GDPR and cookies
Solartom Ltd. attaches great importance to the protection of personal data. The privacy policy regulates the way of handling information which Solartom Ltd. processes or collects when our website is accessed. Processing of personal data relies on one of the legal processing bases. The Terms of Use of this website apply to all website content and services.
Definitions of basic terms
The Privacy Policy of Solartom Ltd. is based on the terms in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union, L 119, 4 May 2016 (hereinafter: the Regulation).
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction.
‘Controller’ means a legal person which determines the purposes and means of the processing of personal data.
‘Processor’ means a legal person which processes personal data on behalf of the controller.
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.
Collection and processing of personal data
Solartom Ltd. collects a range of general data and information when you or an automated system sends a request to the website. General information and data are stored in server log files. Only personal data is collected for the purpose of responding to the contact form in accordance with applicable laws or regulations.
Collected data include:(1) browser types and variants,
(2) operating system that uses an access system,
(3) web page from which the access system reaches our website (so-called recommendations),
(4) date and time of access to the website,
(5) IP address,
(6) provider of the Internet access system, and
(7) any other similar data and information that may be used in the event of an attack on our information technology.
Use and disclosure or transfer of personal data
Solartom Ltd. shall use your personal information for the purpose of managing web pages, analyzing preferences, and delivering general and individualized offers with the aim of allowing you access to specific information and to communicate with you. We shall use and process your personal data for the following purposes:1. To optimize the content of our websites and ads.
2. To provide the competent state and legislative authorities on matters of enforcing the applicable law with the information necessary for the criminal prosecution of cyber attacks.
3. To fulfill our legal duties for the purpose of respecting the relevant laws and cooperation with law enforcement agencies and bodies. In that case, the basis for the processing of your personal data is the fulfillment is our statutory duty.
4. To protect our legitimate interests (e.g., when this is necessary for the implementation of security measures). In that case, the basis for processing your personal data is our legitimate interest.
We regard your personal data as a business secret and protect them as such in accordance with applicable legal regulations and best practices. Recipients have the right to access and process your personal data only if these refer to the competent authorities (when controlling the lawfulness of business and conduct) and other persons when this is deemed necessary in order for us to comply with our statutory duties. In that case, they process your personal data in accordance with their statutory powers, i.e., duties.
Solartom Ltd. shall carry out out a statistical analysis of the anonymously collected data in order to increase data protection and data security of our enterprise as well as to ensure the optimal level of protection of personal data we are processing. Anonymous data in the log files are stored separately from all personal data provided by the data subject.
Also, Solartom Ltd. advises all parents and caregivers to instruct children how to deal safely and responsibly with personal data on the Internet. The services we provide are not intended for people under the age of 16 and we cannot know whether the data we collect or process relate to people under the age of 16. We encourage all parents and caregivers to teach persons under the age of 16 how to deal safely and responsibly with personal data on the Internet.
Policy of using and storing HTTP cookies
Our websites use cookies. Cookies are considered small files that are temporarily stored on your hard drive, which allows our website to recognize your device during the next visit to Solartom Ltd.
Depending on the settings on your web browser, cookies can be automatically accepted. If you do not agree to their use, you can easily delete the cookies and/or
permanently disable them on your computer or mobile device at any time using your browser settings.
Text is displayed when signing up to the website solartom.hr, which the data subject accepts by clicking on the “Accept” button: “solartom.hr uses cookies to provide a better user experience. By continuing to review the website, you agree to the Terms of Use.”
If you wish to find additional information on how to manage cookies, look for instructions on your browser websites. Please note that the purpose of cookies is to
improve and enable the use of our website; therefore, by disabling or deleting cookies, you might disable the functionality of our website features or cause the content to behave or appear differently.
Security
Solartom Ltd. invests great efforts to ensure the security of personal data and compliance with applicable data protection regulations (such as the General Data Protection Act, the Data Protection Act, etc.). Please note that your data is protected against loss, destruction, manipulation, unauthorized access, and unauthorized publishing. Our employees are obliged to respect the confidentiality of your information.
Storage time
We store your data until the expiration of the 3 (three) year term, counting from the expiration of the contractual relationship, except those data for which the applicable regulations prescribe a longer storage period. Your data shall be used for the purposes of direct marketing on the basis of legitimate interest until the expiration of the 3 (three) year term, counting from the expiration of the contractual relationship, and user data is stored for a period of 3 (three) years counting from the moment of their collection, except for data for which the applicable regulations prescribe a longer storage period. If consent has been obtained for data processing for promotional purposes, which extends to the period following the prescribed deadline, your data shall be stored until the withdrawal of your consent.
User rights
The data subject decides which personal information he or she will make available to Solartom Ltd. In the event of any changes to your personal information, please inform us by e-mail: info@solartom.hr to correct or update your personal information.
We hereby inform you that you have the right to withdraw your consent at any time in
whole or in part, in writing, in electronic form by sending an e-mail to
info@solartom.hr, or verbally. Furthermore, upon receiving your request to withdraw
consent, we shall confirm the receipt of the request in writing, and the personal data
covered by the statement to withdraw consent shall no longer be processed starting
from the date of consent withdrawal. Please note that all processing and/or transfers
made by the date of consent withdrawal remain legally valid.
In addition to the right to withdraw consent, in accordance with the valid regulations
on data protection, the data subject has the right to be informed, the right to access to
personal data, right to rectification, right to erasure, right to restrict processing, right
to data portability, and right to object. Also, data subjects have the right to file an
objection to the competent authority for data protection.
Automated processing
Please note that some data (such as the type of the web browser you use, the number of visits, the average time spent on the website, viewed content, etc.) are processed automatically when accessing the Solartom Ltd. website. The above information is used to estimate the attractiveness of our website. Please note that the user has the right opt out of a decision that is based solely on automated processing unless such a decision is required to conclude or execute a contract between the user and Solartom Ltd. pursuant to Croatian law or the European Union law or based on the data subject's explicit consent.
Links to other sites
Solartom Ltd. web pages may contain links to other service providers and are not subject to these privacy statements. When you leave the Solartom Ltd. website, please be aware of Privacy Policy statements on each website that collects your personal information.
Rights of data subjects
a) Right to be informed
The data subject has the right to request and obtain from the controller confirmation
about the collection and use of his or her personal data. If the data subject wishes to
use this right, he or she may contact the controller at any time.
b) Right of access
The data subject has the right to obtain from the controller information on his or her
stored personal data and a copy of such data at any time. The data subject has the
right to access the following information:
– the processing purposes,
– the categories of personal data processed,
– the recipients or categories of recipients to whom personal data have been disclosed
or will be disclosed, especially third country or international organizations,
– the planned duration of storage or, if not possible, criteria for the definition of such
duration,
– information about the rights of the data subject to request from the controller the
rectification, erasure, or restriction of data processing referring to the data subject or
the right to object to such processing,
– information about the source of the data, where it was not obtained directly from the
data subject,
– pthe existence of an automated decision-taking process, including profiling from
Article 22, paragraph 1 and 4 of the Regulation with, at least in such cases,
meaningful information about the logic involved as well as the implications and
intended effects of such procedures on the data subject.
If the data subject wishes to use this right, he or she may contact the controller at any
time.
c) Right to rectification
The data subject has the right to obtain from the controller the rectification of his or
her inaccurate personal data without unnecessary delay. Taking into account the
purpose of data processing, the data subject has the right to update incomplete
personal data, among other things, by providing a supplementary statement.
d) Right to erasure (Right to be forgotten)
The data subject has the right to request from the controller the erasure of his or her
personal data without unnecessary delay and the controller has the obligation to erase
that personal data without unnecessary delay if one of the following conditions is met:
– the data are no longer needed for their original processing purpose or have been
processes in some other way,
– the data subject has withdrawn his consent for data processing in accordance with
Article 6, paragraph 1, item a) or Article 9, paragraph 2, statute of the Regulation,
and there is no other legal ground for processing,
– the data subject has objected to data processing in accordance with Article 21,
paragraph 1 of the Regulation and there are no overriding legitimate grounds for the
processing, or the data subject objects to data processing in accordance with Article
21, paragraph 2 of the Regulation,
– personal data have been unlawfully processed,
– personal data must be deleted in order to respect the legal obligation of EU law or
the law of the Member State to which the controller is subject,
– opersonal data were collected in relation to the offer of information society services
in Article 8 (1) of the Regulation.
Data subject may contact the controller at any time if one of the above reasons applies
and the data subject wishes to request the erasure of his or her personal data stored by
the controller. The controller must immediately ensure the implementation of the
erasure request without unnecessary delay. If the controller publicly discloses personal data, he or she is obliged to erase this
personal data in accordance with Article 17 (1) of the Regulation. Taking into account
available technology and the cost of implementation, the controller shall take
reasonable measures, including technical measures, to inform the processors in charge
of processing personal data that the data subject has requested from the processor to
erase all links to them or the copy or reconstruction of that personal data.
e) Right to restrict processing
The data subject have the right to request from the processor a processing restriction of
his or her personal data is one of the following is fulfilled:
– the data subject disputes the accuracy of the personal data for the period during
which the processor can check the accuracy of the personal data;
– data processing is illegal and the data subject opposes the deletion of personal data
and instead requests their limited use;
– the processor no longer needs personal data for processing purposes but the data
subject requests them for the purpose of establishing, achieving, or defending legal
requirements;
- the data subject has filed a complaint under Article 21(1) of the Regulation,
expecting a confirmation whether the processor’s legitimate reasons exceed the data
subject’s reasons.
If one of the above conditions is met and the data subject wishes to request a
processing restriction of the personal data stored by the processor, he or she may
contact the processor at any time and he or she will carry out the restriction of
processing without unnecessary delay.
f) Right to data portability
The data subject has the right to receive personal information relating to him or her,
which he or she had provided to the processor in a structured, commonly used, and
machine-readable format, and he or she has the right to transfer the data to another
processor without interruption by the processor who had been provided with the
personal data if:
– the processing is based on the consent in accordance with Article 6 (1) (a) or Article
9 (2) (a) or on a contract in accordance with Article 6 (1) (b) of the Regulation; and
- the processing is carried out automatically.
When exercising his or her rights to data portability in accordance with paragraph 1, a
data subject is entitled to a direct transfer from one processor to another, if technically
feasible.
By exercising the rights referred to in paragraph 1 of this Article, Article 17 of the
Regulation is not brought into question. This right shall not apply to the processing
necessary for the performance of tasks of public interest or in the exercise of the
official authority assigned to the processor.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms
of others.
In order to gain the right to data portability, the data subject can contact the processor
at any time.
g) Right to object
The data subject has the right, based on his or her own special circumstances, to file
an objection against the processing of personal data relating to him or her, at any time,
in accordance with Article 6, paragraph 1 of the Regulation, including the creation of
a profile based on those provisions.
The processor may no longer process personal data unless the processor proves that
there are convincing legitimate reasons for processing that go beyond the interests,
rights, and freedoms of the data subject or for the establishment, enforcement, or
defense of legal requirements.
If personal data are processed for the purpose of direct marketing, the data subject has
the right to file an objection to the processing of personal data relating to him or her
for the purposes of such marketing at any time, including the making of a profile to
the extent that is associated with such direct marketing. If the data subject objects to
processing for direct marketing purposes, personal data may no longer be processed
for such purposes.
In addition, the data subject may, for reasons relating to his or her particular situation,
file an objection to the processor about the processing of his or her personal data for
scientific or historical research or statistical purposes in accordance with Article 89,
paragraph 1 of the Regulation, unless the processing is necessary for the performance
of tasks of public interest.
For the purpose of exercising the right to object, the data subject may contact the
processor. In addition, the data subject is free in terms of the use of the information
society service and, independently of Directive 2002/58 / EC, to exercise his right to
object by automated means using technical specifications.
h) Rights related to automated decision-making, including profiling
The data subject has the right to opt out of a decision that is based solely on
automated processing that produces such legal effects that are related to him or her or
in a similar manner significantly affect him or her, except when it is:
- required to conclude or execute a contract between the data subject and data
processor;
- permitted by the Union or Member State law to which the processor is subject and
which also prescribes the appropriate measures to protect the rights and freedoms and
legitimate interests of the data subject; or
- based on the explicit consent provided by the data subject.
If the decision:
(1) is required to conclude or execute a contract between the data subject and the data
processor; or
(2) is based on the explicit consent of the data subject, Solartom Ltd. shall take
appropriate measures to protect the rights and freedoms of the legitimate interests of
the data subject, at least the right to receive human intervention by the processor, to
express his or her opinion, and contest the decision.
If the respondent wishes to fulfill the rights pertaining to automated individual
decision-making, he or she can contact any Solartom Ltd. employee at any time.
i) The right to withdraw consent to data protection
The data subject has the right to withdraw his or her consent to data processing of his
or her personal data at any time.
If the data subject wished to fulfill his right to consent withdrawal, he or she may
contact the processor at any time..
Provisions of data protection regarding the application and use of social networks
- FacebookThe processor has integrated the Facebook component on this website. Facebook is a
social network. A social network is a place for social meetings on the Internet, a
network community that usually allows users to communicate with each other and
interact in the virtual space. A social network can serve as a platform for sharing
opinions and experiences or enable the Internet community to share personal or
business information. Facebook allows social network users to include private
profiles, upload photos, and network through friend requests.
The operative company Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA
94025, United States. If a person lives outside the United States or Canada, the
processor is Facebook Ireland Ltd., 4 Square Grand Canal, Grand Canal Port, Dublin
2, Ireland.
With each request to one of the individual pages of this website managed by the
processor and integrated with the Facebook component (Facebook plug-in), the web
browser on the data information system automatically downloads the view of the
corresponding Facebook component from Facebook via the Facebook component. All
Facebook add-ons can be accessed at https://developers.facebook.com/docs/plugins/.
During this technical process, Facebook is aware that certain subpages of our website
have been visited by the data subject.
If a person is simultaneously logged onto Facebook, Facebook reads every request our
website by the processor and for the entire duration of this stay on our website (and
certain subpages) Facebook is aware that the data subject has visited each specific
page. These data are collected through the Facebook component and are linked to the
corresponding Facebook account of the data subject. If the data subject clicks on one
of the Facebook buttons integrated into our website, such as the “like” button or if the
data subject submits a comment, then Facebook connects this information with the
personal Facebook account of the data subject and saves their personal information.
Facebook always receives, via the Facebook component, information about the data
subject’s visits to our website whenever the data subject logs into Facebook during a
request our website. This happens regardless of whether the data subject is on
Facebook or not. If such a data transfer onto Facebook is not desirable for the data
subject, he or she can prevent it by logging off from their Facebook account before
making a request to our website.
The Data Protection Policy published by Facebook, available at
https://facebook.com/about/privacy/, provides information on how Facebook collects,
processes, and uses personal data. In addition, it explains what settings Facebook
offers to protect the privacy of the data subject. In addition, different configuration
options are available to allow the removal of data transfer to Facebook. The data
subject can use this application to remove the data transfer to Facebook.
- Google Analytics
The processor has integrated the Google Analytics component (with the anonymous
function) on this web site. Google Analytics is a web analytics service. Web analytics
collects and analyzes site visitor behavior data. The web analytics service collects,
among other things, the information on the referrer, which subpages were visited, or
how often and for how long they were browsed. Web analytics is mainly used to
optimize the website and to conduct cost analysis and use of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheater
Pkwy, Mountain View, CA 94043-1351, United States.
For the purposes of web analytics by means of the Google Analytics service, the
processor uses “gat.AnonymizeIp.” This application shortens the IP address of the
data subject’s Internet connection and is anonymized when accessing our website
from an EU Member State or other contracting party to the European Economic Area
Agreement.
The purpose of the Google Analytics component is to analyze traffic on our website.
Google collects the obtained data and information, among other things, to evaluate the
effectiveness of our website and provide online reports that show activity on our
website in order to have access to other services related to the visits to our website.
Google Analytics sets a cookie on the information technology system of the data
subject. The definition of a cookie is explained on the page about cookies. By setting
a cookie, Google can analyze the use of our website. With each sent request to one of
the individual pages of this website, managed by the processor and integrated with the
Google Analytics component, the web browser on the data subject’s information
system automatically sends data through the Google Analytics component for online to Google. During this technical
process, Google acquires knowledge of data subject’s personal information, such as
the IP address, which, among other things, serves to understand the origin of the
visitor and the clicks.
For the purposes of web
analytics by means of the Google Analytics service, the processor uses
“gat.AnonymizeIp.” This application shortens the IP address of the data subject’s
Internet connection and is anonymized when accessing our website from an EU
Member State or other contracting party to the European Economic Area Agreement.
Cookies are used to store personal information, such as access time, the place where
access was made, and the frequency of data subject’s visits to our website. With each
visit to our website, such personal information, including the IP address used by the
data subject, shall be transmitted to Google in the United States. These personal data
are stored by Google in the United States. Google may transfer these personal data
collected through a technical process to third parties.
The data subject may, as noted above, prevent cookies from being placed through our
website adapting the web browser used at any time, thereby permanently disabling
cookies. Such adaptation to the web browser used would also prevent Google
Analytics from setting up a cookie on the data subject’s information technology. In
addition, cookies already used by Google Analytics can be deleted at any time
through web browsers or other software programs.
In addition, the data subject has the opportunity to object to data collection generated
by Google Analytics, which relates to the use of this web site, as well as the
processing of such data by Google, and the ability to prevent it. For this purpose, the
data subject must download an additional add-on from
https://tools.google.com/dlpage/gaoptout and install it. This add-on communicates
with Google Analytics through JavaScript, so that all data and information about
website visits is not transmitted to Google Analytics.
If the data subject’s information system is later
deleted, formatted, or newly installed, the data subject must reinstall the add-ons to
disable the work of Google Analytics. If a data subject or any other authorized
individual has de-installed or deactivated the add-on, it is possible to reinstall or
reactivate it.
Additional information and applicable Google data protection provisions can be
downloaded at https://www.google.com/intl/en/policies/privacy/ and
http://www.google.com/analytics/terms/us. html. Google Analytics is additionally
explained at https://www.google.com/analytics/.
- Google AdWords
The processor has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in the Google search engine and the Google advertising network. Google AdWords allows the advertiser to pre-define certain keywords by which the ad is only displayed on Google’s search results when a user uses a search engine to find keyword-related results. In the Google Advertising Network, ads are distributed on relevant web sites using an automatic algorithm, taking into account pre-defined keywords. The Google AdWords operating company is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, United States. The purpose of Google AdWords is to promote our website by including relevant advertising on third-party websites and to search engine results from the Google search engine and insert third-party advertising on our website. If a data subject reaches our website via Google ads, a data conversion information system is sent to the information technology information system through Google. The definition of cookies was previously provided. The conversion cookie is lost after 30 days and is not used to identify the data subject. If the cookie has not expired, the conversion cookie is used to check for specific subpages, such as a shopping cart from the online shopping cart on our web site. Through the conversion cookie, Google and the processor can understand whether the person who visited our website through an AdWords ad has generated sales or performed or canceled the sale of goods. Google uses the data and information collected through the conversion cookie to generate statistics on our website. These visitor statistics are used to determine the total number of users served through AdWords ads to determine the success or failure of each AdWords ad and optimize AdWords ads in the future. Neither our company nor any other Google AdWords advertisers receive information from Google that could identify the data. The conversion cookie stores personal information, such as websites visited by the data subject. Each time you visit our website, personal information, including the IP address used by the data subject, is transmitted to Google in the United States. This personal information is stored by Google in the United States. Google may transfer this personal information collected through a technical process to third parties. The data subject can prevent cookies from being placed on our website at any time, as indicated above, by using the appropriate Internet browser settings and permanently disabling cookies. This setting of the used Internet browser would also prevent Google from setting a conversion cookie on the data subject’s information technology. In addition, the cookie set up by Google AdWords can be deleted at any time through the Internet browser or other software program. Further information and applicable Google Privacy Terms can be downloaded at https://www.google.com/intl/en/policies/privacy/.
Legitimate interests carried out by the processor or a third party
When personal data processing is based on Article 6, paragraph 1 of the Regulation, it is our legitimate interest to do our business for the benefit of all our employees.
Providing personal data as a legal or contractual requirement
We should clarify that the provision of personal data is partially prescribed by law (e.g., the Tax Code) or it may be the result of contractual provisions (e.g., Contract Partner Information). Sometimes it may be necessary to conclude a contract that is filed by entering personal data, which we then have to process. The data subject is required to provide personal information when our processor signs a contract with him. Failure to complete personal data would have the effect that the contract with the data subject could not be concluded. Before personal data are provided, the data subject must contact one of the processor’s employees. The employee clarifies to the data subject whether the provision of personal data is prescribed by law or the contract or if it is necessary for the conclusion of the contract, whether there is an obligation to provide personal data.
Notice of change and contact
Any change to our privacy policy will be posted with this privacy statement on the website and elsewhere deemed to be appropriate.
NName and address of the processor
Solartom d.o.o., Podčudnič 33, 51219, Čavle, +385 91 918 45 88, info@solartom.hr