Skip to content

 

Privacy Notice
STATEMENT

 

 

PRIVACY NOTICE

1. DATA PROTECTION SUMMARY

GENERAL INFORMATION

The following provides a clear overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. You’ll find detailed information about data protection in our data protection statement given below this text.

 

DATA CAPTURE ON THIS WEBSITE

Who is responsible for capturing data on this website?

On this website, data is processed by the website operator. You’ll find their contact data in the section “Information on the controlling body” in this Data Protection Statement.

How do we capture your data?

One way we capture your data is by you passing it on to us. This can e.g. be data that you enter into a contact form.

Other data are automatically captured by our IT systems, or are captured by them after you give your consent when you visit the website. These are mainly technical data (e.g. your Internet browser, operating system or time of page retrieval). This data is captured automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected in order to guarantee error-free provision of the website. Other data can be used to analyse your usage behaviour.

What rights do you have with regard to your data?

You have the right at all times to receive, free of charge, information about the origins, recipients and purpose of the personal data about you that is stored. You also have a right to demand the correction or erasure of these data. If you have issued your consent for your data to be processed, you can revoke this consent at any time for the future. Under certain circumstances, you also have the right to demand a restriction to the processing of your personal data. You also have the right to complain to the supervisory authority responsible.

In this regard, or if you have any questions about this topic, you are welcome to contact us at any time.

 

ANALYSIS TOOLS AND TOOLS USED BY THIRD-PARTY PROVIDERS

When you visit this website, your surfing behaviour can be statistically evaluated. This occurs above all with so-called “analysis programmes”.

You’ll find detailed information on these analysis programmes in the Data Protection Statement below.

 

2. HOSTING

EXTERNAL HOSTING

This website is hosted by an external service provider (hoster). The personal data captured on this website are stored on the hoster’s servers. These data can include IP addresses, contact requests, meta and communication data, contract data, contact data, name, website retrievals and other data generated by a website.

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6, para. 1, lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6, para. 1, lit. f GDPR). If the relevant consent has been requested, processing is implemented solely on the basis of Art. 6, para. 1, lit. a GDPR and § 25, para. 1 TTDSG (German Teleservices Data Protection Act), insofar as the consent covers the storage of cookies or access to information in the end device of the user (e.g. device fingerprinting) as regulated in the TTDSG. Consent can be revoked at any time.

Our hoster will only process your data to the extent required to fulfil their contractual services, and shall follow our instructions with regard to these data.

3. GENERAL INFORMATION AND MANDATORY INFORMATION

DATA PROTECTION

The operators of this website take the protection of your personal data very seriously. We treat your personal data in confidence and in accordance with the statutory data protection regulations and this Data Protection Statement.

When you use this website, various different personal data are collected. Personal data are data with which you can be personally identified. This Data Protection Statement explains which data we collect and what we use it for. It also explains how this happens, and for what purpose.

Please note that data transmission on the Internet (e.g. when communicating via e-mail) can entail security gaps. It is not possible to fully ensure that data is protected against access by third parties.

 

INFORMATION ABOUT THE CONTROLLING ENTITY

The controlling entity for the data processing on this website is:

DUBOR, d.o.o.

Ulica kneza Branimira 22,

Zagreb, Croatia

E-mail: info@dubor.hr

The controlling entity is the natural or legal person who solely or together with others decides on the purpose and means of the processing of personal data (e.g. name, e-mail addresses, or similar).

 

DURATION OF STORAGE

If no more specific storage duration is named within this Data Protection Statement, your personal data will remain with us until the purpose of the data processing has been fulfilled. If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased, unless we have no other legally permissible reasons for storing your personal data (e.g. storage periods required by taxation or commercial law). In the latter case, the data shall be erased after these grounds expire.

 

GENERAL INFORMATION ABOUT THE LEGAL BASES FOR DATA PROCESSING ON THIS WEBSITE

If you have consented to data processing, we will process your personal data in compliance with Art. 6, para. 1, lit. a GDPR and Art. 9, para. 2, lit. a GDPR, if both data categories according to Art. 9. para. 1 GDPR are processed. If you expressly consent to the transfer of personal data to third countries, your data will also be processed in compliance with Art. 49, para. 1, lit. a GDPR. If you consent to the storage of cookies or to access to information in your end device (e.g. via device fingerprinting), your data will also be processed in compliance with § 25, para. 1 TTDSG. Consent can be revoked at any time. If your data are required for the fulfilment of a contract or for conducting pre-contractual measures, we shall process your data in compliance with Art. 6, para. 1, lit. b GDPR. We shall also process your data if these are necessary to fulfil a legal obligation, in compliance with Art. 6, para. 1, lit. c GDPR. The data can also be processed on the grounds of our justified interest in compliance with Art. 6, para. 1, lit. f GDPR. We will inform you about the legal bases that apply in each individual case in the paragraphs of this Data Protection Statement below.

 

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer for our company.

E-mail: info@dubor.hr


INFORMATION ON THE FORWARDING OF DATA TO THE US AND OTHER THIRD COUNTRIES

Among others, we use tools provided by companies based in the US or other third countries that are not securely covered by data protection regulations. When these tools are active, your personal data can be transferred to these third countries and processed there. Please note that in these countries, no data protection level comparable to that in the EU can be guaranteed. For example, US companies are obliged to issue personal data to security authorities without you as the affected party having recourse to legal action to prevent them from doing so. The possibility cannot therefore be excluded that US authorities (e.g. secret services) will process your data stored on US servers for surveillance purposes, and process, evaluate and permanently store them. We have no influence over these processing activities.

 

REVOCATION OF YOUR CONSENT TO DATA PROCESSING

A large number of data processing activities are only possible following your express consent. You can revoke consent already given at any time. The legality of the data processing that has occurred prior to revocation remains unaffected.

 

THE RIGHT TO OBJECT TO DATA COLLECTION IN SPECIAL CASES AND AGAINST DIRECT ADVERTISING (ART. 21 GDPR)

IF DATA IS PROCESSED ON THE BASIS OF ART. 6, PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ALL TIMES, ON GROUNDS ARISING FROM YOUR PARTICULAR SITUATION, TO SUBMIT AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING SUPPORTED BY THESE CONDITIONS. THE LEGAL BASIS IN EACH CASE ON WHICH PROCESSING IS CONDUCTED IS DESCRIBED IN THIS DATA PROTECTION STATEMENT. IF YOU SUBMIT AN OBJECTION; YOUR AFFECTED PERSONAL DATA SHALL NO LONGER BE PROCESSED, UNLESS WE CAN PROVIDE EVIDENCE OF URGENT GROUNDS THAT ARE WORTHY OF PROTECTION FOR SUCH PROCESSING, WHICH OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERT OR DEFEND LEGAL CLAIMS (OBJECTION ACCORDING TO ART. 21, PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED IN ORDER TO IMPLEMENT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO SUBMIT AN OBJECTION AT ANY TIME TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU SUBMIT AN OBJECTION, YOUR PERSONAL DATA IS THEN NO LONGER USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION ACCORDING TO ART. 21, PARA. 2 GDPR).

 

THE RIGHT TO OBJECT TO THE RELEVANT SUPERVISORY AUTHORITY

In the case of infringements of the GPDR, the data subject has the right to object to a supervisory authority, in particular in the member state of their normal place of residence, their workplace or the place at which the alleged offence occurred. The right to object exists independently of any other administrative or judicial remedy.

 

THE RIGHT TO DATA TRANSFERABILITY

You have the right to request that data that we automatically process on the basis of your consent or in order to fulfil a contract be handed to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another controller, this is done only when technically possible.

 

SSL AND TLS ENCRYPTION

For security reasons and to protect the transfer of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL and TLS encryption. You will recognise an encrypted connection when “http://” is changed to “https://” in the address line of your browser, and a padlock symbol is shown in your browser bar.

When SSL or TLS encryption is activated, the data that you transfer to us cannot be read by third parties.

 

INFORMATION, ERASURE AND CORRECTION

Within the limits of the applicable valid statutory regulations, you have the right at all times to receive cost-free information about your stored personal data, their origins and recipients and the purpose of the data processing, and also, in some cases, the right to correct or erase these data. In this regard, or if you have any questions about personal data, you are welcome to contact us at any time.

 

THE RIGHT TO RESTRICT PROCESSING

You have the right to request that the processing of your personal data be subject to restrictions. You can contact us at any time in order to do so. The right to the restriction of processing applies in the following cases:

  • If you contest the accuracy of the personal data pertaining to you that we have stored, we usually need time in order to check this. While this check is being conducted, you have the right to request that the processing of your personal data be subject to restrictions.
  • If your personal data was/is processed illegally, you may request that data processing be restricted, rather than that the data be erased.
  • If we no longer require your personal data, but you need to exert, defend or assert legal claims, you have the right to request a restriction of the processing of your personal data, rather than their erasure.
  • If you have submitted an objection in compliance with Art. 21, para. 1 GDPR, a balanced consideration must be made between your and our interests. As long as no decision has been reached as to whose interests take priority, you have the right to request that the processing of your personal data be subject to restrictions.

If you have restricted the processing of your personal data, these data – aside from their storage – may only be processed with your consent, or for the assertion, exertion or defence of legal claims, or for the protection of the rights of another natural or legal person, or on grounds of important public interest of the European Union or of a member state.

 

OBJECTION TO ADVERTISING E-MAILS

We hereby object to the use of contact data published in compliance with legal notice obligations for the transmission of advertising and information materials that are not expressly requested. The operators of this site expressly reserve the right to take legal action in the case of unsolicited transmission of advertising information, e.g. via span e-mails.

 

4. DATA CAPTURE ON THIS WEBSITE

COOKIES

Our web pages use so-called “cookies”. Cookies are small text files and do not cause damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are deleted automatically by your web browser.

In some cases, cookies from third-party companies can also be stored on your end device when you enter our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies for processing payment services).

Cookies have different functions. A large number of cookies fulfil a necessary technical function, since certain website functions cannot work without them (e.g. the shopping basket function or showing a video). Other cookies serve to evaluate user behaviour or to show advertising.

Cookies (necessary cookies) that are needed to implement electronic communication, to provide certain functions required by you (e.g. the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) are stored in compliance with Art. 6, para. 1, lit. f GDPR unless any other legal basis is given. The website operator has a justified interest in storing necessary cookies in order to provide their services without technical errors and in an optimised way. If consent to the storage of cookies and comparable recognition technologies has been requested, the data is processed solely on the basis of this consent (Art. 6, para. 1, lit. a GDPR and § 25 para. 1 TTDSG); consent may be revoked at any time.

You can set your browser in such a way that you are informed when cookies are set and that you only permit cookies in individual cases, reject the acceptance of cookies in certain cases, and activate the automatic erasure of the cookies when the browser is closed. When cookies are deactivated, the functions of this website may be restricted.

If cookies are used from third party companies or for analysis purposes, we shall inform you about this separately in this Data Protection Statement and shall request your consent if necessary.

 

CONSENT WITH COOKIEBOT

Our website uses the consent technology Cookiebot in order to receive your consent to the storage of certain cookies on your end device or to use certain technologies, and to document this in compliance with the data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (below: “Cookiebot”).

When you enter our website, a connection is created to the Cookiebot servers in order to obtain your consent and other declarations relating to cookie use. Cookiebot then stores a cookie in your browser in order to be able to assign to you the consents granted or their revocation. The data captured in this way are stored until you ask us to erase them, erase the Cookiebot cookie yourself, or the purpose of storing the data no longer applies. Mandatory statutory storage obligations remain unaffected.

Cookiebot is used in order to obtain the statutorily required consent for the use of cookies. The legal basis for this is Art. 6, para. 1, lit. c GDPR.

Order processing

We have concluded a contract regarding order processing with the above provider. This is a contract that is prescribed by data protection law, which guarantees that the provider shall only process the personal data of our website visitors according to our instructions, while abiding by the regulations of the GDPR.

 

SERVER LOG FILES

The provider of the site automatically collects and stores information in so-called “server log files”, which your browser automatically sends to us. The following information is collected:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server enquiry
  • IP address

This data is not combined with other data sources.

These data are captured in compliance with Art. 6, para. 1, lit. f GDPR. The website operator has a justified interest in a technically error-free presentation and optimisation of their website. It is necessary to record the server log files for this purpose.

 

CONTACT FORM

If you send us enquiries via the contact form, your information from the enquiry form, including the contact data you enter there, will be stored by us in order to process the enquiry and if any follow-up questions arise. We do not pass on these data without your consent.

These data are processed in compliance with Art. 6, para. 1, lit. b GDPR if your enquiry is connected to the fulfilment of a contract or is necessary in order to implement pre-contractual measures. In all other cases, the data are processed on the basis of our justified interest in the effective processing of the enquiries sent to us (Art. 6, para. 1, lit. f GDPR) or on your consent (Art. 6, para. 1, lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data entered by you in the contact form remain with us until your request their erasure, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after processing of your enquiry has been completed). Mandatory statutory regulations, particularly storage periods, remain unaffected.

 

ENQUIRIES VIA E-MAIL, PHONE OR FAX

If you contact us via e-mail, phone or fax, your enquiry, including all the personal data that is collected (name, enquiry) for the purpose of processing your request will be stored and processed by us. We do not pass on these data without your consent.

These data are processed in compliance with Art. 6, para. 1, lit. b GDPR if your enquiry is connected to the fulfilment of a contract or is necessary in order to implement pre-contractual measures. In all other cases, the data are processed on the basis of our justified interest in the effective processing of the enquiries sent to us (Art. 6, para. 1, lit. f GDPR) or on your consent (Art. 6, para. 1, lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data sent to us via contact enquiries remain with us until you request their erasure, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after processing of your enquiry has been completed). Mandatory statutory regulations, particularly statutory storage periods, remain unaffected.

 

5. INTERNAL SERVICES

HANDLING OF APPLICANT DATA

We offer you the option of applying for a job with us (e.g. via e-mail, by post or via an online application form). Below, we inform you about the scope, purpose and use of your personal data collected during the application process. We can assure you that your data is collected, processed and used in compliance with the valid data protection laws and all other statutory regulations, and that your data are treated in strict confidence.

Scope and purpose of data collection

When you send us an application, we process your personal data related to the application (e.g. contact and communication data, application documents, notes taken during application interviews, etc.) insofar as this is necessary to provide grounds for employing you. The legal basis for this is § 26 (preparations for an employment relationship) BDSG (German Federal Data Protection Act), Art. 6, para. 1, lit. b GDPR (general preparations for entering a contract), and, if you have granted your consent, Art. 6, para. 1, lit. a GDPR. Consent can be revoked at any time. Your personal data will be forwarded within our company only to those persons who are involved in processing your application.

If the application is successful, the data submitted by you shall be stored in our data processing systems in compliance with § 26 BDSG and Art. 6, para. 1, lit. b GDPR for the purpose of implementing the employment relationship.

Duration of storage of the data

If we are not able to offer you a position, you reject our job offer, or withdraw your application, we reserve the right to store the data submitted by you for up to 6 months from the termination of the application procedure (rejection or withdrawal of the application), on the basis of our justified interests (Art. 6, para. 1, lit. f GDPR). The data will then be erased and the physical application documents will be destroyed. The data is in particular stored in case it is required if a legal dispute arises. If it can be foreseen that these data shall be required following the expiry of the 6-month period (e.g. due to a threatened or related legal dispute), they will not be erased until the purpose for ongoing storage no longer applies.

Data may also be stored for longer if you have granted your consent (Art. 6, para. 1, lit. a GDPR) or if erasure is not possible due to a longer statutory storage period.

Acceptance into our applicant pool

If we cannot make you a job offer, we may offer you the option of joining our applicant pool. If you join the pool, all documents and information associated with your application are transferred to the applicant pool in order to contact you if any suitable vacancies arise.

You join the applicant pool solely on the basis of your express consent (Art. 6, para. 1, lit. a GDPR). Issuing of consent is voluntary and is not connected in any way to the ongoing job application. The data subject can revoke their consent at any time. In this case, the data from the applicant pool are irrevocably erased, unless statutory storage periods apply.

The data from the applicant pool are irrevocably erased two years at the latest after you issue your consent.