Privacy Notice


Privacy Notice

Data privacy and protection of your data

1. INTRODUCTION

Your privacy is important to us,

In this Privacy Notice, we would like to explain who we are, what personal data we collect about you, why we collect it and what do we do with it in an easy and readable way. Personal data means any data from which we are able, directly or indirectly, to identify you.

Please take time to read this Notice. If you do not agree to it, please do not provide us with your data.

2. WHAT DOES THIS PRIVACY NOTICE COVER

This Notice covers how Orvas d.o.o., Dugopolje, Ulica sv. Leopolda Mandića 10, PIN Nr.: 38192148118 (further as: „Orvas“, or „we“) we process your data whenever you interact with us, e.g. when you:

  • visit any of our websites;

  • use our social media channels;

  • purchase and use our products and services, systems and applications;

  • subscribe to our newsletters;

  • provide to us your goods or services, systems or applications;

  • contact our customer support;

  • join our business events;

  • participate to our contests;

  • participate to our promotions;

  • or otherwise interact with us
    as consumer, business customer, partner, (sub)supplier, contractor or other person with a business relationship with us.

“Processing” means any operation performed on personal data, which includes collection, recording, storage, modification or update, retrieval, consultation, use, disclosure by manual and/or automated means.

3. WHAT IS THE DATA THAT WE COLLECT ABOUT YOU?

Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, phone, etc.) we may process different data about you. In this notice we cover all possible personal data that we collect from you.

DATA YOU PROVIDE DIRECTLY TO US (EXAMPLES BELOW)

Categories of data

Examples of data

Personal identification

Name, last name, title, date of birth

Contact information

Email, phone number, address, country

Images

Pictures uploaded/ provided to us

Financial data

Credit card data, bank account information

Other information

Household information, interests, profession, preferences

 

INFORMATION FROM THIRD-PARTY SOURCES (EXAMPLES BELOW)

We may receive information about you from publicly available sources (as permitted by law) such as public databases, our marketing partners, or social media platforms when you choose to connect to such services.

We may combine this information with other information we receive from you.

4. HOW DO WE USE YOUR DATA?

We may process your data for different purposes, but only for those which have a legal basis to process the data. Please find below the overview.

PROCESS/SERVICE

PURPOSE

LEGAL BASIS

USE OF THE SERVICE

Personal data of all natural persons using the Website (including IP address or other identifiers and information collected through cookies or other similar technologies), and who are not registered Users (i.e. persons who do not have a profile on the Website).

in order to provide services ordered on the Website.

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR


analytical and statistical purposes, consisting of conducting analyses of Users' activities, as well as their preferences in order to improve the functionalities used and services provided


Controller's legitimate interest - Article 6(1)(f) GDPR

possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR

The User's activity on the Website, including his/her Personal Data, is recorded in system logs. The information collected in the logs is processed primarily for purposes related to the provision of services. The Controller also processes them for technical, administrative purposes, for the purposes of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes

Controller's legitimate interest - Article 6(1)(f) GDPR

REGISTRATION ON THE SITE

Those who register on the Website are asked to provide the data necessary to create and operate an account. In order to facilitate the service, the User may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. The provision of data marked as mandatory is required in order to create and operate an account, and failure to provide such data will result in the inability to create an account. The provision of other data is voluntary.



in order to provide services related to the maintenance and operation of the account on the Website

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR, and with regard to data provided optionally - the legal basis for processing is consent - Article 6(1)(a) GDPR

analytical and statistical purposes, consisting of conducting analyses of Users' activity on the Website and the way they use their account, as well as Users' preferences in order to improve the applied functionalities

Controller's legitimate interest - Article 6(1)(f) GDPR

possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR



PLACING ORDERS (USE OF PAID SERVICES ON THE SITE)

The placement of an order (purchase of goods or services) by the User of the Website involves the processing of his/her Personal Data. The provision of data marked as mandatory is required in order to accept and process the order, and failure to provide such data will result in the order not being processed. Provision of the remaining data is optional.



fulfilling a submitted order

necessity of processing for the performance of the contract - Article 6(1)(b) GDPR; for data provided on an optional basis, the legal basis for processing is consent - Article 6(1)(a) GDPR


to comply with statutory obligations incumbent on the Controller, arising in particular from tax and accounting legislation

legal obligation - Article 6(1)(c) GDPR

analytical and statistical purposes, consisting of conducting analyses of Users' activity on the Website, as well as Users' purchasing preferences in order to improve the applied functionalities

Controller's legitimate interest - Article 6(1)(f) GDPR




possible establishment and investigation of claims or defence against claims

Controller's legitimate interest - Article 6(1)(f) GDPR

CONTACT FORMS

The Controller provides the possibility to contact him/her using electronic contact forms. The use of the form requires the User to provide Personal Data necessary to contact the User and respond to the enquiry. The User may also provide other data in order to facilitate the contact or handling of the enquiry. The provision of data marked as mandatory is required in order to receive and handle the enquiry, and failure to provide such data will result in the impossibility of service. The provision of other data is voluntary.



identification of the sender and the handling of his/her enquiry sent via the form provided

performance of the contract for the provision of the service - Article 6(1)(b) GDPR; with regard to the data provided optionally, the legal basis of the processing is consent - Article 6(1)(a) GDPR


analytical and statistical purposes consisting of keeping statistics on queries submitted by Users via the Website in order to improve its functionality

Controller's legitimate interest - Article 6(1)(f) GDPR

MARKETING


displaying marketing content to User that is not tailored to his/her preferences (contextual advertising)


Controller's legitimate interest - Article 6(1)(f) GDPR






Orvas d.o.o. may send you communication about our products, services, events and promotions. The communication is send via different channels: email, phone, SMS, post, social networks. We would like to provide you with the best experience, therefore this communication might be tailored to your preferences (for example, email as your preferred channel of communication with us – you can indicate it yourself or we can understand it based on the links you click in out emails). When required by law, we will ask your consent before starting the above activities.

To give your consent, you can, for example, tick the box for acceptance of receipt of news and promotions or usage of your data for general ecommerce industry trend analytics. We also give you the opportunity to opt-out and withdraw your consent at any time. (e.g. unsubscribe email, send us a request for withdrawal of the consent, etc.)

If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.

5. WHEN DO WE SHARE YOUR DATA?

Your data will be processed by ourselves and other entities within the Orbico Group. In exceptional cases and only to fulfill the above described purposes described above, your data might be shared with following parties:

  • Service providers: we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers, shipping providers;

  • Business partners: for example: MMK, Phobs, ..., who can provide you with the services you request;

  • Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Orbico Group;

  • Professional advisors such as auditors, lawyers, accountants, other professional advisors;

  • Other parties in connection with corporate transactions such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).

Transfer of your data outside of EEA

The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, Orvas transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:

  • cooperation with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued as to whether an adequate level of protection of Personal Data is ensured (for more information, please go through the list provided here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en);

  • the use of standard contractual clauses issued by the European Commission.

6. HOW DO WE KEEP/RETAIN YOUR DATA?

We keep your data for the period necessary to fulfill the purposes for which it has been collected (see above section “How do we use your data?”). Sometimes we might keep your data longer if required or permitted by law. We determine the period based on the following criteria:

  • How long is the data needed to provide you with our products or services or to operate our business?

  • Do you have an account with us? Then we will keep your data while your account is active.

  • Are we subject to a legal, contractual, or similar obligation to retain your data?
    Examples can include mandatory data retention laws, government orders to retain data relevant to an investigation, or data that must be retained for the litigation purposes.

7. HOW DO WE SECURE YOUR DATA?

To protect your data, we will take appropriate technical and organizational measures in line with the applicable data protection and data security laws, including requiring our service providers, business partners or professional advisors to use appropriate measures to protect the confidentiality and security of your data. We put in place measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.

8. WHO IS RESPONSIBLE FOR YOUR DATA?

Orvas d.o.o with its head office at Leopolda Mandića 10, Dugopolje, is responsible for processing the personal data it deems necessary to process. We are therefore the party whom you, as well as the supervisory authorities (AZOP- Agencija za zaštitu osobnih podataka – Agency for personal data protection), should contact for any questions you may have relating to the way our company uses your data. For some services, we rely on specialised partners. They therefore must follow our instructions and adhere to our policy on personal data protection. We ensure that our partners receive only the data that are strictly necessary to perform their contractual duties.

9. WHICH LEGISLATION APPLIES?

The protection of your personal data is governed by the Regulation EU 2016/679, (i.e. „GDPR) and applicable national laws of Croatia. We undertake to comply with our obligations and respect your rights whenever we process your data.

10. ACCESSING YOUR INFORMATION

You have the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority in charge of the protection of Personal Data (AZOP – azop@azop.hr).

To the extent that your data is processed on the basis of consent, this consent may be withdrawn at any time by contacting Orvas or using the functionalities made available on the Website (for example the cookie banner “options” button).

You have the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, and - for reasons related to the User's particular situation - in other cases where the legal basis of the data processing is the Controller's legitimate interest (e.g. in connection with the realisation of analytical and statistical purposes).

You can exercise your rights by contacting Orvas: Tel. 00385 95 344 4108; E-mail: privacy@orvas.hr. We will respond promptly and no later than within a month, unless extraordinary complexity would require an extension of the time to respond.

 

11. WsPay  

   

All payments on this websites are conducted through WsPay. When using WsPay your personal data shall only be shared with WsPay and Orvas will not have access to it. WSPay is a secure system for online payments, real time credit and debit card payments, and other payment methods. WSPay ensures the buyer and the merchant with the secure card data entry and transfer, which is also confirmed by PCI DSS certificate. WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.

For more information how WsPay processes your personal data, please visit Monri WsPay.