Privacy Policy

The company MEDIA-SOFT d.o.o., with its registered office in Čakovec, Ulica Braće Graner 14 (hereinafter:
the “Company” or “we“) appreciates the protection of your personal data and respects the privacy of all
visitors to this website, as well as all other natural persons whose data it processes.
The Company processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data (hereinafter: the “GDPR”),
the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/2018) and
other relevant regulations applicable in the Republic of Croatia.
With this Privacy Policy we want to provide visitors to our website with clear information about the
processing and protection of personal data and enable them to easily monitor and manage their personal
data and consents.
The company responsible for data processing within the meaning of personal data protection regulations
is:

MEDIA-SOFT d.o.o
Ulica Braće Graner 14
Čakovec

In case you have any questions or suggestions regarding the protection of personal data, please feel free
to contact us.

You can contact our Data Protection Officer as follows:

Email address: privacy@media-soft.info

1. DEFINITIONS

For a better understanding, you can find definitions of relevant terms used in this Privacy Policy below.

Personal data means any data relating to an identified or identifiable natural person (the so-called data
subject), where an identifiable individual is a person who can be identified directly or indirectly, in particular
by means of identifiers such as name, identification number, etc. Your personal data is all data relating to
you. This includes data such as your name, address, email address or telephone number, as well as other
information about you that we process when you visit our website.

Data subject means an identifiable individual, i.e. a person who can be identified, directly or indirectly, in
particular by means of an identifier.

A special category of personal data is data revealing racial or ethnic origin, political opinions, religious or
philosophical beliefs or trade union membership, as well as genetic and biometric data processed for the
purpose of uniquely identifying individuals, as well as data relating to an individual’s health, sex life and
sexual orientation.

Processing of personal data means any operation or set of operations performed on personal data or sets
of personal data, whether by automated or non-automated means, such as collection, recording,
organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure
or destruction.

Controller means a natural or legal person, public authority, agency or other body that alone or jointly with
others determines the purposes and means of the processing of personal data. Within the meaning of this
Privacy Policy, the controller is MEDIA-SOFT d.o.o.

Processor means a natural or legal person, public authority, agency or other body that processes personal
data on behalf of the controller.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

Lawfulness, fairness and transparency

We process personal data in accordance with applicable regulations, whereby we pay special attention to
lawful, fair and transparent treatment. We strive to ensure that all relevant information is provided to data
subjects in a clear, understandable and easily accessible manner, with the application of appropriate
personal data protection measures.

Purpose limitation

Personal data is collected and processed exclusively for clearly defined and lawful purposes. Further data
processing is only carried out if it is in accordance with the original purpose of collection, i.e. if there is a
legal basis for extended processing, in accordance with the applicable data protection regulations.

Data minimization

We process only personal data that are adequate, relevant and necessary for the achievement of a specific
purpose of processing. We limit the collection of data to what is really necessary, in accordance with the
principle of data minimization.

Accuracy

The personal data we process must be accurate, complete and up-to-date. To ensure this, it is important to
us that data subjects inform us in a timely manner of any change to their personal data, immediately or as
soon as possible.

Storage limitation

We keep personal data only for as long as it is necessary to achieve the purpose for which it was collected,
unless otherwise required by law. At the end of the relevant retention period, the data is deleted
permanently and securely.

Integrity and confidentiality

We process personal data with the application of appropriate technical and organizational measures that
ensure their security. This protects the data from unauthorized or unlawful access, as well as from accidental
loss, destruction or damage, in order to preserve its integrity and confidentiality at all times.

3. PERSONAL DATA WE COLLECT, PURPOSE OF COLLECTION, LEGAL BASIS AND RETENTION PERIOD

• Information that you provide to us for the purpose of resolving an individual inquiry

Through the communication channels listed under the “Contact” category on our website for the purpose
of resolving an individual inquiry, you can provide us with certain personal data such as your name and
surname and contact details (email address and phone number) and the data contained in the specific
inquiry.

We process your data in order to respond to your inquiry based on your explicit consent or, where
applicable, legitimate interest.

We keep the data as long as we have your consent for it, in the event that we process it on the basis of
consent or as long as there is our legitimate interest in such processing, in the event that we process it on
the basis of a legitimate interest.

• Information we collect automatically when you visit our website

Also, when you visit our website, we automatically collect certain information, such as your IP address, user
preferences, cookie and other unique identifiers, browser or device information. For more information on
how we collect information through cookies, please see Section 4 of this Privacy Policy.

• Information you provide to us in a chatbot conversation

When you use our chatbot on the website, you may voluntarily provide us with certain personal information
during the conversation, such as your name, contact information (such as email address or phone number),
information related to your inquiry, and other information you choose to share.

In addition, when using the chatbot, technical data about the device from which you are accessing may be
automatically collected, including IP address, browser type, operating system, as well as data on the time
and duration of the conversation.

We use all of the above information exclusively for the purpose of providing customer support, responding
to your inquiries, improving our services and, if necessary, for contacting you subsequently regarding your
request.

We only store the collected data for as long as it is necessary to achieve the above purposes, unless the law
provides for a different storage period. After the expiry of the purpose or the expiry of the legal period, the
data is deleted in a secure manner.

• Information required to send the Newsletter

When you sign up to receive our newsletters, you voluntarily provide us with your email address. We
process this information exclusively for the purpose of sending information, news and promotional content
related to our products and/or services.

The legal basis for the processing of your email address is your consent, which you can withdraw at any
time by clicking on the unsubscribe link contained in each newsletter.

We will keep your email address until you withdraw your consent, after which it will be permanently deleted
from our newsletter system.

4. COOKIES

Cookies are small files that your browser stores on your computer or mobile device when you visit our
website. This allows our site to recognize your computer the next time you visit us in order to provide you
with a personalized experience when navigating through the site.

In order for our website and user interface to function properly, we use necessary cookies that are
necessary for the operation of the site. In addition to them, with your consent, we also use analytics and
marketing cookies.

Necessary cookies enable basic functionalities, such as page navigation and access to parts of the site.
Without these cookies, the site would not be able to work properly. They are always active because they
enable the basic technical operation of the system and cannot be disabled through our settings. These
cookies do not store any information that could identify you.

Analytics cookies are used to better understand how visitors use our site. Based on the data they collect,
we can see how many visitors come to the site, what content they view most often, how long they stay on
certain parts and how they move around the site. We use such information to improve functionality,
improve the user experience, and make informed decisions about the development of the site. These
cookies can be turned off, and in some cases they are also set by third-party service providers whose
services have been added to our site. If you do not enable these cookies, some of the functions may not
function properly.

Marketing cookies allow us to track your activities on the Internet for the purpose of displaying
advertisements that are tailored to your interests. This increases the relevance of the content you see and
the effectiveness of advertising. Some of these cookies come from third parties that are not under our
direct control. These cookies can be turned off. If you do not enable them, the ads you see will be less
relevant to your interests, as they will not be personalized based on your online behavior.

A detailed overview of the cookies we use, as well as additional information about their purpose, duration
and source, is available in the cookie settings on our website.

When you first visit our site, you will be presented with a pop-up window with cookie settings through
which you can choose which types of cookies you want to allow. As stated above, necessary cookies will
always be active, while all others are subject to your consent. Once you have made your decision, we will
store your preferences and respect them on your next visit.

You can change your cookie settings, including withdrawing your consent, at any time in the cookie settings
available to you on our website.

Cookies can also be managed through the settings of your internet browser. For more information on how
to do this, please visit your browser’s support pages (e.g., Mozilla Firefox, Google Chrome, Microsoft Edge,
Apple Safari).

5. CONSENT

For the processing of personal data that requires your consent, we consider that you have given your
consent when you voluntarily and clearly express your consent, either by a statement or other unambiguous
confirmation.

You have the right to withdraw your consent at any time, in which case we will stop processing the data we
process on the basis of that consent.

The withdrawal of consent does not affect the lawfulness of the processing that was carried out before its
withdrawal.

You can withdraw your consent in the same way as you gave it, and at any time by contacting our Data
Protection Officer using the contact details provided at the beginning of this Privacy Policy.

6. DATA RECIPIENTS

Within the Company, access to your personal data is granted only to persons who need it for the
performance of specific purposes of processing.

In certain cases, we may work with external service providers to assist us in carrying out activities related
to the processing of personal data, with us acting as the controller. Before we involve such a provider, we
conduct an assessment of its compliance with security standards. If the service provider acts in the role of
a processor, we conclude a written contract with the service provider that regulates the processing of
personal data in accordance with the prescribed requirements.

We will only pass on your personal data to external recipients if there is a legal basis for this or your explicit
consent. As a rule, we do not share personal data with third parties, unless this is necessary for the
achievement of legitimate purposes of processing.

For example, we may share your personal data with:

– public authorities (e.g. courts and other judicial bodies, administrative bodies, agencies, inspections,
etc.);
– processors who process personal data on behalf of and on behalf of the Company as a controller, such
as providers of accounting services, providers of services, services and tools used by the Company in its
business;
– in case necessary, to any other person with your consent.

A list of all external recipients to whom we disclose your personal data or who process it on our behalf is
available upon your request.

7. INTERNATIONAL DATA TRANSFER

As a rule, we do not transfer your personal data to third countries

In the event that we transfer your personal data to organizations whose registered office or place of data
processing is not located in a Member State of the European Union, another state party to the Treaty on
the European Economic Area (so-called third countries) or a country for which there is no adequacy decision
of the European Commission, we will take appropriate safeguards to ensure an adequate level of protection
of your data, and in particular we can rely on the standard data protection clauses adopted by the European
Commission for the transfer of data to third countries.

If the transfer of data is based Article 46, 47, or the second subparagraph of Article 49(1) of the GDPR, you
can obtain from us a copy of the safeguards we use to ensure that there is an adequate level of data
protection in relation to the transfer of the data or the place where it is made available.

8. SECURITY OF PROCESSING

The Company attaches great importance to the security of the personal data it processes and applies
appropriate physical, technical and organizational measures to prevent unauthorized access, misuse or
inappropriate use of the data.

In accordance with the applicable regulations on the protection of personal data, we implement technical
and organizational measures to ensure an appropriate degree of security of processing.

All employees involved in the processing of personal data are obliged to sign a confidentiality statement
and are obliged to undergo training in order to be aware of their responsibilities regarding the protection
of the data they process during their daily work.

Before involving any processor, the Company conducts an assessment of its security standards and
compliance with applicable privacy laws. After engagement, we regularly monitor and evaluate the
cooperation with the aim of maintaining a high level of protection.

9. YOUR RIGHTS

The GDPR gives you a number of rights as a data subject. You have the following rights:

Right of access to personal data
You have the right to request information about the personal data we process about you. Upon your
request, we will provide you with access to this data within one month. Please note that there are certain
exceptions that may restrict access to certain data, such as when prohibited by applicable regulations.

Right to rectification
You have the right to request the correction or updating of any personal information that is inaccurate, out
of date, or incomplete.

Right to erasure
You have the right to request the deletion of your personal data that we process, for example when the
processing is no longer necessary for the purpose for which the data was collected or if you withdraw your
consent.

Right to restriction of processing
You have the right to request the restriction of the processing of your personal data, provided that the
legally prescribed conditions for such a request are met.

Right to data portability
If you have provided us with personal data on the basis of a contract or consent, you have the right, provided
that the prescribed conditions are met, to request that we provide you with this data in a structured,
commonly used and machine-readable format or that we transmit it to another controller at your request.

Right to object
At any time, you have the right to object to the processing of your personal data that we carry out on the
basis of our legitimate interests, if you have justified reasons for doing so. If you exercise this right, we will
stop processing your data, unless we can prove that there are compelling legitimate grounds for continuing
the processing that outweigh your interests, rights and freedoms, or if the processing is necessary for the
establishment, exercise or defence of legal claims.

10. AUTOMATED DECISION-MAKING

Automated decision-making within the meaning of Art. 22 of the GDPR means that certain decisions are
based solely on automated processing, including profiling, without human intervention. If such decisions
produce legal effects concerning you or similarly significantly affect you, you have the right to request that
such decisions do not apply to you.

We do not use such automated decision-making when processing your personal data.

11. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you wish to exercise any of your rights guaranteed to you by the regulations on the protection of personal
data, especially the GDPR and the Act on its Implementation, please first contact our Company as the data
controller.

If you believe that your right to personal data protection has not been exercised and we have not been able
to resolve your complaint, you have the right to lodge a complaint with Croatian Personal Data Protection
Agency (AZOP) at the following email address: azop@azop.hr.

12. PUBLICATION AND AMENDMENT OF THIS PRIVACY POLICY

MEDIA-SOFT publishes this Privacy Policy on its website.

The terms of this Privacy Policy may change over time.

You can always check the date of the last modification at the beginning of this Privacy Policy.

Subscribe to Our Newsletter

Subscribe to Our
Newsletter