PERSONAL DATA PROTECTION POLICY at CROSCO
CROSCO, naftni sevisi, d.o.o. (English: Integrated Drilling & Well Services, Company, Ltd.) (hereinafter: CROSCO) is very serious about protecting the privacy of your personal information and implements all technical and organisational measures required by best practices, Croatian laws and the General Data Protection Regulation (EC 2016/679), abbreviated as “GDPR”.
The company CROSCO processes personal information in compliance with the proscribed privacy by design-default principles.
CROSCO’s information system is protected in line with the best practices and standards by physical solutions and applications developed by industry leaders. The logical and physical access to system components is managed in compliance with the applicable standards and the users are regularly trained and informed about the importance of information security and protection of information.
The specific purpose and method of processing of your personal information largely depend on the type of business relationship based on which we collect your information. We are guided by the basic personal information protection principles in our business, which means that we process information legally, transparently and fairly, that the processing is limited to the purpose for which the information was collected, and that only the information essential for this purpose is processed. We only store your personal information for as long as we have to, in order to fulfil the purpose of information processing, except in cases when legal regulations require us to store personal information for a longer period and in cases when the storing of information is required by our legitimate interests (e.g. establishment, realisation or protection of legal requirements). When processing your personal information, we are guided by the principles of accuracy, reliability, confidentiality and integrity. Access to your personal information is restricted to authorised persons at CROSCO, our business service provider partners (data processors) or to those related by ownership structure ( INA d.d.).
Several different units in our Company are working on complying with the above regulatory requirements, ensuring a multidisciplinary approach to safeguarding and protecting the privacy of our employees, customers, business partners, job candidates and other persons whose information we collect in our business. We hold regular trainings for our employees and contractually stipulate adequate protection measures with our business service provider partners.
Data Controller and Personal Information Protection Officer
CROSCO, naftni servisi, d.o.o., Lovinčićeva 4, 10 000 Zagreb, PIN: 15538072333
Please send all privacy related inquiries to the following contacts:
Address: Lovinčićeva 4, 10 000 Zagreb, attn. Personal Information Protection Officer
E-mail address: firstname.lastname@example.org
Processing purposes and legal grounds for personal information processing
CROSCO as the Data Controller, protects your privacy and only processes the personal information that is essential to CROSCO and that has been collected as a part of CROSCO’s business activities, whether the information was provided by you or a third party or obtained from publicly available sources, for the following purposes:
- Fulfilment of contractual obligations – when processing is necessary to fulfil the contract that you are a party to or to take action at your request prior to concluding the contract
- Satisfaction of legitimate interests – when necessary, we process personal information outside of a specific contractual relationship in order to satisfy our legitimate interests. Such legitimate interests may include the following:
- Conducting legal proceedings and maintaining records of legal proceedings
- Discovering perpetrators of criminal offences and fraud prevention
- Protection of persons and property
- Fulfilment of your requests so you could help us develop and improve our services or fulfilment of our internal needs, such as audit, data analysis and research for purposes of improving our services and communication with our users
- Answering your inquiries and comments
- Essential compliance with regulatory requirements – considering its diverse business activities, CROSCO is under obligation to comply with a multitude of regulatory requirements. For instance, we have to comply with the Money Laundering and Terrorism Financing Prevention Act in force, tax regulations and so on.
- Processing of personal information for special purposes or several special purposes described by consent, solely after receiving your consent to have your personal information processed for a particular purpose. Your consent is compliant with the relevant provisions of the Regulation and given unconditionally and freely. You reserve the right to revoke your consent at any time.
Should we process your personal information for purposes not described here or outside of the purpose to which you have consented, prior to such processing, we will provide you with information about the other purpose and all other relevant information about the processing.
Which personal information do we process and how do we get it?
We primarily process personal information collected within the scope of a contractual relationship, such as name, surname, personal identification number, address and so on. However, we also collect information from public sources (Court Registry, Financial Agency-FINA) and information legitimately shared with us by other companies in the INA Group, other contractual partners or third parties when necessary for the performance of our business activities even when their collection is not associated with a specific contractual or business relationship.
Are you under obligation to share your personal information with us?
You are not under obligation to do so. However, keep in mind that in some cases, should you refuse to provide the requested information, CROSCO will not be able to enter into a contractual relationship with you or fulfil its legal or contractual obligations.
Data storage period
CROSCO will only store your personal information for as long as necessary to fulfil its legal or contractual obligation or legitimate interest, except in case your personal information is processed based on consent, when processing ceases at the moment that you withdraw your consent. You can withdraw your consent at any time by sending your request to:
– the email address email@example.com or the address CROSCO, naftni servisi, d.o.o., Lovinčićeva 4, 10 000 Zagreb, attn. Personal Information Protection Officer
We would like to underline that withdrawing your consent has no effect on the legality of information processing based on the consent prior to its withdrawal.
When your personal information is no longer needed for the fulfilment of above purposes, it will be destroyed, except in cases when continued storage is required by law.
Who is the recipient of your personal information?
CROSCO is under obligation to protect your personal information and will not disclose or make it available to third parties without your express consent, except:
- to service providers we hire as data processors for tasks related to the execution of contracts to which you are a party (such as accounting services, company TRS d.o.o.)
- to the authorities for purposes of activities from their scope (Tax Administration, Ministry of the Interior)
- when the information is requested by a court of law, relevant state attorney’s office, or other authorities in equivalent legal proceedings
- when CROSCO is obligated under the law to disclose the information.
What are your rights with respect to the processing of personal information?
Depending on the legal basis for processing, you may have the following rights:
- Right to request access to personal information relating to you, which means that you have the right to be informed about the scope of collected information, purpose of processing, category of personal information that is processed, recipients that the information is delivered to, and the period of storage
- Right to have incorrect personal information rectified and incomplete personal information amended, in which case we are under obligation to fulfil your request without unnecessary delay
- Right to object to the processing of personal information in case it is processed based on CROSCO’s legitimate interest
- Right to request deletion of information in cases when the purpose of processing has been fulfilled, when you have withdrawn your consent as the only basis for processing, when your privacy protection interest outweighs CROSCO’s legitimate interest in processing, when it is required for purposes of compliance with legal requirements that CROSCO is subject to, and in cases of any illegal processing. The right to have the information deleted is not an absolute right and does not apply, for instance, in cases when processing is necessary to exercise the right to the freedom of information and expression, compliance with legal requirements that CROSCO is subject to, establishment, realisation or defence of legal requests, and so on.
- Right to restrict the processing of information, for instance, in cases when you have disputed the accuracy of the information, for as long as it takes to verify its accuracy
- Right to transfer the information to another Data Controller if the processing is based on consent or execution of a contract to which you are a party, or if the processing is performed automatically and it would be technically feasible
- Right to submit an objection to a national supervisory authority, i.e. the Croatian Personal Data Protection Agency
Requesting access to personal information pertaining to you or requesting the rectification of your personal information
If you want access to your personal information or if you believe that irregularities occurred in the processing of personal information, please contact our Personal Information Protection Officer.
Objecting to the processing of personal information
If you believe that CROSCO has no legal grounds to process your personal information, you can submit an objection to the Personal Information Protection Officer at any time.
In this case, we will no longer process your personal information and we will not be able to provide our services to you or be in a business relationship with you.