GEUS
Privacy Policy
1.1 Introduction
This Privacy Policy establishes the rules and principles applied by GEUS d.o.o. when collecting, processing, and protecting your personal data, in compliance with applicable laws and regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: the “GDPR”) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette of the Republic of Croatia No. 42/18).
1.2 Data controller
The data controller and the company responsible for processing your personal data is GEUS d.o.o. for manufacturing, trade and tourist agency, with its registered seat Sveti Ivan Zelina (Grad Sveti Ivan Zelina), Komin, Filipovići 1 G, registered in the court registry of the Commercial Court in Zagreb under registration number (MBS): 080231752, PIN (OIB): 75180569931 (previously and hereinafter: “GEUS”).
1.3 Application of this Privacy Policy
This Privacy Policy applies to all visitors of this website.
1.4 Collection and processing of personal data
We process your personal data collected during your use of our website. In specific cases of personal data processing, we may offer you the option to provide additional consent. If this occurs, you will be informed of the terms of processing, and any consent provided will include specific details about these terms and the purpose of processing personal data.
1.5 Principles of personal data processing
When processing your personal data, GEUS adheres to the following principles:
- lawfulness: personal data is processed solely on legal grounds prescribed by applicable legislation, including the GDPR;
- fairness: we ensure that all relevant information regarding the processing of personal data is made available to data subjects;
- transparency: all relevant information is provided to data subjects in a clear, understandable, and easily accessible manner, in compliance with the GDPR;
- purpose limitation: personal data is collected solely for explicit and lawful purposes, and is not processed in a manner that is incompatible with those purposes;
- data minimization: only personal data necessary to achieve the specific purposes of processing is collected; and
- accuracy and updating: personal data must be accurate and, where necessary, updated, and data that is inaccurate or no longer needed will be corrected or deleted without delay.
1.6 Privacy protection and informing data subjects
We respect your privacy and want to provide you with clear and transparent information in this document about the personal data we collect, as well as the legal grounds on which we process your personal data. By visiting this website, we will consider that you are familiar with the terms of this Privacy Policy. If you have any questions regarding the processing of your personal data, feel free to contact us using the details provided in Section 9.1.
2. Types of personal data we process
Depending on the purpose of processing, during your stay and use of our services, we may process the following types of personal data:
- identification data: name and surname, residence, date and place of birth, nationality, type and number of identity document, personal identification number (OIB), gender;
- contact information: email, telephone number;
- technical and website usage data: IP address, device information, browser type, browsing history on our website, cookies, and similar tracking technologies; and
- recordings: video surveillance footage (you may be recorded by our cameras monitoring the outer perimeter of our business premises and factory if you enter the recording perimeter of our cameras (which is clearly marked).
3. Purposes of personal data processing
Your personal data is processed for the following purposes:
- performance of contractual obligations: to fulfil our contractual obligations to you and undertake other necessary actions related to the conclusion and execution of a contract. In this case, the legal basis for processing your personal data is the performance of our contract or the steps taken at your request prior to entering into a contract;
- protection of people and property: to protect individuals (visitors and employees) and property through the use of video surveillance systems. In this case, the legal basis for processing your personal data is our legitimate interest in ensuring the protection of individuals and property;
- consent: for specific purposes for which you have given us your consent to process your personal data. In this case, the legal basis for processing your personal data is your consent; and
- use of the website: to process data regarding your interaction with our website, including technical data such as your IP address, device information, browser type, browsing history on our website, cookies, and similar tracking technologies. In this case, the legal basis for processing your personal data is our legitimate interest in improving the website’s functionality and user experience.
If we intend to further process your personal data for a purpose different from the one for which it was originally collected, we will inform you of this new purpose and provide all relevant information.
4. Personal data retention period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required by law.
Data collected based on a contractual relationship will be stored only as long as necessary to perform the contract or provide the service. For instance, video surveillance recordings are retained for up to six months, unless a longer period is stipulated by law or required as evidence in legal or other proceedings.
The retention period for personal data is strictly limited to the minimum necessary, with specified retention periods and periodic reviews to ensure that data is not retained longer than required. Should certain data still be needed for legitimate business purposes after the expiration of the retention period, appropriate measures will be taken to anonymize the data.
5. Technical and organizational measures
We implement appropriate technical and organizational measures to ensure the security of your personal data and protect it from unauthorized access, loss, or alteration, whether accidental or deliberate. Access to your data is strictly limited to authorized individuals with a business need to process the data for clearly defined purposes, about which you have been informed. These individuals are obligated to maintain confidentiality and handle your data in compliance with applicable regulations and our data protection standards.
6. Data subject rights
6.1 Your rights
In accordance with the GDPR, you have the following rights concerning the processing of your personal data:
- right of access you have the right to request access to the personal data we process at any time and receive information, including, among other, the purpose of processing, categories of data, and recipients to whom the data has been disclosed;
- right to rectification: you can request the updating, correction, or completion of your personal data if it is inaccurate or incomplete;
- right to erasure: you may request the deletion of your personal data, except where legal obligations require its retention;
- right to restrict processing: you can request the restriction of processing your personal data, for example, if you dispute the accuracy of the data or object to processing based on legitimate interest;
- right to data portability: you may request that we provide your personal data in a machine-readable format or transfer it to another service provider, where technically feasible;
- right to lodge a complaint: you have the right to lodge a complaint regarding personal data processing with the Croatian Personal Data Protection Agency; and
- right to withdraw consent: if the processing of your personal data is based on consent, you can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To exercise the above rights, you can contact our Data Protection Officer using the contact details provided in section 9.1.
6.2 Response timeframe
We are committed to responding to your request within one month of receipt. If the request is complex or if we receive a large number of requests in a short period, we reserve the right to extend the response period by an additional two months, in which case you will be promptly informed.
7. Automated decision-making and data transfers to third countries
7.1 Automated decision-making
Automated decision-making involves decisions that produce legal effects on the data subject or significantly affect them in a similar way, made solely through automated processes – including profiling – without prior review by a human.
GEUS does not use automated decision-making or engage in any profiling when processing your personal data.
7.2 Data transfers to third countries
Your personal data will not be transferred to third countries outside the European Union and the European Economic Area, nor to international organizations.
In exceptional cases where a transfer of personal data to a third country or international organization occurs, you will be notified, and the transfer will be conducted with appropriate safeguards. This includes, among other measures, the application of the European Commission’s standard contractual clauses for data transfers.
8. Use of Cookies
Our website uses cookies to enhance the user experience, analyse visitor behaviour, and tailor content to your interests. Cookies are small text files stored on your device during your visit to our website.
By using our website, you agree to the use of cookies in accordance with this Privacy Policy. If you disagree with the use of cookies, you may disable them in your browser settings, however, please note that this may affect website functionality.
9. Contact information
9.1 Contacting the data protection officer
All information or requests related to this Privacy Policy can be made:
- by sending a written request to the business address of GEUS d.o.o., Sveti Ivan Zelina (Grad Sveti Ivan Zelina), Komin, Filipovići 1 G (attn: Data Protection Officer); or
- emailing GEUS’s Data Protection Officer at roberto.gelo@geus.hr.
9.2 Submitting a complaint to the supervisory authority
You can submit a complaint regarding personal data processing to the Croatian Personal Data Protection Agency at Selska cesta 136, HR – 10 000 Zagreb. You may also contact them by phone at +385 (01) 4609-000, fax at +385 (01) 4609-099, email at azop@azop.hr, or via their website at www.azop.hr.
10. Changes to the Privacy Policy
We reserve the right to amend or update this Privacy Policy at any time, in accordance with changes in legislation or our business practices. Any changes will be published on this page, indicating the date of the latest revision. We recommend that you regularly review this page to stay informed of any updates. By using the services of GEUS or our website after changes have been published, it will be considered that you have accepted the updated Privacy Policy. If any change requires your explicit consent, we will ask you to provide it again.