Privacy Policy

AXIANS CROATIA Ltd., Borongajska cesta 81A, 10000 Zagreb, Croatia (hereinafter referred to as the "Provider", "we" or "us"), is the author of this Privacy Policy. This Privacy Policy applies to all users of the Provider's services, insofar as personal data is processed as a result of these. In particular, this includes customers who have concluded a contract with the Provider for the Provider's services, its employees, and website visitors. The Provider may, furthermore, declare the Privacy Policy applicable to other contractual partners on a contractual basis. For the sake of simplicity, all persons subject to the data processing are hereinafter referred to as "customers". In the following, personal data or "data" is understood to mean all information that relates to an identified or identifiable person.

In the present case, the Provider is responsible for the careful and conscientious handling of the personal information of its customers. The Provider is responsible for the collection, processing, disclosure, storage and protection of its customers' personal information and ensures compliance with applicable data protection legislation.

If you provide us with personal data of other persons, please ensure that these persons are aware of this Privacy Policy, and only provide us with their personal data if you are allowed to do so and if this personal data is correct.

1. Contact information

The data controller responsible for data processing is:

AXIANS CROATIA Ltd.
Borongajska cesta 81A
10000 Zagreb
Croatia
+385 1 4603 000

The data protection officer can be reached at info@axians.hr

2. Governing law

This Privacy Policy is designed to meet the requirements of the Croatian Personal Data Protection Act and the EU General Data Protection Regulation ("GDPR"). However, whether and to what extent these laws are applicable depends on the individual case in question.

3. Nature and scope of the collection of personal data

General information

We primarily process the personal data that we receive from our customers and their business partners or clients in the context of our business relationships with such parties, as well as other persons involved in them, or that we collect from the users of our websites.

Insofar as is permitted, we also extract certain data in connection with the use of the website (e.g., IP address, MAC address of the smartphone or computer, information about your device and settings, cookies, date and time of the visit, pages and content accessed, functions used, referring website, location information).

When visiting our website (without logging in)

If customers visit the Provider's website outside the area protected by login, the web server technology used automatically logs general technical information about their visit. This includes, among other things, the IP address of the device used. It also includes information on the browser type, the Internet service provider and the operating system used.

When using the Visitor software (logged in)

During free trial access and when using the Visitor software for a fee within the area protected by login, all data entered or submitted by the customer during the registration process and during use of the software will also be stored. This is particularly the case if the customer registers, fills out online forms, corresponds with the Provider online or offline, or comes into contact with the Provider via social media, blogs or other interactive media.

Here, the personal master data (name, address, email address) and the settings required for the service in question are usually collected.

Upon data being collected, the customer consents to the processing, use and disclosure of personal data within the context and scope of the purposes described in this Privacy Policy.

4. Purposes of the data processing and legal basis

We primarily use the personal data we collect to conclude and process our contracts with our customers and business partners, particularly within the scope of the Visitor software and the software-as-a-service services for our customers as well as to comply with our legal obligations in Croatia and abroad.

In addition, we process personal data about you and other persons, insofar as this is permitted and appears to us to be appropriate, including for the following purposes, in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:

  • To offer and further develop our offers, services and websites, apps and other platforms on which we are present
  • To review and optimise procedures for needs analysis for the purpose of direct customer contact and to collect personal data from publicly accessible sources for the purpose of customer acquisition
  • Advertising and marketing (including the organisation of events), insofar as you have not objected to the use of your data (if we send advertising to you as an existing customer, you can object to this at any time; we will then place you on a blacklist to prevent further advertising mailings)
  • Market and opinion research, media monitoring
  • To assert legal claims and defence in connection with any legal disputes and official proceedings
  • To prevent and investigate criminal offences and other misconduct (e.g., to carry out internal investigations, to analyse data to combat fraud, to comply with official instructions and orders)
  • To guarantee our operations, in particular, the IT, our websites, apps and other platforms
  • The purchase and sale of business units, companies or parts of companies, and other transactions under company law, and the transfer of personal data in connection with this, as well as measures for the purposes of business management and, where applicable, to comply with legal and regulatory obligations and internal regulations

If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters or for a background check to be performed), we will process your personal data within the framework of and on the basis of this consent, insofar as we have no other legal basis and require such a basis. Consent that has been provided can be revoked at any time, though this has no effect on data processing that has already taken place.

5. Disclosure of personal data

In the course of our business activities and for the purposes set out in the above section, we also disclose personal data to third parties, insofar as this is permitted and appears to us to be appropriate, either because these third parties process it for us or because they want to use it for their own purposes. This applies, in particular, to the following bodies:

  • Service providers of ours (internal and external, such as payment processors), including order processors (such as IT providers)
  • Dealers, suppliers, subcontractors and other business partners
  • Purchasers of or parties interested in the acquisition of business units, companies or other parts of the Provider
  • Other parties in any possible or actual legal proceedings
  • Other companies of the VINCI group in accordance with Chapter 6

All are collectively referred to as "recipients".

All personal data of our customers that is stored in the Visitor software will be stored and processed exclusively in Croatia.

These recipients are primarily located in Croatia, but can also be located abroad. In particular, you must expect your data to be transferred to all countries in Europe and the USA, where the service providers we use are located (such as Google Drive, Zoom, etc.). In particular, the Provider has individual data processing carried out by service providers based in the EU who comply with data protection regulations. These include, in particular, companies in the categories of IT services, payment transactions, printing service providers, billing, debt collection and consulting, as well as sales and marketing, and service providers that are used within the scope of contracts for commissioned data processing.

If a recipient is located in a country without adequate legal data protection, we contractually oblige the recipient to comply with the applicable data protection standards (for this, we use the revised standard contractual clauses of the European Commission, which can be accessed here ), unless it is already subject to a legally recognised set of rules for ensuring data protection or we are able to rely on an exemption provision. An exception may apply, in particular, in the event of legal proceedings abroad, but also in cases of overriding public interest or if such disclosure is required to execute a contract, if you have given your consent, or if it relates to data that you have made generally accessible and whose processing you have not objected to.

6. Data exchange within the VINCI Group

By accepting the General Terms and Conditions of Business and this Privacy Policy of the Provider, the customer expressly declares their consent to the transfer of their data to the Provider's parent company and affiliated companies (hereinafter jointly referred to as "VINCI") in accordance with this section.

The exchange of data between the Provider and VINCI enables, in particular, even greater harnessing of existing synergies with the parent company. Particularly sensitive personal data (i.e., data that is particularly worthy of protection) will not be passed on under any circumstances..

VINCI is obliged to process all data that it becomes aware of exclusively within the framework of data protection legislation and to comply with data protection security regulations. VINCI is obliged to maintain confidentiality regarding the data it becomes aware of.

The Provider and the VINCI Group are entitled to process data in accordance with the following list, or to pass it on for the following purposes:

  • Customer base matching: customer master data is matched for statistical purposes. When this matching is carried out, analyses are performed of how many joint customers there are, how this proportion of customers develops over time, and how the joint customers are distributed geographically
  • Market segment analysis: data can be processed for the purpose of market segment analysis. The main purpose of market segmentation is to uncover differences between customers in order to draw conclusions for segment-specific marketing programmes (customer structure analysis)
  • Exchange of information: data may be processed for the purpose of exchange of information between the Provider and VINCI. The main purpose of this is to be able to continuously improve the products and services for the customer, to manage the use of and desired access to the applications, products and information, to maintain the business relationships with the customers, and to monitor and improve the performance of the offerings.
  • Marketing and analytical purposes: data may be exchanged in order to provide customers with offers, information or marketing material about products or services which, based on the data, can be assumed to be of interest to the customer.

7. Cookies

Cookies help make visits to the Provider's website easier, more pleasant and more meaningful. Cookies are information files that the web browser automatically stores on the computer's hard drive when the customer visits the Provider's website and takes advantage of offers.

The customer can independently manage their security settings in their browser and thus block or disable set cookies, though this may mean that certain services of the Provider may no longer be (fully) usable.

Tracking and analysis tools/social media

The use of the Provider's digital offers is measured and evaluated by means of various technical systems, predominantly by third-party providers such as Google Analytics. These measurements may be carried out both anonymously and in relation to a particular person. It is possible that the collected data may be passed on by the Provider or the third-party providers of such technical systems to third parties in Switzerland and abroad for processing. The most commonly used and well-known analysis tool is Google Analytics, a service provided by Google Inc. This means the collected data can, in principle, be transmitted to a Google server in the USA (or a location determined by Google).

The provider's website uses Google Analytics, a web analysis service provided by Google Inc., with its registered office at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called cookies, which are text files that are stored on the customer's computer and which enable the analysis of their usage of the website. The information generated by these cookies about use of the website (including the IP address, though this is anonymised by Google before being stored, so that it can no longer be associated with the customer) is transmitted to a Google server in the USA (or a location determined by Google) and stored there. Google will use this information to evaluate the use of the website, to compile reports on website activities for the Provider, and to provide other services connected to use of the website and Internet. Google may also pass this information on to third parties insofar as this is required by law or if third parties process the data on Google's behalf. Google shall in no event link customers' IP addresses with other Google data.

The Provider's website makes use of the "Demographics" feature of Google Analytics. This allows reports to be generated containing statements about the age, gender and interests of customers. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This collected data cannot be attributed to any specific individual person. Customers can disable this feature at any time via the ad settings in their Google account or can prohibit the collection of their data by Google Analytics in general. Further information can be found in Google's privacy policy here.

If the customer does not want their website activities to be available for Google Analytics, they can install the browser add-on to disable Google Analytics.

This prevents activity data from being shared with Google Analytics via the JavaScript (ga.js, analytics.js and dc.js) executed on websites.

The analysis of data by other tools of the website owner is not prevented if the customer uses the add-on. Data can still be sent to the website or to other web analysis services.

Finally, the Provider collects certain information via its website in so-called server log files, which are automatically transmitted by the customer's Internet browser. These include, among other things, the user agent (browser type and browser version, operating system used), http header information (referrer URL, IP address of the accessing computer), the time of the server request and the login status. These server log files are merged with other data sources only for error analysis.

Technologies for advertising purposes

The Provider's website uses the features of Google Analytics combined with the Cross Device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

This feature enables the target groups created with Google Analytics to be linked with the Cross Device capabilities of Google AdWords and Google DoubleClick. This allows personalised advertising that is based on the customer's interests and identified from their previous usage and surfing behaviour on one device (e.g., your mobile phone) to be displayed on other devices (such as a tablet or computer).

If the customer has given Google the appropriate consent, Google will link the web and app browser history with the customer's Google account for this purpose. This allows the same personalised advertising messages to be displayed on every device on which the customer logs in with their Google account.

To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to the Provider's Google Analytics data to define and create target groups for cross-device ad targeting.

The customer can permanently object to cross-device remarketing by disabling personalised advertising in their Google account.

Further information can be found in Google's privacy policy.

The Provider's website also uses the online advertising program Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, US.

As part of Google AdWords, the Provider uses so-called conversion tracking. When the customer clicks on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the Internet browser stores on the customer's computer. These cookies expire after 30 days at the latest and are not used for personal identification. If the customer visits our website and the cookie has not yet expired, Google and the Provider can recognise that the customer has clicked on the ad and has been redirected to this page.

Google informs the Provider of the total number of users who clicked on its ad and were redirected to its website with a conversion tracking tag. However, the Provider does not receive any information with which it can personally identify the customer.

Kupac može spriječiti pohranjivanje kolačića odgovarajućim podešavanjem softvera svog preglednika. Međutim, Pružatelj ističe kupca da kupac možda neće moći u potpunosti koristiti sve značajke ove web stranice. Kupac također može spriječiti praćenje onemogućavanjem kolačića Google Conversion Tracking putem svog internetskog preglednika u kupčevim postavkama.

For more information, please refer to Google's privacy policy.

The Provider's website also uses the visitor action pixel from Facebook; the provider is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.

The Facebook Pixel can be used to track the behaviour of website visitors after they have been redirected to the Provider's website by clicking on a Facebook ad. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and optimisation of future advertising measures.

The data collected is anonymous for the Provider. The Provider cannot draw any conclusions about the identity of customers. However, the data is stored and processed by Facebook, which means that association with the user profile in question is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook's data usage policy. This allows Facebook to display ads both on Facebook's pages and on third-party websites. The Provider cannot influence this use of the data.

The customer can permanently object to remarketing by disabling the "Custom Audiences" remarketing feature in the ad settings section under the following link. To do this, they must be logged in to Facebook.

If the customer does not have a Facebook account, they can disable usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance.

For more information, please refer to Facebook's privacy policy.

Integration of third-party offers/social media

The Provider's digital offers are networked with third-party features and systems in a variety of ways, such as by integrating plug-ins from third-party social networks, such as Facebook, Twitter, etc. If the customer has a user account with these third parties, these third parties may also be able to measure and evaluate their use of the Provider's digital offers. Other personal data, such as IP address, browser settings and other parameters, may be transmitted to these third parties and stored there. The Provider has no control over the use of personal data collected in this way by third parties and assumes no responsibility or liability in this regard. In other respects, the Provider has no detailed knowledge of which data is transmitted to these third-party providers, where it is transmitted, and whether it is anonymised.

Plug-ins from YouTube are integrated on the Provider's website. The provider is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

The YouTube plug-in establishes a connection to the YouTube servers. The YouTube server is informed about which of the Provider's pages the customer has visited.

If the customer is logged in to their YouTube account, YouTube can match their surfing behaviour directly with their personal profile. The customer can prevent this by logging out of their YouTube user account.

ZFor more information, please refer to YouTube's privacy policy.

Other tools

The Provider's website uses the Google Maps map service via an API. This is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If the customer uses the features of Google Maps, their IP address is stored by Google and usually transmitted to a Google server in the USA. The Provider has no influence over this data transfer.

For more information, please refer to Google's privacy policy.

8. Data security

The Provider uses technical and organisational security measures in accordance with recognised market standards to protect stored personal data against unintentional, unlawful or unauthorised manipulation, deletion, alteration, access, disclosure or use and against partial or complete loss. The Provider's servers are located in Croatia. Certain services can be processed via servers in other countries – with an appropriate level of data protection – whereby the requirements of the Croatian Personal Data Protection Act and the EU General Data Protection Regulation are fully complied with at all times. The connection to our servers is made using SSL encryption. The Provider regularly performs backups of customer data. In order to prevent data loss even in extreme cases (e.g., destruction of the data centre by an earthquake), the encrypted backups are stored in parallel in several data centres in Croatia and abroad. Our security measures are continuously adapted and improved in line with technological developments. Incidentally, the Provider cannot assume any guarantee for the security of data transmission on the Internet; in particular, there is a risk of access by third parties when data is transmitted by email. However, access is protected using HTTPS. If explicitly requested by the customer, the customer can opt for two-factor authentication at any time.

9. Communication by email and/or newsletter

If the customer wishes to receive a newsletter offered on the Provider's website, the Provider requires an email address and other information that makes it possible to verify the email address provided and that the customer consents to receiving the newsletter ("double opt-in" procedure ).

With the newsletter, the customer regularly receives recommendations and offers that might interest them. For this purpose, the Provider collects and processes personal data relating to the customer's usage behaviour on the website, in the Visitor software, and in relation to use of the newsletter (e.g., whether the customer opens the newsletter or which web URL links they click on). The Provider evaluates this data for statistical purposes in order to better tailor the content of the newsletters to the interests of its customers.

The processing of the personal data entered in the newsletter registration form is based on the customer's consent, which they can revoke at any time with effect for the future. Users can revoke their consent via the "unsubscribe" link in the newsletter. The personal data collected will be used to design the content of newsletters and to send them.

The Provider stores the personal data deposited by customers for the purpose of receiving the newsletter until the customer unsubscribes from the newsletter.

10. Duration of storage

We process and store your personal data for as long as it is necessary to fulfil our contractual and legal obligations or for the purposes otherwise pursued by the processing, i.e., for the duration of the entire business relationship, for example (from initiation, to execution, to termination of a contract) and, beyond this, in accordance with statutory storage and documentation obligations. It is possible that personal data may be stored for the period during which claims can be made against our company and insofar as we are otherwise legally obliged to store it or legitimate business interests require its storage (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will generally be deleted or anonymised as far as possible. For operational data (e.g., system logs, other logs), generally shorter retention periods of twelve months or less apply.

11. Data access, rectification, erasure, restriction of processing, and consent

Customers have the following rights with regard to their personal data in accordance with the Croatian Personal Data Protection Act and the EU General Data Protection Regulation. In principle, the Provider also grants the rights contained in the GDPR to customers. However, the Provider reserves the right to make a different assessment in individual cases.

  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restriction of processing
  • The right to data portability
  • The right to object

Please note, however, that we reserve the right to enforce the limitations imposed by law, such as when we are obliged to retain or process certain data, have an overriding interest in doing so (as far as we may invoke it), or require the data to assert claims. In the event that costs are incurred for you, we will inform you of this in advance. Please note that the exercise of these rights may conflict with contractual agreements and may have consequences such as premature termination of the contract or cost consequences. In this case, we will inform you of this in advance, if it is not already contractually regulated.

The exercise of such rights usually requires that you clearly prove your identity (e.g., by means of a copy of an identity card, where your identity is otherwise not clear or cannot be verified). To assert your rights, you can contact us at the address given in section 1.

Each data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Croatia is the Croatian Personal Data Protection Agency. The Provider is, of course, glad to receive the questions and wishes of customers in advance of a complaint. For this purpose, the customer can contact the Provider in writing or by email (info@axians.hr).

Insofar as the customer is asked to give their consent in connection with the Provider's services, they grant this consent by clicking on the corresponding checkbox. As a result, the Provider is entitled to collect, process, use and pass on the Customer's personal data accordingly.

The customer can, of course, revoke their consent at any time, though this does not affect the legality of the processing carried out on the basis of this consent up until the point of its withdrawal. The withdrawal of consent can be addressed in writing to the Provider's address, mentioned at the start. However, it is also sufficient to send an email to info@axians.hr. However, some of the services and features will no longer be available to the customer afterwards.

12. Links to other websites

The Provider's website contains hyperlinks to third-party websites that are not operated or controlled by the Provider. The Provider is not responsible for their content or data protection practices.

13. Changes

We may modify this Privacy Policy at any time without notice. The current version published on our website always applies. If the Privacy Policy forms part of an agreement with you, we will notify you in the event of an update of the change by email, via your Visitor account, or by other appropriate means.

AXIANS CROATIA Ltd.

Borongajska cesta 81A

10000 Zagreb

Croatia

 

Data processing agreement is available here

Cookies

This page uses exclusively technical cookies that are necessary for the proper functioning of the page and cannot be disabled. They are usually set in response to your actions that request services, such as cookie settings, login, or filling out forms. You can configure your browser to block these cookies or to send a warning about them, but in that case, some parts of the page will not work properly. Cookies do not store any information that could identify you and are not passed on to third parties.