Last modified: 9/11/2020
Funestra d.o.o., Mladen Fiolića 12 and, Zagreb, OIB:87939378078, MBS:081190351 are responsible for processing your personal data, and the responsible person in terms of personal data processing is the director of Funestra d.o.o.
Thank you for choosing to be part of our Community of Zoyya. We are committed to protecting your personal data and your right to privacy. If you have any questions or concerns about our policies or our practices regarding the processing of your personal data, please contact us at gdpr@zoyya.com. All information on the protection of your personal data can be obtained at the following link: Data protection under the General Data Protection Regulation.
This policy may apply to you if you are:
When you visit our website www.zoyya.com ("Website") and use our services, you entrust us with your personal information. We take your privacy very seriously. With this privacy policy, we want to explain to you in the clearest possible terms what data we collect and how, how we process it, for what purposes we use it, how long we keep it, how you can monitor all our actions and what rights you have in connection with your personal data.
This privacy policy applies to all data collected through our websites (such as www.zoyya.com), our mobileapp and any related services, sales, marketing or events (in this privacy policy we refer to it collectively as "websites" or "websites").
Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.
If there are any terms in this privacy policy that you do not agree with, please discontinue the use of our website and our services, and we will be happy to answer any questions you may have.
The terms we use in this privacy policy, which have a gender meaning, we use neutrally and apply equally to the feminine and masculine gender.
In short: we collect personal data that you voluntarily provide to us, i.e. those that you manually enter on our site
In particular, these are first and last name, e-mail, cell phone number, address, gender and date of birth. In addition, it is possible that we collect information about the log-in on social networks, if you give us your consent to it and connect your account to the social network account. We cannot access payment means information (e.g. credit/debit card number or bank account number), but we will allow our billing partner to collect them through our websites.
The personal information we collect depends on the type of your interaction with us and the sites, your choices, products and features you use. By entering personal data in the fields provided for, you consent to the data being used for the purpose for which it was given.
The data we collect may include the following:
Name and contact details: We collect your first and last name, email address, postal address, phone number, gender, date of birth and IP address.
Credentials: We do not store your password in the system, but we do collect password instructions and similar security information used to recover account access.
Payment information: This information will never be available to us. The information required to process payments, such as your payment instrument number (e.g. your credit/debit card number or bank account number) and the security code associated with your payment instrument is stored by our payment processor (www.braintree.com)and we hereby refer you to its privacy policy (https://www.braintree.com/legal) sothat you can contact them directly to answer your questions. We cannot access, nor do we need your payment information.
Social media login information: We provide you with the ability to register through social media account information, such as your Google, Facebook, Twitter or other social media account. If you choose to register in this way, we will collect the information described in the section titled HOW WE PROCESS SOCIAL MEDIA LOGINS below.
All personal data you provide to us must be true, complete and accurate and it is important that you inform us of any changes to the personal data you have provided to us.
In short: Some data - such as your computer's IP address or browser and device characteristics - is collected automatically when you visit our websites.
We automatically collect certain information when you visit, use, or browse websites. This information does not reveal your identity (such as your name or contact information), but may contain device and usage information, such as your IP address, browser and device characteristics, operating system, language settings, reference URLs, device name, country, location, information about how and when you use our site and other technical information. This information is primarily necessary to maintain the safety and operation of our websites and for internal analytics and reporting purposes.
We also collect information through cookies and similar technologies. You can find out more about this in our Cookie Policy.
In short: When using our Apps, we may collect information about your geographic location, mobile device, push notification and Facebook permissions.
If you use our Apps, we may therefore collect the following information:
In short: We may collect limited data from public databases, marketing partners, social media platforms, and other external sources.
We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook), as well as from other third parties, exclusively with your consent, i.e. if you link your account you have with a third party to the account you have with us. Such information includes: social media profile information (your name, gender, birthday, email, current city and country, user IDs for your contacts, URL images, and any other information you choose to make public); marketing offers and search results, including paid ads (such as sponsored links).
In short: We process your data for purposes based on compliance with our legal obligations, fulfillment of our contract or relationship with you, legitimate business interests and/or your consent.
First of all, we state that we process only those personal data that are necessary to achieve a specific purpose and use this data only for established, clear, legitimate and expected purposes.
The processing of your data is based on the following legal bases:
We use the information we collect or receive for the purpose of:
In short: We do not sell, rent or lend your information to unrelated third parties.
We do not forward or transfer your personal data to unrelated third parties, and are securely stored on our or an external server that we also select in our business premises, which sufficiently guarantee the implementation of appropriate technical and organizational measures in such a way that the processing complies with the requirements of the General Data Protection Regulation and ensures the protection of your rights.
We will limit the information we forward and submit to a minimum by forwarding only the personal data necessary for the purposes of processing for which it was provided.
All legal and natural persons to whom we forward your personal data have the obligation to maintain confidentiality within the framework of the contractual relationship and have also implemented organizational and technical protection measures.
Certain data may be forwarded to the authorities of the Republic of Croatia at their request, in order to comply with the obligations prescribed by the law of the Republic of Croatia.
In no case is your personal data transferred to a third country, international organisation or recipient in a third country,
More specifically, we may need to share your personal information in the following situations:
We have categorized each side in detail so that you can easily understand the purpose of our data collection and processing practices. If we have processed your data based on your consent and you wish to withdraw your consent, please contact us.
In short: We may use cookies and other tracking technologies to collect and store data.
We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store data.
Cookies aresmall textfiles that place an Internet server (server) on the user's computer, through which the service provider accesses the Internet and displays the website.
More information can be found on our Cookie Policy.
In short: Yes, we use Google Maps to provide a better service.
This website, mobile app or Facebook app uses Google Maps API. Here you can find the Google Maps API Terms of Service. To better understand Google's privacy policy, see this link.
By using our implementation of the Maps API, you agree to commit to Google's Terms of Service.
In short: If you choose to register or sign in to our services using a social media account, we may have access to certain information about you.
Our services or apps offer you the ability to register and sign in using your third-party social media account information (such as your Google, Facebook, or Twitter data). Where you choose to do so, we will receive certain information about your profile from your social media provider. The profile information we receive may vary depending on the social media provider in question, but it will often include your name, email address, friends list, profile picture, as well as other information you choose to publish.
We will only use the information we receive for purposes described in this Privacy Policy or otherwise made clear to you in the Services or Apps. Please note that we do not control or be held liable for other people's use of your personal information by your third-party social media provider. We recommend that you review their privacy policy to understand how they collect, use, and share your personal information and how you can determine your privacy settings on their sites and apps.
In short: We are not responsible for the security of any information you share with third parties that advertise that is not linked to our websites.
Services or Apps may contain ads from third parties that are not affiliated with us but may be associated with other websites, online services, or mobile apps. We cannot guarantee the security and privacy of the information you provide to third parties. All data collected from third parties is not covered by this privacy policy. We are not responsible for the content or privacy and security procedures and policies of third parties, including other websites, services, or applications that may be associated with or affiliated with the Services or the Apps. You should review the policies of such third parties and contact them directly to answer your questions.
In short: We keep your information for as long as necessary to meet the objectives set out in this privacy policy unless otherwise required by law or other regulation.
We will only keep your personal data for as long as necessary for the purposes set out in this privacy policy, unless the longer retention period is determined by law or other regulation (such as tax and accounting regulations).
Therefore, if you have used our service and we have issued you with an invoice, your name and surname, address, and personal identification number contained in the issued invoice, we keep for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are required to keep all issued invoices, according to the law.
We also keep the invoices we received from the supplier for 11 years (counting from the last day of the year in which the invoice was issued) since that is how long we are legally required to keep those invoices.
Your contact information, i.e. Phone or mobile number and email address are deleted immediately after you have revoked or deleted your account.
In short: Our goal is to protect your personal data with a system of organizational and technical security measures.
We have implemented appropriate technical, organizational and personnel security measures intended to protect the security of all personal data we process. However, keep in mind that we cannot guarantee that the Internet is 100% secure. While we will do our best to protect your personal information, transferring personal data to and from our Services or Apps is at your own risk. You should only access the services in a secure environment.
In short: We do not collect data from people under the age of 18.
We don't ask people under the age of 18 for information. By using the Services or Apps, you declare that you are at least 18 years old or that you are a legal representative or guardian of a minor and agree to the use of the Services or Apps with respect to your protégé. If we learn that, despite the statement that the user is 18 years old or that the data is collected from a legal representative or guardian, personal data has been collected from users under the age of 18, we will deactivate the account and take reasonable measures to quickly delete such data from our records.
In short: You have numerous rights related to the processing of your personal data and we give you a detailed overview of these rights below.
Right of access
From us you can get confirmation of whether your personal data is being processed and if it is processed, access to this data and the following information: information on the purpose of processing, categories of personal data in question, recipients or categories of recipients to whom personal data have been disclosed or will be disclosed, about the foreseen period in which personal data will be stored and the existence of the data subject's rights in relation to the processing of personal data (and what rights are specified in the following text of this Privacy Policy).
Right to data correction
If the personal data we process is incomplete or inaccurate, you can ask us at any time to correct or supplement it with an additional statement. Please note that you are responsible for the accuracy of the data provided, plus you have an obligation to inform us about relevant changes to your personal data.
Right to erasure
You have the right to request the deletion of your personal data if you believe that they are no longer necessary in relation to the purposes for which it was collected or otherwise processed, if you have objected to the processing based on our legitimate interest, if you believe that your data has been illegally processed and if you feel that your data should be deleted under the law of the European Union or the Republic of Croatia.
Please note that there are reasons that prevent the immediate deletion of personal data, such as for data that must be kept for a certain period of time or permanently.
If you have requested the deletion of personal data that must be kept for a certain period of time, as part of the response to the request for deletion, we will inform you about the time period during which we must keep the data and the day when it will be deleted.
If you have requested the deletion of personal data that must be kept permanently, as part of the reply regarding the request for deletion, we will inform you of the impossibility of deleting such data together with a reference to the legal basis prescribed by the permanent retention of the data.
Right to restriction of processing
You can ask us to limit the processing of your data:
If the processing of data is limited, such personal data may only be processed with your consent except for the storage of data or the installation, exercise or defence of legal claims or the protection of the rights of another natural or legal person or because of an important public interest. If you obtain a data processing restriction, we will notify you before the restriction is lifted.
Right to object
If we process your data for the purpose of carrying out tasks of public interest or the tasks of public authorities or when processing them we refer to our legitimate interests, you can file a complaint against such data processing if there is an interest in protecting your data. If we refer to our legitimate interests when processing data, and you have objected to such processing, then we will not further process your data unless we prove that there are compelling and lawful reasons for processing that go beyond your interests, rights and freedoms or if necessary to set, exercise or defend our legal claims.
Right to appeal
If you believe that while processing your personal data we acted against EU law or Croatian law, please contact us to clarify any issues. You are certainly entitled to report a potential breach of rights to the Personal Data Protection Agency.
Right to notification of personal data breach
In the event that, despite all measures taken, your personal data is breached, we will notify you of any such breach without undue delay by sending a written notification.
In this notice, we will describe the nature of the personal data breach, provide the name and surname of the person from which you can obtain additional information about the breach, a description of the likely consequences of the personal data breach and a description of the measures we have taken to address the personal data breach, including measures to minimize adverse consequences. This notice will be drawn up using clear and simple language.
If you wish to exercise any of these rights, please contact us using our details:
According to your requirements for the exercise of rights, we will respond in accordance with the deadlines and authorizations prescribed by the General Data Protection Regulation.
In any case, when using these rights, make sure that we must unequivocally establish your identity, which serves to protect your rights and private spheres.
Your rights mentioned above may also be exercised by your power of attorney, who must be legitimized with power of attorney certified by a notary public except when the attorney is a lawyer in which case no certified power of attorney is required.
If you use some of these rights too often and with obvious intent to abuse, we may refuse to process your request.
If we base the processing of personal data on consent, then we ensure that you always give your consent in the form of a written statement, hand-signed and that consent is voluntary, special, informed and unambiguous.
A written statement giving your consent to the processing of your personal data will be drawn up for each individual purpose of processing, in an understandable and easily accessible form using clear and simple language.
At any time, you have the right to withdraw your consent to the processing of personal data, which you will be informed about before giving your consent, in such a way that this right of yours will be explicitly stated in the written statement by which you give your consent to the processing of personal data with the note that consent may be withdrawn in such a way as to sign the form of the statement which we will draw up in a simple form.
Please note that in the event that consent is given for a one-time processing operation, and the same processing has already been carried out then the revocation of consent has no legal effect.
If you withdraw your consent, we will immediately delete all your personal data except that which that we are obliged to keep in accordance with the regulations of the European Union and the Republic of Croatia.
If you do not agree to give your consent in cases of data processing based on consent, then we are not able to establish any legal relationship with you.
If you want to view or change the information in your account or cancel your account at any time, you can:
At your request to terminate your account, we will deactivate or delete your account and data from our active databases.
Opt out of email marketing: You can unsubscribe from our marketing list at any time by clicking on the unsubscribe link in the emails we send or by contacting us using the information below. You will then be removed from the marketing email address list. However, we will still need to send you an email regarding the services required to administer and use your account. To otherwise cancel, you can:
In short: Yes, we will update this policy if necessary to remain in line with the GDPR and other relevant regulations.
The updated version will be marked as "Revised", including the date of the revision. The updated version will take effect as soon as it becomes available. If we make significant changes to this privacy policy, we may notify you either through a dynamic visual notification or through a direct notification. We recommend that you periodically review this privacy policy to stay informed about how we protect your data.
If you have questions or comments about this policy, you can contact our Data Protection Officer (DPO), by email gdpr@zoyya.com, or by post at:
Funestra d.o.o.
Mladen Fiolić 12 and
Zagreb 10000
Croatia