Barrage d.o.o. (hereinafter referred to as the “Barrage”, “we” or the “Company”) performs measures in its business and ensures an adequate level of protection of personal data in accordance with the EU General Data Protection Regulation 2016/679 (GDPR) and other applicable legal regulations.
Barrage respects privacy and protects the personal information of its users, employees, business partners or third parties with whom business cooperation is conducted and whose personal data is collected and processed in their daily business.
In order to ensure fair and transparent processing, Barrage wants to provide clear information on processing and protection of personal data collected and processed, and to provide easy control and management of personal information and consents.
1. PERSONAL INFORMATION
1.1. PERSONAL INFORMATION WE COLLECT
Within its business Barrage can collect the following data: contact information such as name, last name, e-mail address, cell phone number, information required to conclude a contract such as address, OIB (PIN), IBAN, etc.
We may also collect, store and use the following kinds of personal information: information about your computer and about your visits to and use of our website https://www.barrage.net/ (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths).
1.2. PERSONAL INFORMATION WE DO NOT COLLECT
Barrage does not collect or process information that reveals racial or ethnic origin, political opinions, religious and philosophical beliefs or membership in the union, genetic data, health or sexual orientation data.
Processing of the above special categories of personal data will be carried out by Barrage exceptionally when: the respondent has given explicit processing privilege, processing refers to the personal data for which the respondent has apparently been disclosed, processing is necessary for the protection of vital interest of the respondent or of the other individual, the processing required to establish, enforce or defend the legal requirements, processing is necessary for the execution and realization of special rights of Barrage or the respondent.
1.3. HOW WE USE PERSONAL INFORMATION WE COLLECT
We use Personal Information to operate, maintain, enhance and provide all features of the services, to provide services and information that are requested, to respond to comments and questions.
We use Personal Information collected from our business partners and vendors to manage those business relationships.
If you apply for a job at Barrage, we may process your Personal Information to evaluate your application.
We may use your Personal Information to comply with our legal obligations and regulatory requirements.
1.4. HOW LONG WE KEEP PERSONAL INFORMATION
We store Personal Information only when we need them for the purposes for which we collect them, that is, for the purpose of fulfilling contractual relations or legal obligations.
Personal data will be deleted upon termination of contractual or employment relationship, and no later than the expiration of any statutory obligation to store, unless a court or other similar procedure that requires data retention has been initiated.
Upon the expiration of storage deadlines, we remove them from the system and archive or convert them into anonymous data so that we can no longer identify an individual.
2. DATA STORAGE AND TRANSFER
Barrage may share your personal information with third parties only if there is a statutory obligation or explicit authorization under the law, if the data need to be forwarded to third parties for executing the contract with the respondent and if we engage another person as a subcontractor, i.e., processing agent, which acts exclusively on the order of the Barrage where the Barrage ensures all data protection measures as if doing these tasks alone.
When transferring data, the processing limitation principle is strictly respected with the transfer of the minimum amount of data needed to realize the requested service, and with respect to all other relevant data protection principles.
Barrage relationships with business partners are regulated by Data Processing Agreements, whereby Barrage requires a minimal equal level of personal data protection.
We process and store personal data in the Republic of Croatia. Exceptionally, we can also process them in other countries (e.g., when a subcontractor from another country is engaged in providing a particular service or part of a service involving the processing of personal data), as a rule, to the member states of the European Union. Exceptionally, they can be processed in third countries, but in such situations, appropriate personal data protection measures are always applied, minimally in the way that personal data are processed in the Republic of Croatia.
3. DATA SECURITY
To protect the personal information collected, Barrage carries out the appropriate physical, technical and organizational protection measures, taking into account the nature, scope, context and purpose of processing, as well as the risks of varying degrees of probability and seriousness for the rights and freedoms of the respondent.
We update and test our security technologies on a permanent basis and continuously improve them at the group level. We use tools to protect and prevent data leakage, encrypt certain sensitive data, and protect data from unauthorized access, alteration, loss, theft, and any other violations and misuse of data.
Access to data within the Barrage is limited to those data required to perform certain business tasks exclusively to authorized persons directly engaged in providing or maintaining the service, and improving the quality and collection of services, in accordance with clearly defined roles and responsibilities within the Barrage. All Barrage employees are bound by confidentiality agreements, and we engage solely with partners with whom we are dealing with appropriate protection measures.
Barrage cannot guarantee 100% security of data transfer over the internet, websites, mobile applications, computer systems or any other public network.
4. RIGHTS AND CHOICES
Barrage respects the right to privacy, collects and processes data only with the existence of legitimate grounds for processing, and the respondent at any time retains certain rights in relation to the processing of their data.
The respondents have the following rights:
- Right to access the data - the respondent has the right to obtain confirmation that his personal data are being processed and, if such personal data are processed, access to personal data and the purpose of processing, the categories of data, potential recipients to whom the personal data will be disclosed, and similar.
- The right to correction - the respondent has the right to obtain correction of incorrect personal information related to him/her. Taking into account the purpose of processing, the respondent has the right to supplement incomplete personal data, including by providing an additional statement. Also, respondents are obliged to update their personal data in a business relationship with Barrage.
- The right to data transfer - the respondent has the right to receive personal information relating to him, which he has provided to Barrage in a structured, commonly used and machine-readable format and is entitled to transfer this data to the other processing manager. It should be taken into account that the transfer right relates solely to the personal data of the respondent.
- Right to objection - the respondent has the right, at any time, to object to the processing of personal data related to him based on his particular situation. Barrage in such a situation may no longer process personal information unless it demonstrates that there are legitimate reasons for processing that go beyond the interests, rights, and freedoms of the respondent, or for the purpose of establishing, enforcing or defending the legal requirements.
- The right to limit processing - the respondent has been required to seek a processing limit if he or she disputes the accuracy of personal data when he considers processing is illegal and is opposed to the deletion of personal data and instead asks for restriction of their use, and in the case where the respondent has filed a complaint about processing expects confirmation whether the legitimate reasons of the head of the treatment of the reasons for the respondents exceed.
If you consider that the processing of personal data we are conducting against the privacy protection regulations, please let us know in the same written way to the address or e-mail address: email@example.com, which is controlled by dedicated GDPR officer.
In the event of non giving required personal information requested by Barrage for the purpose of concluding and exercising the rights of the contract between Barrage and the respondents or the provision of our services, there is a possibility that the contract will not be concluded or the service provided will not be able to access certain content, tenders or training.
5. INFORMATION ON COOKIES
In order to Barrage website work properly, to be able to further improve the site, to improve your browsing experience, the site must save a small amount of information (Cookies) on your computer.
The cookie is information stored on your computer by the web site you visit. Cookies usually save your settings, web settings, such as your preferred language or address. Later, when you open the same web page again, the internet browser sends back the cookies that belong to that page. This allows the page to display information tailored to your needs.
Cookies can store a wide range of information including personal information (such as your name or e-mail address). However, this information can only be saved if you enable it - the websites cannot access the information that you have not provided them and can not access other files on your computer. Default activity for saving and sending cookies is not visible to you. However, you can change your Internet browser settings so you can choose for yourself whether or not to approve or reject cookie requests, delete cookies automatically when you close your browser.
You have the right to exclude cookies. Internet browsers are typically programmed so that accepting cookies is the default setting, but you can easily set it up by changing your browser settings. By turning off cookies, you decide whether to allow cookies to be stored on your computer. However, if you disable cookies, you will not be able to use some of the functionality on the web site.
6. FINAL PROVISIONS
Please revisit Barrage site periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the site, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. If the website is under construction, some parts of it might be missing. In that event, please contact our GDPR officer on e-mail address stated in point 7.
7. OUR CONTACT INFORMATION
Barrage is the entity responsible for the processing of your Personal Information as described in this Policy. If you have any questions or comments about this Policy, your Personal Information, our use and disclosure practices, your consent choices, or if would like to exercise your rights, please contact us by email at firstname.lastname@example.org or write to us at:
Zagrebačka 1, 31 000 Osijek, Republic of Croatia
Att: GDPR Officer