In the course of its business operations, HANZA MEDIA d.o.o. (hereinafter: the Company) implements the measures of personal data protection in accordance with the General Data Protection Regulation (hereinafter: the GDPR), as well as legal and regulatory obligations.
Data controller: HANZA MEDIA d.o.o., Koranska 2, 10 000 Zagreb.
If HANZA MEDIA d.o.o. is a controller of your personal data together with another data controller, pursuant to Article 26 of the GDPR on joint data controllers, on the basis of a business cooperation and/or using a joint service and/or on the basis of HANZA MEDIA's legitimate interest, you may request additional information related to your personal data protection and processing from that other controller identified in the part of this Policy setting out Rules on Joint Controllers.
HANZA MEDIA d.o.o. has appointed a Personal data protection officer.
Should you have any questions that relate to your personal data processing and exercising the rights envisaged by the GDPR, you may contact the Personal data protection officer:
We are fully committed to ensuring continual and effective implementation of this policy, and we expect our employees and business partners to do the same.
This Policy defines the behaviour that is expected from the Company, its permanent, temporary and occasional employees, business partners and third parties, with respect to collecting, using, storing, transferring, disclosing or destroying personal data processed in the course of Company's business processes.
The following rules are an integral part of this Policy:
PERSONAL DATA PROTECTION RULES define the purpose and the manner of using personal data, the categories of personal data we collect, the time period in which they are processed, and the ways of delivering information about your data processing;
WEB PRIVACY RULES define the manner of collecting and storing data we collect through Company’s web site;
EMPLOYMENT PRIVACY RULES define collecting and using your personal data that relate to recruitment activities;
RULES ON JOINT DATA CONTROLLERS define joint data controllers, their activities and contact point for individuals.PERSONAL DATA PROTECTION RULES
These rules pertain to the practices of privacy protection applied by the Company when contracting and providing services to its users. These personal data protection rules have been defined to clarify the purpose and the manner of using personal data, the categories of the data we collect, and the time period when we process them, and to inform you of all the ways of disseminating information related to your data processing.
THE DATA WE COLLECT
In the course of interacting with the Company (using the web sites the Company publishes, sending enquiries/requests by e-mail or post, participating in prize games and competitions, concluding subscription or cooperation contracts) personal data is collected, and such data includes, but is not limited to:
In the course of different types of interaction, the Company may collect data which is not considered to be personal data, including, but not limited to:
LEGAL BASIS FOR PERSONAL DATA PROCESSING
Personal data is processed and used only for the purposes for which they have been collected. Personal data processing is allowed only if at least one of the following criteria has been met:
Using the data
The Company uses personal data for the following purposes:
The manner of collecting data
Personal data is collected in one of the following ways:
THE REQUESTS OF DATA SUBJECTS
The Company ensures that data subjects exercise their rights with respect to:
Data subjects shall deliver requests for exercising their rights in writing or verbally. Data subjects may also request their rights are exercised by using the Form for Exercising Rights which can be DOWNLOADED HERE. The completed form must be sent to email@example.com or delivered in writing to Company’s headquarters.
If an individual submits a request pertaining to any of the above-mentioned rights, the Company will consider any such request in accordance with all applicable laws and regulations on data protection. The Company reserves the right to charge the costs for processing the requests of data subjects in exceptional cases when the requests are unreasonable.
Data subjects have the right to be informed on the basis of the submitted application and after successful verification of their identity on the following:
Any request for access to or correction of personal data must be addressed to the personal data protection officer, who will record any such request upon receipt. The response to each such request shall be delivered within 30 days of the receipt of data subject’s written request.
PERSONAL DATA PROCESSING BASED ON DATA SUBJECT’S CONSENT
In certain cases, the Company may ask the data subject or the holder of parental responsibility consent for processing personal data for a particular purpose.
When personal data processing is based on consent, data subject or the holder of parental responsibility may at any time withdraw such consent, which will not affect the legitimacy of the processing that was based on such consent prior to its withdrawal.
The Company will not retain personal data longer than necessary for the purposes for which such data was originally collected.
The Company will retain your personal data as long as such data is necessary to provide products or services, as long as it is required in accordance with these Rules or the time of collection, as long as it is necessary as a result of our legal obligations, solving disputes and enforcing our contracts, or to the extent permitted by the law.
When the retention period expires, the Company shall erase personal data in a manner that ensures that such data can neither be reconstructed nor read.
The Company carries out physical, technical and organizational measures that guarantee personal data safety (for example, prevention of loss or damage, unauthorized modifications, access or processing and other threats that personal data may be subject to, caused by human activity or physical/natural environment).
Security measures being implemented aim to:
REQUESTS FROM LEGISLATIVE BODIES
Under certain circumstances, personal data may be shared without the knowledge or the consent of the data subject, when such disclosure of personal data is required for any of the following purposes:
In the event of a complaint regarding the compliance with these and other privacy-related rules, contact us at firstname.lastname@example.org. In that case, we will investigate the situation regarding the use and disclosure of personal data in accordance with these rules and we will try to resolve it as soon as possible.
PROTECTION OF PERSONAL DATA OF CHILDREN
Although the Company is oriented to informing the general public, we are well aware that children deserve special protection in every respect, including personal data protection, given that they may be less aware of the risks and possible consequences of disclosing their data.
Pursuant to Article 19, paragraph 1 of the Law on Implementation of the General Data Protection Regulation (Official Gazette 42/2018), as regards the protection of personal data the Company considers all persons under the age of 16 as children and does not seek or collect personal data of children without the consent of the holder of parental responsibility.
Therefore, the Company will make every reasonable effort to ensure that the data received from children is processed only with the consent of the holder of parental responsibility.
If the Company becomes aware that the personal data of the children has been sent without the valid consent of the holder of parental responsibility, the Company will, to a reasonable extent, endeavour to do the following:
If the parent or guardian has questions regarding the processing of their child’s personal data, they can contact our Personal data protection officer at the address provided.
WHERE YOUR PERSONAL DATA IS PROCESSED
We process your data within the European Economic Area. In the event of any need to transfer the personal data beyond that area, such transfer will only take place if the European Commission has confirmed that a third country meets a certain level of data protection, or if there are adequate safeguards in accordance with applicable law (e.g. binding corporate rules, or standard contractual clause).
THE RIGHT TO FILE A COMPLAINT TO A SUPERVISORY BODY
If you believe that in the course of processing your personal data we have breached the Croatian or European regulations on data protection, you may file a complaint to the supervisory authority, i.e. to the Personal Data Protection Agency, Martićeva 14, Zagreb, email@example.com.
The Company acknowledges your right to data confidentiality and undertakes to safeguard the security of the data collected through the Company's Web site.
Your personal data is collected and used only on the basis of the data you have voluntarily provided to the Company, either in the course of registration (when the following data is used: name and surname, address, city, e-mail, birth year) or by using the website.
The collected personal data is kept in electronic form and all appropriate technical and organizational measures are applied to prevent personal data breach. The Company shall use received emails containing your personal information only for the purpose of meeting your requests.
In order to ensure the proper functioning of Hanza media d.o.o. web site, we sometimes store small data files known as cookies on your devices. This is done by most major websites. Browsing the web sites/applications of Hanza Media d.o.o. and/or websites/applications of third parties results in collecting information. The legitimate interest of Hanza Media d.o.o. in using cookies is to ensure accurate display of websites/apps, ads, and notifications with a view to continually improving user experience and providing quality content and ads to users. The cookies on the Company's web pages are anonymised and are not used to collect and access user data.
What are cookies?
A cookie is a file that is stored on a computer or mobile device while visiting a particular web site. With the help of a cookie, the web site remembers your actions and preferences (such as sign-in, language, font size, and other preferences related to display) over a longer period, so it is not necessary to re-enter them every time you return to the web site or browse its pages. Thanks to cookies on Company’s web sites/apps, it is possible to:
Cookies can be used to recognize user's arrival on the site/app, in order to remember your preferences with the aim of improving and providing personalized user experience. All data collected through cookies is summarised and used for optimization and optimal servicing of site/application, and all cookies we serve are anonymized, meaning we cannot access users’ personal data based on them.
With cookies we can collect data on the use of our sites/apps, e.g. the origin/location of the visit, visited page, viewed videos or ads, keywords, the duration of the visit, and the services selected for online shopping web pages osmrtnica.jutarnji.hr, subscription.jutarnji.hr and online.jutarnji.hr, information about the device and about the visit.
Depending on the purpose and frequency of user interaction with Company’s web sites/applications, the collected data serves multiple purposes divided into several categories as shown below.
The purpose of cookies
To ensure proper functioning of the site/application
To collect statistical data
We collect statistical data to deliver quality content and improve the quality of web sites/applications and services, to better understand the needs of our users and improve site/application services and functionalities.
All ad positions are delivered through the Google DFP advertising system. In addition to delivering ads across our system, we also show ads through third-party systems. More details follow.
To customize services
Cookies also help us customize our services to discover potential problems in site/application functioning, and to optimize and improve website/application functionalities such as remembering the shopping cart, sign-in or language data, customization of the user interface, and so on.
How do third parties use web sites cookies?
In some cases, we may work with third parties to provide you with the most quality services on our sites/applications. Company's web sites use tools for measuring third-party visits, such as DotMetrics Audience and Google Analytics.
In addition, other advertisers and business organizations may use their own cookies to collect data about your interaction on web sites/apps and measure the effectiveness of their ads.
The owners of search companies inform you about managing cookies. Read more on the following links.
For other search engines, please consult the relevant documentation provided by the company which is the owner of the search system.
More information about turning off cookies
Currently, there are several web sites enabling turning off storing cookies for different services.
You can read more at the following links:
DIGITAL MARKETING, NEWSLETTER
The Company sends promotional material through digital communication channels to individuals with whom it has at some point had any form of cooperation (subscribers, participants in prize games and competitions) and who gave us contact information for such form of communication. The users of Company's services are at all time entitled to disable the service of receiving promotional materials, and the Company will provide tools in order to carry out the erasure from the database. The legal basis for processing data for these purposes is Company’s legitimate interest.
Contact information, such as name and email address, is necessary in case you want to use the services of receiving promotional materials from the Company. Promotional materials include information on services, special offers and newsletters.
During the first contact or at any stage of providing the service the user will be notified of using his or her data for digital marketing purposes.
The possibility of a general exclusion is not available for some forms of non-marketing communication, such as communication related to product download, sales transaction, winning in the prize game you participated in, statements of compliance with legal obligations (where permitted by law).
The Company may use the technical services of external business partners for delivering newsletters. In this case, we deliver those partners only the email address you have submitted for the Newsletter. We also make sure that the selected business partner uses it only for the delivery of our Newsletters, in the period of your registration for receiving it, and may not use it for other purposes. Except in the aforementioned case and subject to the above conditions, the Company will not share your contact information, which you have provided for the purpose of receiving the Newsletter, with third parties.
The Company takes any security measures to protect user's data during data entry, transfer, processing and storage. Data access is limited to only those employees who need them for their business activities.
Personal information provided to the Company during registration will be stored during the existence of the web site, or during the user’s registration period. Any information given to the Company upon registration on the web site will be destroyed when such site is shut down, at the latest.
At any time, users have the right to request information about which personal data is processed by the Company, and to request their erasure, by submitting a request to the Personal Data Protection Officer.
These rules define how the Company collects and uses your personal data regarding recruitment activities. Personal data will be used in accordance with the regulations below.
By submitting personal data necessary for recruitment purposes or job application, you voluntarily give your personal data to the Company.
Collecting personal data.The Company requires certain data, including the data about education and work experience, contact information, and qualifications for the job you are applying for. Additional/more detailed information such as a CV and employment recommendations are also necessary.
Furthermore, the Company may collect data from third parties when verifying the accuracy of the data submitted by the candidate (e.g. to check the validity of the diploma, work experience and/or recommendations).
Confidential personal data. In the recruitment process, the Company will not seek or require sensitive personal data (e.g. on religious affiliation, health status, sexual or political orientation).
Voluntary disclosure. During recruitment, personal data is made available to the Company voluntarily. The Company will only ask for the data necessary for a proper recruitment procedure.
Using personal information. Data can be used to communicate with you, to manage the procedure of candidate selection and hiring, to comply with corporate, legal and regulatory requirements. If you are eligible for employment, your data may be used for employment and corporate governance.
Data recipients and sharing with third parties. The Company may share your personal information internally and with service providers and third parties if it is necessary in the process of selecting candidates, employment, corporate governance, procurement and legal or regulatory obligations, responding to the demands of the public sector or administration, and for the purpose of state security and/or enforcing the law. The Company shall make sure such service providers and third parties undertake to maintain the confidentiality of your personal data and to use them only in accordance with the specific purpose for which they are disclosed.
Security and confidentiality. The Company maintains a high level of administrative, physical and technical security measures designed to protect the confidentiality of personal data and requires from its service providers to do the same. Company employees who may have access to personal data as a result of their operations must keep the confidentiality of such data.
The Company may apply security procedures in its facilities and on its computer systems to oversee and maintain security. Any supervision of Company’s facilities, systems or assets shall be conducted in accordance with applicable laws.
Your duties. Each candidate is responsible for the data it submits to the Company. All data must be accurate, true, precise, and in no way misleading. Candidates must ensure that the data provided does not contain inappropriate, defamatory or any other content that breaches the rights of third parties. In the case of submitting the personal data of another person (e.g. a person who can make a recommendation), the candidate is responsible to notify the person whose data is provided in a timely manner and to obtain his/her consent.
RULES ON JOINT CONTROLLERS
Data on joint controllers with which HANZA MEDIA d.o.o. agreed to jointly determine the purposes and manners of data processing:
The Company reserves the right to transfer personal data within its business group as well as to third parties, complying with the principle of appropriate level of legal protection for the rights and freedoms of data subjects.
Personal data transfer is carried out if at least one of the following conditions is met:
For the purpose of doing business efficiently, personal data from one of the companies listed above shall be transmitted to another. In those cases, HANZA MEDIA d.o.o. shall be responsible for the protection of personal data transmitted.