Personal data protection statement

MONTIMO d.o.o. processes personal data of users of our services and visitors to the website www.montimo.hr exclusively in accordance with applicable regulations governing the protection of personal data, and as the Data Controller processes the data of Data Subjects in accordance with Article 6 of the Regulation, in compliance with the principles of “lawful, fair and transparent, purpose limitation, data minimization, accurate, storage limitation, integrity and confidential” and in accordance with all applicable laws and regulations on personal data protection: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – General Data Protection Regulation (GDPR) – which has been directly applicable in the Republic of Croatia since 25 May 2018.

Data Controller:
Montimo d.o.o.
Gospodarska ulica 10a
HR-10255 Donji Stupnik (hereinafter referred to as: the Company)
Tax ID: 92860545631

Data Protection Officer contact details e-mail:
info@montimo.hr

The Company processes your personal data exclusively when necessary and when there is an appropriate legal basis for doing so: legal obligations of the controller, contract, legitimate interest and consent. We devote great attention to protecting the personal data of our clients, employees, visitors, users of the Company’s website and all other users of our services, and we commit to treating personal data as confidential information and trade secrets.

Types of personal data we process

In order to provide you with our services, the Company as the data controller processes your personal data and stores it in its database exclusively for the purpose of fulfilling contractual and legal obligations. For the stated purpose, we process the following personal:

  • name and surname,
  • postal address, e-mail address, telephone number,
  • date of birth, age, nationality, gender,
  • identification document number (e.g. identity card – for inspection),
  • IP address of the computer through which the user visited our website,
  • credit card number, CVV code, expiration date,
  • health data of service users (medical certificate/for inspection),
  • curriculum vitae, domicile certificate, proof of professional qualifications and work experience, IBAN number (job candidates and employees),
  • footage of individuals on video surveillance recordings and photographs.

If you do not provide us with the minimum data required for your registration in all relevant registries, we will not be able to provide our services in accordance with the contract and the law.

Purpose of processing, legal basis for processing

The Company as data controller is obliged to collect and process your personal data based on the following purposes and legal grounds:

  • Fulfillment of legal obligations – we process your personal data (service users and employees) in accordance with applicable regulations, and for the purpose of notifications and registrations that we are obliged to carry out according to applicable regulations of the Republic of Croatia, all with the explicit purpose of fulfilling legal obligations;
  • Contract performance (service users and employees) – we process your personal data for the purpose of contract realization and fulfillment of contractual obligations that are the subject of the contract, whereby processing is necessary for the fulfillment thereof;
  • Implementation of tender procedures – in order to undertake actions before concluding a contract, we collect personal data of job candidates;
  • Promotion of our services – based on legitimate interest and consent, we publicly publish photographs and videos from events we organize on the Company’s website;
  • Direct marketing and promotion of our services – based on legitimate interest, we send users newsletters (e-mails) with our offers and services. Personal data is stored until the data subject unsubscribes from the newsletter recipient list, and when they unsubscribe, their personal data is deleted in a secure, permanent and irreversible manner;
  • Based on your consent, we collect health data in order to minimize or prevent injuries to course participants caused by diagnosed illness or health problems, which could potentially prevent or hinder the participant in safe climbing/working at height, and cause an accident or life-threatening situation for the participant;
  • Protection of property and people – we process personal data through video surveillance systems, based on legitimate interest.

All your personal data is processed based on law, contract, legitimate interest or consent.

Retention period

We generally delete your personal data upon termination of the contractual relationship, and at the latest upon expiration of all legal obligations related to the storage of personal data, and until withdrawal of consent.

Management of consents for personal data processing

You can change your consent (complete or partial withdrawal) by contacting us via e-mail at: info@montimo.hr or by post to the data controller’s address.
If you withdraw your given consent, we will no longer use your data for the stated purposes, but this may result in the inability to use some additional benefits that are associated with them. Withdrawal of consent does not affect the lawfulness of processing that was based on consent before it was withdrawn. If you wish to give your consent again, you can do so in the same way as when withdrawing it.

If you do not provide us with your personal data for which consent is not required, but which is necessary for concluding a contract with us, fulfilling a concluded contract, or due to obligations we have under the law, we will not be able to fulfill our contractual obligations towards you, nor will we be able to conclude a contract with you.

Data subject rights

To exercise your rights or if you have questions regarding the processing of your personal data, you can contact us in writing or via e-mail at: info@montimo.hr. (Upon your request, we will provide you with an information request form that needs to be completed and forwarded to us via e-mail).

In accordance with the Regulation and applicable regulations governing the protection of personal data, the Data Subject has the following rights regarding the processing of personal

1. RIGHT OF ACCESS TO PERSONAL DATA

You have the right to access your personal data that we process about you, and you may request further information particularly about their purpose of processing, about the type/category of personal data being processed including access to your personal data, about recipients or categories of recipients, and about the envisaged period for which the personal data will be stored.
You may restrict access to personal data only in cases prescribed by Union law or our national legislation, i.e., when such restriction respects the essence of fundamental rights and freedoms of others.

2. RIGHT TO RECTIFICATION OF PERSONAL DATA
You have the right to request correction or completion of personal data if your data is not accurate, complete and up-to-date. To do this, send your request to us as the data controller in writing, including electronic form of communication. We note that the submitted request must specifically specify what exactly is not accurate, complete or up-to-date and in what sense the stated should be corrected, and provide the necessary documentation as an attachment. Otherwise, we will not be able to carry out what is requested.

3. RIGHT TO ERASURE OF PERSONAL DATA

You have the right to request erasure of personal data relating to you if one of the following conditions is met:

  • your personal data is no longer necessary in relation to the purpose for which we collected or processed it
  • you have objected to the processing of your personal data in accordance with Article 21, paragraph 1 of the General Data Protection Regulation, and if there are no stronger legitimate grounds for our processing
  • personal data has been unlawfully processed
  • personal data must be erased in order to comply with a legal obligation under Union law or the law of the state to which the data controller is subject
  • you have withdrawn consent on which the processing is based in accordance with Article 6, paragraph 1, point (a) or Article 9, paragraph 2, point (a) and if there is no other legal basis for processing (exception Article 17, paragraph 3 of the Regulation) except to the extent that processing is necessary:
    a) for compliance with a legal obligation which requires processing under the law of the Republic of Croatia or the EU or for the performance of a task carried out in the public interest or in the exercise of official authority of the Institution,

    b) for archiving purposes in the public interest, for scientific or historical research purposes, for statistical purposes to the extent that the aforementioned rights are likely to render impossible or seriously impair the achievement of the processing objectives,

    c) for exercising the right to freedom of expression and information,

    d) for the establishment, exercise or defense of legal claims

4. RIGHT TO RESTRICTION OF PROCESSING if there are justified reasons (Article 18 of the Regulation)

5. RIGHT TO DATA PORTABILITY (of part of) data in order to transfer it to another Data Controller (Article 20 of the Regulation)
(exception: if your data processing is based on contract/consent or if portability is technically unfeasible, there is no obligation to comply with the right to portability).

6. RIGHT TO OBJECT and thus the right for us to stop using your personal data for a certain period of time, if you believe that we do not process it in accordance with the law (Article 21 of the Regulation).

7. RIGHT TO WITHDRAW CONSENT (Article 7, point 3 of the Regulation) - you can withdraw it at any time. We note that withdrawal of consent does not affect the lawfulness of processed data based on consent before it was withdrawn.

8. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY - If you believe that we have violated the legal regulations of the Republic of Croatia on data protection when processing your data, please contact us so that we can clarify any ambiguities, and if you believe that your rights are still violated, you have the right to file a complaint with the Personal Data Protection Agency – AZOP.

Identity verification: In case of doubt, we may request additional information to verify your identity, which serves to protect your rights.

Abuse of rights: If you use any of the aforementioned rights too frequently and with obvious intent of abuse, we may charge an administrative fee or refuse to process your request.

Sharing personal data – third parties/data recipients

The Company as Data Controller collects all your personal data exclusively for the purpose for which it was collected, and will not in any way make it available to third parties, except for legally prescribed purposes or if we must provide data as part of a contractual relationship with a third party.

  • Exceptionally, we may transfer your personal data for use to, for example, providers of IT and communication solutions and services, accounting services, courier services who act as our Data Processors.
  • We share your personal data with companies for real-time online credit card authorization systems and payment processing services.

We have concluded contracts with the aforementioned Data Processors in which the handling of personal data is prescribed, therefore they are not able to process your personal data without our instruction and transfer it to third parties.
We do not transfer your personal data to “third countries” outside the EU borders and do not create profiles, nor do we process your data for the purpose of automated decision-making.

We share your personal data with third parties (we forward to social networks and online advertising platforms) for marketing purposes exclusively based on your consent. We forward employee personal data in accordance with legal regulations to HZMO, HZZO, Tax Administration.
We may also share personal data with judicial, tax, audit and other competent authorities when required by law and other regulations (e.g., requests from tax authorities, court disputes, etc.).

Processing personal data through cookies

The official website www.montimo.hr uses so-called cookies. Cookies are text files that are placed on the user’s computer by an internet server through which the service provider accesses the Internet and displays the website. Cookies are created when the browser on the user’s device loads the average network destination, which then sends data to the browser and creates a text file or cookie. The browser retrieves and sends the cookie to the server’s web pages when the user returns to it.

Our pages use technical cookies that are necessary for the functioning of the Internet site (mandatory cookies that cannot be disabled), as well as analytical and marketing cookies for the purpose of improving and promoting our services, improving the efficiency of our website and enhancing business operations.

Some of our pages display content from external service providers, such as YouTube, Facebook, Twitter and Instagram.

To view these external contents and follow our content on social networks, you must accept their terms of use. This includes their cookie policies, which we do not control. If you do not open this content, third-party cookies will not be stored on your device.

Security and confidentiality of personal data processing
  1. We collect and process personal data in a manner that ensures appropriate security and confidentiality in their processing, and enables effective implementation of maximum security and confidentiality according to the principles of:
    - data minimization, purpose limitation and scope of processing and - storage periods, while simultaneously ensuring their accuracy and availability.
  2. We undertake all appropriate technical and organizational protection measures to prevent unlawful destruction, loss, alteration, unauthorized use, disclosure, access or insight into:
    - equipment and premises where we store personal data are located in a secure environment with restricted physical access;
    - only authorized persons in the company have access to personal data. Each employee has their own username and password for accessing the information system and databases;
    - we have obligated our employees to confidentiality of all data they learn about in performing their work, and have defined the same in employment contracts and Confidentiality Statements;
    - our computer programs have an automated logging system for recording access to personal data (so-called logs) which record data about users who accessed personal data, the time when they accessed, deleted data, reviewed data, stored data outside the program, printed data, etc.;
    - we use strong passwords, antivirus programs, firewalls and other measures to protect personal data, and hard drives on our computers are encrypted;
    - all computer programs are regularly updated, and we regularly make backup copies that will enable us to function and work smoothly in case of unforeseen circumstances;
    - when personal data is no longer needed, it is removed by secure deletion of storage media and physical destruction of storage media or is anonymized. Personal data in paper form is destroyed using paper shredding devices;
    - we regularly conduct training for our employees so that their level of awareness about the importance of personal data protection is satisfactory.
Updates

We regularly update the Personal Data Protection Statement so that it remains accurate and up-to-date, and we reserve the right to change its content if we deem it necessary. You will be timely informed of all changes and additions through our website in accordance with the principle of transparency.

© Montimo d.o.o. - All rights reserved | Personal data protection statement