Combis

Information on personal data processing using cookies

The Combis Privacy protection policy (hereinafter: Policy) is intended for all persons (data subjects) who contact Combis (us) in any way, and explains what, why, and how their personal data are handled from the time contact is established. The Policy also outlines the rights of data subjects and how they can be achieved.

In the context of this Policy, Combis is, as a rule, is the data controller. However, in the context of its core business, Combis is most often in the role of data processor during the provision of its IT services.

Any questions concerning this Policy, privacy protection, and personal data, or the ways, reasons, and security of processing, can be submitted to our Data Protection Officer:

Data Protection Officer
Combis d.o.o.
Radnička 21
10 000 Zagreb
E-mail: osobni.podaci@combis.hr

 

  1. Data subject categories

 A. Website visitors

This Policy applies to all the websites under Combis ownership under the main website www.combis.hr and, depending on individual Combis solutions and services, other websites (Virtual-city, hack3r, CombisCloud, Combis30sec and others).
Combis as a rule processes the personal data that the visitor provides directly in the following cases:

  • Giving their e-mail address for the purpose of subscribing to the Newsletter;
  • Giving their data (name, surname, e-mail address) and any other additional information in the message that the visitor may submit via the contact form;
  • Filled out fields (name, surname, e-mail address, title, message) for the purpose of submitting comments or suggestions; and/or
  • Giving data required to participate in the Combis Awareness program (name, surname, company, position, company address, city, e-mail, telephone number, and technical data of an informative nature relating to the service (i.e., ICT services to be the subject of analysis, or Cloud services of interest, etc.).

Combis uses the above personal data exclusively for providing the requested services, i.e., to send out the Newsletter, to respond to inquiries, comments and/or suggestions, or to enable your participation in the Awareness program. Data are collected pursuant to your consent. Combis does not share your data with third persons, except in cases described in this Policy or on the Combis website in the section Privacy protection.

In addition to data visitors give voluntarily, Combis also collects certain personal data automatically, by using web analysis tools and through cookies.

Combis collects information on the general use of the internet by an individual through cookies. A cookie is a short text that is stored on the visitor’s computer when they visit our website, and the visitor’s browser later sends information to our website upon each subsequent visit. More information about cookies are available on the Combis website, in the section Privacy protection.

Our website may forward visitors to other third party websites, that are not owned, operated or under the responsibility of Combis. Additional information concerning personal data privacy can be found in the data protection information published by the data controllers of those websites. The list of these websites and more information on how data are shared are available on the Combis website in the section Privacy protection.

Combis will keep the personal data of visitors collected via the website in line with the keeping periods listed on the Combis website in the section Privacy protection.

 

B. Business contacts

Business contacts imply Combis’ existing and potential clients and corporate customers, whose personal data is processed by Combis using CRM (Customer Relationship Management) system.

The category of personal data of business contacts and their entry into the Combis CRM include the name and surname of the individual contact, name of their employer, job title, telephone number, e-mail address, and other business information such as tracking the work and communications with clients. The CRM system also records expressed interest of an individual business content in terms of the content and notifications they wish to receive from Combis (e.g., Newsletter, invitation to Combis events and conferences, etc.).

Processing business contact is based on the legitimate interest of Combis for the following purposes:

  • Managing our operations and services, and their further development and advancement, including: managing client relations, developing our business and services, such as recognising client needs and improving services we provide, conducting analyses and projects for the needs of Combis management, such as on market trends, market intelligence, and achieving progress in relation to set business goals, organisation or possible organisation of social events, managing our websites, systems, and applications;
  • Sending notifications about Combis and our services, and sending invitations to Combis events (until an individual business contact requests to stop receiving any of the Combis notifications).

All e-mails sent by Combis for promotional and marketing purposes contain a clearly visible link via which it is possible to unsubscribe from receiving our notifications.
Without prior notification and consent of an individual business contact, Combis will not sell or share in any other way the personal data of the business contact to third parties, for the purpose of direct marketing of their products and services.

Combis will keep the personal data of its business contacts for as long as the relationship with that contact or their employer lasts. Exceptionally, Combis will keep the personal data of business contacts after the cessation of the business relationship, if there is a legal or internal requirement to keep such data for longer, and/or when it is necessary to establish, achieve, or defend our legal claims.

 

C. Clients, business customers, suppliers and subcontractors

Combis offers a series of different services, products and solutions, and their provision occasionally requires the processing of personal data of clients and business customers. For example, in order to ensure successful functioning of test solutions, in the case of a fault, we require the contact data of our client’s employees.

Combis also collects and processes the personal data of its suppliers and subcontractors. These are primarily data that are most often displayed on business cards and in corporate communications. In such and other business situations, Combis collects only those personal data that are absolutely necessary for the contracted purpose.

The collected personal data of clients, business customers, suppliers, and subcontractors is processed by Combis for the following purposes and pursuant to the follow legal grounds:

  • The provision of professional and expert services to clients and business customers, pursuant to concluded contracts or upon request in the precontracting phase;
  • Receiving services from suppliers and subcontractors, pursuant to a concluded contract or upon request in the precontracting phase;
  • Managing our operations and services, and their further development and advancement, including: administration of corporate customer relations, developing our business and services, such as recognising client needs and improving services provided, managing and maintaining our IT systems and applications, based on the legitimate interest of Combis;
  • Acting in line with the law and regulations, pursuant to a legal requirement or legitimate interest of Combis.

As a rule, Combis keeps the personal data of its clients, business customers, suppliers and subcontractors for as long as the business and contractual relationship with that legal entity lasts. Exceptionally, Combis will keep personal data of its clients, business customers, suppliers, and subcontractors after the cessation of the business and contractual relationship, where there is based on legal or internal regulations to keep such data for longer, and/or when it is required for the establishment, achievement, or defence of our legal claims.

 

D. Employment candidates

Persons wishing to join the Combis team can express their interest by sending in an open application letter, by applying to a position posted on the Combis website, Combis social media profiles, or via a recruitment portal. Participants in student competitions organised by Combis who have proven their knowledge and skills and attracted our attention also often receive the opportunity for a job interview.

During the recruitment process, Combis processes the following categories of personal data for the purpose of finding the ideal candidate and establishing labour relations, pursuant to the following legal grounds:

  • Data the candidate provides voluntarily on their resume and in communications: name and surname, telephone number, e-mail address, academic and expert qualifications, experience gained during education, work experience, areas of interest, information given during the job interview, assessment of the appropriate professional and psychological testing, contact data of persons giving references for the candidate (under the assumption that the candidate is authorised to give such data), financial data in the case of a successful recruitment process (consent);
  • The data we collect from third parties or from publicly accessible sources, such as references from previous employers, associates, mentors, etc., profiles on specialised social networks such as Linked In, etc., to the extent that the collection of such data is necessary and relevant for the job for which the candidate is applying (Combis legitimate interest);
  • Data of participants of student competitions organised by Combis that the participants gave voluntarily in applying for the competition, and which Combis may subsequently process for the purpose of finding young talent (Combis legitimate interest).

Combis collects and processes exclusively those data that are absolutely necessary for the successful recruitment process and possible future employment, and therefore does not seek nor process any sensitive personal data. We act on the contrary only when so required by the legal regulations (i.e., process of health data for the purpose of preventative medicine or occupational medicine).

Access for the personal data of job candidates is available to the heads of organisational units to which the application pertains, and employees responsible for human resources management. For the needs of Combis, human resources management is performed by the parent company Hrvatski Telekom d.d (hereinafter: HT). In the case of a submission of an application via a specialised job advertisement portal, employees of that portal also have insight into an access to the candidate’s personal information. The personal data of the candidate selected for the position are kept permanently by Combis as part of the employee record, in line with special regulations. In the case of an unsuccessful recruitment procedure, the personal data are kept pursuant to the consent of the individual candidate, for the purpose of possible employment in future open positions. The consent given may be retracted at any time by sending an e-mail to: osobni.podaci@combis.hr.

 

E. Visitors to our offices

Combis conducts certain measures necessary to ensure the security of the building and offices and other spaces in the building, including video surveillance and controlling entry to the building.

All visitors are required upon arrival and departure to sign in at the building reception, show their identification, and take or return the visitor identification card that enables further passage through the hallways and spaces in the building.

Certain areas inside and outside the building are under video surveillance to control entrances and exits, reduce the exposure of employees to the risks of unauthorised entry, break-in, theft, violence, or any other offences, and its installation is clearly marked.

Combis conducts surveillance via video cameras in especially important technical rooms (such as server halls), and in its warehouses. Video records are kept for a maximum of 30 days, and then automatically deleted.

The purpose of processing data in the context of video surveillance and controlling entry to the building is the protection of persons and property, in which the processing of visitor data is based on the legitimate interest of Combis.

Combis provides visitors to its office with the use of the Wi-Fi network, by giving certain addresses and passwords which are automatically updated monthly.

Combis is not responsible for, nor has any control, of your own use of the internet while you are in our premises.

The purpose of processing data in the context of the Wi-Fi network is to provide visitors to our offices with free internet access, in which the processing of visitor data is based on the legitimate interest of Combis.

 

 

  1. Security of information

Combis has implemented and executes technical, organizational, and security measures to protect your personal data from loss, abuse, unauthorized access, alterations, and disclosure. Among others, this includes:

  • We check our collection, storing, and means of processing personal data, including physical security measures, so as to protect our systems from unauthorized access;
  • We apply the Binding corporate rules for privacy protection of the Deutsche Telekom Group, which have been approved in a special procedure by all relevant personal data protection agencies in the European Union;
  • We hold the ISO/IEC 27001: 2013 certificate that guarantees that our information security management system is managed in line with the legal requirements, proactively to protect your personal data;
  • We limit access to personal information to Combis employees and employees of our suppliers and subcontractors, who are required to abide by strict contractual confidentiality rules;
  • We take all necessary measures to met the security requirements and data protection requirements before placing our goods, services and solutions on the market (privacy and security by design);
  • We conclude special contracts on personal data protection with our clients, business customers, suppliers, and subcontractors;
  • We have established a procedure for handling any violations of personal data.

In the sense of personal data collected via the Combis websites, given the nature of the Internet, we take all possible security measures to ensure the highest level of security, and to protect your personal data from the hazards outlined above.

 

 

  1. Information we share

Combis will not, in any case, share, sell, disclose or make available your personal data to third persons, except in the cases prescribed in this Policy. Your personal data are forwarded to our suppliers and subcontractors who help us and who support us in the provision of our services. Given the nature of operations of Combis, these are usually IT service providers, and providers of logistics and transport services. Also, based on the prior notification and consent of data subjects, Combis forwards personal data of participants to event sponsors, conferences and competitions in our organisation, for the purpose of promotion of the sponsor’s products and services. As heads of processing, the sponsors are required to act in line with the provisions of the legal regulations on personal data protection, including the provision of appropriate information on data subject privacy. In order to ensure a high level of protection, confidentiality, and security of data that we forward in these circumstances, we regularly perform procedures to conclude special contracts on the processing of personal data.

In addition, we use a partner platform to announce job advertisements and for candidates to apply for open positions (Talentlyft), though Combis remains the head of processing personal data for job candidates, and the partner processes the personal information on behalf of and at the order of Combis or HT as the executor of processing on behalf of Combis in the area of human resources.

We also use an external partner SendInBlue to send out the newsletter, and the information shares with this partner are data on e-mail addresses of customers who have signed up to receive the Combis newsletter.

The list of Combis business partners is available here. Your personal data are, as a rule, processed in the Republic of Croatia, or in the territory of the European Union. However, certain subcontractors that we hire as support for our operations are seated outside the European Union. In the case of an international transfer of data to a country outside the European Union that are not encompassed by decisions of the European Commission, Combis applies the appropriate legal mechanisms to ensure a sufficient level of data protection in line with the requirements of the European legislation (e.g., Standard clause on data protection accepted by the European Commission).

In some situations, Combis is required to hand over your personal data pursuant to legally prescribed conditions, a court order, or order from a state body, or for the needs of a legal procedure.

 

 

  1. Rights of data subjects

In line with the valid regulation on the protection of personal data, we are required to inform you of your rights. Achieving your rights depends on the legal basis upon which we base data processing. For example, if processing is based on consent, you have the right to retract your consent. However, if the processing is based on a legitimate interest, then it is possible to lodge a complaint against the processing.

At any time, you have the right to receive confirmation about whether we are processing your data, and to request a copy of your personal data, i.e., to obtain insight into how we use or store your data.

At any time, you have the right to request a correction of any data you consider to be incorrect, and to supplement data that you believe to be incomplete.

In certain circumstance, you have the right to request the deletion of your personal data.

In certain circumstances, you have the right to request a restriction of processing of your personal data.

When we process your personal data on the basis of our legitimate interests or for direct marketing purposes, you have the right at any time to lodge a complaint against such processing. In the case of direct marketing, your right to a complaint is absolute. However, when the processing is based on a legitimate interest for other purposes, processing will continue to be possible if Combis can prove the existence of a convincing legitimate reason that surpasses the interests, rights and freedoms of the data subject, or if it is necessary to establish, achieve or defend a legal claim.

Under certain circumstances, you have the right to receive your personal data in structured, usable, and machine readable format, and to request the transfer of data to another data controller.

If personal data are processed pursuant to data subject consent, that consent may be retracted at any time. We remind you that retracting consent does not affect the legality of processing that is based on the consent prior to retraction.
This right may be achieved by sending an e-mail to: osobni.podaci@combis.hrWhere applicable, updating data and interests, or the retraction of consent or lodging a complaint against the processing is possible via the appropriate links in the e-mails you receive.

Combis will take all necessary measures to respond to your inquiries. However, if you are not satisfied with the response, or you have a general complaint about our services and the way we process your personal data, you may file a complaint to the supervisory body Agency for Personal Data Protection.

 

 

  1. Amendments to the Combis Privacy protection policy

Combis regularly checks this Privacy protection policy, and reserves the right to make periodical amendments. The aim of such amendments is not to reduce your rights, but exclusively to ensure the compliance of the Policy with the applicable legal framework for personal data protection.

Every amendment of the Policy will be published here in a timely manner, and comes into effect on the date of publication. However, if the amendments to the Policy include the intention of Combis as the data controller to further process your personal data for a purpose other than the purpose for which your data were initially collection, you will be informed in a timely manner before the start of use of your data for the new purpose.

Combis will keep an archive of all previous versions of the Privacy protection policy.

UPDATE YOUR CONTACT DATA AND CONSENT

BINDING CORPORATE RULES FOR PRIVACY PROTECTION

30.09.2024.

Kolačići i slične tehnologije

Na našem web-mjestu upotrebljavamo kolačiće i slične tehnologije za spremanje, čitanje i obradu informacija na vašem uređaju. Na taj način poboljšavamo vaš doživljaj upotrebe, analiziramo promet web mjesta i prikazujemo sadržaj i oglase koji vas zanimaju. U tu se svrhu stvaraju korisnički profili na web-mjestima i uređajima. Navedene tehnologije također upotrebljavaju naši partneri.

Odabirom mogućnosti „Samo nužno” prihvaćate samo one kolačiće koji omogućuju pravilno funkcioniranje našeg web-mjesta. Odabirom mogućnosti „Prihvati sve” dopuštate pristupanje informacijama na svom uređaju i omogućujete društvu Combis d.o.o i njegovim partnerima da upotrebljavaju sve kolačiće u analitičke i marketinške svrhe. Vaši podaci tada mogu biti preneseni u zemlje izvan Europske unije u kojima ne možemo osigurati istu razinu zaštite podataka kao u Europskoj uniji (pogledajte članak 49. stavak 1. točku (a) Opće uredbe o zaštiti podataka). Pod „Postavke” možete odabrati sve mogućnosti i u bilo kojem trenutku promijeniti stanje svoje privole.

Više informacija možete pronaći u Pravilima o zaštiti privatnosti i na Popisu partnera.

Postavke kolačića i sličnih tehnologija

Na našem web-mjestu upotrebljavamo kolačiće i slične tehnologije za spremanje, čitanje i obradu informacija na vašem uređaju. Navedene tehnologije također upotrebljavaju naši partneri. Mi i naši partneri upotrebljavamo navedene tehnologije u analitičke i marketinške svrhe samo uz vašu privolu.

Upotrijebite gumbe pored željene mogućnosti kako biste dali ili povukli svoju privolu u bilo kojem trenutku. Ovu stranicu možete uvijek otvoriti iz podnožja na našem web-mjestu.

Dodatne informacije o privoli za prijenos podataka u zemlje izvan Europske unije 

Vaša privola također je osnova za prijenos podataka u zemlje izvan Europske unije (članak 49. stavak 1. točka (a) Opće uredbe o zaštiti podataka). Combis d.o.o. ne može jamčiti istu razinu zaštite podataka kao u Europskoj uniji. Primjerice, lokalne vlasti možda mogu pristupiti vašim podacima. Također mogu biti ograničena vaša prava koja se odnose na zaštitu podataka. Ako želite znati više, pročitajte naše informacije o obradi podataka u zemljama izvan Europske unije i pogledajte naš popis partnera.

 


Osnovna funkcionalnost web-mjesta

Ovi su kolačići uvijek aktivni i neophodni za pravilno funkcioniranje našeg web-mjesta.

Analitika društva Combis

Ovi nam kolačići pomažu da poboljšamo svoje razumijevanje ponašanja korisnika.

Pročitajte više

Kolačiće i analitičke tehnologije upotrebljavamo kako bismo bolje razumjeli kako se upotrebljava naše web-mjesto. Pomažu nam optimizirati naše digitalne usluge. Primjerice, možemo odrediti koliko ljudi posjećuje naše web-mjesto ili određenu uslugu. Također se upotrebljavaju za statističke procjene koje nam pokazuju kako ljudi upotrebljavaju naše digitalne usluge. Analiza se temelji na pseudonimiziranim podacima.

Popis partnera

Pročitajte više

Mi i naši partneri upotrebljavamo kolačiće i slične marketinške tehnologije za prikazivanje prilagođenih oglasa. Neki od naših partnera djeluju neovisno ili zajedno s društvom Combis d.o.o. Upotrebljavaju navedene tehnologije za prikupljanje podataka u marketinške svrhe. Podaci se mogu upotrebljavati u partnerove oglašivačke svrhe, dalje obrađivati ​​i kombinirati s podacima iz drugih izvora.

Stvaramo profil pri svakoj upotrebi našeg web-mjesta. To nam pomaže da vam na drugim web-mjestima prikazujemo oglase koji su prilagođeni vašim interesima. Također mjerimo učinkovitost oglašavanja i prikupljamo dodatne informacije o vašem ponašanju na mreži.

Popis partnera