to maintaining the confidentiality of personal data by signing a Declaration of Confidentiality. The obligation to maintain the confidentiality of data remains even after the termination of the authorization to access the data.

8. RETENTION PERIOD OF PERSONAL DATA
Data of the Data Subject are processed and stored in accordance with applicable legal regulations when the obligation to retain is prescribed (e.g., personal data of employees and payroll data are kept permanently, and accounting documents based on which data are entered into the general ledger, general ledger, and auxiliary books are kept for eleven years), and in situations where the data controller is authorized to determine the deadlines for data storage on its own, data are kept for as long as necessary for the purposes for which personal data are processed.

9. CONTACT INFORMATION
For all questions related to the processing of personal data, as well as for the exercise of your rights, you can submit a request in writing to our address, by email to info@dunicom.hr, or deliver it to the Data Protection Officer at info@expera.hr.

10. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
You have the right to lodge a complaint with the supervisory authority, namely the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP), if you believe that the processing of your personal data is not lawful (contact details are available at www.azop.hr).

11. CHANGES TO THE PRIVACY POLICY
We regularly update the privacy policy to comply with legal changes and changes in the way data is processed, and we reserve the right to change its content if we deem it necessary. You will be informed about all changes and additions in a timely manner through our website.

Last updated: November 29, 2023.