Kontraloop
HR

Privacy Policy

 

Introductory Provisions

At Kontraloop d.o.o. (hereinafter: Data Controller or Kontraloop), we are committed to protecting your privacy and personal data.
This Privacy Policy describes how and for what purposes Kontraloop d.o.o., a company registered in the Commercial Court Register in Zagreb, MBS: 081662547, OIB: 71826480138, Jankomir 33, Zagreb, as the Data Controller, processes, collects, uses, and protects users’ personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the European Union L 119, 4.5.2016, p. 1, hereinafter: General Data Protection Regulation or GDPR), and the Act on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18, hereinafter: the Act), as well as the legal framework for personal data protection in the Republic of Croatia and the European Union, in relation to personal data of users who visit the Kontraloop website https://kontraloop.hr/ managed by the Data Controller (hereinafter: the Website).

Accessing and browsing the content on the Website does not require user registration.
When using the Website, data may be processed through cookies, in accordance with applicable regulations and the terms set out in the Cookie Policy, which forms an integral part of this Privacy Policy.
We value your trust and strive to be transparent about our data processing practices – therefore, please read this Privacy Policy carefully.


Acceptance and Changes to the Privacy Policy

By using our website, you confirm that you have read, understood, and agree to the terms and conditions of this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our website. This Privacy Policy may be amended from time to time, and the latest version will be published on our website. Your continued use of the Website after any changes or amendments to the Privacy Policy constitutes your acceptance of such changes and amendments.
We may modify this Privacy Policy at any time. When we do, we will publish the updated version on the Website, unless a different type of notice is required under applicable laws.


Basic Concepts and Principles of Personal Data Protection

According to the GDPR, personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
When processing personal data, we pay special attention to the following principles:
•    Lawfulness, fairness, and transparency: Processing must be based on a legal ground, and fairness and transparency require that individuals are informed about the processing and its purposes, and that the Data Controller provides all additional information necessary to ensure fair and transparent processing, taking into account the specific circumstances and context of the processing.
•    Purpose limitation: Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving in the public interest, scientific or historical research, or statistical purposes is allowed.
•    Data minimization: Data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
•    Accuracy: Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay.
•    Storage limitation: Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; longer periods are allowed only for archiving in the public interest, scientific or historical research, or statistical purposes, subject to appropriate safeguards under the GDPR.
•    Integrity and confidentiality: Data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
•    Accountability: The Data Controller is responsible for compliance with these principles and bears the burden of proof in case of any breach.


Additional Notes

Access to the Website https://kontraloop.hr/ is free and registration is not required. Providing personal data is voluntary.


Purposes for Collecting and Processing Personal Data

We do not process more personal data than is truly necessary for your participation in any activity on our website.
Users’ personal data is collected and processed solely for clearly defined, explicit, and lawful purposes and is not processed in a manner incompatible with those purposes. The Data Controller uses the collected data only to the extent necessary to achieve each specific purpose of processing, in accordance with the principles of lawfulness, fairness, transparency, and purpose limitation under Article 5 of the GDPR.


Personal data may be processed for the following purposes:
•    Participation in prize contests and notifying winners – In the event of organizing prize contests through the Website, personal data may be processed for the purpose of conducting the contest, contacting participants, and notifying winners, all in accordance with the applicable contest rules.
•    Responding to inquiries, comments, requests, or complaints from users – Personal data may be processed to enable two-way communication and provide relevant information regarding the Website content or the activities of the Data Controller.
•    Use of cookies – Data collected through cookies is processed in accordance with the terms set out in the Cookie Policy.

The Data Controller will not use personal data for purposes other than those stated, unless there is an appropriate legal basis in accordance with the GDPR and other applicable regulations.


Legal Basis for Processing Personal Data

The Data Controller collects and processes users’ personal data only when there is an appropriate legal basis under Article 6 of the General Data Protection Regulation (GDPR). Depending on the purpose of processing, the legal basis may be:


a) Consent (Article 6(1)(a) GDPR)
Users’ personal data is processed based on explicit and voluntary consent in cases where the user chooses to accept the use of cookies that are not essential for the functioning of the Website or to participate in prize contests. Users may withdraw their consent at any time, and withdrawal does not affect the lawfulness of processing carried out before withdrawal.
We ensure that the purposes for which we seek your consent are clearly stated so that you can make an informed decision. Your consent allows us to collect and process your personal data exclusively for those purposes.
Processing based on consent begins only after you have explicitly given it. If you do not provide consent, we will not process your personal data for the stated purposes.
You may contact us at any time to withdraw your consent. After withdrawal, we will cease processing your data for the purposes for which consent was withdrawn.


b) Processing necessary for compliance with legal obligations (Article 6(1)(c) GDPR)
Processing of personal data may be necessary to fulfill the Data Controller’s legal obligations, for example, related to conducting prize contests, maintaining records, or responding to requests from competent authorities.

c) Legitimate interest (Article 6(1)(f) GDPR)
In certain cases, personal data may be processed based on the Data Controller’s legitimate interest, for example, to respond to inquiries, comments, or complaints from users or to ensure the security and functionality of the Website. In such cases, processing is carried out only when such interest is not overridden by the interests or fundamental rights and freedoms of the user.
You have the right to object, free of charge and easily, to such use of data at the time of collection and upon receiving any electronic message, in accordance with the applicable Electronic Communications Act. In all cases, our processing is based on a legitimate interest that we have identified and that does not override your rights and freedoms, and we strive to ensure a reasonable balance between our legitimate interests and your rights.

The Data Controller does not process personal data for purposes other than those stated unless a new legal basis is obtained in accordance with applicable regulations.


Contact, Surveys, Questionnaires, and Research

When you send us an email containing personal data that can identify you, whether it is an email with a question or comment, we use that data solely to fulfill your request.


What Personal Data Do We Process?

The Data Controller collects and processes users’ personal data only to the extent necessary to achieve the purposes stated in this Privacy Policy. When using the Website, the following categories of personal data are processed:
•    Data collected through cookies – These data are collected through cookies and similar technologies, and their processing is carried out in accordance with the Cookie Policy.
•    Data provided through inquiries, complaints, or comments – If a user contacts the Data Controller through available communication channels (e.g., email or other means), data voluntarily provided by the user may be processed, such as name and surname, email address, phone number, message content, and any other data the user chooses to include in the communication. These data are used solely for processing the received inquiry, comment, or complaint and for communication with the user regarding the same.


Data Security

We take the security of your personal data very seriously. For this purpose, we implement technical and organizational measures to protect your personal data from risks during transmission and processing, as well as to prevent unauthorized access by third parties.
To protect personal data, we apply appropriate technical, organizational, and personnel measures and procedures to prevent unauthorized access and ensure that data is used in accordance with the purpose of processing.


Retention Period for Personal Data

In general, we process Users’ and/or Registered Users’ personal data until the purpose for which they were collected and further processed has been fulfilled. Personal data is stored in our storage systems.
Additionally, depending on the purpose and legal basis on which we collect and process personal data, in certain cases we are obliged to retain personal data for the period prescribed by applicable regulations for each specific purpose.
Personal data processed on the basis of consent will be retained until the consent is withdrawn.
Longer retention is possible if the data is required for initiating and conducting court or other proceedings before competent authorities.
You may request information at any time about which of your personal data we store in our personal data collection, as well as request that all or some of your personal data be modified or deleted. You can do this by sending a notice with your request to kontakt@kontraloop.hr. If you submit such a request, we will make reasonable efforts to confirm your identity and prevent unauthorized processing of personal data.
If, despite all measures taken to protect personal data, you believe you have grounds for a complaint, please contact us at kontakt@kontraloop.hr. You also have the right to file a complaint with the supervisory authority – the Croatian Personal Data Protection Agency.


Disclosure of Personal Data to Other Recipients

The Data Controller does not transfer, sell, or disclose users’ personal data to third parties in a manner that would be contrary to this Privacy Policy or applicable regulations. Users’ personal data may be disclosed to third-party recipients only when necessary to achieve the purpose of processing, fulfill legal obligations, or if the user has given consent.
In the course of regular business operations, personal data may be accessible to the following categories of recipients:
•    Providers of technical and infrastructure services – e.g., hosting providers, website maintenance, IT support acting as processors and processing personal data exclusively according to the Data Controller’s instructions.
•    Providers of analytics and marketing services – if third-party tools are used for analytics or cookie management, personal data collected through cookies may be shared with such providers, always in accordance with user consent and applicable regulations.
•    Competent authorities and institutions – in cases where the Data Controller is obliged to provide personal data under law or a lawful request from a competent authority.

All processors we cooperate with are required to ensure appropriate technical and organizational measures for personal data protection and process them exclusively in accordance with our instructions and applicable regulations.

In certain cases, personal data may be transferred outside the European Economic Area (EEA), including to the United States, for example when using Google Analytics. Such transfers are carried out only when appropriate safeguards are in place in accordance with Chapter V of the GDPR, including an adequacy decision by the European Commission or the application of standard contractual clauses.


Protection of Children’s Personal Data on the Website

We do not collect or process personal data of minors without the consent of a parent or guardian.
If you are a minor, please do not send us your personal data.


Confidentiality of Personal Data

To ensure the confidentiality of your personal data, our employees are prohibited from unauthorized collection, processing, or use of personal data. Our employees are familiar with data protection regulations and are bound to maintain the confidentiality of user data. This obligation continues even after termination of employment.


Your Rights Regarding Personal Data Processing

As the Data Controller of the personal data we collect and process, we are committed to respecting the rights granted to data subjects under the General Data Protection Regulation (GDPR). These rights may include the right of access, rectification, erasure, restriction or objection to processing, as well as the right to data portability and the right to lodge a complaint with a supervisory authority. Data subjects can exercise these rights by contacting us using the contact details provided in this Privacy Policy. We will respond to such requests in accordance with applicable laws and data protection regulations.

Under the GDPR, individuals whose personal data is processed by the Data Controller have the following rights:


•    Right to be informed: The Data Controller must provide the information specified in the GDPR, including details about the data being processed, contact details, purposes and legal basis for processing, recipients or categories of recipients of personal data, if any, and the period during which the data will be processed or the criteria for determining that period. This information must be provided immediately when the data is collected or within a reasonable time if collected from other sources, unless the individual has already been informed (Article 12 GDPR).


   Right of access: Data subjects have the right to access and review their personal data, including the right to receive copies of their personal data. The first copy should be provided free of charge, and subsequent copies may be subject to a reasonable administrative fee in accordance with the GDPR (Article 15 GDPR).


•    Right to rectification: Data subjects have the right to correct or update their personal data held by the Data Controller in case of any changes or inaccuracies (Article 16 GDPR).


   Right to erasure (right to be forgotten): Data subjects have the right to request that the Data Controller delete their personal data. This right can be exercised when the purposes for which the data were processed have been fulfilled, consent for processing has been withdrawn, there is no other legal basis for processing, the data were processed unlawfully, deletion is required by law, or the data relate to a minor collected as part of an information society service (Article 17 GDPR).


•    Right to restriction of processing: Data subjects have the right to request that the Data Controller restrict the processing of their personal data. This can be done in situations where the accuracy of personal data is contested, there is no legal basis for processing but deletion is not desired, an objection to processing has been lodged, or the personal data is needed for the establishment or defense of legal claims (Article 18 GDPR).


•    Right to data portability: Data subjects have the right to receive their personal data in a format that allows them to view it on a computer and transfer the data to another Data Controller if the legal basis for processing was consent or involved automated processing (Article 20 GDPR).


•    Right to object: Data subjects have the right to object to the processing of their personal data for certain purposes, in accordance with applicable laws (Article 21 GDPR).


•    Right not to be subject to automated decision-making or profiling: Data subjects have the right not to be subject to automated decision-making or profiling, unless explicit consent is given, and should be informed of any profiling (Article 22 in relation to Article 4(4) GDPR).


•    Right to lodge a complaint with a supervisory authority: Data subjects have the right to lodge a complaint with the competent supervisory authority if they believe their personal data is being processed unlawfully or in violation of their rights under the GDPR (Article 77 GDPR).


General Rules When Exercising Your Rights

If you decide to exercise one or more of the rights listed above, we have the right to verify your identity for the purpose of protecting your personal data. If you frequently or excessively request access to or transfer of your personal data (e.g., if you request all personal data in written form or if less than six months have passed since your last request), we have the right to charge a fee for costs incurred prior to performing such an action.


Privacy Policies of Other Websites

Our Website may offer social media features that allow sharing of personal data on social networks. Therefore, we kindly ask you to review the privacy policies applicable to the other portal or social network, or by third parties.
We do everything in our power to ensure that all redirects from our Website lead you to websites with quality content that does not promote negativity. However, websites and web addresses change quickly, and we cannot always guarantee the content of every address we direct you to.


Links to Other Websites and Social Networks

Our website may contain links to other websites not owned or controlled by Kontraloop d.o.o., including social media (“Third-Party Websites”). Information you share with Third-Party Websites will be governed by their own privacy policies and terms of use, not by this Privacy Policy. By providing these links, we do not imply endorsement or review of those websites. Please contact the Third-Party Websites directly for information about their practices and privacy policies.

Kontraloop d.o.o. uses business profiles on social networks such as Instagram and TikTok. Authorized persons at Kontraloop d.o.o. have access to messages and/or posts, i.e., content on these social networks. Kontraloop d.o.o. does not store or process personal data contained in these messages/posts/content, except for purposes stated in this Privacy Policy.

You can review the confidentiality and data processing documents of these social networks at the following links:
•    Instagram: https://help.instagram.com/519522125107875
•    TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/hr


Cookies

To maintain the Website and its functionalities, we use so-called cookies, small files that we send to your computer and can access later.
The legal basis for processing personal data through cookies is user consent and/or our legitimate interest.
Read more about our cookie policy here (Cookies).


Changes to Data Protection Provisions

Changes to data protection provisions may be necessary due to changes in legal regulations or data processing circumstances. If the purposes of collecting, processing, or using your personal data change, as well as the identity of the Data Controller and categories of recipients, we will notify you and, if necessary, request your consent.


Contact Details of the Data Controller

Kontraloop d.o.o.
10 000 Zagreb
Jankomir 33
Email: kontakt@kontraloop.hr


Useful Links
The following links may be useful if you want more details on how to manage cookies:
•    Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
•    Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer


More information about cookies can be found at www.allaboutcookies.org, or you can always contact us via email at kontakt@kontraloop.hr.


We reserve the right to occasionally amend these cookie rules.

 

Offers