GDPR and cookies

Solartom Ltd. attaches great importance to the protection of personal data. The privacy policy regulates the way of handling information which Solartom Ltd. processes or collects when our website is accessed. Processing of personal data relies on one of the legal processing bases. The Terms of Use of this website apply to all website content and services.

Definitions of basic terms

The Privacy Policy of Solartom Ltd. is based on the terms in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union, L 119, 4 May 2016 (hereinafter: the Regulation).

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘Controller’ means a legal person which determines the purposes and means of the processing of personal data.
‘Processor’ means a legal person which processes personal data on behalf of the controller.
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed.

Collection and processing of personal data

Solartom Ltd. collects a range of general data and information when you or an automated system sends a request to the website. General information and data are stored in server log files. Only personal data is collected for the purpose of responding to the contact form in accordance with applicable laws or regulations.

Collected data include:
(1) browser types and variants,
(2) operating system that uses an access system,
(3) web page from which the access system reaches our website (so-called recommendations),
(4) date and time of access to the website,
(5) IP address,
(6) provider of the Internet access system, and
(7) any other similar data and information that may be used in the event of an attack on our information technology.

Use and disclosure or transfer of personal data

Solartom Ltd. shall use your personal information for the purpose of managing web pages, analyzing preferences, and delivering general and individualized offers with the aim of allowing you access to specific information and to communicate with you. We shall use and process your personal data for the following purposes:
1. To optimize the content of our websites and ads.
2. To provide the competent state and legislative authorities on matters of enforcing the applicable law with the information necessary for the criminal prosecution of cyber attacks.
3. To fulfill our legal duties for the purpose of respecting the relevant laws and cooperation with law enforcement agencies and bodies. In that case, the basis for the processing of your personal data is the fulfillment is our statutory duty.
4. To protect our legitimate interests (e.g., when this is necessary for the implementation of security measures). In that case, the basis for processing your personal data is our legitimate interest.
We regard your personal data as a business secret and protect them as such in accordance with applicable legal regulations and best practices. Recipients have the right to access and process your personal data only if these refer to the competent authorities (when controlling the lawfulness of business and conduct) and other persons when this is deemed necessary in order for us to comply with our statutory duties. In that case, they process your personal data in accordance with their statutory powers, i.e., duties.

Solartom Ltd. shall carry out out a statistical analysis of the anonymously collected data in order to increase data protection and data security of our enterprise as well as to ensure the optimal level of protection of personal data we are processing. Anonymous data in the log files are stored separately from all personal data provided by the data subject.

Also, Solartom Ltd. advises all parents and caregivers to instruct children how to deal safely and responsibly with personal data on the Internet. The services we provide are not intended for people under the age of 16 and we cannot know whether the data we collect or process relate to people under the age of 16. We encourage all parents and caregivers to teach persons under the age of 16 how to deal safely and responsibly with personal data on the Internet.

Policy of using and storing HTTP cookies

Our websites use cookies. Cookies are considered small files that are temporarily stored on your hard drive, which allows our website to recognize your device during the next visit to Solartom Ltd.
Depending on the settings on your web browser, cookies can be automatically accepted. If you do not agree to their use, you can easily delete the cookies and/or permanently disable them on your computer or mobile device at any time using your browser settings.

Text is displayed when signing up to the website solartom.hr, which the data subject accepts by clicking on the “Accept” button: “solartom.hr uses cookies to provide a better user experience. By continuing to review the website, you agree to the Terms of Use.”
  If you wish to find additional information on how to manage cookies, look for instructions on your browser websites. Please note that the purpose of cookies is to improve and enable the use of our website; therefore, by disabling or deleting cookies, you might disable the functionality of our website features or cause the content to behave or appear differently.

Security

Solartom Ltd. invests great efforts to ensure the security of personal data and compliance with applicable data protection regulations (such as the General Data Protection Act, the Data Protection Act, etc.). Please note that your data is protected against loss, destruction, manipulation, unauthorized access, and unauthorized publishing. Our employees are obliged to respect the confidentiality of your information.

Storage time

We store your data until the expiration of the 3 (three) year term, counting from the expiration of the contractual relationship, except those data for which the applicable regulations prescribe a longer storage period. Your data shall be used for the purposes of direct marketing on the basis of legitimate interest until the expiration of the 3 (three) year term, counting from the expiration of the contractual relationship, and user data is stored for a period of 3 (three) years counting from the moment of their collection, except for data for which the applicable regulations prescribe a longer storage period. If consent has been obtained for data processing for promotional purposes, which extends to the period following the prescribed deadline, your data shall be stored until the withdrawal of your consent.

User rights

The data subject decides which personal information he or she will make available to Solartom Ltd. In the event of any changes to your personal information, please inform us by e-mail: info@solartom.hr to correct or update your personal information.
We hereby inform you that you have the right to withdraw your consent at any time in whole or in part, in writing, in electronic form by sending an e-mail to info@solartom.hr, or verbally. Furthermore, upon receiving your request to withdraw consent, we shall confirm the receipt of the request in writing, and the personal data covered by the statement to withdraw consent shall no longer be processed starting from the date of consent withdrawal. Please note that all processing and/or transfers made by the date of consent withdrawal remain legally valid.
In addition to the right to withdraw consent, in accordance with the valid regulations on data protection, the data subject has the right to be informed, the right to access to personal data, right to rectification, right to erasure, right to restrict processing, right to data portability, and right to object. Also, data subjects have the right to file an objection to the competent authority for data protection.

Automated processing

Please note that some data (such as the type of the web browser you use, the number of visits, the average time spent on the website, viewed content, etc.) are processed automatically when accessing the Solartom Ltd. website. The above information is used to estimate the attractiveness of our website. Please note that the user has the right opt out of a decision that is based solely on automated processing unless such a decision is required to conclude or execute a contract between the user and Solartom Ltd. pursuant to Croatian law or the European Union law or based on the data subject's explicit consent.

Links to other sites

Solartom Ltd. web pages may contain links to other service providers and are not subject to these privacy statements. When you leave the Solartom Ltd. website, please be aware of Privacy Policy statements on each website that collects your personal information.

Rights of data subjects

a) Right to be informed
The data subject has the right to request and obtain from the controller confirmation about the collection and use of his or her personal data. If the data subject wishes to use this right, he or she may contact the controller at any time.
b) Right of access
The data subject has the right to obtain from the controller information on his or her stored personal data and a copy of such data at any time. The data subject has the right to access the following information:
– the processing purposes,
– the categories of personal data processed,
– the recipients or categories of recipients to whom personal data have been disclosed or will be disclosed, especially third country or international organizations,
– the planned duration of storage or, if not possible, criteria for the definition of such duration,
– information about the rights of the data subject to request from the controller the rectification, erasure, or restriction of data processing referring to the data subject or the right to object to such processing,
– information about the source of the data, where it was not obtained directly from the data subject,
– pthe existence of an automated decision-taking process, including profiling from Article 22, paragraph 1 and 4 of the Regulation with, at least in such cases, meaningful information about the logic involved as well as the implications and intended effects of such procedures on the data subject.
If the data subject wishes to use this right, he or she may contact the controller at any time.
c) Right to rectification
The data subject has the right to obtain from the controller the rectification of his or her inaccurate personal data without unnecessary delay. Taking into account the purpose of data processing, the data subject has the right to update incomplete personal data, among other things, by providing a supplementary statement.
d) Right to erasure (Right to be forgotten)
The data subject has the right to request from the controller the erasure of his or her personal data without unnecessary delay and the controller has the obligation to erase that personal data without unnecessary delay if one of the following conditions is met:
– the data are no longer needed for their original processing purpose or have been processes in some other way,
– the data subject has withdrawn his consent for data processing in accordance with Article 6, paragraph 1, item a) or Article 9, paragraph 2, statute of the Regulation, and there is no other legal ground for processing,
– the data subject has objected to data processing in accordance with Article 21, paragraph 1 of the Regulation and there are no overriding legitimate grounds for the processing, or the data subject objects to data processing in accordance with Article 21, paragraph 2 of the Regulation,
– personal data have been unlawfully processed,
– personal data must be deleted in order to respect the legal obligation of EU law or the law of the Member State to which the controller is subject,
– opersonal data were collected in relation to the offer of information society services in Article 8 (1) of the Regulation.
Data subject may contact the controller at any time if one of the above reasons applies and the data subject wishes to request the erasure of his or her personal data stored by the controller. The controller must immediately ensure the implementation of the erasure request without unnecessary delay. If the controller publicly discloses personal data, he or she is obliged to erase this personal data in accordance with Article 17 (1) of the Regulation. Taking into account available technology and the cost of implementation, the controller shall take reasonable measures, including technical measures, to inform the processors in charge of processing personal data that the data subject has requested from the processor to erase all links to them or the copy or reconstruction of that personal data.
e) Right to restrict processing
The data subject have the right to request from the processor a processing restriction of his or her personal data is one of the following is fulfilled:
– the data subject disputes the accuracy of the personal data for the period during which the processor can check the accuracy of the personal data;
– data processing is illegal and the data subject opposes the deletion of personal data and instead requests their limited use;
– the processor no longer needs personal data for processing purposes but the data subject requests them for the purpose of establishing, achieving, or defending legal requirements;
- the data subject has filed a complaint under Article 21(1) of the Regulation, expecting a confirmation whether the processor’s legitimate reasons exceed the data subject’s reasons.
If one of the above conditions is met and the data subject wishes to request a processing restriction of the personal data stored by the processor, he or she may contact the processor at any time and he or she will carry out the restriction of processing without unnecessary delay.
f) Right to data portability
The data subject has the right to receive personal information relating to him or her, which he or she had provided to the processor in a structured, commonly used, and machine-readable format, and he or she has the right to transfer the data to another processor without interruption by the processor who had been provided with the personal data if:
– the processing is based on the consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) of the Regulation; and - the processing is carried out automatically.
When exercising his or her rights to data portability in accordance with paragraph 1, a data subject is entitled to a direct transfer from one processor to another, if technically feasible.
By exercising the rights referred to in paragraph 1 of this Article, Article 17 of the Regulation is not brought into question. This right shall not apply to the processing necessary for the performance of tasks of public interest or in the exercise of the official authority assigned to the processor.
The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
In order to gain the right to data portability, the data subject can contact the processor at any time.
g) Right to object
The data subject has the right, based on his or her own special circumstances, to file an objection against the processing of personal data relating to him or her, at any time, in accordance with Article 6, paragraph 1 of the Regulation, including the creation of a profile based on those provisions. The processor may no longer process personal data unless the processor proves that there are convincing legitimate reasons for processing that go beyond the interests, rights, and freedoms of the data subject or for the establishment, enforcement, or defense of legal requirements. If personal data are processed for the purpose of direct marketing, the data subject has the right to file an objection to the processing of personal data relating to him or her for the purposes of such marketing at any time, including the making of a profile to the extent that is associated with such direct marketing. If the data subject objects to processing for direct marketing purposes, personal data may no longer be processed for such purposes. In addition, the data subject may, for reasons relating to his or her particular situation, file an objection to the processor about the processing of his or her personal data for scientific or historical research or statistical purposes in accordance with Article 89, paragraph 1 of the Regulation, unless the processing is necessary for the performance of tasks of public interest. For the purpose of exercising the right to object, the data subject may contact the processor. In addition, the data subject is free in terms of the use of the information society service and, independently of Directive 2002/58 / EC, to exercise his right to object by automated means using technical specifications.
h) Rights related to automated decision-making, including profiling
The data subject has the right to opt out of a decision that is based solely on automated processing that produces such legal effects that are related to him or her or in a similar manner significantly affect him or her, except when it is:
- required to conclude or execute a contract between the data subject and data processor;
- permitted by the Union or Member State law to which the processor is subject and which also prescribes the appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or
- based on the explicit consent provided by the data subject.
If the decision:
(1) is required to conclude or execute a contract between the data subject and the data processor; or
(2) is based on the explicit consent of the data subject, Solartom Ltd. shall take appropriate measures to protect the rights and freedoms of the legitimate interests of the data subject, at least the right to receive human intervention by the processor, to express his or her opinion, and contest the decision.
If the respondent wishes to fulfill the rights pertaining to automated individual decision-making, he or she can contact any Solartom Ltd. employee at any time.
i) The right to withdraw consent to data protection
The data subject has the right to withdraw his or her consent to data processing of his or her personal data at any time. If the data subject wished to fulfill his right to consent withdrawal, he or she may contact the processor at any time..

Provisions of data protection regarding the application and use of social networks

- Facebook
- Google Analytics
- Google AdWords

Legitimate interests carried out by the processor or a third party

When personal data processing is based on Article 6, paragraph 1 of the Regulation, it is our legitimate interest to do our business for the benefit of all our employees.

Providing personal data as a legal or contractual requirement

We should clarify that the provision of personal data is partially prescribed by law (e.g., the Tax Code) or it may be the result of contractual provisions (e.g., Contract Partner Information). Sometimes it may be necessary to conclude a contract that is filed by entering personal data, which we then have to process. The data subject is required to provide personal information when our processor signs a contract with him. Failure to complete personal data would have the effect that the contract with the data subject could not be concluded. Before personal data are provided, the data subject must contact one of the processor’s employees. The employee clarifies to the data subject whether the provision of personal data is prescribed by law or the contract or if it is necessary for the conclusion of the contract, whether there is an obligation to provide personal data.

Notice of change and contact

Any change to our privacy policy will be posted with this privacy statement on the website and elsewhere deemed to be appropriate.

NName and address of the processor

Solartom d.o.o., Podčudnič 33, 51219, Čavle, +385 91 918 45 88, info@solartom.hr