Last modified: 9/11/2020
Funestra d.o.o., Mladen Fiolića 12 and, Zagreb, OIB:87939378078, MBS:081190351 are responsible for processing your personal data, and the responsible person in terms of personal data processing is the director of Funestra d.o.o.
Thank you for choosing to be part of our Community of Zoyya. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about our policies or our practices regarding the processing of your personal data, please contact us at firstname.lastname@example.org. All information on the protection of your personal data can be obtained at the following link: Data protection under the General Data Protection Regulation.
This policy may apply to you if you are:
In short: we collect personal data that you voluntarily provide to us, i.e. those that you manually enter on our site
In particular, these are first and last name, e-mail, cell phone number, address, gender and date of birth. In addition, it is possible that we collect information about the log-in on social networks, if you give us your consent to it and connect your account to the social network account. We cannot access payment means information (e.g. credit/debit card number or bank account number), but we will allow our billing partner to collect them through our websites.
The personal information we collect depends on the type of your interaction with us and the sites, your choices, products and features you use. By entering personal data in the fields provided for, you consent to the data being used for the purpose for which it was given.
The data we collect may include the following:
Name and contact details: We collect your first and last name, email address, postal address, phone number, gender, date of birth and IP address.
Credentials: We do not store your password in the system, but we do collect password instructions and similar security information used to recover account access.
Social media login information: We provide you with the ability to register through social media account information, such as your Google, Facebook, Twitter or other social media account. If you choose to register in this way, we will collect the information described in the section titled HOW WE PROCESS SOCIAL MEDIA LOGINS below.
All personal data you provide to us must be true, complete and accurate and it is important that you inform us of any changes to the personal data you have provided to us.
In short: Some data - such as your computer's IP address or browser and device characteristics - is collected automatically when you visit our websites.
We automatically collect certain information when you visit, use, or browse websites. This information does not reveal your identity (such as your name or contact information), but may contain device and usage information, such as your IP address, browser and device characteristics, operating system, language settings, reference URLs, device name, country, location, information about how and when you use our site and other technical information. This information is primarily necessary to maintain the safety and operation of our websites and for internal analytics and reporting purposes.
In short: When using our Apps, we may collect information about your geographic location, mobile device, push notification and Facebook permissions.
If you use our Apps, we may therefore collect the following information:
In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.
We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook), as well as from other third parties, exclusively with your consent, i.e. if you link your account you have with a third party to the account you have with us. Such information includes: social media profile information (your name, gender, birthday, email, current city and country, user IDs for your contacts, URL images, and any other information you choose to make public); marketing offers and search results, including paid ads (such as sponsored links).
In short: We process your data for purposes based on compliance with our legal obligations, fulfillment of our contract or relationship with you, legitimate business interests and/or your consent.
First of all, we state that we process only those personal data that are necessary to achieve a specific purpose and use this data only for established, clear, legitimate and expected purposes.
The processing of your data is based on the following legal bases:
We use the information we collect or receive for the purpose of:
In short: We do not sell, rent or lend your information to unrelated third parties.
We do not forward or transfer your personal data to unrelated third parties, and are securely stored on our or an external server that we also select in our business premises, which sufficiently guarantee the implementation of appropriate technical and organizational measures in such a way that the processing complies with the requirements of the General Data Protection Regulation and ensures the protection of your rights.
We will limit the information we forward and submit to a minimum by forwarding only the personal data necessary for the purposes of processing for which it was provided.
All legal and natural persons to whom we forward your personal data have the obligation to maintain confidentiality within the framework of the contractual relationship and have also implemented organizational and technical protection measures.
Certain data may be forwarded to the authorities of the Republic of Croatia at their request, in order to comply with the obligations prescribed by the law of the Republic of Croatia.
In no case is your personal data transferred to a third country, international organisation or recipient in a third country,
More specifically, we may need to share your personal information in the following situations:
We have categorized each side in detail so that you can easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to withdraw your consent, please contact us.
Cookies aresmall textfiles that place an Internet server (server) on the user's computer, through which the service provider accesses the Internet and displays the website.
In short: Yes, we use Google Maps to provide a better service.
By using our implementation of the Maps API, you agree to commit to Google's Terms of Service.
In short: If you choose to register or sign in to our services using a social media account, we may have access to certain information about you.
Our services or apps offer you the ability to register and sign in using your third-party social media account information (such as your Google, Facebook, or Twitter data). Where you choose to do so, we will receive certain information about your profile from your social media provider. The profile information we receive may vary depending on the social media provider in question, but it will often include your name, email address, friends list, profile picture, as well as other information you choose to publish.
In short: We are not responsible for the security of any information you share with third parties that advertise that is not linked to our websites.
Therefore, if you have used our service and we have issued you with an invoice, your name and surname, address, and personal identification number contained in the issued invoice, we keep for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are required to keep all issued invoices, according to the law.
We also keep the invoices we received from the supplier for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are legally required to keep those invoices.
Your contact information, i.e. Phone or mobile number and email address are deleted immediately after you have revoked or deleted your account.
In short: Our goal is to protect your personal data with a system of organizational and technical security measures.
We have implemented appropriate technical, organizational and personnel security measures intended to protect the security of all personal data we process. However, keep in mind that we cannot guarantee that the Internet is 100% secure. While we will do our best to protect your personal information, transferring personal data to and from our Services or Apps is at your own risk. You should only access the services in a secure environment.
In short: We do not collect data from people under the age of 18.
We don't ask people under the age of 18 for information. By using the Services or Apps, you declare that you are at least 18 years old or that you are a legal representative or guardian of a minor and agree to the use of the Services or Apps with respect to your protégé. If we learn that, despite the statement that the user is 18 years old or that the data is collected from a legal representative or guardian, personal data has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to quickly delete such data from our records.
In short: You have numerous rights related to the processing of your personal data and we give you a detailed overview of these rights below.
Right of access
Right to data correction
If the personal data we process is incomplete or inaccurate, you can ask us at any time to correct or supplement it with an additional statement. Please note that you are responsible for the accuracy of the data provided, plus you have an obligation to inform us about relevant changes to your personal data.
Right to erasure
You have the right to request the deletion of your personal data if you believe that they are no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you have objected to the processing based on our legitimate interest, if you believe that your data has been illegally processed and if you feel that your data should be deleted under the law of the European Union or the Republic of Croatia.
Please note that there are reasons that prevent the immediate deletion of personal data, such as for data that must be kept for a certain period of time or permanently.
If you have requested the deletion of personal data that must be kept for a certain period of time, as part of the response to the request for deletion, we will inform you about the time period during which we must keep the data and the day when it will be deleted.
If you have requested the deletion of personal data that must be kept permanently, as part of the reply regarding the request for deletion, we will inform you of the impossibility of deleting such data together with a reference to the legal basis prescribed by the permanent retention of the data.
Right to restriction of processing
You can ask us to limit the processing of your data:
If the processing of data is limited, such personal data may only be processed with your consent except for the storage of data or the installation, exercise or defence of legal claims or the protection of the rights of another natural or legal person or because of an important public interest. If you obtain a data processing restriction, we will notify you before the restriction is lifted.
Right to object
If we process your data for the purpose of carrying out tasks of public interest or the tasks of public authorities or when processing them we refer to our legitimate interests, you can file a complaint against such data processing if there is an interest in protecting your data. If we refer to our legitimate interests when processing data, and you have objected to such processing, then we will not further process your data unless we prove that there are compelling and lawful reasons for processing that go beyond your interests, rights and freedoms or if necessary to set, exercise or defend our legal claims.
Right to appeal
If you believe that while processing your personal data we acted against EU law or Croatian law, please contact us to clarify any issues. You are certainly entitled to report a potential breach of rights to the Personal Data Protection Agency.
Right to notification of personal data breach
In the event that, despite all measures taken, your personal data is breached, we will notify you of any such breach without undue delay by sending a written notification.
In this notice, we will describe the nature of the personal data breach, provide the name and surname of the person from which you can obtain additional information about the breach, a description of the likely consequences of the personal data breach and a description of the measures we have taken to address the personal data breach, including measures to minimize adverse consequences. This notice will be drawn up using clear and simple language.
If you wish to exercise any of these rights, please contact us using our details:
According to your requirements for the exercise of rights, we will respond in accordance with the deadlines and authorizations prescribed by the General Data Protection Regulation.
In any case, when using these rights, make sure that we must unequivocally establish your identity, which serves to protect your rights and private spheres.
Your rights mentioned above may also be exercised by your power of attorney, who must be legitimized with power of attorney certified by a notary public except when the attorney is a lawyer in which case no certified power of attorney is required.
If you use some of these rights too often and with obvious intent to abuse, we may refuse to process your request.
If we base the processing of personal data on consent, then we ensure that you always give your consent in the form of a written statement, hand-signed and that consent is voluntary, special, informed and unambiguous.
A written statement giving your consent to the processing of your personal data will be drawn up for each individual purpose of processing, in an understandable and easily accessible form using clear and simple language.
At any time, you have the right to withdraw your consent to the processing of personal data, which you will be informed about before giving your consent, in such a way that this right of yours will be explicitly stated in the written statement by which you give your consent to the processing of personal data with the note that consent may be withdrawn in such a way as to sign the form of the statement which we will draw up in a simple form.
Please note that in the event that consent is given for a one-time processing operation, and the same processing has already been carried out then the revocation of consent has no legal effect.
If you withdraw your consent, we will immediately delete all your personal data except that which that we are obliged to keep in accordance with the regulations of the European Union and the Republic of Croatia.
If you do not agree to give your consent in cases of data processing based on consent, then we are not able to establish any legal relationship with you.
If you want to view or change the information in your account or cancel your account at any time, you can:
At your request to terminate your account, we will deactivate or delete your account and data from our active databases.
Opt out of email marketing: You can unsubscribe from our marketing list at any time by clicking on the unsubscribe link in the emails we send or by contacting us using the information below. You will then be removed from the marketing email address list. However, we will still need to send you an email regarding the services required to administer and use your account. To otherwise cancel, you can:
In short: Yes, we will update this policy if necessary to remain in line with the GDPR and other relevant regulations.
If you have questions or comments about this policy, you can contact our Data Protection Officer (DPO), by email email@example.com, or by post at:
Mladen Fiolić 12 and