Privacy Policy, Version 2.0

Last modified: January 1st, 2023

 Appcro d.o.o. (“Company”) is the owner of the website www.appcrobms.com. („Website“).

The protection of your data is one of the most important principles of Appcro. With this privacy policy, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, we would like to inform you about your rights.

 

1. Contact information

Controller:
APPCRO d.o.o.
Bolnicka cesta 34a
10000 Zagreb, Croatia

You can reach us via the email address: info@appcro.com

 

Data Protection Officer:
Data Protection Officer
APPCRO d.o.o.
Bolnicka cesta 34a
10000 Zagreb, Croatia

If you want to assert your legal rights or have general questions, please contact privacy@appcro.com or the corporate data protection officer of Appcro at dpo@appcro.com

 

2. Data collecting

According to the definition, personal data is any data relating to an individual (a natural person) whose identity is known or can be determined. A person whose identity can be identified is a person who can be identified directly or indirectly, in particular with the help of identifiers such as name, surname, location information, personal identification number, network identifier (eg. IP address) or with the help of various factors which refers to the physical, genetic, physiological, economic, mental, social or cultural identity of physical person (individual).

It is important to emphasize that your personal information is collected or planned to be collected only when we have your consent (EU GDPR 6a) or based on other legitimate collection bases such as: Performance of the contract (EU GDPR 6b), Compliance with a legal obligation (EU GDPR 6c), Vital interests of the Data subject (EU GDPR 6d), Performance of a public task (EU GDPR 6e), Legitimate interests of the controller or third party (EU GDPR 6f), and other specific lawful basis of data collection and processing (EU GDPR 9a-9j).

 

3. What data do we collect and process

a) Contract data
We collect, process and store the data you provide when you order from us. In addition, we store and process data about the order and payment history.

b) Data that you store on our servers
We collect, process and store the information and data you store yourself when you use our services. This includes the production of backup copies in our backup systems.

c) Log data
When you visit our website or use our services, the device that you use to access the page automatically transmits log data (connection data) to our servers. Log data includes the IP address of the device that you use to access the website or service, the type of browser you are using, the website you have visited beforehand, your system configuration, and the date and time. We store IP addresses only to the extent necessary to provide our services. Otherwise, the IP addresses are deleted or made anonymous. We store your IP address when visiting our website for a maximum of 7 days to detect and ward off attacks.

d) Cookies
Cookies: are small identifiers that a server stores on the device that you use to access our website or our services. They contain information that can be retrieved when accessing our services, allowing for more efficient and better use of our services.

We use cookies in various areas on our website:

a) Own cookies: Are those which are sent to the user’s system from a system or domain managed by the editor and from which the service requested by the user is provided.

b) Third party cookies: Are those which are sent to the user’s system from a system or domain that is not managed by the editor but by another company processing the data obtained through the cookies.

Depending on the period of time that they remain active:

c) Session cookies: Are those cookies designed for gathering and storing data while the user is using a web page. They are usually used to store information that is only intended for providing the service requested by the user on one single occasion (e.g. a list of purchased products).

d) Persistent cookies: In this type of cookie the data continues to be stored on the system and may be accessed and processed during a specific period of time by the manager of the cookie, which may range between several minutes and several years.

Depending on their purpose:

e) Technical cookies: Are those which allow the user to browse a website, platform or application and use the different options or services offered, such as, for example, controlling data traffic and communication, identifying the session, accessing restricted areas, recalling the parts of an order, carrying out the process for purchase of an order, making a request to register for or participate in an event, using security elements during browsing, storing contents for the transmission of videos or sound or sharing contents through social networks.

f) Analytical cookies: Are those which enable the manager to monitor and analyze the behaviour of the users of the websites to which they are linked. The information collected by means of this type of cookie is used to measure the activity of the websites, applications or platforms and to draw up browsing profiles of the users of such websites, applications and platforms in order to introduce upgrades on the basis of the analysis of the data on the use of the service by users.

g) Advertising cookies: Are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided on the basis of criteria such as the edited content or the frequency with which the advertisements are shown.

h) Behavioural advertising cookies: Are those which enable the most efficient management possible of the advertising space that the editor has included in a website, application or platform from which the requested service is provided. These cookies store behavioural information about users obtained through the ongoing observance of their browsing habits, which allows a specific profile to be defined in order to show advertising on the basis of such profile.

The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to Article 6 sec. 1 sent. 1 lit. f GDPR.

Disabling cookies

You may choose which cookies you want on this website by setting your browser. For further information on your opt-out choices, please see below.

Use of Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on the domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

Use of Google Analytics

This website uses Google Analytics, an analyzing service provided by Google. Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the USA.

The IP-anonymization is activated on this website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there.

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them other services relating to website activity and internet usage.

The IP-address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also opt-out from being tracked by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en.

Please refer to further information on usage rights or data protection please visit the following websites:
https://www.google.com/policies/privacy/ or https://www.google.com/intl/en/policies/terms/

 

4. Legal basis of the processing

We process and use your data to execute the contract and provide our services, to improve our services and our websites and to adapt them to your needs and to provide updates and upgrades.

Article 6 I lit. a of the General Data Protection Regulation (GDPR) provides us with a legal basis for processing operations, in which we obtain consent for a particular processing purpose. If the processing of personal data is required to fulfil a contract, the processing is based on Article 6 I lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries regarding our products or services. If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Article 6 I lit. c GDPR. Finally, processing operations could be based on Article 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary for the protection of our legitimate interests or those of a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned (data subject) prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. A legitimate interest is usually to be assumed if the data subject is a customer of the controller.

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is conducting our business.

We process applicant data in accordance with Article 88 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG, new version).

 

5. Categories of recipients

Collection service provider: These provide collection services for us.

Processors: We pass on various personal data to our processors as the controller within the scope of the processing. We have ensured the security of your data by concluding data processing agreements. Our processors can be divided into the following categories:

Provision of services: These include newsletter delivery, printing and shipping of invoices, customer surveys, payment service providers, data carrier destruction, operation of services, maintenance and upkeep of hardware and software.

We only release data to authorities and third parties in accordance with statutory provisions or a legal title. Information may be provided to authorities on the basis of a legal regulation on security or for prosecution purposes. Third parties will only receive information if required by law. This may be the case, for example, in the case of copyright infringement.

 

6. Duration of storage

We only process and store personal data for the period required to achieve the purpose of storage or where required by law. As a rule, the processing purpose is achieved upon termination of your contract.

You can change and delete data that you save in our services yourself. After the termination of a contract, we will delete the data stored in the services and backup copies in our backup systems are automatically deleted with a time delay stated by the Terms of use or if the customer has contracted with Appcro to keep data for a longer period.

For contract data, processing will be restricted after the contract has been terminated; it will be deleted after expiry of the statutory retention period.

Data that you enter during the application process is stored for a maximum of six months.

 

7. Your rights

a) Right to information and confirmation
You have the right to receive free information from us at any time, as well as confirmation of your personal data stored and a copy of this information.

b) Right to rectification
You have the right to demand the immediate correction of incorrect personal data concerning you. You also have the right to request the completion of incomplete personal data, including by means of a supplementary statement, taking into account the purposes of the processing.

c) Rights to erasure
You have the right to have your personal data erased without delay if any of the following is true and if the processing is not required:

  • The personal data has been collected for such purposes or processed in a way for which it is no longer necessary.
  • You revoke your consent, on which the processing was based, and any other legal basis for processing is lacking.
  • You object to the processing in accordance with Article 21 (1) GDPR and there are no legitimate reasons for the processing, or you object to the processing in accordance with Article 21 (2) GDPR.
  • The personal data has been processed unlawfully.
  • The erasure of personal data is required to fulfil a legal obligation under European Union law or national law to which we are subject.
  • The personal data was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

d) Right to restriction of processing
You have the right to request the restriction of processing if one of the following conditions is met:

  • The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
  • The processing is unlawful, you refuse the deletion of the personal data and instead require the restriction of the use of personal data.

We no longer need your personal information for processing purposes, but you need it to assert, exercise or defend your rights.
You have objected to the processing in accordance with Article 21 (1) GDPR and it is not yet clear whether our legitimate interests prevail over yours.

e) Rights to object
You have the right to object at any time to the processing of personal data concerning you, which takes place on the basis of Article 6 (1) lit. e or f GDPR.
In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
You have the right to object at any time to the processing of your personal data for the purpose of direct advertising.

f) Right to data portability
You have the right to receive personal data relating to you that has been provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance by us if the processing is based on the consent pursuant to Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or is based on a contract pursuant to Article 6 (1) lit. b GDPR and the processing is carried out by automated means unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising your right to data transferability under Article 20 (1) GDPR, you have the right to arrange that your personal data is transmitted directly from one controller to another, where this is technically feasible and as long as this does not affect the rights and freedoms of others.

g) Right to withdraw consent under the data protection law
You have the right to withdraw the consent to the processing of personal data at any time.

h) Right of appeal to the supervisory authority
You have the right to contact a supervisory authority in the Member State of your place of residence or place of work or the location of the alleged violation at any time if you believe that the processing of personal data concerning you is contrary to the EU General Data Protection Regulation.

8. Statutory or contractual requirement
For the provision of personal data, necessity for the conclusion of the contract, obligation to provide the personal data, possible consequences of failure to provide data

The provision of personal data may in part be required by law (e.g. tax regulations) or result from contractual provisions (e.g. information about the contracting party). Sometimes it may be necessary that you provide us with personal data, which must subsequently be processed by us, in order to conclude a contract. For example, you are required to provide us with personal information when we conclude a contract with you. Failure to provide personal data would mean that the contract could not be concluded.

9. Existence of automatic decision-making / profiling
We do not use automatic decision-making or profiling.