Privacy Policy

Home
Privacy Policy

Last modified: 9/11/2020

Funestra d.o.o., Mladen Fiolića 12 and, Zagreb, OIB:87939378078, MBS:081190351 are responsible for processing your personal data, and the responsible person in terms of personal data processing is the director of Funestra d.o.o.
Thank you for choosing to be part of our Community of Zoyya. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about our policies or our practices regarding the processing of your personal data, please contact us at gdpr@zoyya.com. All information on the protection of your personal data can be obtained at the following link: Data protection under the General Data Protection Regulation.

Who should be privy to this privacy policy?

This policy may apply to you if you are:

  • A partner using the services of our platform
  • An end-user of our services or
  • A visitor to our website

When you visit our website www.zoyya.com ("Website") and use our services, you entrust us with your personal information. We take your privacy very seriously. With this privacy policy, we want to explain to you in the clearest possible terms what data we collect and how, how we process it, for what purposes we use it, how long we keep it, how you can monitor all our actions and what rights you have in connection with your personal data.

This privacy policy applies to all data collected through our websites (such as www.zoyya.com), our mobileapp and any related services, sales, marketing or events (in this privacy policy we refer to it collectively as "websites" or "websites").

Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.

If there are any terms in this privacy policy that you do not agree with, please discontinue the use of our website and our services, and we will be happy to answer any questions you may have.

The terms we use in this privacy policy, which have a gender meaning, we use neutrally and apply equally to the feminine and masculine gender.

WHAT DATA DO WE COLLECT?

Your personal data that you provide to us on your own

In short: we collect personal data that you voluntarily provide to us, i.e. those that you manually enter on our site  

In particular, these are first and last name, e-mail, cell phone number, address, gender and date of birth. In addition, it is possible that we collect information about the log-in on social networks, if you give us your consent to it and connect your account to the social network account. We cannot access payment means information (e.g. credit/debit card number or bank account number), but we will allow our billing partner to collect them through our websites.

The personal information we collect depends on the type of your interaction with us and the sites, your choices, products and features you use. By entering personal data in the fields provided for, you consent to the data being used for the purpose for which it was given.

The data we collect may include the following:

Name and contact details: We collect your first and last name, email address, postal address, phone number, gender, date of birth and IP address.

Credentials: We do not store your password in the system, but we do collect password instructions and similar security information used to recover account access.  

Payment information: This information will never be available to us. The information required to process payments, such as your payment instrument number (e.g. your credit/debit card number or bank account number) and the security code associated with your payment instrument is stored by our payment processor (www.braintree.com)and we hereby refer you to its privacy policy (https://www.braintree.com/legal) sothat you can contact them directly to answer your questions. We cannot access, nor do we need your payment information.

Social media login information: We provide you with the ability to register through social media account information, such as your Google, Facebook, Twitter or other social media account. If you choose to register in this way, we will collect the information described in the section titled HOW WE PROCESS SOCIAL MEDIA LOGINS below.

All personal data you provide to us must be true, complete and accurate and it is important that you inform us of any changes to the personal data you have provided to us.  

Data collected automatically

In short: Some data - such as your computer's IP address or browser and device characteristics - is collected automatically when you visit our websites.

We automatically collect certain information when you visit, use, or browse websites. This information does not reveal your identity (such as your name or contact information), but may contain device and usage information, such as your IP address, browser and device characteristics, operating system, language settings, reference URLs, device name, country, location, information about how and when you use our site and other technical information. This information is primarily necessary to maintain the safety and operation of our websites and for internal analytics and reporting purposes.

We also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy.

Data collected through our applications

In short: When using our Apps, we may collect information about your geographic location, mobile device, push notification and Facebook permissions.

If you use our Apps, we may therefore collect the following information:

  • Geographical location information: We may request access or permission to track location-based data from your mobile device, continuously or while using our mobile app, to provide location-based services. If you want to change our access or permissions, you can do so in your device settings.
  • Mobile access: We may request access or permission to certain features from your mobile device, including calendar, contacts, reminders, SMS messages or social media accounts. If you want to change our access or permissions, you can do so in your device settings.
  • Mobile device data: We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information, and IP address.
  • Application messages(push notifications): We may ask to send you notifications regarding your account or mobile app. If you want to opt out of these types of notifications, you can turn them off in your device settings.

Data collected from other sources

In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.

We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook), as well as from other third parties, exclusively with your consent, i.e. if you link your account you have with a third party to the account you have with us. Such information includes: social media profile information (your name, gender, birthday, email, current city and country, user IDs for your contacts, URL images, and any other information you choose to make public); marketing offers and search results, including paid ads (such as sponsored links).

HOW DO WE PROCESS YOUR DATA, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS?

In short: We process your data for purposes based on compliance with our legal obligations, fulfillment of our contract or relationship with you, legitimate business interests and/or your consent.

First of all, we state that we process only those personal data that are necessary to achieve a specific purpose and use this data only for established, clear, legitimate and expected purposes.

The processing of your data is based on the following legal bases:

  • Consent: We may only process your data if you have given us the consent to use your personal data for specific purposes.
  • Contract enforcement: If we have a contract with you, we may process your personal data to meet the terms of the contract.
  • Legal obligations: We may disclose your information where required by law to comply with applicable regulations or at the behest of a court or other body, and as part of judicial, administrative or other legal proceedings (including the reaction of government authorities to comply with national security or law enforcement requirements).
  • Legitimate interests: We may disclose your information where we believe it is necessary to investigate, prevent or take action in connection with potential breaches of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.

We use the information we collect or receive for the purpose of:

  • Creating a user account and signing in. If you choose to link your account to a third-party platform (such as your Google or Facebook account), we will use the information you have allowed us to collect from these third parties to create your account in order to enforce our contract. For more information, please refer you to the section below entitled HOW WE PROCESS SOCIAL MEDIA LOGINS.
  • Marketing and promotional messages. We and/or our third-party marketing partners may use the personal information you provide us for marketing purposes if they comply with your marketing preferences. You can opt out of our marketing emails at any time. We also refer to this in the section entitled WHAT ARE YOUR RIGHTS REGARDING DATA PROCESSING.
  • Sending administrative information. We may use your personal information to send you information about the product, service and new features or information about changes to our terms and conditions, only if we have obtained your consent for this, for the duration of the consent obtained.
  • Sharing reviews on our websites. We publish reviews on our Services or Apps that may contain personal information. Before you publish the review, we will obtain your consent to use your name and review. If you want to update or delete your review, please contact us gdpr@zoyya.com and be sure to provide your name, review location and contact details.
  • Targeted advertising for you. We may use your information to develop and display content and advertising (and to work with third parties who do so) tailored to your interests or location and to measure its effectiveness, only if we have obtained your consent for this and for the duration of the consent obtained.
  • Request feedback. We may use your information to request feedback from you and to contact you regarding your use of our Services or Apps, only if we have obtained your consent for this and for the duration of the consent obtained.
  • Protection of our services. We may use your data in an effort to preserve and protect our Services or Apps (for example, to monitor and prevent fraud).
  • Enabling communication between the service provider and the user. We may use your information to enable communication between you and the service provider in order to enable the provision of the service and to increase the quality of service.
  • Manage user accounts. We may use your information for the purpose of managing and maintaining your account in the correct condition for the duration of our business relationship.
  • Providing services to the user. We may use your information to provide the requested service.
  • Respond to user queries and provide customer support. We may use your information to respond to your inquiries and resolve possible issues related to the use of our Services and Apps.
  • Business purposes. We may use your data for other business purposes, such as data analysis, campaign tracking, and the improvement of our service, products, marketing, as well as your experience. We may use and store this information in an aggregated and anonymous form so that it is not linked to individual end-users and does not include personal information. We will not use identifiable personal information without your consent.

WILL WE FORWARD YOUR DATA TO SOMEONE?

In short: We do not sell, rent or lend your information to unrelated third parties.

We do not forward or transfer your personal data to unrelated third parties, and are securely stored on our or an external server that we also select in our business premises, which sufficiently guarantee the implementation of appropriate technical and organizational measures in such a way that the processing complies with the requirements of the General Data Protection Regulation and ensures the protection of your rights.

We will limit the information we forward and submit to a minimum by forwarding only the personal data necessary for the purposes of processing for which it was provided.

All legal and natural persons to whom we forward your personal data have the obligation to maintain confidentiality within the framework of the contractual relationship and have also implemented organizational and technical protection measures.

Certain data may be forwarded to the authorities of the Republic of Croatia at their request, in order to comply with the obligations prescribed by the law of the Republic of Croatia.

In no case is your personal data transferred to a third country, international organisation or recipient in a third country,

More specifically, we may need to share your personal information in the following situations:

  • Third-party suppliers, advisors and other service providers. We may share your information with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to achieve this. Examples include: shipment delivery, payment processing, data analysis, email delivery, hosting services, customer service, and marketing efforts. We may allow selected third parties to use tracking technology (such as Google Analytics) on the Services or Apps, allowing them to collect information about your interaction with our Services or Apps over time. This information can be used, among other things, to analyze and track data, to determine the popularity of specific content, and to better understand online activities. Outside of these cases, we do not share your information with third parties for their promotional purposes.
  • Business transfers. We may share or transfer your information in connection with or during negotiations of any merger, sale of company assets, financing or acquisition of all or part of our business to another company.
  • Business partners. We may share your information with our business partners to offer you certain products, services, or promotions. If you are our business partner and we have issued you an invoice for our services, your information will be sent to our accounting service. Our accounting will carry out accounting and bookkeeping tasks for us, in order to fulfill our obligations based on accounting, bookkeeping, and tax regulations. For this purpose, we will also forward your information to the Tax Administration as the recipient of personal data. If communication regarding the enforcement of rights and obligations under your contractual relationship with us takes place by post, we will forward your personal data, specifically your name, last name and address, to legal entities that carry our postal deliveries, as they need the aforementioned information in order to perform the delivery service.
  • Other users. When you share personal information (for example, by placing comments, contributions, or other content in the Services or Apps) or otherwise communicating with public areas of the Services or Apps, such personal information may be viewed by all users and may be publicly distributed outward outside the Service or the App. If you communicate with other users of our services or apps and register through a social network (such as Facebook), your social media contacts will see your name, profile photo and descriptions of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you as part of our Services or Apps, and view your profile.

We have categorized each side in detail so that you can easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to withdraw your consent, please contact us.

  • Connect to your third-party accounts
    Facebook account and Google Account, if you use them to sign in to the App
  • Advertising, direct marketing and creating opportunites
    Google AdSense and Facebook Audience Network can personalize the ads you see while using the Internet
  • Cloud computing services and data backup
    Microsoft Azure, our data is stored in the cloud
  • Send SMS and WhatsApp messages
    Twilio and WhatsApp, if you want to receive reminders and information about your appointments
  • Marketing and statistical reports
    Google Analytics and Facebook Custom Audience help us identify our target groups
  • Customer support
    Intercom, used to interact with clients, publish articles and share instructions on how to use the App
  • Online payment (we cannot view this data)
    Mollie, if you are a partner, i.e. paying to use our Services

DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In short: We may use cookies and other tracking technologies to collect and store data.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store data.  

Cookies aresmall textfiles that place an Internet server (server) on the user's computer, through which the service provider accesses the Internet and displays the website.

  • cookies occur when the browser loads the visited network destination on the user's device, which then sends the data to the browser and creates a text file (cookie). The browser retrieves and sends the cookie to the website server when the user returns to it.
  • on our site are used technical cookies (mandatory cookies that cannot be turned off) that are necessary for the functioning of the Internet site, functional (can be turned off) that allow the Internet to provide improved functionality and personalization and marketing (can be turned off) that allow us to record visits and traffic sources so that we can measure and improve the efficiency of our Website.

More information can be found on our Cookie Policy.

DO WE USE GOOGLE MAPS?

In short: Yes, we use Google Maps to provide a better service.

This website, mobile app or Facebook app uses Google Maps API. Here you can find the Google Maps API Terms of Service. To better understand Google's privacy policy, see this link.

By using our implementation of the Maps API, you agree to commit to Google's Terms of Service.

HOW DO WE PROCESS SOCIAL MEDIA LOGINS?

In short: If you choose to register or sign in to our services using a social media account, we may have access to certain information about you.

Our services or apps offer you the ability to register and sign in using your third-party social media account information (such as your Google, Facebook, or Twitter data). Where you choose to do so, we will receive certain information about your profile from your social media provider. The profile information we receive may vary depending on the social media provider in question, but it will often include your name, email address, friends list, profile picture, as well as other information you choose to publish.

We will only use the information we receive for purposes described in this Privacy Policy or otherwise made clear to you in the Services or Apps. Please note that we do not control or be held liable for other people's use of your personal information by your third-party social media provider. We recommend that you review their privacy policy to understand how they collect, use, and share your personal information and how you can determine your privacy settings on their sites and apps.

WHAT IS OUR POSITION ON THIRD-PARTY SITES?

In short: We are not responsible for the security of any information you share with third parties that advertise that is not linked to our websites.

Services or Apps may contain ads from third parties that are not affiliated with us but may be associated with other websites, online services, or mobile apps. We cannot guarantee the security and privacy of the information you provide to third parties. All data collected from third parties is not covered by this privacy policy. We are not responsible for the content or privacy and security procedures and policies of third parties, including other websites, services, or applications that may be associated with or affiliated with the Services or the Apps. You should review the policies of such third parties and contact them directly to answer your questions.

HOW LONG DO WE KEEP YOUR DATA?

In short: We keep your information for as long as necessary to meet the objectives set out in this privacy policy unless otherwise required by law or other regulation.

We will only keep your personal data for as long as necessary for the purposes set out in this privacy policy, unless the longer retention period is determined by law or other regulation (such as tax and accounting regulations).

Therefore, if you have used our service and we have issued you with an invoice, your name and surname, address, and personal identification number contained in the issued invoice, we keep for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are required to keep all issued invoices, according to the law.

We also keep the invoices we received from the supplier for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are legally required to keep those invoices.

Your contact information, i.e. Phone or mobile number and email address are deleted immediately after you have revoked or deleted your account.

HOW DO WE PROTECT YOUR DATA?

In short: Our goal is to protect your personal data with a system of organizational and technical security measures.

We have implemented appropriate technical, organizational and personnel security measures intended to protect the security of all personal data we process. However, keep in mind that we cannot guarantee that the Internet is 100% secure. While we will do our best to protect your personal information, transferring personal data to and from our Services or Apps is at your own risk. You should only access the services in a secure environment.

DO WE COLLECT INFORMATION FROM MINORS?

In short: We do not collect data from people under the age of 18.

We don't ask people under the age of 18 for information. By using the Services or Apps, you declare that you are at least 18 years old or that you are a legal representative or guardian of a minor and agree to the use of the Services or Apps with respect to your protégé. If we learn that, despite the statement that the user is 18 years old or that the data is collected from a legal representative or guardian, personal data has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to quickly delete such data from our records.

WHAT ARE YOUR RIGHTS IN TERMS OF PROCESSING YOUR DATA ?

In short: You have numerous rights related to the processing of your personal data and we give you a detailed overview of these rights below.

Right of access

From us you can get confirmation of whether your personal data is being processed and if it is processed, access to this data and the following information: information on the purpose of processing, categories of personal data in question, recipients or categories of recipients to whom personal data have been disclosed or will be disclosed, about the foreseen period in which personal data will be stored and the existence of the data subject's rights in relation to the processing of personal data (and what rights are specified in the following text of this Privacy Policy).

Right to data correction  

If the personal data we process is incomplete or inaccurate, you can ask us at any time to correct or supplement it with an additional statement. Please note that you are responsible for the accuracy of the data provided, plus you have an obligation to inform us about relevant changes to your personal data.

Right to erasure

You have the right to request the deletion of your personal data if you believe that they are no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you have objected to the processing based on our legitimate interest, if you believe that your data has been illegally processed and if you feel that your data should be deleted under the law of the European Union or the Republic of Croatia.

Please note that there are reasons that prevent the immediate deletion of personal data, such as for data that must be kept for a certain period of time or permanently.

If you have requested the deletion of personal data that must be kept for a certain period of time, as part of the response to the request for deletion, we will inform you about the time period during which we must keep the data and the day when it will be deleted.

If you have requested the deletion of personal data that must be kept permanently, as part of the reply regarding the request for deletion, we will inform you of the impossibility of deleting such data together with a reference to the legal basis prescribed by the permanent retention of the data.

Right to restriction of processing

You can ask us to limit the processing of your data:

  • if you dispute the accuracy of the data, during the period that allows us to verify the accuracy of the data in question.
  • if data processing was not allowed, but you refuse deletion and require data restriction instead
  • if we no longer need the data for the intended purposes, but we still need it to meet legal requirements.
  • if you have objected to the processing of personal data for the purpose of carrying out a task of public interest or the tasks of public authorities.

If the processing of data is limited, such personal data may only be processed with your consent except for the storage of data or the installation, exercise or defence of legal claims or the protection of the rights of another natural or legal person or because of an important public interest. If you obtain a data processing restriction, we will notify you before the restriction is lifted.

Right to object

If we process your data for the purpose of carrying out tasks of public interest or the tasks of public authorities or when processing them we refer to our legitimate interests, you can file a complaint against such data processing if there is an interest in protecting your data. If we refer to our legitimate interests when processing data, and you have objected to such processing, then we will not further process your data unless we prove that there are compelling and lawful reasons for processing that go beyond your interests, rights and freedoms or if necessary to set, exercise or defend our legal claims.

Right to appeal

If you believe that while processing your personal data we acted against EU law or Croatian law, please contact us to clarify any issues. You are certainly entitled to report a potential breach of rights to the Personal Data Protection Agency.

Right to notification of personal data breach

In the event that, despite all measures taken, your personal data is breached, we will notify you of any such breach without undue delay by sending a written notification.

In this notice, we will describe the nature of the personal data breach, provide the name and surname of the person from which you can obtain additional information about the breach, a description of the likely consequences of the personal data breach and a description of the measures we have taken to address the personal data breach, including measures to minimize adverse consequences. This notice will be drawn up using clear and simple language.

Exercise of rights

If you wish to exercise any of these rights, please contact us using our details:

  • contact email address : gdpr@zoyya.com
  • regular mail address: Mladena Fiolića 12 I, Zagreb
  • in person, to the address we provided.

According to your requirements for the exercise of rights, we will respond in accordance with the deadlines and authorizations prescribed by the General Data Protection Regulation.

In any case, when using these rights, make sure that we must unequivocally establish your identity, which serves to protect your rights and private spheres.

Your rights mentioned above may also be exercised by your power of attorney, who must be legitimized with power of attorney certified by a notary public except when the attorney is a lawyer in which case no certified power of attorney is required.

If you use some of these rights too often and with obvious intent to abuse, we may refuse to process your request.

Rights in case of data processing based on consent

If we base the processing of personal data on consent, then we ensure that you always give your consent in the form of a written statement, hand-signed and that consent is voluntary, special, informed and unambiguous.

A written statement giving your consent to the processing of your personal data will be drawn up for each individual purpose of processing, in an understandable and easily accessible form using clear and simple language.

At any time, you have the right to withdraw your consent to the processing of personal data, which you will be informed about before giving your consent, in such a way that this right of yours will be explicitly stated in the written statement by which you give your consent to the processing of personal data with the note that consent may be withdrawn in such a way as to sign the form of the statement which we will draw up in a simple form.

Please note that in the event that consent is given for a one-time processing operation, and the same processing has already been carried out then the revocation of consent has no legal effect.

If you withdraw your consent, we will immediately delete all your personal data except that which that we are obliged to keep in accordance with the regulations of the European Union and the Republic of Croatia.

If you do not agree to give your consent in cases of data processing based on consent, then we are not able to establish any legal relationship with you.

Account Information

If you want to view or change the information in your account or cancel your account at any time, you can:

  • Sign in to your account,  open settings and update your account.
  • Contact us using the contact details you have been made.

At your request to terminate your account, we will deactivate or delete your account and data from our active databases.

Opt out of email marketing: You can unsubscribe from our marketing list at any time by clicking on the unsubscribe link in the emails we send or by contacting us using the information below. You will then be removed from the marketing email address list. However, we will still need to send you an email regarding the services required to administer and use your account. To otherwise cancel, you can:

  • Change your settings when you register an account on a website.
  • Access your account settings and update your settings.
  • Contact us using the contact details you have been made.

ARE WE UPDATING THIS POLICY?

In short: Yes, we will update this policy if necessary to remain in line with the GDPR and other relevant regulations.

The updated version will be marked as "Revised", including the date of the revision. The updated version will take effect as soon as it becomes available. If we make significant changes to this privacy policy, we may notify you either through a dynamic visual notification or through a direct notification. We recommend that you periodically review this privacy policy to stay informed about how we protect your data.

HOW CAN YOU CONTACT US REGARDING THIS PRIVACY POLICY?

If you have questions or comments about this policy, you can contact our Data Protection Officer (DPO), by email gdpr@zoyya.com, or by post at:

Funestra d.o.o.
Mladen Fiolić 12 and
Zagreb 10000
Croatia