Cookie and Privacy Notice

Privacy Notice

Data privacy and protection of your data

1. INTRODUCTION

Your privacy is important to us,

In this Privacy Notice, we would like to explain who we are, what personal data we collect about you, why we collect it and what do we do with it in an easy and readable way. Personal data means any data from which we are able, directly or indirectly, to identify you.

Please take time to read this Notice. If you do not agree to it, please do not provide us with your data.

2. WHAT DOES THIS PRIVACY NOTICE COVER

This Notice covers how Orvas d.o.o., Dugopolje, Ulica sv. Leopolda Mandića 10, PIN Nr.: 38192148118 (further as: „Orvas“, or „we“) we process your data whenever you interact with us, e.g. when you:

  • visit any of our websites;

  • use our social media channels;

  • purchase and use our products and services, systems and applications;

  • subscribe to our newsletters;

  • provide to us your goods or services, systems or applications;

  • contact our customer support;

  • join our business events;

  • participate to our contests;

  • participate to our promotions;

  • or otherwise interact with us
    as consumer, business customer, partner, (sub)supplier, contractor or other person with a business relationship with us.

“Processing” means any operation performed on personal data, which includes collection, recording, storage, modification or update, retrieval, consultation, use, disclosure by manual and/or automated means.

3. WHAT IS THE DATA THAT WE COLLECT ABOUT YOU?

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, phone, etc.) we may process different data about you. In this notice we cover all possible personal data that we collect from you.

DATA YOU PROVIDE DIRECTLY TO US (EXAMPLES BELOW)

Categories of data

Examples of data

Personal identification

Name, last name, title, date of birth

Contact information

Email, phone number, address, country

Images

Pictures uploaded/ provided to us

Financial data

Credit card data, bank account information

Other information

Household information, interests, profession, preferences

 

INFORMATION FROM THIRD-PARTY SOURCES (EXAMPLES BELOW)

We may receive information about you from publicly available sources (as permitted by law) such as public databases, our marketing partners, or social media platforms when you choose to connect to such services.

We may combine this information with other information we receive from you.

4. HOW DO WE USE YOUR DATA?

We may process your data for different purposes, but only for those which have a legal basis to process the data. Please find below the overview.

PROCESS/SERVICE

PURPOSE

LEGAL BASIS

USE OF THE SERVICE

Personal data of all natural persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), and who are not registered Users (i.e. persons who do not have a profile on the Website).

in order to provide services ordered on the Website.

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR


analytical and statistical purposes, consisting of conducting analyses of Users' activities, as well as their preferences in order to improve the functionalities used and services provided


Controller's legitimate interest - Article 6(1)(f) GDPR

possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR

The User's activity on the Website, including his/her Personal Data, is recorded in system logs. The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes

Controller's legitimate interest - Article 6(1)(f) GDPR

REGISTRATION ON THE SITE

Those who register on the Website are asked to provide the data necessary to create and operate an account. In order to facilitate the service, the User may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. The provision of data marked as mandatory is required in order to create and operate an account, and failure to provide such data will result in the inability to create an account. The provision of other data is voluntary.



in order to provide services related to the maintenance and operation of the account on the Website

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR, and with regard to data provided optionally - the legal basis for processing is consent - Article 6(1)(a) GDPR

analytical and statistical purposes, consisting of conducting analyses of Users' activity on the Website and the way they use their account, as well as Users' preferences in order to improve the applied functionalities

Controller's legitimate interest - Article 6(1)(f) GDPR

possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR



PLACING ORDERS (USE OF PAID SERVICES ON THE SITE)

The placement of an order (purchase of goods or services) by the User of the Website involves the processing of his/her Personal Data. The provision of data marked as mandatory is required in order to accept and process the order, and failure to provide such data will result in the order not being processed. Provision of the remaining data is optional.



fulfilling a submitted order

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR; for data provided on an optional basis, the legal basis for processing is consent - Article 6(1)(a) GDPR


to comply with statutory obligations incumbent on the Controller, arising in particular from tax and accounting legislation

legal obligation - Article 6(1)(c) GDPR

analytical and statistical purposes, consisting of conducting analyses of Users' activity on the Website, as well as Users' purchasing preferences in order to improve the applied functionalities

Controller's legitimate interest - Article 6(1)(f) GDPR




possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR

CONTACT FORMS

The Controller provides the possibility to contact him/her using electronic contact forms. The use of the form requires the User to provide Personal Data necessary to contact the User and respond to the enquiry. The User may also provide other data in order to facilitate the contact or handling of the enquiry. The provision of data marked as mandatory is required in order to receive and handle the enquiry, and failure to provide such data will result in the impossibility of service. The provision of other data is voluntary.



identification of the sender and the handling of his/her enquiry sent via the form provided

performance of the contract for the provision of the service - Article 6(1)(b) GDPR; with regard to the data provided optionally, the legal basis of the processing is consent - Article 6(1)(a) GDPR


analytical and statistical purposes consisting of keeping statistics on queries submitted by Users via the Website in order to improve its functionality

Controller's legitimate interest - Article 6(1)(f) GDPR

MARKETING


displaying marketing content to User that is not tailored to his/her preferences (contextual advertising)


Controller's legitimate interest - Article 6(1)(f) GDPR






Orvas d.o.o. may send you communication about our products, services, events and promotions. The communication is send via different channels: email, phone, SMS, post, social networks. We would like to provide you with the best experience, therefore this communication might be tailored to your preferences (for example, email as your preferred channel of communication with us – you can indicate it yourself or we can understand it based on the links you click in out emails). When required by law, we will ask your consent before starting the above activities.

To give your consent, you can, for example, tick the box for acceptance of receipt of news and promotions or usage of your data for general ecommerce industry trend analytics. We also give you the opportunity to opt-out and withdraw your consent at any time. (e.g. unsubscribe email, send us a request for withdrawal of the consent, etc.)

If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.

5. WHEN DO WE SHARE YOUR DATA?

Your data will be processed by ourselves and other entities within the Orbico Group. In exceptional cases and only to fulfill the above described purposes described above, your data might be shared with following parties:

  • Service providers: we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers, shipping providers;

  • Business partners: for example: MMK, MyRent, ..., who can provide you with the services you request;

  • Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Orbico Group;

  • Professional advisors such as auditors, lawyers, accountants, other professional advisors;

  • Other parties in connection with corporate transactions such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).

Transfer of your data outside of EEA

The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, Orvas transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:

  • cooperation with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued as to whether an adequate level of protection of Personal Data is ensured (for more information, please go through the list provided here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en);

  • the use of standard contractual clauses issued by the European Commission.

6. HOW DO WE KEEP/RETAIN YOUR DATA?

We keep your data for the period necessary to fulfill the purposes for which it has been collected (see above section “How do we use your data?”). Sometimes we might keep your data longer if required or permitted by law. We determine the period based on the following criteria:

  • How long is the data needed to provide you with our products or services or to operate our business?

  • Do you have an account with us? Then we will keep your data while your account is active.

  • Are we subject to a legal, contractual, or similar obligation to retain your data?
    Examples can include mandatory data retention laws, government orders to retain data relevant to an investigation, or data that must be retained for the litigation purposes.

7. HOW DO WE SECURE YOUR DATA?

To protect your data, we will take appropriate technical and organizational measures in line with the applicable data protection and data security laws, including requiring our service providers, business partners or professional advisors to use appropriate measures to protect the confidentiality and security of your data. We put in place measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.

8. WHO IS RESPONSIBLE FOR YOUR DATA?

Orvas d.o.o with its head office at Leopolda Mandića 10, Dugopolje, is responsible for processing the personal data it deems necessary to process. We are therefore the party whom you, as well as the supervisory authorities (AZOP- Agencija za zaštitu osobnih podataka – Agency for personal data protection), should contact for any questions you may have relating to the way our company uses your data. For some services, we rely on specialised partners. They therefore must follow our instructions and adhere to our policy on personal data protection. We ensure that our partners receive only the data that are strictly necessary to perform their contractual duties.

9. WHICH LEGISLATION APPLIES?

The protection of your personal data is governed by the Regulation EU 2016/679, (i.e. „GDPR) and applicable national laws of Croatia. We undertake to comply with our obligations and respect your rights whenever we process your data.

10. ACCESSING YOUR INFORMATION

You have the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority in charge of the protection of Personal Data (AZOP – azop@azop.hr).

To the extent that your data is processed on the basis of consent, this consent may be withdrawn at any time by contacting Orvas or using the functionalities made available on the Website (for example the cookie banner “options” button).

You have the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, and - for reasons related to the User's particular situation - in other cases where the legal basis of the data processing is the Controller's legitimate interest (e.g. in connection with the realisation of analytical and statistical purposes).

You can exercise your rights by contacting Orvas: Tel. 00385 95 344 4108; E-mail: privacy@orvas.hr. We will respond promptly and no later than within a month, unless extraordinary complexity would require an extension of the time to respond.

 

11. WsPay  

   

All payments on this websites are conducted through WsPay. When using WsPay your personal data shall only be shared with WsPay and Orvas will not have access to it. WSPay is a secure system for online payments, real time credit and debit card payments, and other payment methods. WSPay ensures the buyer and the merchant with the secure card data entry and transfer, which is also confirmed by PCI DSS certificate. WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.

For more information how WsPay processes your personal data, please visit Monri Payments.


Cookie notice

1. What is a cookie?

Cookies are small text files, created by the website being visited, that contain data. They are stored on the visitor's computer in order to enable the user to access various functions. Cookies are useful for a number of reasons as they allow you to navigate between websites efficiently, remember your preferences and generally improve the user experience.


2. Why do we use cookies?

We use cookies to learn more about how visitors interact with the content of our websites and help us improve their experience when visiting our website.

3. What types of cookies do we use?

On our website we use:

a) Functional (necessary) cookies

Functional cookies enable the proper operation of the website and the visibility of the user's settings. By adding functional cookies, we also enable website ease of use (e.g. you don't have to type the same text again). This type of cookie is stored on your device without your consent. Below is a list of functional cookies we use:

Name

Purpose

Expiration time

Additional information

laravel_session Internally laravel uses laravel_session to identify a session instance for a user 4 hours

XSRF-TOKEN

This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks.

4 hours


CF_VERIFIED_DEVICE_XXX

Cloudflare sets a 2 necessary cookies (CF_VERIFIED_DEVICE_UNIQUE-DEVICE-ID) when executed for the purpose of providing its risk analysis.

4 hours


cfz_google-analytics_v4

Cloudflare analytics.

4 hours


OrvasYachtingCookie

Selected Cookie Policy Preferences

7 days


OrvasYachtingAlert

Orvas Yachting Notification bar cookie

1 day




b) Analytical cookies

These cookies are used to track website statistics. Analytical cookies allow us to track the number and sources of visits so that we can measure and improve the performance of our website. This type of cookie helps us understand which sub-pages are most or least visited and how visitors navigate our website. If you refuse to save analytical cookies on your computer or smartphone, your visit will not be included in our statistics, but at the same time it will not restrict any functionality on our website for you.



The lower table provides more details on the analytical cookies we use.

Cookie name

Purpose

Expiration time

Other information

Google analytics

analytics_storage


Cookie usage



c) Marketing & Ads Cookies & Personalization Cookies

These cookies (including cookies for re-targeting) enable us to make a better and more customized offer for our users. This data creates the possibility of personalizing the messages that are displayed on advertisements for products localized on our website, as well as social networks according to users who have expressed a desire for them (eg. Facebook, Instagram, etc.).

We use marketing cookies to:

• Sending advertising and promotional messages that are more suitable for the needs and preferences of individual users (personalized advertising)

• Reconnecting with the website user through advertising communication (retargeting)

• Analyzing how users use our website in order to create more predictable advertising

Lower is a list of marketing cookies and cookies of the social networks we use.

Cookie name

Personal data collected

Purpose

Provider

Expiration type

Google analytics

personalization_storage, ad_storage, ad_user_data, ad_personalization


Cookie usage



4. Other traffic information

Local storage technology allows us to use the website efficiently and is used to save data that was saved during the use of the website in a separate part of the browser's memory, after it is turned off. Only the website whose data is saved in the browser can access the data in the local storage.

Using the website implies sending a query to the server where the website is stored. Every query sent to the server is saved in the server logs. Logs include IP address, date and time, web browser and operating system information. The logs are saved and stored on the server. Data stored in server logs are not connected to individual users who use the website and were not used for identification purposes. Server logs are auxiliary material used to manage the website and their content is not disclosed to anyone except persons authorized to manage the server.

5. How to limit cookies?

Most web browsers allow some measure of control over most cookies through your browser settings. In order to view information about a particular browser (including its settings), the User should visit the website of that browser. Below is a list of guides for managing cookies for individual browsers:

Chrome - https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

Opera - https://help.opera.com/en/latest/web-preferences/#cookies

Mozilla - https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Microsoft Edge - https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari - https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac


6. Consent management

When you visit our website for the first time, we will show you a pop-up with an explanation of cookies. By selecting "Accept ", you agree to our use of all cookies described in the points above. By clicking on "Options" you can choose the type of cookies we use when you access our website. By selecting “Reject non-essential cookies” you will refuse use of analytical and marketing cookies. Please note that functional (necessary) cookies are required for proper use of the website and therefore cannot be refused. You can withdraw your consent, or change your cookie preferences at any time in the "options" section.

If you wish to change your cookie consent or wish to delete any cookies already stored on your device, you can do so by clearing the browsing history on your browser. This will remove all cookies from this website, and you will be asked again for cookie consent on your next visit. Please note that the loss of saved information is possible if you choose to do so (eg. saved login data, page preferences, etc.).


7. Changes in the Policy

We reserve the right to change this cookie policy at any time. Any changes to the cookie policy will be published here.

DATA PRIVACY AND PROTECTION OF YOUR DATA

  1. Introduction

Your privacy is important to us, Orvas d.o.o.

In this Privacy Notice, we would like to explain who we are, what personal data we collect about you, why we collect it and what do we do with it in an easy and readable way. Personal data means any data from which we are able, directly or indirectly, to identify you.

Please take time to read this Notice. If you do not agree to it, please do not provide us with your data.

  1. What does this Privacy Notice cover

This Notice covers how we process your data whenever you interact with us,  e.g. when you

  • visit any of our websites;
  • use our social media channels;
  • purchase and use our products and services, systems and applications;
  • subscribe to our newsletters;
  • provide to us your goods or services, systems or applications;
  • contact our customer support;
  • join our business events;
  • participate to our contests;
  • participate to our promotions;
  • or otherwise interact with us

as consumer, business customer, partner, (sub) supplier, contractor or other person with a business relationship with us.

“Processing” means any operation performed on personal data, which includes collection, recording, storage, modification or update, retrieval, consultation, use, disclosure by manual and/or automated means.

  1. What is the data that we collect about you?

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, phone, etc.) we may process different data about you.

In this notice we cover all possible personal data that we collect from you.

  • Data you provide us directly us  – 
Categories of data Examples of data
Personal identification Name, last name, title, date of birth
Contact information Email, phone number, address, country
Images Pictures uploaded/ provided to us
Financial data Credit card data, bank account information
Other information Household information, interests, profession, preferences
  • Data about your use of products and/ or services that we collect automatically- 

In addition to the information you provide to us directly (see above), we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:

Categories of data Examples of data
 Device information Device model, unique device identifier, MAC address, IP-address,  operating system version, and settings of the device you use to access, e.g. the websites/ apps/ services
 Log information  Time and duration of your use of our digital channel or product
 Location information  Your actual location (derived from your IP address or other location-based technologies), that may be collected when you enable location-based products or features such as through social media
Other information Apps you use or websites you visit, links you click within our advertising e-mail, motion sensors data
  • Information from third-party sources – 

We may receive information about you from publicly available sources (as permitted by law) such as public databases, our marketing partners, or social media platforms when you choose to connect to such services.

We may combine this information with other information we receive from you.

  • Other – 

You may choose not to provide certain types of information to us, but doing so may affect your ability to enable certain functionality of the products and/ or services.

In compliance with the law, we will not process data relating to

  • racial or ethnic origins;
  • political opinions;
  • religion or beliefs;
  • trade union membership;
  • genetic features;
  • health;
  • sex life;
  • criminal convictions or related security measures;
  • biometric data;
  • genetic data.

If we had to process this type of data, we would always request your prior consent.

  1. How do we use your data?

We may process your data for different purposes, but only for those which have a legal basis to process the data.  Please find below the overview .

Legal basis Examples of Purpose
Contract/agreements execution Billing and delivering products and/ or services that you have purchased;


Enabling us to reach you for delivering you our products;

Registration to mobile applications or websites;

Service account management.

Compliance with legal obligations and Public interest Disclosing data to government institutions or supervisory authorities as applicable in all countries in which we operate, such as reporting obligations, compliance audits, tax deductions, record-keeping and reporting obligations, compliance with government inspections and other requests from government or other public authorities;


Establish, exercise, or defend ourselves from legal claims.

Legitimate interests Administrative communications, such as order confirmations, notifications about your account activities, and other important notices;


Providing support upon your request via communication channels, such as customer or contact center support;

Security and protection of our interests/assets, such as deploying and maintaining technical and organizational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests;

Managing any internal complaints or claim.

Orvas d.o.o. may send you communication about our products, services, events and promotions. The communication is send via different channels:  email, phone, SMS, post, social networks. We would like to provide you with the best experience, therefore these communication might be tailored to you preferences (for example, email as your preferred channel of communication with us – you can indicate it yourself or we can understand it based on the links you click in out emails).

When required by law, we will ask your consent before starting the above activities. To give your consent,  you can, for example, tick the box for acceptance of receipt of news and promotions or usage of your data for general ecommerce industry trend analytics.  We also give you the opportunity to opt-out and withdraw your  consent at any time. < e.g. unsubscribe email, send us a request for withdrawal of the consent, etc.>

If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.

  1. When do we share your data?

To whom the data is disclosed: other Orvas entities, affiliates, service providers, business partners, public authorities, governmental authorities, contractors, others.

When the data is transferred abroad?

Which countries, under which instrument

Your data will be processed by ourselves and other entities within the Orbico Group. In exceptional cases and only to fulfil the above described purposes described above, your data might be shared with following parties:

  • Service providers: ;
  • Business partners: < for examples: MMK, Phobs, …, they can provide you with the services you request>
  • Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Orbico Group.
  • Professional advisors such as auditors, lawyers, accountants, other professional advisors.
  • Other parties in connection with corporate transactions such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).

[Your information may also be processed in a destination outside of the European Economic Area]. Third parties are limited in their ability to use your information for other purposes than providing services to us, and are also required to protect and handle your information in accordance with legal, regulatory and contractual obligations. We take reasonable steps to ensure that we retain information about you only for so long as is necessary for the purpose for which it was collected, or as required under any contract or by applicable law.

  1. How do we keep/retain your data?

We keep your data for the period necessary to fulfil the purposes for which it has been collected (see above section “How do we use your data?”). Sometimes we might keep your data longer if required or permitted by law. We determine the period based on the following criteria:

  • How long is the data needed to provide you with our products or services or to operate our business?
  • Do you have an account with us? Then we will keep your data while your account is active.
  • Are we subject to a legal, contractual, or similar obligation to retain your data? Examples can include mandatory data retention laws, government orders to retain data relevant to an investigation, or data that must be retained for the litigation purposes.
  1. How do we secure your data?

To protect your data, we will take appropriate technical and organizational measures in line with  the applicable data protection and data security laws, including requiring our service providers, business partners or professional advisors to use appropriate measures to protect the confidentiality and security of your data.  We put in place measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.

  1. Who is responsible for your data?

Orvas d.o.o with its head office at Uvala Baluni 9, Split  is responsible for processing the personal data it deems necessary to process. We are therefore the party whom you, as well as the supervisory authorities (for example AZOP- Agencija za zaštitu osobnih podataka),  should contact for any questions you may have relating to the way our company uses your data.

For some services, we rely on specialised partners. They therefore have to follow our instructions and adhere to our policy on personal data protection. We ensure that our partners receive only the data that are strictly necessary to perform their contractual duties.

  1. Which legislation applies?

The protection of your personal data is covered by the Regulation EU 2016/679, also known as the EU General Data Protection Regulation and applicable national data protection law of Sweden. We undertake to comply with our obligations and respect your rights whenever we process your data. If you wish to learn more about this subject, we advise you to visit http://azop.hr/ .  Being Orbico a multinational company, this Notice may be replaced or supplemented in order to fulfil local requirements.

 

  1. Accessing your information

You are entitled to submit an inquiry to us and be advised about the data we process about you and how we process such data. You are also entitled at any time to withdraw your consent and/ or request any erroneous data to be corrected. Please make your enquiries and requests in writing, sign and send your letter to the address Marticeva ulica 14, 10000 Zagreb (AZPO – Agencija za zaštitu osobnih podataka); e-mail: azop@azop.hr . We will respond promptly and no later than within a month, unless extraordinary complexity would require an extension of the time to respond.

If you have any issues exercising your rights regarding personal data you may

(a) contact the [Entity Privacy Manager]:  E-mail: privacy@orvas.hr], and/ or

(b) lodge a complaint with the supervisory authority, [AZOP  ( Agencija za zaštitu osobnih podataka)]