Privacy Policy

Data protection and privacy rules

Svijetli start doo respects the privacy and protects the personal data of its users, business partners or other persons with whom it has business cooperation, and whose personal data it collects and processes in its daily business. The Data Protection and Privacy Policy is a fundamental document that describes the purpose and objectives of collecting, processing and managing personal data, as well as ensuring an adequate level of data protection (hereinafter: ‘Privacy Policy’). In order to ensure fair and transparent processing, Svijetli start doo provides you with clear information about the processing and protection of personal data it collects and processes and enables easy monitoring and management of personal data and consents. The Policy has been formed in accordance with applicable regulations, Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR and the Act on the Implementation of the General Data Protection Regulation (NN 42/18). Svijetli start doo has appointed a Data Protection Officer who can be contacted at the e-mail address bruno.pelko@svijetlistart.hr or by mail at the address Svijetli start doo Malešnica 27, 10090 Zagreb.

DATA WE COLLECT

1.1. When visiting our website and online store You can visit our website and online store without providing any information about yourself. In this case, we will collect technical access data that your browser will automatically transmit to our server when you browse our website. Access data includes the following information: – time and date of access – address of the website you accessed and are accessing – content of the request (addresses and names of requested files) – information about the browser used and operating system (versions, language settings) – online identification data (e.g. IP address, device identification, session IDs) – error messages, where applicable (if the requested content cannot be displayed) – the last visited page from which you were redirected to our site via a link When you visit our website, your access data will be automatically stored in the log files of our server and subsequently anonymized by shortening or deleting your IP address. After this procedure, it will no longer be possible to draw conclusions about your person based on the server log files. Also, when you visit our web store, we will collect the data that you directly provide by using the available functions. For example, we will learn which products you are interested in when you use the search function. 1.2. Cookie Policy The Svijetli start website and store use cookies to improve your user experience. A cookie is a standardized text file that your web browser stores on your computer for a period of time specified by the cookie provider. Cookies enable local storage of information such as language settings, shopping cart contents, and temporary identification features that can be called up during subsequent visits to the website in order to restore the appropriate settings that the user selected during the previous visit. This information can only be stored if you, as the user, enable it. The website and store cannot access information without your permission and cannot access other files on your computer. When you first visit our website and store, you will independently select the level of cookies that you want to store on your computer, thus fully managing the process of using cookies. You can view and delete cookies used in your browser’s security settings. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or any cookies. 1.3. When you place an order in the web store, we will collect data about the products you order, as well as data that is directly collected in connection with the execution of your orders. The data for the execution of orders is as follows: – information about the ordered products, such as item numbers and sizes – name and surname – delivery address – e-mail address – mobile phone number for contact for delivery – payment information – information about returns and complaints (e.g. reasons for return, notifications of defects) – order numbers – shipment tracking numbers – company name and contact person, company address and OIB (if you have requested an R1 account) Even if you place several orders as a guest and use identical master data, our systems will keep your data in a single user data record in order to facilitate the maintenance of our customer database. 1.4. When you contact us We will collect the communication data that you provide when you contact us via the contact form on our website, by email, by phone or otherwise. Depending on the channel you use, this may include, for example, contact information (e.g. email address or phone number) and the content of your message. Telephone conversations with the Bright Start customer service are not recorded, nor are any other conversations addressed to the Bright Start phone numbers. We will also use offers provided by social networks such as Facebook and Instagram to interact with our customers. Please note that Bright Start has no influence on the terms of service of social networks or their data processing policies. Therefore, be sure to check the personal data that you provide to us via social networks. 1.5. When you sign up to receive the newsletter If you have signed up for the Rendes newsletter, we will store your data (e-mail address) that you provided for this purpose for sending the newsletter. You can unsubscribe from our newsletter at any time. To unsubscribe, please use the unsubscribe link at the bottom of each newsletter. 1.6. When you enter your email address on the checkout page, or billing. The e-mail address will be saved automatically and used to send an automatic reminder about an abandoned cart. You can opt out of receiving this email at any time by clicking “don’t use my email”. If you have questions or want your data to be deleted, contact info@rendes.hr.

METHODS OF USING COLLECTED DATA

2.1. Visiting the website and the store When visiting and browsing the website and the store, we will process access data, server log files and cookies collected in this context in order to make our website, its contents and the functionalities you use available to you, and to ensure the stability and security of our IT system and databases. The legal framework for the lawfulness of data processing when visiting the website and the store is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent f – processing necessary for the purposes of legitimate interests – technical availability of the website. 2.2. Ordering products and performing a purchase contract We process your data in order to perform the contracts we have concluded with you and provide you with the services and products you have requested. The purpose of the processing is based primarily on the specific contents of the contract. Additional details on the purpose of data processing can be found in the General Terms and Conditions of Use of the web store. The legal framework for the lawfulness of data processing when processing an order and performing a purchase contract is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and performance of a contract. 2.3. Customer support and communication within relationships with existing customers We process your data in order to provide customer support in the use of the website and the web shop. This may include the following, for example: – processing of your requests that you have sent to our customer service – service communication of a non-commercial nature (e.g. security information and technical support) The legal framework for the lawfulness of data processing when processing an order and performing a purchase contract is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and performance of a contract. 2.4. Payment processing Depending on the selected payment method, the data required for payment will be forwarded to the contractual partner who carries out the payment. The payment service provider collects the data within its own application, in which case the privacy notices of the service provider apply. Svetli start does not have access to the data required for payment, nor does it store them. The transfer of your data to external payment service providers is based on Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent b – processing necessary for the conclusion and performance of the contract. 2.5. Internal marketing research, optimization and improvement of the offer We will use the data you enter (e.g. data on ordered products, returns) for internal statistical purposes and for market research purposes. Before use, we will make the data anonymous by removing all personal data, e.g. by replacing your name and other data suitable for identification with random data. In this way, we can measure which pages of our web shop and products are popular, which devices our users generally use and from which regions our website is accessed. The collected data helps us to continuously optimize the existing offer and develop new functionalities and services. The legal framework for the lawfulness of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6, paragraph 1, indent f – processing necessary for the purposes of legitimate interests – improving the functionality of the website and the quality of the offer.

WEB ANALYSIS

3.1. Google Analytics Our website uses the web analysis function “Google Analytics” provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (‘Google’). Google Analytics uses cookies valid for 14 months to collect your access data when you visit our website. Google combines the access data for this purpose into pseudonymous user profiles and transfers them to a Google server located in the USA after the first anonymization of your IP address. Therefore, we cannot determine which user profiles are associated with a particular user. This means that we can neither determine nor determine how you use our website based on the data collected by Google. In addition, Google uses the privacy protection for the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) in case personal data is sent to the USA in exceptional cases. Google therefore guarantees European data privacy principles when processing data in the USA. Google will use the information collected by cookies on our behalf to help us analyze the use of our website and web shop and to compile reports on the activities and use of our website. For more information, please see the Google Analytics Privacy Policy. (LINK: https://support.google.com/analytics/answer/6004245?hl=en) You can opt out of Google web analytics at any time by using one of the following options: – you can set your browser to block Google Analytics cookies – you can adjust your Google Ads settings in Google – you can install the opt-out add-on at the following link: opt-out of Google Analytics (LINK: https://tools.google.com/dlpage/gaoptout/) The legal framework for the lawfulness of the processing of this type of data is Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR, Article 6(1)(f) – processing necessary for the purposes of legitimate interests – analysis of how users use the website. 3.2. Facebook For marketing purposes, our website uses so-called conversion and retargeting tags (Facebook pixels) of the social network Facebook, services of Facebook Inc, 1601 Willow Road, Menlo Park, California 94025, USA (‘Facebook’). We use Facebook pixels to analyze the general use of our websites and the effectiveness of Facebook ads (‘conversions’). We also use Facebook pixels to show you customized ads based on your interest in our products (‘retargeting’). For this purpose, Facebook processes data collected on our websites through cookies and similar technologies. Facebook may send data collected in this context for analysis to a server located in the USA where the data is stored. Facebook uses privacy protection for the EU-US area in the event that personal data is sent to the USA, the so-called Privacy Shield (LINK: https://www.privacyshield.gov/) If you have registered with Facebook and set the privacy settings of your Facebook account, Facebook can additionally connect the data collected about your visit to our website to your Facebook account and use it to place targeted Facebook ads. You can review and change the privacy settings of your Facebook profile at any time. If you opt out of data processing by Facebook, Facebook will only display general Facebook ads that are not selected based on the data collected about you. For more information about the processing methods used by Facebook, please refer to Facebook’s privacy policy. (LINK: https://www.facebook.com/about/privacy/) 3.3. Google AdWords and AdWords Remarketing Our website uses the Google services ‘AdWords Conversion Tracking’ and ‘AdWords Remarketing’. User actions defined by Svetlo start (such as clicks on ads, page views, file downloads) are recorded and analyzed using ‘AdWords Conversion Tracking’. We use ‘AdWords Remarketing’ to present you with tailored advertisements for our products on Google partner websites. Both of these services use cookies and similar technologies for this purpose. Google may send the data collected in this context for analysis on a server located in the USA, where the data is then stored. Google uses the EU-US Privacy Shield (LINK: https://www.privacyshield.gov/) when personal data is transferred to the USA and guarantees the European Data Privacy Principles in the USA. If you have a Google Account, Google may, depending on your Google Account settings, associate your web browser and app history with your Google Account and use the data from your Google Account to personalize ads. If you do not want this association with your Google Account, you must log out of your Google Account before accessing our website. You can opt out of the processing of personal data for personalized online ads on the Google advertising network at any time using one of the following options: – Google Ads Personalization Settings (LINK: https://www.support.google.com/ads/answer/7029158) you can install Google’s free opt-out add-on (LINK: http://www.google.com/settings/ads/plugin) for Firefox, Internet Explorer or Chrome (does not work for browsers on mobile devices) – you can opt out of personalized Google ads and ads provided by a number of other service providers participating in the ‘Your Online Choices’ initiative on the website http://www.youronlinechoices.eu Please note that if you opt out of personalized advertising, Google only displays general ads that are not selected based on your collected access data.

CASES IN WHICH WE WILL SHARE PERSONAL DATA

In principle, we will only share your data if: – you have expressly consented to this in accordance with Article 6(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR – the sharing is necessary pursuant to Article 6(1)(f) in order to establish, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not sharing your data – the sharing is necessary for compliance with a legal obligation pursuant to Article 6(1)(c) or (e) of the General Data Protection Regulation GDPR, in particular if we are obliged to provide information to a public authority – the sharing is permitted by law and necessary pursuant to Article 6(1)(b) of the General Data Protection Regulation, GDPR for the performance of a contract with you or to take steps at your request prior to entering into a contract. Some of the data processing described here may be carried out by external service providers acting on our behalf. The service providers mentioned in this document may include, computer centers that store and maintain our websites and databases, IT service providers that maintain our business systems, as well as consulting companies. If and to the extent that we share data with our service providers, this data may only be used for the purpose of performing their services. The processing of your data by contractual service providers will take place within the framework of the processing and execution of your order in accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation – GDPR. Contractual service providers are carefully selected business partners. They are contractually bound by our instructions, implement appropriate technical and organizational measures to protect the rights of data subjects and are subject to regular monitoring by us.

HOW LONG WILL YOUR DATA BE STORED?

Unless otherwise stated here, your data will only be stored for as long as is necessary to fulfill our contractual or legal obligations or the purposes for which the data was originally collected or for as long as we have a legitimate interest in storing such data. In all other cases, your personal data will be deleted, except for data that we are required to retain in accordance with statutory retention periods. However, in such cases, we will restrict the processing of the data, i.e. your data will only be used in accordance with statutory obligations. Typically, your order and payment data and other data, if applicable, are subject to statutory retention obligations, so we are obliged to retain such data for up to ten years. Even if the data is not subject to statutory retention obligations, we may refrain from deleting your data in cases permitted by law and instead restrict its processing. This may apply in particular in those cases in which this data may be required for the further processing of a contract or for the exercise of rights or for the purpose of legal defence. The duration of the restriction of processing will depend on the statutory limitation periods.

YOUR RIGHT TO DATA PROTECTION

You can contact our data protection officer at any time to exercise your legal data protection rights described below (contact details above in the introductory text). You always have the right to receive information about our processing of your personal data. When providing such information, we will explain the data processing process and provide you with an overview of your personal data that we store. If any of the data we have stored is inaccurate or no longer up to date, you have the right to request correction of the data. You can also request the deletion of your data. If deletion is not possible in exceptional cases due to other legal provisions, the data will be blocked so that it is only available for the stated legal purpose. You can also restrict the processing of your data, e.g. if you believe that the data we store is inaccurate. You have the right to data portability, i.e. upon your request we will provide you with a digital copy of the personal data that you have provided to us. You also have the right to lodge a complaint with a data protection supervisory authority. The competent supervisory authority is the Croatian Personal Data Protection Agency, Martićeva 14, 10000 Zagreb, e-mail: azop@azop.hr.

RIGHT TO WITHDRAW CONSENT AND RIGHT TO OBJECT

If you wish to exercise your right of withdrawal or objection below, send a notification to the Data Protection Officer at the contact information provided in the introductory part of the text. 7.1. Withdrawal of consent Article 7 paragraph 3 of the General Data Protection Regulation GDPR (EU) 2016/679 gives you the right to withdraw any consent you have previously given. This means that in the future we will no longer continue data processing that was based on your consent. Withdrawing your consent will not affect the lawfulness of processing based on consent prior to its withdrawal. 7.2. Objection to the processing of your data If we process your data on the basis of legitimate interests in accordance with Article 6 paragraph 1, subparagraph f of the General Data Protection Regulation GDPR (EU) 2016/679, you have the right, based on Article 21, to file an objection to the way your data is processed if there are reasons for this arising from the specifics of your situation or if the objection is directed against direct advertising.

DATA SECURITY

We use all appropriate technical measures to ensure data security, and in particular to protect your data from risks during data transmission, as well as from unauthorized access by third parties. These measures will be adjusted from time to time in accordance with the latest developments. In order to secure the personal data you enter on our website, we use a secure transport protocol (SSL) that encrypts your data during transmission.

CHANGES TO DATA PROTECTION AND PRIVACY RULES (GDPR)

We will update our data protection and privacy policies from time to time, when adapting to new versions of the website and web store or when changes in legal regulations occur. Material changes will be documented in this document, and if necessary, we will secure the consent of our users. Last modified: 30.10.2020.