We take the protection of your personal data very seriously and therefore always strive to make the use of our services secure. We are obliged to comply with the Personal Data Protection Act. This data protection statement serves to clarify which data we collect from you, for what purposes we use it, and how we protect it. 

Content 

• Scope of application 
• What data are collected and shared 
• Third-party tracking on the internet 
• Conversion tracking using the Facebook pixel 
• Sharing 
• Use of data 
• Data security and transfer 
• Right of withdrawal, provision of information, data modification, and contact 

Scope of application

This statement applies to the use of the company’s services and materials XY by clients, website users, and business partners.

Please note that, as part of improving our activities in order to enhance our services, updates to this data protection statement may be necessary. In such a case, we will inform you accordingly. 

What data are collected and shared

The personal data we process are data about you as a client, collected when you place an order and when you visit XY or when you complete the Client Consent Statement, as well as data about you as employees XY based on the Labour Act and other applicable regulations, when you make payments via a bank account or when establishing and performing contractual relationships between you and XY, which may be directly or indirectly linked to you.

These include the following data: full name, telephone number(s), residential address, email address, date of birth, personal identification number (OIB), and bank details in the case of payments made via bank transfer.

Third-party tracking on the internet

You can use our websites without registering and/or logging in, and the following tools may be used in the process: 

Cookies 

In order to improve your browsing experience on this website, we need to store a small amount of information (cookies) on your computer. More than 90% of all websites use this practice; however, according to European Union regulations from 25 March 2011, we are required to obtain your consent before storing cookies. By using our website, you consent to the use of cookies. By blocking cookies, you can still browse the website, but some of its features may not be available to you. 

What is a cookie? A cookie is a piece of information stored on your computer by the website you visit. Cookies usually store your preferences and website settings, such as your preferred language. Later, when you open the same website again, the internet browser sends back the cookies that belong to that site. This allows the website to display information tailored to your needs. 

The default activities of storing and sending cookies are not visible to you. However, you can change your internet browser settings to choose whether to approve or reject requests for storing cookies, automatically delete stored cookies when closing the internet browser, and similar options. 

Google AdWords 

This tool may be used to record visits to the website for advertising purposes (remarketing) on Google and in the Display Network. Your browser stores cookies during your visit to the website, which makes it possible to recognize you as a visitor when you load websites that belong to Google’s network. On those pages, you as a visitor may be shown advertisements related to content you have previously viewed on other websites that use the remarketing options provided by Google. You can opt out of data collection through Google AdWords on the website http://www.google.com/settings/ads 

Google AdWords Conversion Tracking 

This allows conversion statistics to be created in order to measure the effectiveness of our online advertising campaigns. A conversion tracking cookie is set when a user clicks on an advertisement placed by Google. According to Google’s data protection provisions, no personal data are processed. If you do not wish to participate in tracking, you can disable the use of this data for such purposes by deactivating the Google conversion tracking cookie through the cookie settings in your web browser. 

Please note that current internet browsers accept cookies according to standard, default settings. You can adjust your browser settings so that they do not allow all or only certain cookies, or so that you are asked to approve the acceptance of a new cookie. Instructions for accepting cookies can be found in most browsers through the ‘Help’ option in the menu. In these instructions, you will also find guidance on how to delete cookies that have already been accepted. 

Conversion tracking using the Facebook pixel

As part of our online presence, the ‘Facebook Visitor Activity Tracking Pixel’ of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’) is used. This is a ‘cookie’, i.e. a small text file that is stored on your computer and can be read from your computer. With its help, user activities can be tracked after they have seen or clicked on an advertisement on Facebook. In this way, the effectiveness of Facebook advertisements can be measured for statistical evaluation and market research purposes. The data collected in this way are anonymous for us, meaning they cannot be linked to the identity of users. However, this data are stored and processed by Facebook, so that they may be linked to the respective user profile and Facebook may use them for its own promotional purposes in accordance with Facebook’s Data Protection Statement (‘http://www.facebook.com/about/privacy/’ ). You may allow Facebook and its partners to display advertisements on Facebook and outside Facebook. For this purpose, a ‘cookie’ will be stored on your computer. For more information, please refer to the data protection statement of the respective social network. 

Sharing

Sharing buttons for the social networks Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, and Instagram, San Francisco, California, USA, are integrated on our website. In addition, a sharing option via email may also be integrated. The sharing buttons can be recognized by their respective logos 

Only when you click on the respective ‘sharing button’ on our website (and only at that moment) is a direct connection established between your browser and the server of the operator of the respective social network. According to the operators of these social networks, no personal data are collected by the social networks without clicking on the respective sharing button. Only for users who are logged in to the respective social networks are these data, including the IP address, collected and processed. If you do not want your visit to our website to be associated with your user account on social networks, please log out of your user account on the respective social network. 

At this point, we emphasize that XY has no insight into the content of the transmitted data, nor into their use by the social networks. More information about the use of data by social networks can be found in the data protection statements of the respective social networks. 

Use of data

We use your personal data fully in accordance with the applicable legal provisions. 

The personal data that you make available to us when placing your order and when arriving at XY, when you complete the Client Consent Statement, when you make payments via bank, or when establishing and performing contractual relationships between you and XY, will be collected and processed exclusively within the scope of fulfilling our legal obligations (for example, data about employees which XY we are required to collect under the Labour Act) or contractual obligations towards you based on your consent. 

After you give us your explicit consent, we will use your data to deliver materials related to the relevant services, for mutual communication, including birthday greetings, and for related actions and activities, as well as to inform you about service offers XY, discount promotions, new offerings, workshops, educational events, promotions, and for advertising purposes. XY.

To protect your data, we use passwords, a web firewall, antivirus programs, and other security measures in accordance with the current state of technology. In communication via email, data security during transmission can only be guaranteed according to the current state of the art. 

Client data stated in the Client Consent Statement are stored in the original document of the statement and in electronic form. The originals of these statements are kept in a cabinet secured with a key, and access to the client list XY and the client data from the statement that are stored in electronic form are protected by a password. The retention period for the aforementioned data is two years from the date of the client’s last interaction with XY.

The originals of the Client Consent Statements are mechanically destroyed after a period of two years from the date of the client’s last interaction with XY.

Access to the list containing client data and the Client Consent Statements is granted to the director XY as the responsible person and the employees XY, since such access is necessary for the performance of obligations and services XY to the respective clients, and such access is regulated in accordance with applicable legislation. Each client has the right to access the personal data concerning them that are contained in the client list. XY and that are processed about them (for example, in the list of service users). 

Personal data provided by the client for the purpose of payment via bank are collected in electronic form and stored on a computer, with access protected by a password. Access to the aforementioned data is granted to the director XY The retention period for the aforementioned data is determined in accordance with applicable regulations, in particular accounting regulations. 

Personal data that are collected are retained for as long as necessary to fulfill the purpose of their collection and processing. Client data specified in the Client Consent Statement that are collected for the purpose of sending notifications about services XY and their promotion are retained until the client withdraws their consent, and at the latest until the expiration of two years from the date of the client’s last interaction with XY. 

Responsible persons and employees XY who have the right and authorization to access the personal data collected by XY undertake, by signing a Confidentiality Statement, to permanently maintain the confidentiality of personal data and to act in accordance with applicable legislation and regulations. XY. 

Your personal data may be shared with / entrusted to certain contractual partners. XY, if they XY decides to engage them. 

Namely, we may engage certain partners to fulfill our obligations (for example, an accounting service) and services, to communicate with members, to manage our online presence and access, and to fulfill some of the purposes stated in this Statement. Your personal data will be shared with a contractual partner XY if they are necessary for the performance of a specific service related to you. The aforementioned contractual partners will be selected carefully in order to ensure lawful and secure data processing. Furthermore, these contractual partners will be obliged to use your personal data only for specific purposes in accordance with our instructions and in compliance with Croatian legal provisions on personal data protection. The use of data by contractual partners for any other purposes is excluded. 

We will not share your personal data with other parties apart from the contractual partners mentioned above, unless you have given your consent to do so. 

Considering the nature, scope, and purpose of the collection, use, and processing of personal data by XY, including the fact that the collection, use, and processing are not carried out on a large scale, nor are special categories of personal data collected, i.e. XY and its services are not subject to the legal obligation to appoint a Data Protection Officer. XY and no such officer has been appointed. 

Right of withdrawal, provision of information, data modification, and contact

By signing the Client Consent Statement or by using our website, you agree to the use of your personal data in the manner described in the aforementioned Client Consent Statement and this Data Protection Statement. 

At the same time, in accordance with the applicable legislation on personal data protection and the rights it grants you as the owner of personal data, with which you have been XY informed you, you also have the right to access, rectify, erase, or restrict the processing of your personal data; the right to withdraw your consent for the use of your personal data at any time in the future without providing a reason; as well as the right to lodge a complaint with the supervisory authority. Withdrawal of consent must be made in writing (by letter or email) to the following publicly available address of the registered office: Samoborska 264, Zagreb, or to info@fx-mayr.hr . Such withdrawal will prevent the future use of your personal data by XY.

Please contact us at one of the above addresses if you have any questions regarding the use of your data or if you wish to update or correct your data.