PRIVACY POLICY

1. INTRODUCTION

   The privacy policy of the www.controls.tools website explains how we collect, use, disclose and protect your personal information when using our website, including the personal information of legal entities. The definition of 'personal data of legal entities' is given below.

   Personal data is any information that can be used to identify a natural or legal person. This includes but is not limited to:

   • Name and surname
   • Address
   • Phone number
   • E-mail address
   • OIB
   • Business data (e.g. company name, OIB of the company)
   • Company website
   • Read data (temperature, humidity and other sensory data)

2. COLLECTION OF PERSONAL DATA

   We collect the following categories of personal data from you:

   • Contact Information: When you register for an account on the Site, please provide us with your e-mail address ("Contact Information").
   • Account Information: When you create an account, please provide us with your email address and password ("Account Information").
   • Usage Data: When you use the Site, we automatically collect certain data about your usage, including your IP address, web browser, operating system, date and time of visit, and the pages you visited on the Site ("Usage Data"). This data is collected using cookies and other similar tracking technologies.

3. PURPOSE OF DATA COLLECTION

   We collect personal data in order to provide and improve our services and ensure your user experience on our website.

   Legal basis for data processing

   1. Contract performance: We process your personal data to perform contractual obligations to you, such as providing the services you have requested, processing transactions and providing technical support.
   2. User consent: If you have given us consent for certain data processing purposes, we process your data in accordance with that consent. For example, if you have subscribed to our promotional e-mails or have accepted the use of cookies on our website.
   3. Legal Obligations: In certain cases, we may be legally required to process your personal data to comply with applicable laws, regulations or court proceedings.

   Data retention period

   We keep your personal data only as long as it is necessary to achieve the purpose for which it was collected, unless otherwise prescribed by law or if there is no legal obligation to keep it.

   • Account information: Your account information (e.g. email address, password) is kept as long as your account is active and our services are used. If you choose to deactivate or delete your account, your information will be removed from our system in accordance with our internal deletion procedures.
   • Usage data: We store data about your use of our website (e.g. IP address, page activity) during the use of our services and afterwards in anonymized form for analysis and improvement of our services, unless their deletion is requested in accordance with your rights.
   • Legal Obligations: In some cases, we may be legally required to retain certain information even after your relationship with us ends to comply with applicable laws or to protect our legal interests.
   • Disclosure of Personal Information with Consent

   When a user gives their consent to the transfer of personal data to third parties, this usually includes the following:

   • Third parties for services: For example, external service providers or partners who help provide services or process data on behalf of the company. This may include cloud computing services, analytics service providers, marketing agencies, etc.
   • Business partners: In situations where the company collaborates with other companies or partners for joint marketing activities, promotions or other business purposes that require consent to share data.
   • Public or Regulatory Authorities: In some cases, it may be necessary to share information with public or regulatory authorities based on legal requirements or court orders.
   • Disclosure of personal information without consent

   There are situations when a company may disclose personal information without the express consent of the user, and these include:

   • Legal requirements: If disclosure is necessary to comply with legal requirements or legal proceedings, such as requests for disclosure of information by competent public or regulatory authorities.
   • Protection of vital interests: In emergency situations where it is necessary to protect the life or physical integrity of an individual.
   • Performance of contractual obligations: When it is necessary to share data with other parties in order to perform contractual obligations or provide services requested by the user.
   • Public interests: When there is a legitimate interest or public interest that justifies the disclosure of personal data, provided that the rights and freedoms of the individual are respected.

   Cookies policy

   Cookies are small text files that are stored on your device when you visit a website. We use cookies to improve your experience when using our website.

   Types of cookies we use:
   • Necessary cookies: These cookies are necessary for the operation of our website and allow you to navigate through the pages and use its features.
   • Analytical cookies: These cookies collect information about how visitors use our website to improve the user experience.
   • Functionality cookies: These cookies allow the website to remember your selections to provide you with a personalized experience.

   Managing cookie settings: Most web browsers automatically accept cookies, but you can usually change your browser settings to refuse cookies or receive a warning before cookies are saved. Please note that rejecting cookies may affect the functionality and availability of certain features of our website.

   • Google Chrome: Settings > Advanced Settings > Content Settings > Cookies
   • Mozilla Firefox: Tools > Options > Privacy and Security > View cookies
   • Internet Explorer: Tools > Internet Options > Privacy > Advanced
   • Safari: Preferences > Privacy

   Deleting cookies: You can delete cookies that have already been saved on your device. The procedure for deleting cookies depends on the browser you are using.

4. INTERNATIONAL TRANSFER OF DATA

   The personal data we collect may be transferred outside the European Economic Area (EEA) to other countries. We ensure that your data is adequately protected as required by applicable data protection legislation.

   • Standard contractual forms: When we transfer personal data outside the EEA, we use standard contractual forms approved by the European Commission that include appropriate data protection measures.
   • Certification mechanisms: We participate in certification programs or frameworks such as the Privacy Shield for the transfer of personal data between the EU and the US.

5. USE OF PERSONAL DATA

   We use your personal data for the following purposes:

   • Communication with you
   • Security and protection

   Application of technical and organizational measures for the protection of personal data on our website

   Our website, as the manager of personal data processing, is dedicated to ensuring the security of your personal data through the application of various technical and organizational measures. These measures are designed to ensure that your personal data is processed in a secure, transparent and lawful manner.

   Technical measures:

   1. Use of SSL/TLS encryption: We ensure that communication between your browser and our servers takes place via SSL/TLS encryption. This ensures that the data you exchange with our website is protected from unauthorized access and interception.
   2. Strengthening authentication: To access the admin interfaces and other sensitive areas of the website, we use strong passwords and enable two-factor authentication. This prevents unauthorized access even if passwords are compromised.
   3. Regular Security Patch Updates: Our team regularly monitors and applies security patches to web servers and database to ensure our systems are protected from known vulnerabilities.

   Organizational measures:

   1. Privacy and data security policies: We have developed clear policies and procedures for managing the personal information available to our users. These policies cover the collection, processing, storage and deletion of personal data, adhering to the highest standards of privacy and security.
   2. Employee training: All our employees receive regular training on the importance of data security and adherence to prescribed procedures for working with personal data. This includes awareness of security risks, incident reporting procedures and protection of sensitive information.

   Conclusion:

   The implementation of these technical and organizational measures ensures that your personal data is protected from unauthorized processing and that our website adheres to the highest standards of security and privacy. If you have additional questions or would like to learn more about our data protection practices, please feel free to contact us.

6. YOUR RIGHTS REGARDING PERSONAL DATA

   Users (both natural and legal persons) have the following rights in relation to their personal data:

   • Right of access: Users have the right to access their personal data held by the data controller, and the right to information about the way this data is processed.
   • Right to rectification: Users have the right to correct inaccurate personal data relating to them.
   • Right to erasure: Users have the right to request the erasure of their personal data in certain situations, such as when the data is no longer necessary or has been unlawfully processed.
   • Right to restriction of processing: Users have the right to request the restriction of processing of their personal data in certain circumstances, for example, when they dispute the accuracy of the data or when the processing is unlawful.
   • Right to data portability: Users have the right to receive their personal data in a structured, common and machine-readable format and to transfer it to another controller, if technically feasible.
   • Right to object to processing: Users have the right to object to the processing of their personal data in certain situations, especially when the data is processed for direct marketing purposes.
   • Right to a non-automated individual decision, including profiling: Users have the right not to be subject to decisions based solely on automated processing, including profiling, if these decisions have legal effects or significantly affect them.

   Users can submit a request to exercise their rights by email to info@controls.tools.

7. CONTACTING REGARDING PRIVACY

   Personal Data Protection Contact Information: Your privacy is important to us, so we have set out clear guidelines on how you can contact our Data Protection Team (DPO) or Privacy Support Team.

   • Contacting our personal data protection team: For questions, requests or concerns regarding our privacy policy or the way your personal data is processed, please feel free to contact us via email at info@controls.tools data protection officer M. Stijaković. Our data protection team is dedicated to providing support and resolving your queries in accordance with applicable data protection legislation.
   • Submitting a request: Users can submit a request to exercise their rights in relation to personal data by email to the above address. Please include important information in your message that will help us verify your identity and effectively process your request, such as your name, contact information associated with our system, or other relevant information.

   Personal data request form

   Information about the applicant:

   • First and last name: [Enter your first and last name or the name of the organization]
   • Contact e-mail address: [Enter your e-mail address]
   • Phone number: [Enter your phone number, optional]

   Request Description: Please provide me with the following information and/or take the following actions regarding my personal data:

   1. Right of access: I want to access my personal data collected and processed by you.
   2. Right to rectification: Please correct any inaccurate personal data relating to me.
   3. Right to erasure: I want my personal data to be deleted from your system provided there is no legal obligation to keep it.
   4. Right to restriction of processing: I request the restriction of the processing of my personal data in certain situations, such as disputing the accuracy of the data.
   5. Right to data portability: Please enable me to receive my personal data in a structured, common and machine-readable format for transmission to another controller.
   6. Right to object to processing: I object to the processing of my personal data for specific reasons related to my situation.
   7. Other: [Add any additional information or requests regarding your personal information]

   Identity verification: Please attach one of the following documents to verify your identity:

   • An identification document containing your photograph

   Response delivery method: I would like to receive a response to my request via:

   • E-mail: [Enter your e-mail address]
   • Postal: [Enter your postal address, if you want the reply to be sent by post]

   Date: [Enter date of application]

   Response to inquiries: Your requests will be processed within a maximum period of 30 days for complete inquiries, as stated in the "Personal data request form", in accordance with our internal procedures and legal requirements on the protection of personal data. Our goal is to ensure transparency and proper handling of your personal data and to provide you with all the necessary information about their processing.

   If you have additional questions or would like more information about our approach to the protection of personal data, please feel free to contact us via the e-mail address provided using the above query format. Our team is here to help you and ensure that your personal data is protected and processed in accordance with your rights.

8. NOTICE OF CHANGES IN THE PRIVACY POLICY

   In order to ensure that you are informed about our personal information practices, we are committed to informing you of any significant change in our privacy policy. These notices will be posted on our website or you will be notified by email, depending on how we communicate with you. If you have questions or concerns about our privacy policy or would like more information about recent changes, please contact us at info@cistimir.hr. Our personal data protection team will be available to provide you with additional clarifications or information. Please review our privacy policy regularly to stay informed about how we collect, use and protect your personal information.