21.3 C
Donji grad
Sunday, July 21, 2024

General notice on personal data protection

1. General notice

1.1. This is the General Data Protection Regulation (GDPR) Notice regarding the processing of personal data
issued by the Renewable Sources of Energy of Croatia (hereinafter referred to as RESC) under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). It contains information on the processing of the personal data of survey respondents in cases where RESC is the data controller of your personal data.

1.2. This General Notice contains information that applies exclusively to natural persons, i.e., their personal
data.

1.3. In essence, this Notice specifies in more detail the individual categories of subjects as well as the categories of their personal data that we process.

1.4. In case of any questions or requests regarding the handling or protection of your personal data, please
contact us at the following address: info@oie.hr or by mail to the address of RESC’s headquarters: Radnička 80, Zagreb, with the indication “PROTECTION OF PERSONAL DATA”.

1.5. Terms used in this General Notice, which have a gender meaning, regardless of whether they are used in
the feminine or masculine gender, equally include the male and the female gender.

2. What personal data do we process?

Participants in RESC public events

2.1. We process personal data that you have given us when registering to participate in an event organized
by RESC (such as the Sunny Days conference, Days of Good Wind conference, and other conferences, round tables, workshops, webinars, presentation of expert/academic studies and similar). We process the following personal data:

        • Name and surname
        • Personal Identification Number (OIB/VAT)
        • Company (name)
        • Address of headquarters/residence, postal code
        • Email
        • Telephone/mobile number.

For what purpose do we process your personal data?

2.2. We process your personal data for the following purposes:

2.2.1. To enable you to participate in our public events (which include participant registration, accreditation for participants, sending notifications of schedule changes, etc., as well as issuing invoices). In this case, the basis for processing your personal data is our legitimate interest because we act on your request (registration) to participate in an event we organize.

2.2.2. In order to send you a report on the event/conference by email after the event is over (follow-up). The basis for processing your personal data is our legitimate interest in informing you as a participant in the event/conference about its results, media coverage of the event, and the like.

2.2.3. In order to use your photographs in media coverage of events, including the RESC website and social media, we rely on our legitimate interest in informing the public about the holding of a public event to promote the development of RES in accordance with the scope of RESC’s activities. The aim of the photography is not to identify individuals nor will any data about participants be published alongside the photographs.

2.2.4. In order to inform you about future similar events based on the previously expressed interest of the subjects. In this case, the legal basis for processing personal data is RESC’s legitimate interest.

2.2.5. For promoting events and topics presented there (e.g. reporting on the success of the event, announcing new similar topics and events). The legal basis for processing personal data is RESC’s legitimate interest as an event organizer.

2.2.6. In order to protect our legitimate interests (e.g. when necessary for security measures). In this case, the legal basis for processing your personal data is our legitimate interest.

2.2.7. In order to fulfill our legal obligations (e.g. to enable you to exercise your rights regarding your personal data).

OIEH Newsletter recipients

2.3. We process your personal data when you sign up for the RESC newsletter. We process the following personal data:

        • Email

For what purpose do we process your personal data?

2.4. We process your personal data for the following purposes:

2.4.1. For sending newsletters. The legal basis for processing personal data is the individual’s request to receive the RESC newsletter. Your data will be used solely for this purpose and will be deleted when you unsubscribe from the RESC newsletter recipient list.

2.4.2. To fulfill the rights of data subjects (e.g. when the data subjects requests a right related to their personal data). The legal basis for processing personal data is RESC’s compliance with legal obligations as the data controller of the data subjects.

Job applications

2.5. We process your personal data when you send an application for an advertised job, an open job application, etc. We process the following personal data:

2.5.1. Personal data provided in the application/cover letter, as well as data collected by RESC itself for the purpose of employment;

2.5.2. If an employment relationship is established, RESC will collect additional data from future employees in accordance with labor laws. Separate privacy rules for employees apply to the processing of this personal data.

For what purpose do we process your personal data?

2.6. We process your personal data for the following purposes:

2.6.1. For the selection and hiring of new employees. The basis for processing personal data is the necessary legal action taken to conclude an employment contract;

2.6.2. For seeking new employees and contacting them for employment (if an open job application has been sent to RESC). The basis for processing personal data is RESC’s legitimate interest as an employer;

2.6.3. To fulfill the rights of the data subjects (e.g. when the data subjects requests a right related to their personal data). The legal basis for processing personal data is RESC’s compliance with legal obligations as the data controller of the data subjects.

2.6.4. Fulfillment of other legal obligations of RESC. The basis for processing personal data is compliance with RESC’s legal obligations as a data controller of the data subjects.

Visitors to the RESC website and social networks

2.7. We process your personal data when you visit the RESC website: www.oie.hr. We process the following personal data:

2.7.1. IP addresses for the purpose of diagnostics and statistical analysis of traffic, all with the aim of improving the quality and usability of our services. The basis for processing your data is our legitimate interest;

2.7.2. When visiting the website www.oie.hr, you may come across embedded content from other websites (e.g. video, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor has visited that other website. This means that these websites may collect data about you, use cookies, may have embedded additional third-party tracking, and monitor your interaction with that embedded content (for example, Twitter, Facebook, Google, and YouTube services).

2.8. We process your personal data when you visit the RESC Facebook page https://www.facebook.com/OIEHrvatske/. At that time, Facebook and RESC are joint controllers of the personal data of the relevant Facebook users. RESC only receives information about Facebook users on an analytical and anonymized basis. Information on how Facebook processes personal data can be found at this link: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0;

2.9. We process your personal data when you visit the RESC LinkedIn page https://www.linkedin.com/company/obnovljivi-izvori-energije-hrvatske/. At that time, LinkedIn and RESC are joint controllers of the personal data of the relevant LinkedIn users. RESC only receives information about LinkedIn users on an analytical and anonymized basis. Information on how LinkedIn processes personal data can be found at this link: https://www.linkedin.com/legal/privacy-policy;

2.10. We process your personal data when you visit the RESC Twitter page https://twitter.com/oie_hr. At that time, Twitter and RESC are joint controllers of the personal data of the relevant Twitter users. RESC only receives information about Twitter users on an analytical and anonymized basis. Information on how Twitter processes personal data can be found at this link: https://help.twitter.com/en/rules-and- policies/personal-information.

3. Who has access to your personal data?

3.1. We consider your personal data to be a trade secret and protect them as such in accordance with applicable legal regulations and best practices.

3.2. Third parties have the right to access and process your personal data only in the situations described below:

3.2.1. Third-party service providers who provide certain services and products necessary for operational activities on behalf of RESC (e.g., IT services, accreditation preparation, conference materials, preparation of invoices for fees, translation and other services). In this case, they process your personal data only following our instructions for categories of personal data that are necessary for the contracted services.

3.2.2. Third-party service providers whose services we use for the needs of our business (e.g., tax advisors, auditors, lawyers, etc.). In this case, they process your personal data following their legal powers and professional rules.

3.2.3. Competent authorities in conducting supervision over the legality of business and procedures. In this case, they process your personal data following their legal powers.

3.2.4. Competent authorities (police, state attorney’s office, court, etc.) in the event of judicial and other equivalent proceedings. In this case, they process your personal data following their legal powers.

4. Are my personal data transferred to third countries?

4.1 We do not transfer your personal data to third countries (outside the European Union).

5. How do we protect your personal data?

5.1 Protecting your personal data is extremely important to us. Some of the protection measures we implement are as follows:

5.1.1. Implementation of database pseudonymization whenever possible;

5.1.2. Use of secure methods when sharing your personal data to prevent unauthorized access;

5.1.3. Application of modern protection methods and control of access to data resources containing personal data;

5.1.4. Employees of RESC as well as third parties who process personal data on behalf of RESC are bound by obligation of confidentiality;

5.1.4. Continuous monitoring of all resources (physical spaces where your data is stored) used for processing personal data.

6. The storage period of keeping your personal data

6.1 For personal data where there is a legally defined retention period, we keep your data for that period (e.g., an 11-year retention period for accounting documents) and delete it in an additional one-year period.

6.1 We keep the personal data that we process on the basis of your consent as long as we have your consent. In case of withdrawal of consent, we delete it as soon as possible.

6.1 We keep personal data that we process based on our legitimate interest as long as our legitimate interest exists and delete it within a period of 1 year from the cessation of our legitimate interest.

7. Your rights

7.1. In case you decide to use one or more of your rights listed below, RESC has the right to verify your identity, all to protect your personal data.

7.2. You can exercise your rights for free. However, if you frequently (for example, if it has been less than 6 months since your last request) or excessively (for example, if you request all your personal data in written form) request access or transfer of your personal data, we have the right to ask you to cover our costs before carrying out such action.

7.3. You can exercise your rights by sending your request to info@oie.hr and indicating “Data subject request” as the subject of the email. In the message, you should specify which right you want to exercise or what is the subject of your request. Upon receiving the message, we will send you a confirmation of the proper receipt of your request.

7.4. Access to your personal data: You have the right to request confirmation of whether we process your personal data, as well as access to your personal data that we process.

7.5. Correction of inaccurate personal data: You have the right to request correction of your inaccurate personal data, as well as the right to supplement your personal data.

7.6. Portability of personal data: You have the right to download and request the transfer of your personal data.

7.7. Objection to processing or handling of your personal data: You have the right to object to the processing of your personal data, as well as to our way of handling your personal data in general.

7.8. A right to withdraw consent: You have the right to withdraw your consent for further processing of personal data at any time. Withdrawal of consent does not affect processing that was done based on consent before its withdrawal.

7.9. A right to complain to the Personal Data Protection Agency: At any time, you have the right to complain to the competent body for the protection of personal data – the Personal Data Protection Agency (www.azop.hr) regarding the processing and protection of your personal data.