MARLI recognizes the privacy of the website visitors and provides a Privacy Statement on the website. This website Privacy Statement applies only to the functioning of the website owned by MARLI which is also the one that provides a direct link to this Statement when you click on the button “Privacy Statement” at the bottom of the website.
This Statement confirms that the collection, storage and transfer of personal data is performed in accordance with the provisions of the Personal Data Protection Act which is regulating the protection of personal data as well as their transmission and the prevention of unauthorized access and use of personal data. Please read this Statement carefully to fully understand our status and practice regarding your personal data and to understand how we process them.
In case you have any questions regarding the way we process your personal data, please contact us on the following email@example.com.
PERSONAL DATA THAT ARE COLLECTED AND PROCESSED
We can collect your personal data in the following manner:
- We may collect and keep the personal data you provide when filling out forms on our website such as sending inquiries, requests for quotation and similar
- If you contact us, we may collect and keep records of such correspondence, including any personal data you provide during the correspondence
- We may collect and keep the personal data you have provided within the surveys we have asked you to fill in, although you are not required to respond to them
- We may collect and retain the personal data related to your visit to our website, such as traffic data, location information and other information about communication, in order to improve safety, for diagnostic purposes, authentication, billing and invoicing
We store the collected personal data on our own servers that are located in our data centre in the Republic of Croatia. However, we may share the data with third parties we work with, for the purpose of fulfilling agreements of service we will provide you, that may also be outside the European Economic Area.
By sending your personal data, you have given consent for processing the same data outside the European Economic Area. We will take all necessary steps to ensure that all personal data, regardless of where they are processed, are safe and processed in accordance with this Privacy Statement and the GDPR (General Data Protection Regulation).
LEGAL BASIS FOR COLLECTION AND PROCESSING
Personal Data Protection Regulations, that serve as our legal basis for data collection and processing, regulate the premise under which personal data can be collected and processed. These legal bases are as follows:
· Fulfilling contractual obligations
We have to collect your personal data in order to fulfil our contractual obligations (for example, when we need to issue an invoice for our service) when you are negotiating the provision of our service or the delivery of some of our products.
· Compliance with legal obligations
The regulations in force in the Republic of Croatia oblige us to collect and process data for certain purposes, such as accounting purposes (e.g. invoicing) and submission of data in accordance with the requirements of judicial authorities.
· Legitimate interests
As a part of our daily business plan we collect data, in a reasonable manner, for the purposes of legitimate interests. For example, we collect and register IP addresses to develop security and protection against fraud, as well as to analyse the use of our website.
With your consent, in certain cases we can collect and process personal data, for example when we are sending our newsletter or our promotional E-mails. You can withdraw your consent to receive promotional material at any time.
PROCESSING OF PERSONAL DATA
We give our utmost attention to the security of all data and we take all appropriate steps in accordance with the regulations on the protection of personal data that are valid in the Republic of Croatia.
- The collection of all personal data is carried out via an encrypted connection (“https” protocol)
- All personal data are stored behind the firewall in accordance with the highest IT standards and our staff, specialized in the IT security, is taking care of all the operations
- Physical access to all personal data is protected in accordance with adequate standards
- All systems that store personal data have access logs
- All inactive passwords are coded
- We do regular penetration tests on all the systems that are also constantly monitored for the purpose of detection of possible attacks and vulnerability
We use your personal data in the following manner:
- to verify your identity
- for delivering the products and providing services you have agreed upon
- to fulfill our contractual obligations
- to show the website content on your device in the best possible manner
- to respond to your inquiries
- to provide information, product delivery and to provide service you have requested, in cases when you gave your consent that we contact you
- to send notifications about changes related to our service
- to send promotional emails, in case you have given your explicit consent to receive them
- to prevent fraud
- to detect, prevent and diagnose potential security breaches
Your personal data are only kept as long as necessary to meet the purpose for which they were collected. At the end of the storage period, we will either erase personal data or render them anonymous so they can’t be associated with anyone.
We can put links to the webpages of our business partners on our website. In case you follow the mentioned links, please take into a consideration that they may hold different privacy policies and that MARLI holds no responsibility regarding those same policies. We kindly ask you to review those policies before you use those webpages to either register or deliver your personal data.
COOKIES AND IP ADDRESSES
We collect information about IP addresses for security reasons (to prevent DDoS attacks, hacking, frauds and similar), for diagnostic purposes and statistical analysis of traffic and all in order to improve the quality and usability of our services. As controllers we collect information, in accordance with the GDPR, for the purpose of our legitimate interests.
- Authentication of users when they register or log off from any interface related to our services
- The analysis of our website traffic by using Google Analytics (check under Google Analytics)
- Tracking website preferences
Like many other websites, we use Google Analytics to collect anonymous information about users of our websites to find out how often they visit our websites, which websites they visit, the time they visit them, how long they stay and where they are from. This information is collected via cookies and IP addresses and the statistics produced are used for the improvement of the website usability, for tracking the success of marketing campaigns and for the analysis of the pattern of behavior.
If you want to prevent Google Analytics from collecting that information, you can install a Google plugin for your browser that can do exactly that. You can follow this link to download the plugin: https://tools.google.com/dlpage/gaoptout
You can follow this link in order to learn more about how Google uses the information collected from our websites: https://policies.google.com/privacy/partners?hl=hr&gl=uk
According to the GDPR, with effect from 25 May 2018 onward, you have certain rights concerning your personal data and in the following section we will briefly explain them.
- A right to restriction of processing
You have a right to request the restriction of processing of your personal data when there is no legitimate interest for us to do that, when you are disputing the accuracy of your personal data, for the period when we as controllers can check the accuracy of personal data, when you have objected to the data processing (check under a section “A right to make a complaint”) and we are considering if our legitimate reasons have gone beyond yours, when the processing is illegal and you are opposed to the removal of personal data and instead you are asking for a limit of their use even when we don’t require the personal data anymore, but you ask for it for the establishment, exercise or defense of legal claims.
By contacting us, you can exercise your rights at any given moment (check under the section “Contact us”)
- Right of access
The GDPR policy gives you the right to ask what kind of personal data we have stored and how we process them, and it gives you the right to access the data. By contacting us, you can exercise your rights at any given moment (check under the section “Contact us”). Please take into a consideration that before we process any claim for access to data, we must confirm your identity and there is also a possibility that we will contact you in order to confirm that we have understood what specific data you require. After we confirm your identity, we will provide the requested data in the period of 30 days.
We provide information free of charge, however, we may charge an administrator fee if the claim is obviously unfounded or excessive, and especially if it is repetitive. In any case, if you are our existing customer, you can access your personal data via your user interface.
- The right to erasure (“The right to be forgotten”)
As a natural person you have the right to request the erasure of all your personal data in our possession. However, take into a consideration that this is not an absolute right, so for example, this doesn’t go beyond our legal obligation to keep accounting records. You can require the erasure of your personal data when your personal data are no longer necessary in relation to the purpose for which they were originally collected or processed (for example, if you cancel all the services you have negotiated with us). By contacting us, you can exercise your rights at any given moment (check under the section “Contact us”)
- The right to rectification
The GDPR policy gives you the right to rectification of any personal data that are either incorrect or incomplete. Users can use the user interface to update their personal data, but in any case, you can also contact us (check under the section “Contact us”).
- The right to data portability
You have the right to request the personal data you have provided us in a machine-readable form. Please contact us if you want to receive the print of your data in the JSON format (check under the section “Contact us”).
- The right to object
You have the right to object to the processing of your personal data when there is no legitimate or legal reason for us to do that.
You are welcome to ask, comment or request any information concerning this Privacy Statement and you can contact us on firstname.lastname@example.org.
There is a possibility we will update this Privacy Statement from time to time. For your benefit, we will always upload to our website the refreshed version of the Statement.
You are aware of the fact that the processing and collection of data by MARLI is voluntary. By using the website, you agree to this Privacy Statement, thereby giving consent to the collection and processing of your personal data in accordance with this Statement.