Privacy statement – terms of use

1. Data Controller

This notice has been prepared by NATURALIS d.o.o. (LLC), Ivetići 1, 22310 Civljane, entered in the register of the Commercial Court of Zadar, Permanent Office in Šibenik, reg. No. 060182810, IIN (OIB): 19514005057 as data controller, with the intention to familiarise you with the procedure of processing and protecting your personal data.

2. Which data are being collected

NATURALIS d.o.o. collects data: (i) that you have provided yourself; (ii) in an automated way and (iii) from other lawful sources.
In cases where the provision of your personal data is necessary for the service to be provided or is required by law, you will be informed thereof. Kindly keep in mind that in case of withholding data necessary for the provision of services or required by law, the Company will not be able to provide the requested service.

a) Data collected by NATURALIS d.o.o. directly from you:

• General contact form: given and family name, email address, your query, other data provided by you in the query. Such data are stored for a period of 6 months upon expiry of the year in which the data were collected, whereafter they shall be erased in compliance with GDPR, except in extraordinary situations when there is a legitimate interest of the Company to keep them for a longer period of time (eg. in case of proceedings by competent authority, court proceedings and the like).

• Given and family name, postal or email address, phone number and other contact data when you participate in a prize game or contact us via telephone. Such data are stored for a period of 6 months upon expiry of the year in which the data were collected, whereafter they shall be erased in compliance with GDPR, except in extraordinary situations when there is a legitimate interest of the Company to keep them for a longer period of time (eg. in case of proceedings by competent authority, court proceedings and the like).

• Information related to data collected by the Company via video surveillance or when closing a pre-contractual / contractual / employment relationship is available here.

The aforesaid data are collected in order to respond to your queries, close and fulfill agreements with you, meet our statutory obligations and based on our legitimate interest pursuant to Art. 6, item 1, points b), c) and f) of the General Data Protection Regulation (hereinafter: GDPR).

Besides the above, subject to your consent in accordance with Art. 6, item 1, point a) GDPR, the Company may also collect other personal data from you that you voluntarily disclose to us during our mutual communication.

b) Data collection via automated processing

The Company uses automated technology to collect data from your computer or mobile device when you use our website The automated data collection method includes „cookies“ – small text files placed in the user’s web browser or device with a view to recording and/or collecting data about the user.

Cookies, which are used on the website by the Company only, are so-called „mandatorily required cookies“. If it weren’t for them, the functionality of the website would be impossible.

Data thus collected are as follows:

• Anonymised form of the IP address of the computer / mobile phone / tablet from which the website is accessed
• Date and time of opening
• Title of the opened website or file
• ID sessions
• Referrer URL (previously visited site which referred the visitor to our website)
• Quantity of transmitted data
• Information on the product and version of browser used
• Operating system used by the user.

Mandatorily required cookies can be deactivated at any time through the browser used.

• Collection of data from other sources

We can collect data about you from other legitimate sources, with the guarantee that the data were collected lawfully. The Company may also collect publicly available data (eg. data disclosed on your public profile while communicating with the company via such profile).

3. How do we use data collected from you

The company uses collected data in order to:

• provide services to you and meet its contractual obligations (fulfill your requests, deliver an order, process the payment for our products and services, communicate with you regarding your orders, purchases or your accounts with us, as well as with regards to your requests, questions or comments; provide support services to customers, including the processing of complaints about our services);

• inform you about products and services, special offers we believe might interest you (provided you give us the permission to do so), to manage our business, diagnose technical problems or problems with services, with a view to preventing fraud;

• act in compliance with statutory provisions (with a view to protecting from, revealing and preventing fraud and other criminal activities as well as protecting from or filing lawsuits and liability claims, acting in compliance with statutory obligations and Company policies, in order to raise, execute or protect the company from legal claims against it, to follow up and report on compliance matters).

Subject to your consent, the data colleted may be used for the following purposes:

• to provide online services to minors younger than 16 years of age (subject to parental consent);

• to provide online services (including via mobile applications) to you.

Data collected by the Company about you may also be used by it in other ways, whereof you shall be informed at the point of collecting the data or for which the Company shall request your consent.

4. Use of websites by minors

Users are cautioned that any personal data may only be processed for persons who have attained the age of 16. Any use of the system and tools and processing of data arising therefrom for users below that age without the appropriate consent of parents / guardians is prohibited. Should such data processing occur anyway, the Company shall suspend it immediately as it becomes aware thereof and erase such persons’ data.

Parents / guardians are urged to regularly check and supervise online activities of their children. Should you have any questions regarding our way of approaching the protection of children’s privacy, please get in touch via the contacts stated below.

5. Data transmission

The Company only shares your personal data with others in the way as described herein.

The Company may share your personal data with suppliers performing certain services for the Company, such as executing orders, processing data or other IT services, conducting of researches and analyses. In such cases the Company takes measures (such as using standard data protection provisions) required to secure the appropriate level of protection for your personal data. The Company does not allow these suppliers to use such data nor to share them for any purpose other than to meet the contractual obligations to the Company.

The Company does not take collected personal data out of the EU.

6. Information security

The Company continously undertakes all appropriate and reasonable measures to protect the security of your personal data. Our procedures of technical, administrative and physical protection have been developed with a view to protecting your personal data from accidental, illicit and unauthorized loss, access, disclosure, use, exchange or destruction. In spite of the efforts described, no website, computer system or data transfer via the Internet or other public network is guaranteed to be 100% safe.

7. Rights belonging to you

The Company also respects the rights of data subjects to access, correct and limit the processing of personal data as well as the right to lodge a complaint against the processing and the right to data portability.

Some of the aforesaid rights are for example:

• In case of processing of your personal data pursuant to your consent, you can withdraw such consent at any time, with the withdrawal of the consent having no impact on the lawfulness of the processing conducted prior to withdrawal of the consent;

• Requesting access to your personal data and receiving a copy of such data;

• Receiving your personal data in a structured, commonly used and computer readable format and requesting from us to forward them directly to another company, in case your personal data were provided by you and are being processed pursuant to your previous consent or are necessary to meet a contractual obligation;

• Correction of your personal data in case they are inaccurate or incomplete;

• Stating a complaint for reasons related to your specific situation against our processing of your personal data pursuant to our legitimate business interest, including the sending of marketing notices;

• Erasing your personal data, including all links thereto as well as all copies and transcripts thereof, to the permitted extent; for example, if your data are outdated, unnecessary or illegal or if you withdraw your consent for processing based on such consent and in case you should succeed in your complaint against the processing;

• Obtaining the limitation of processing during the time when the Company processes your request or complaint regarding the accuracy of your personal data or legality of processing of your personal data and the legitimacy of the Company’s interest to process such data, or if you need the personal data for purposes of a court proceeding;

• In addition to that, at any point in time you have the right to withdraw the consent previously given for the processing of your personal data (with no impact on the lawfulness of the processing prior to withdrawal of the consent).

The Company is authorised to refuse to act in accordance with your request or to impose some limitations, to the extent this is permitted by applicable regulations. Prior to the Company being able to provide any information or to correct inaccuracies, we may request from you to confirm your identity and/or provide additional details to help us respond to your request.

Data subjects can exercise the aforesaid rights by submitting a written request to the Company and/or the Personal Data Protection Officer at the contacts provided below. The right to lodge a complaint is exercised by submitting the complaint to the Personal Data Protection Agency of the Republic of Croatia.

I case you would like to contact us with regards to a question, request (including the withdrawal of consent or request to use access rights, correction and limitation of personal data processing, as well as the right to lodge a complaint against the processing and right to data portability) or a query related to your personal data, you can do this to the following address:

Ivetići 1
22310 Civljane
Contact of the Data Protection Officer: