Name: VENI, limited liability company for engineering, construction and services
Abbreviated name: VENI d.o.o.
Headquarters: Ulica Andrije Kačića Miošića 52//1, Metković, 20350
Entered in the register of the Commercial Court in Dubrovnik
Company and head office of the legal entity managing the account:
Privredna banka Zagreb d.d., Radnička cesta 50, 10000 Zagreb,
IBAN: HR64 2340 0091 0000 0001 3
Society members: Ivica Granić
Persons authorized for representation: Ivica Granić
Phone number: 01/2792-326
Email address: firstname.lastname@example.org
In accordance with Regulation (EU) 2016/679 of the European Parliament and the European Council of April 27, 2016 on the protection of individuals in connection with the processing of personal data, which has been in full force since May 25, 2018 in the Republic of Croatia and all member states of the European Union , as well as the Act on the Implementation of the General Regulation on Data Protection (Official Gazette No. 42/18, hereinafter: the Act), i.e. in accordance with the legal framework for the protection of personal data in the Republic of Croatia and the European Union and the best European practice, VENI d.o.o. for engineering, construction and services, with its headquarters at Ulica Andrije Kačića Miošića 52//1, Metković, 20350 OIB: 01399605376, hereinafter the Data Controller, created the Protection of Personal Data of Service Users. The policy on the protection of personal data is a unilaterally binding legal act based on the fundamental principles in the processing of personal data, which regulates which data of service users is collected, how such data is processed and for what purposes it is used. The policy on the protection of personal data also informs service users of their rights in the collection and further processing of personal data, all for the purpose of protecting their privacy in a broader sense.
The personal data protection policy is based on the following principles of personal data processing: the principle of legality, transparency and best practice, the principle of limited processing and reduction of the amount of data, the principle of accuracy and completeness of personal data, the principle of limited storage, the principle of integrity and confidentiality of data, the principle of responsibility, the principle of trust and fair processing, the principle of opportunity (purpose of processing), the principle of processing in unnamed (anonymized) form.
The policy on the protection of personal data applies to all services offered by the Controller, whereby the goal of the Policy is to inform service users in a clear and transparent manner about the procedures for processing their personal data and their rights. First of all, service users can contact the Data Controller at any time with a request to amend or supplement and/or update the data relating to them, as well as with a request for a statement on the purposes for which they want or do not want their data to be processed .
Based on the Personal Data Protection Act (Official Gazette 103/13, 118/06, 41/08, 130/11, 106/12) and Art. 3. paragraph 1. of the General Data Protection Regulation (EU) 2016/679 on the protection of individuals in connection with the processing of personal data and on the free movement of such data Management of the company VENI d.o.o. on May 24, 2018. brings:
REGULATION ON THE PROCESSING AND PROTECTION OF PERSONAL DATA
In the process of personal data processing and protection of individuals with regard to the processing of personal data and the rules related to the free movement of personal data, the company VENI d.o.o. is obliged to apply the General Data Protection Regulation (EU) 2016/679. This regulation applies to the processing of personal data that is completely automated and to the non-automated processing of personal data that is part of the storage system.
VENI d.o.o. is in accordance with Article 4. According to the General Regulation, the personal data processing manager who alone or jointly with others determines the purpose and means of personal data processing in accordance with national legislation or EU law.
In accordance with the general regulation on data protection, certain terms in this Ordinance have the following meaning: “personal data” means all data relating to an individual whose identity has been determined or can be determined (“the respondent”); an identifiable individual is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, identification number, location data, online identifier or with the help of one or more factors inherent to physical, physiological, genetic, mental , economic, cultural or social identity of that individual “processing” means any process or set of processes performed on personal data or sets of personal data, whether by automated or non-automated means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, inspection, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction “storage system” means any structured set of personal data accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis “processor” means a natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of personal data processing; when the purposes and means of such processing are determined by the law of the Union or the law of a Member State, the controller or special criteria for his appointment may be provided for by the law of the Union or the law of a Member State; “recipient” means a natural or legal person, public authority, agency or other body to which personal data is disclosed, regardless of whether it is a third party. “third party” means a natural or legal person, public authority, agency or other body that is not the data subject, data controller, processor or persons authorized to process personal data under the direct authority of the data controller or data processor. “consent” of the data subject means any voluntary, specific, informed and unequivocal expression of the wishes of the subject by which he gives his consent to the processing of personal data relating to him by a statement or a clear affirmative action; “personal data breach” means a security breach that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that has been transmitted, stored or otherwise processed “pseudonymization” means the processing of personal data in such a way that the personal data are no longer cannot be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an individual whose identity has been established or can be established.
VENI d.o.o. collects and processes the following personal data:
a) Basic personal data: name and surname, contact information (e-mail, phone number).
b) Other personal data, which the Respondent or third parties make available when establishing and/or during the duration of the employment relationship or establishing other types of contractual and other relationships, such as data from an identity card, bank account, professional qualifications, other knowledge and skills, and vehicle registration numbers. The processing of special categories of personal data (on racial and ethical affiliation, political or religious beliefs or worldview, genetic data or data on health status) is carried out in accordance with Art. 9 of the Regulation. Personal data is taken directly from the respondents orally and in writing or from other sources.
VENI d.o.o. processes personal data legally, fairly and transparently. VENI d.o.o. processes only appropriate and relevant personal data and exclusively for special, explicit and lawful purposes, and they are not further processed in a way that is not in accordance with these purposes. Personal data provided by VENI d.o.o. processed are accurate and are updated as necessary. Those data that are not correct VENI d.o.o. delete or corrects without delay. VENI d.o.o. keeps personal data in a form that enables the identification of the respondent and only for as long as is necessary for the purposes for which the personal data is processed. Exceptionally, personal data can be stored for longer periods, but only if it will be processed exclusively for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes. VENI d.o.o. processes personal data exclusively in a way that ensures adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage by applying appropriate technical or organizational measures.
VENI d.o.o. personal data is processed only to the extent that one of the following conditions is met:
– that the respondent has given his consent for the processing of his personal data for one or more special purposes
– that the processing is necessary for the execution of a contract to which the respondent is a party
– that the processing is necessary to comply with the legal obligations of VENI d.o.o.
– that the processing is necessary to protect the key interests of the data subject or other natural persons
– that the processing is necessary for the performance of a task of public interest or in the exercise of public authority of VENI d.o.o. or
– that the processing is necessary for the legitimate interests of VENI d.o.o. or third parties, except in the case when these interests are stronger than the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child.
Consent by which the respondent VENI d.o.o. consent to the processing of personal data relating to him must be voluntary, given in writing with easy-to-understand, clear and simple language, clearly indicating the purpose for which it is given and without unfair conditions. If it concerns the processing of personal data of a child under the age of 16, consent in the manner described in paragraph 1 of this article is given by the holder of parental responsibility over the child (parent or legal guardian of the child).
In the process of processing personal data of VENI d.o.o. in an appropriate manner (written or directly orally) provides the respondent with all information related to the processing of his personal data, especially about the purpose of data processing, the legal basis for data processing, the legitimate interests of VENI d.o.o., the intention to transfer personal data to third parties, the period in which personal data will be data to be stored, about the existence of the respondent’s right to access personal data and to correct or delete personal data and limit processing, the right to file objections, etc.
Video surveillance covers working rooms, external surfaces and internal areas of plants, workshops and warehouses. The manager of the processing or the operator of the processing is obliged to mark that the object or individual room in it and the external surface of the object is under video surveillance, and the mark should be visible at the latest when entering the recording perimeter. The label should contain the following information:
– that the space is under video surveillance
– data on the data controller
– contact information through which the respondent can exercise his rights. The right of access to personal data collected through video surveillance belongs to the responsible person of the processing manager, i.e. the processor and/or the person authorized by him. The video surveillance system must be protected against access by unauthorized persons. The processing manager and the processor are obliged to establish a record system for recording access to video surveillance recordings, which will contain the time and place of access, as well as the designation of the persons who accessed the data collected through video surveillance. Recordings obtained through video surveillance can be kept for a maximum of six months, unless another law prescribes a longer storage period or if they are evidence in court, administrative, arbitration or other equivalent proceedings. The processing of personal data of employees through the video surveillance system can only be carried out if, in addition to the conditions established by the Act on the Implementation of the General Regulation on Data Protection, the conditions established by the regulations governing safety at work are also met and if the employees were adequately informed in advance of such a measure and if the employer informed the employees before making the decision to install the video surveillance system. Video surveillance of working rooms must not include rooms for rest, personal hygiene and changing.
VENI d.o.o. appoints a data protection officer. The data protection officer was appointed from among the employees of VENI d.o.o. Contact details of the data protection officer of VENI d.o.o. publishes on its website and informs the supervisory authority about the person appointed as an official. The data protection officer performs the tasks of informing and advising the responsible persons of VENI d.o.o. and its employees who directly process personal data about their obligations from the General Regulation, monitors compliance with the Regulation and other provisions of the Union or a member state on protection, enables the rights of data subjects and cooperates with the supervisory body. The data protection officer is obliged to maintain the confidentiality of all information he learns in the performance of his duties.
The respondent has the right to view the personal data contained in the storage system of VENI d.o.o. that refer to him. The respondent has the right to print personal data contained in the storage system that relate to him. VENI d.o.o. will without delay, at the request of the respondent, correct incorrect data relating to him or, based on the request of the respondent, supplement them. VENI d.o.o. will without delay, based on the request of the respondent, carry out the deletion of personal data relating to him, provided that the personal data are no longer necessary in relation to the purposes for which they were collected or if the respondent withdraws the consent on which the processing is based. A respondent who believes that a right guaranteed by the General Data Protection Regulation has been violated has the right to submit a request for determination of the violation of rights to the competent authority.
In order to protect personal data, VENI d.o.o., in all cases where it is possible, and especially when publishing information in accordance with the Law on the Right to Access to Information, implements pseudonymization of data.
Contact: Data Protection Officer: Ivica Granić, email@example.com
VENI d.o.o. collects and processes the following types of personal data:
– personal data of employees of VENI d.o.o. (personnel records, data on working hours, registrations, registrations, etc.),
– personal information about the members of the Board of Directors of VENI d.o.o.,
– personal data about candidates participating in the tender procedure for establishing an employment relationship,
– personal data of the requester of certification and confirmation,
– personal data of external associates of VENI d.o.o., – personal data of all natural and legal persons with whom VENI d.o.o. concludes contracts.
For personal data specified in Article 13 of this Rulebook, VENI d.o.o. keeps records of processing activities. The records of processing activities contain at least the following data:
– name and contact information of VENI d.o.o., representative of VENI d.o.o. and data protection officer;
– purpose of processing;
– description of categories of respondents and categories of personal data;
– categories of recipients to whom personal data has been disclosed or will be disclosed to them;
– scheduled deadlines for deleting different categories of data;
– general description of technical and organizational security measures for data protection.
Director of VENI d.o.o. makes a decision on the persons responsible for the processing and protection of personal data from Article 12. of this Rulebook.
In order to avoid unauthorized access to data, written data is kept in registers, in locked cabinets, and computer data is protected by assigning a user name and password known to the employees responsible for data processing, and for further security and secrecy, it is stored on portable memory.
Persons in charge of personal data processing are required to take technical, personnel and organizational personal data protection measures that are necessary to protect personal data from accidental loss or destruction, from unauthorized access or alteration, unauthorized publication and any other misuse.
This Rulebook enters into force on September 23, 2019, and will be published on the official website of VENI d.o.o. (veni.biz).
Director: Ivica Granić
In order for this website to work properly with all its functionalities and to be able to continue to improve the site and improve the user experience, we need cookies. According to the regulations of the European Union, from 03.25.2011. we are obliged to ask for your consent before saving cookies. This means that by using this website you agree to the use of these files. If you disable cookies, you will not be able to use certain functionalities of the website that are supported by this technology.
What are cookies?
Cookies are small text files that a website saves from the server to your computer or mobile web browser (depending on which device you access the page with), when you visit that website for the first time. After the first visit, every time the web browser requests an identical page from the server, cookies are sent from the user’s computer to the server. In this way, the server has the ability to identify and track web browsers. We use the term cookies for all files that collect data in the previously described manner. There are several types of cookies:
Temporary cookies (sessions): automatically removed from your computer when you close your web browser. Websites use them to store temporary data (eg items in the shopping cart)
Persistent cookies: remain saved on your computer even after you close your web browser. Websites use them to store data – most often it’s about your settings when using the site. Persistent cookies will remain on your computer until you manually remove them or until they expire.
First-party cookies: They come from the website you are viewing and are either temporary or permanent. Using their websites, they store information such as name and password, so that you do not have to log in every time you visit.
Third-party cookies: belong to different domains than the one displayed in the address bar. Web pages may contain content from other areas (such as banners), which opens up the possibility of tracking a user’s browsing history. The privacy settings in most modern browsers allow you to block third-party cookies.
How to disable cookies?
By turning off cookies, you decide whether to allow them to be stored on your computer. Settings can be controlled and changed in your web browser. If you disable cookies, you will not be able to use certain functionalities of the website.
Yes, with the main goal that our websites provide the best possible user experience. Apart from that, we also use them for:
To track visitor statistics: Cookies collect information about visitor interactions on our websites. They are used to store other data related to user activity.
For the normal functioning of web programs: cookies are used for the normal functioning of certain features of the website that make it easier for users to access the content.