Privacy Policy

PRIVACY POLICY

This General Privacy Policy (hereinafter referred to as: “Privacy Policy”) is adopted by AURO DOMUS BULLION MARKET d.o.o. (hereinafter referred to as: Auro Domus), Opatija, Vjekoslava Spinčića 3/2, VAT number: 629525537808 .

This Privacy Policy governs the issue of personal data protection as well as the privacy of natural persons – our customers, users of our services, persons who have signed up to our newsletter as well as our business partners, where we are in the position of controller (the person who determines the purpose and method of processing).

The company Auro Domus Bullion Market processes personal data in accordance with the highest standards of the European Union and with the Regulation (EU) 2016/679 of the European Parliament and the Council of the 27th of April 2016 on the protection of individuals in relation to personal data processing and the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) SL EU L119 (hereinafter referred to as: General Data Protection Regulation) and the Law on Implementation of the General Data Protection Regulation (Official Gazette, n. 44/18; hereinafter referred to as: Implementation Law). In case of any questions or requests regarding the conduct or protection of your personal data, please contact us at the e-mail address: [email protected]

For what purposes do we process your personal data and on what legal basis?

We process your personal data here listed in accordance with the General Data Protection Regulation and the Implementation Law for the following purposes:

  • A) Performance of the contract
    The processing of your personal data here listed is necessary for the conclusion and performance of a certain contractual relationship in which you are a party or in order to take certain actions at your request before concluding the contract.
  • B) Compliance with legal regulations
    For personal data processing that is necessary in order to comply with various legal obligations of us as the controller on the basis of the regulations of the Republic of Croatia and the regulations of the European Union, your consent is not required. This processing is required, for example when necessary for the purpose of implementing anti-money laundering and terrorist financing rules (e.g. Law on the Prevention of Money Laundering and Terrorist Financing Official Gazette, no. 108/17, 39/19).
  • C) Processing based on consent

Newsletter registration

  1. What personal data do we process?
    If you have signed up to receive our newsletter, we process your personal data that you provided to us at the time of registration. Those data are the following: Your necessary information: e-mail address and Your additional information: name, gender, city and interests.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: In order to deliver our newsletter to you. In this case, the basis for processing your personal data is our legitimate interest based on your request to receive the newsletter
    In order to better understand your purchasing interests. In this case, the basis for processing your additional data is the consent you gave us when signing up for our newsletter;
    When we have another legitimate interest (for example, when necessary to implement security measures).

Branch visitor

  1. What personal data do we process?
    If you visit our offices you can be captured by our video cameras if you have entered the video camera’s recording area that is clearly marked. In this case, we process your video recording.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: To protect people (visitors and employees) and property in our branches. In this case, the basis for processing your personal data is the Implementation Law
    In order to fulfil our legal obligations (e.g. acting at the request of public authority).

If you have contacted us about our service, our products you have purchased or similar matter

  1. What personal data do we process?
    We process your personal data that you have provided to us when sending inquiries, requests, complaints, commendations or similar, which may include the following personal information: First and last name, phone number, email address, reason for your inquiry, product you purchased, date and place of purchase, summary of your inquiry/request/complaint/commendation and your satisfaction with our response.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: In order to respond to your inquiry, request, complaint, commendation or similar. In this case, the basis for processing your personal data is our legitimate interest in order to respond to your inquiry, request, complaint, commendation or similar;
    In order to monitor the satisfaction with our service. In this case, the basis for processing your personal data is our legitimate interest;
    In order to fulfil our legal obligations (e.g. keeping consumer complaints).

Business Partners

  1. What personal data do we process?
    We process the personal data you have provided to us as well as those we have collected when establishing and maintaining a business relationship, i.e. the following information:
    Your identification information (if you are a natural person, e.g. craft business owner) and that is your name, surname, personal identification number, connection with legal person (owner, director, employee or similar);
    Your contact details, name and surname of the contact person, contact address (street and house number, place, zip code, country), telephone, e-mail address.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes:
    In order to fulfill our contractual obligations to you and take other necessary actions in connection with the conclusion and performance of contracts or previous actions. In this case, the basis for processing your personal data is the performance of the contract in which you are a party, i.e. the taking action at your request before concluding the contract;
    When we have another legitimate interest (for example, when necessary to implement security measures); In order to fulfil our legal obligations.

If you are interested in working in our company

  1. What personal data do we process?
    We process your personal data that you have provided to us, i.e. that we have collected for the purpose of employment in our company and that is the following: Information provided in the application form itself.
  2. For what purpose do we process your personal data?
    We process your personal data for the following purposes: In order to take the necessary steps to select and recruit new employees (for example, to select candidates for the job interview and to organize interviews). In this case, we have a legal basis for processing your personal data based on your application;
    In order to take you into account when looking for new workers and contact you for employment purposes if you have sent us an open job application. In this case, the basis for processing your personal data is the consent
    In order to take you into account when looking for new workers and contact you for employment purposes if you have given your consent to save your data in our records for future opportunities when applying for a job. In this case, the basis for processing your personal data is your consent
    In order to fulfil our legal obligations.

Who has access to your personal data?

We consider your personal data to be a business secret and protect them as such in accordance with applicable legal regulations and best practice.

Access to your personal data is provided to our employees. Third parties have the right to access and process your personal data in the situations as described below:

  • Third-party service providers that provide us with certain services and products (e.g. order fulfillment, delivery, advertising and consulting). In this case, they process your personal data exclusively in accordance with our instructions;
  • Competent authorities when supervising the legality of operations and conducts. In this case, they process your personal data in accordance with their legal powers;
  • Competent authorities (police, state attorney’s office, court, etc.) in case of judicial and other equivalent proceedings. In this case, they process your personal data exclusively in accordance with our instructions;

Transfer of personal data to third countries or international organizations?

Your personal data are processed in the Republic of Croatia or in the European Union. If necessary, for some technical or operational reasons, we reserve the right to transfer your personal data to countries outside the EU, in relation to the European Commission’s decisions on adequacy or on the basis of appropriate safeguard measures or certain discrepancies governed by the GDPR.

How do we protect your personal information?

The protection of your personal data is extremely important to us. Some of the protection measures we implement are as follows:
Use of secure methods when exchanging your personal data in order to prevent unauthorized access;
Application of modern methods of protection and control of access to data resources containing personal data;
Continuous monitoring of all resources (physical areas where your data is stored) used for personal data processing.

Retention period for personal data

For data where there is a legally defined retention period, we keep your data for that period and delete them during an additional period of one year.

If you are our business partners for whom there is no defined legal retention period, we keep the personal data for the entire validity period of the contract we have concluded with you. Upon termination of the contract, we delete your data during an additional period of 6 years from the termination of the contract (limitation period of 5 years, increased by 1 year for deletion).

Personal data of users of our services are kept for the entire duration or use of the services. Upon termination of the use of services, we delete your data in accordance with separately defined deadlines.

Personal data that we process based on our legitimate interest are kept for as long as there is our legitimate interest, and we delete them during a period of 1 year from the termination of our legitimate interest.

Personal data that we process based on your consent are kept as long as we have your consent. In case of withdrawal of consent, we delete them as soon as possible, at out earliest convenience.

In the case of recordings collected by video surveillance, we keep them for 30 days, except when in a particular case there is a need to use a particular recording as evidence.

What are your rights and how to exercise them

In case you decide to use one or more of your rights listed below, we have the right to verify your identity, all for the purpose of protecting your personal data.

You can exercise your rights by sending your request to the e-mail address [email protected] and by specifying the subject of the notice as “Request of the Data Subject” or to the address Vjekoslava Spinčića 3/2 Opatija. Upon receipt of the notice, we will send you a confirmation of the orderly receipt of your request.

You exercise your rights free of charge. However, if you frequently (for example, if less than 6 months have passed since your last request) or excessively (for example, ask for all your personal data in writing) ask for access or transfer of your personal data, we have the right to ask you to pay our costs before carrying out such an action.

You can contact us to exercise the following rights:

  • Right of access to your personal data

You have the right to ask us to confirm whether we process your personal data, as well as access to your personal data we process.

  • Right to correct inaccurate personal data:

You have the right to request the correction of your inaccurate personal data, as well as the right to supplement your personal data.

  • Personal data portability

You have the right to download and request the transfer of your personal data.

  • Right to erasure (right to be forgotten)

You may request the controller to delete your personal data if one of the reasons set out in Article 17 of the General Data Protection Regulation is fulfilled. We hereby inform you that we may not delete your personal data if their processing is necessary, for example to comply with the legal obligation to keep personal data or for reasons of public interest to set, exercise or defend legal claims.

  • Right to object against the processing or handling of your personal data:

You have the right to object to the processing of your personal data as well as in general to our handling of your personal data.

  • Right to withdraw consent

You have the right to withdraw your consent to further process personal data at any time. The withdrawal of consent does not affect the processing carried out on the basis of consent prior to its withdrawal.

  • Right to complaint to the Personal Data Protection Agency .

At any time, you have the right to complain before the competent personal data protection authority – the Personal Data Protection Agency (www.azop.hr), regarding the processing and protection of your personal data.

 

Pursuant to Article 21, paragraph 4. of the General Data Protection Regulations we would like to emphasize that your right to file complaints is in accordance with Article 21, paragraphs 1 and 2 of the General Data Protection Regulation.

Based on your particular situation, at any time, you have the right to object to personal data processing relating to you, in accordance with Article 6, paragraph 1, point (e) (processing for public interest purposes) or Article 6, paragraph 1, point (f) (if processing is necessary for the legitimate interests of the Controller or a third party, except where the interests or fundamental rights of data subjects requesting the protection of personal data are stronger than those interests, including profiling based on those provisions).
You also have the right to object to the processing of your personal data processed in accordance with Article 6, paragraph 1, point (f) of the General Data Protection Regulation (if processing is necessary for the legitimate interests of the Controller or a third party, except where the interests or fundamental rights of data subjects requiring the protection of personal data are stronger than those interests, including profiling based on those provision) by mutual controllers

If you file a complaint, we will no longer process your personal data (unless we prove in the process of resolving your complaint that there are compelling legitimate reasons for processing that go beyond your interests, rights and freedoms, or if the processing is carried out for the purpose of placing, exercising or defending legal claims).

The right to object to processing for direct marketing purposes
In certain cases, we process your personal data for direct marketing purposes. If you do not agree with this processing, at any time you have the right to object to personal data processing relating to you for the purposes of such marketing, which includes profiling to the extent associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. You can refer your complaints to the following contact address: [email protected]