Privacy Policy

PRIVACY POLICY

This General Privacy Policy (hereinafter referred to as: “Privacy Policy”) is adopted by AURO DOMUS BULLION MARKET d.o.o. (hereinafter referred to as: Auro Domus), Opatija, Vjekoslava Spinčića 3/2, VAT number: 629525537808 .

This Privacy Policy regulates the issues of personal data protection and the privacy of natural persons – our clients, the users of our services, the persons who have signed up for our newsletter, and our business partners, where we are in the position of controller (the person who determines the purpose and method of processing).

The company Auro Domus Bullion Market processes personal data in accordance with the highest EU standards and the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation) and the Act on Implementation of the General Data Protection Regulation (“Official Gazette”, no. 44/18; hereinafter: Implementation Act). In case of any questions or requests regarding the treatment or protection of your personal data, please contact us at this email address: [email protected] [email protected].

For what purposes and on what legal basis do we process your personal data?

We process your personal data listed here in accordance with the General Data Protection Regulation and the Implementation Act for the following purposes:

  • A) Performance of the contract
    The processing of your personal data listed here is necessary for the conclusion and performance of a certain contractual relationship in which you are a party or for the performance of certain activities at your request before a contract is concluded.
  • B) Compliance with legal regulations
    For the processing of personal data that is necessary in order for us as the controller to comply with the legal obligations arising from the regulations of the Republic of Croatia and the EU, your consent is not required. For example, such processing is necessary when implementing anti-money laundering and terrorist financing provisions (see for example the Anti-Money Laundering and Terrorist Financing Act, “Official Gazette” no. 108/17, 39/19).
  • C) Processing based on consent

Newsletter registration

  1. What personal data do we process? 
    If you signed up to receive our newsletter, we process the personal data that you provided at the moment of registration. Those data are: Your required information: email address and Your additional information: name, gender, city and interests.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: To deliver our newsletter to you. In this case, the basis for processing your personal data is our legitimate interest based on your request to receive the newsletter.
    To better understand your purchasing interests. In this case, the basis for processing your additional data is the consent you gave when signing up for our newsletter.
    To realize a different legitimate interest (for example, implementing security measures is necessary).

Branch office visitor 

  1. What personal data do we process?
    When you visit our offices you may be recorded by our video camera if you enter its clearly marked recording area. In that case, we process a video recording of you.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: To protect people (both visitors and employees) and property in our branch offices. In this case, the basis for processing your personal data is the Implementation Act.
    To fulfil our legal obligations (e.g., acting at the request of public authority).

If you contacted us about our services, the products you purchased, or a similar matter

  1. What personal data do we process?
    We process the personal data you provide when you send us inquiries, requests, complaints, praise or similar, which may include the following personal information: first and last name, phone number, email address, subject of your inquiry, product you purchased, date and place of purchase, summary of your inquiry/request/complaint/praise and your satisfaction with our response.
  2. For what purpose do we process your personal data? 
    We process your personal data for the following purposes: To respond to your inquiry, request, complaint, praise or similar. In this case, the basis for processing your personal data is our legitimate interest to respond to your inquiry, request, complaint, praise or similar.
    To monitor satisfaction with our services. In this case, the basis for processing your personal data is our legitimate interest.
    To fulfil our legal obligations (e.g., keeping consumer complaints).

Business Partners

  1. What personal data do we process?
    We process the personal data you have provided to us as well as those we have collected when establishing and maintaining a business relationship, i.e. the following information:
    Your identification information (if you are a natural person, e.g. craft business owner) and that is your name, surname, personal identification number, connection with legal person (owner, director, employee or similar);
    Your contact details, name and last name of contact person, contact address (street and house number, place, zip code, country), telephone, email address.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes:
    To fulfil our contractual obligations to you and take other necessary actions in connection with the conclusion and performance of contracts or previous actions. In this case, the basis for processing your personal data is the performance of the contract in which you are a party, i.e., performing certain activities at your request before a contract is concluded.
    To realize a different legitimate interest (for example, when implementing security measures is necessary).; To fulfil our legal obligations.

If you are interested in working at our company

  1. What personal data do we process? 
    We process the personal data you provide, i.e., that data we have collected for new employment at our company, and that is: Information provided in the application form itself.
  2. For what purpose do we process your personal data? 
    We process your personal data for the following purposes: To take the necessary steps to select and recruit new employees (for example, to select candidates for job interviews and to organize the interviews). In this case, we have a legal basis for the processing your personal data based on your application.
    To consider you when looking for potential employees and to contact you for recruitment purposes if you have sent us a job application. In this case, the basis for processing your personal data is your consent.
    To consider you when looking for potential employees and to contact you for recruitment purposes if, when applying for a job with us, you have given us your consent to keep your information for future opportunities. In this case, the basis for processing your personal data is your consent. In this case, the basis for processing your personal data is your consentt o fulfil our legal obligations.

Who has access to your personal data?

We consider your personal data to be a business secret and protect them as such in accordance with the applicable legal regulations and best practice.

Our employees have access to your personal data. Third parties have the right to access and process your personal data in the situations described below:

  • Third-party service providers that provide us with certain services and products (e.g., filling out orders, delivery, advertising and consulting). In this case, they process your personal data exclusively in accordance with our instructions.
  • Competent authorities when supervising the legality of operations and conduct. In this case, they process your personal data in accordance with their legal powers.
  • Competent authorities (police, state attorney’s office, court, etc.) in case of judicial and other equivalent proceedings. In this case, they process your personal data exclusively in accordance with our instructions.

Transfer of personal data to third countries or international organizations?

Your personal data is processed in the Republic of Croatia or in the EU. If necessary, for some technical or operational reason, we reserve the right to transfer your personal data to countries outside the EU, in relation to the European Commission’s adequacy decisions or on the basis of appropriate safeguard measures or certain discrepancies in accordance with GDPR.

How do we protect your personal data?

The protection of your personal data is extremely important to us. Some of the protection measures we implement are:
using secure methods when exchanging your personal data to prevent unauthorized access;
applying modern methods of protection and control of access to the data sources containing personal data;
continuously monitoring all resources (physical areas where your data is stored) used for personal data processing.

Personal data retention period

For data for which there is a legally defined retention period, we keep your data for that period and then delete them during an additional period of one year.

If you are our business partner for whom there is no legally defined retention period, we keep your personal data for the entire period of validity of the contract we have concluded. Upon termination of the contract, we delete your data during an additional period of 6 years from the termination of the contract (limitation period of 5 years, plus 1 year for deletion).

The personal data of the users of our services are kept for the entire duration or use of the services. Upon the termination of the use of services, we delete your data in accordance with separately defined deadlines.

The personal data that we process on the basis of our legitimate interest are kept for as long as our legitimate interest exists, and we delete them during a period of 1 year from the termination of our legitimate interest.

The personal data that we process on the basis of your consent are kept for as long as we have your consent. In case of withdrawal of consent, we delete them as soon as possible, at out earliest convenience.

In the case of recordings collected by video surveillance, we keep them for 30 days, except when a particular recording is used as evidence in a particular case.

What are your rights and how to exercise them

In case you decide to exercise one or more of your rights listed below, we have the right to verify your identity, in order to protect your personal data.

You can exercise your rights by sending your request to the email address [email protected] with the subject line reading “Data Subject Request”, or by sending it to the address Vjekoslava Spinčića 3/2, Opatija. Upon receipt of your message, we will send you a receipt confirmation.

You exercise your rights free of charge. However, if you ask for access to or transfer of your personal data frequently (for example, if less than 6 months have passed from your last request) or excessively (for example, you ask for all your personal data in writing), we reserve the right to request that you pay for our costs before performing such an action.

You may contact us to exercise any of the following rights:

  • Right of access to your personal data

You have the right to ask us to confirm whether we process your personal data and to access your personal data that we process.

  • Right to correct inaccurate personal data:

You have the right to request the correction of your inaccurate personal data and to supplement your personal data.

  • Personal data portability

You have the right to download and request the transfer of your personal data.

  • Right to erasure (right to be forgotten)

You may request the controller to delete your personal data if one of the reasons set out in Article 17 of the General Data Protection Regulation is met. We hereby inform you that we shall not delete your personal data if their processing is necessary, for example to comply with a legal obligation to keep personal data or for reasons of public interest establish, exercise or defend legal claims.

  • Right to object to the processing or handling of your personal data:

You have the right to object to the processing of your personal data and to our handling of your personal data in general.

  • Right to withdraw consent

You have the right to withdraw your consent to further processing of your personal data at any time. The withdrawal of the consent does not affect the processing carried out on the basis of the consent prior to its withdrawal.

  • Right to a complaint to the Croatian Personal Data Protection Agency .

At any time, you have the right to bring a complaint before the competent personal data protection authority – the Croatian Personal Data Protection Agency (www.azop.hr) – regarding the processing and protection of your personal data.

In accordance with Article 21 paragraph 4 of the General Data Protection Regulation, we would like to emphasize that your right to file a complaint is in accordance with Article 21, paragraphs 1 and 2 of the General Data Protection Regulation.

Based on your specific situation, at any point you have the right to object to the processing of personal data relating to you, in accordance with Article 6, paragraph 1 (e) (processing for the purposes of public interest) or Article 6, paragraph 1 (f) (if the processing is necessary for the legitimate interest of the controller or the third party, except where the interests or the fundamental rights of the data subjects requesting the protection of personal data override these interests, including profiling in accordance with these provisions).
You also have the right to object to the processing of your personal data processed in accordance with Article 6, paragraph 1 (f) of the General Data Protection Regulation (if processing is necessary for the legitimate interests of the Controller or a third party, except where the interests or fundamental rights of data subjects requiring the protection of personal data override those interests, including profiling in accordance with these provisions) by mutual controllers.

If you file a complaint, we will no longer process your personal data (except where in the process of resolving your complaint we prove that there are compelling legitimate reasons for the processing that go beyond your interests, rights and freedoms, or if the processing is carried out for the purpose of establishing, exercising, or defending legal claims).

The right to object to the processing for direct marketing purposes
In certain cases, we process your personal data for direct marketing purposes. If you do not agree with this processing, you have the right to object to the processing of personal data relating to you for the purposes of such marketing, which includes profiling to the extent associated with direct marketing, at any time. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can send your complaints to the following email address: [email protected].