Excellent
5
out of 5 by
Google
Trusted by
50
Customers
Contact us

Privacy Policy

Trgovačko društvo FIVITO GRUPA d.o.o., with its registered office in Zagreb, Bernarda Bernardija 8, OIB: 34559757098 as the Data Controller, hereinafter: (“COMPANY”), in accordance with the principle of transparency and the provisions of the General Data Protection Regulation (GDPR), on 01.10.2024 adopts the following:

PERSONAL DATA PROTECTION RULES

  1. Introduction

The protection of personal data is of particular importance to the Company. The Privacy Policy aims to explain to you in a clear and simple way which personal data we collect, how long we keep it, why we collect it, who has access to your data, what rights you have and how you can exercise them. When we collect your personal data or when you share it with us, we use it in accordance with these Rules. You will be informed in a timely manner about any possible amendments or additions to the Rules, including through publication on the Company’s website.

  1. What is personal data?

“Personal data” is information that can be used to identify you directly (for example your name) or indirectly (for example through a pseudonym). In other words, personal data includes data such as email address / home address / mobile phone number / personal identification number (OIB) / financial data and similar. Personal data may also include numerical identifiers such as a computer IP address, mobile phone MAC address or cookies, provided that you can be identified based on this data.

  1. How and why do we collect personal data?

We most often collect data directly from you (for example when you contact us, purchase our product, submit a complaint), automatically (through the website) or from other sources (from publicly available sources such as open databases, external partners within the scope of the provided service). Our website is not intended for persons under the age of 16. We advise all parents and guardians to educate children on how to handle personal data on the internet safely and responsibly.

We use data only for lawful purposes, specifically:

a. For communication with you

We collect your data when you contact us through our web form or contact us by email. In that case we collect your personal data listed in the contact form or email (name and surname, email address, content of your inquiry). Personal data will be used exclusively for the purpose of responding to your inquiry or providing information related to your interest. The legal basis for processing personal data is our legitimate interest, and if your inquiry relates to your order, then the legal basis for processing personal data is the contract.

b. For the purpose of fulfilling contractual obligations

We also collect your data when purchasing products from our assortment through our web shop. Data marked with an asterisk (*) are necessary data required to complete your purchase and if they are not provided we will not be able to fulfill your order. Personal data is used for the purpose of processing your order and delivering the purchased product to the specified address. The legal basis for processing personal data in this case is the fulfillment of the contract (sales contract) in which you are the contracting party. We emphasize that we do not store bank card data when you purchase through the web shop and payment is carried out through the CORVUSPAY payment gateway. Please note that CORVUSPAY PAYMENT GATEWAY has its own privacy policy and we are neither competent nor responsible for it.

c. For the purpose of handling complaints

It is your legal right to submit a complaint and it is our legal obligation to inform you about the right to submit a complaint and to respond to it. Personal data contained in your written complaint (for example name and surname, address, information about the product or service you are not satisfied with) will be processed for the purpose of resolving the submitted complaint. The legal basis is our legal obligation as a trader to respond to a complaint submitted by a consumer.

d. For direct marketing purposes

If you want to learn about our products, news and promotions, we will process your personal data (name and surname, email address) if you subscribe to our newsletter for direct marketing purposes. The legal basis for processing personal data in this case is your consent. At any time you have the right to withdraw your consent and unsubscribe from the marketing mailing list via the link available in the email marketing message.

e. Prize contests

Sometimes we will process your personal data if you decide to participate in a prize contest organized by us. In order to participate in a prize contest, it is necessary to provide certain data (for example name and surname, address, answer to the prize question, date of birth) and if these are not provided your application will be considered invalid. Details about the processing of personal data in case of organizing a prize contest will be prescribed by special prize contest rules in accordance with the Law on Games of Chance and the Rulebook on Organizing Prize Contests.

f. Internal purposes of the Company

The Company may collect certain personal data for its internal purposes. For example, personal data collected automatically (browser data, IP address, location data, email, name and surname, address and order information) are processed for the purpose of protecting our website from cyber attacks and other threats. The legal basis for processing personal data is our legitimate interest – increasing the security of our website and preventing fraud. We also process certain data (data about purchased products, order details) for business analysis purposes based on our legitimate interest (improving our business operations).

g. Compliance with legal obligations

Certain personal data must be processed in order to fulfill legal obligations prescribed by applicable laws (for example Consumer Protection Act, tax and accounting regulations and similar).

  1. Web browsing

4.1. Cookies

Our website uses so-called cookies and similar technologies. The purpose of cookies is to ensure the proper functioning of the website and improve our service to make it more efficient. Cookies are small text files that may be stored on your computer and are used by your web browser. Information collected through cookies and similar technologies may include login data, login details, location, IP address, browser information, device information, visit duration, advertisements you browse, pages you visited and similar. Most cookies we use are so-called “session cookies” which are deleted when the browser session ends. There are also some persistent cookies that allow us to recognize you as a visitor. You have the right to disable cookies in the settings of your internet browser. More about cookies can be found in our Cookie policy.

4.2. Google Analytics

In order to provide better service and understand user needs we use the Google Analytics tool. Although Google records a large number of information such as geographic and demographic indicators, your data is protected and there is no way to personally identify users. Data about user IP addresses exists but it is protected and Google does not share IP address information.

4.3. Links to other websites

If you visit other websites through links contained on our website, please note that those websites have their own privacy policies and we recommend that you familiarize yourself with them.

4.4. Hotjar

Our website uses HOTJAR in order to improve user experience.

  1. With whom do we share your personal data?

Depending on the purpose for which the data is collected, we may share your data with third parties who help us provide digital services and e-commerce services, advertising agencies, marketing agencies, digital advertising and social media advertising partners, third parties necessary for product delivery such as postal or delivery services, third parties who help us provide technical support, payment service providers, legal representatives and similar. Personal data may also be disclosed as part of a business transaction such as a merger or asset sale, as well as to competent state authorities and public bodies.

  1. How long do we store your personal data?

We store and process your personal data only as long as necessary to fulfill a specific lawful purpose, unless applicable regulations prescribe a longer retention period for a particular purpose.

Criteria for determining the storage period include:

For what purpose personal data is collected

What is the legal basis for processing personal data

How long personal data is needed to fulfill the lawful purpose

Whether we are subject to a legal obligation to retain personal data (in that case we keep the data for the legally prescribed period)

  1. Security and storage of personal data

We store personal data within the European Economic Area. Personal data in digital form is stored within the Company’s facilities and IT systems and on servers of trusted partners located in Germany. We take all necessary organizational and technical measures to ensure that your personal data is secure and protected from loss, destruction, alteration, falsification, manipulation and/or unauthorized access. We undertake to notify you and the competent authority in case of a breach of your personal data. We take measures to ensure that data we collect and process is handled in accordance with these Rules and legal requirements. If we share personal data with third parties, we use appropriate legal and technical mechanisms to protect your personal data from breaches.

  1. Your rights

7.1. Right to withdraw consent

When the processing of personal data is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Consent can be withdrawn via the email address info@blueframe.agency or by clicking the link.

7.2. Right of access to personal data

You have the right to request confirmation of whether we process your data and if so, to access that data and receive information about the purpose of processing, categories of personal data, recipients or categories of recipients, the planned storage period or criteria used to determine it, the existence of rights and the existence of automated decision-making.

7.3. Right to correction of inaccurate or incomplete data and right to erasure

If your data is inaccurate and/or outdated you have the right to request correction. In certain cases you have the right to request deletion of your data, also known as the right to be forgotten. Note that the right to be forgotten is not absolute and in certain cases we may refuse your request.

7.4. Right to object to processing based on legitimate interests of the Data Controller

You may object to data processing at any time when the processing is based on legitimate interests. After submitting the objection we may no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the data is processed for the establishment, exercise or defense of legal claims.

7.5. Right to information and data portability

We are obliged to process your personal data transparently and clearly and you have the right to receive easily understandable information about how we use your data. For this purpose we have published these Rules in order to explain in a simple and transparent way which data we collect and why. You also have the right to transfer data from our database to another Data Controller. This right applies only to data you provided to us based on a contract or consent and if the processing is carried out by automated means.

7.6. Right to lodge a complaint with the competent authority

You have the fundamental right to submit a complaint to the supervisory authority, the Personal Data Protection Agency, if you believe that your personal data has been violated. You are also free to contact us if you believe that we are violating your rights in any way.

7.7. Right to restriction

You have the right to request restriction of the processing of your data if
A/ you contest the accuracy of personal data for a period enabling the Data Controller to verify the accuracy of the data,
B/ we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims,
C/ you have objected to processing based on legitimate interests during the period in which it is determined whether the legitimate interests of the controller override your rights,
D/ the processing is unlawful but you oppose the deletion of the data and instead request restriction.

7.8. Exercising your rights

You may exercise your rights by submitting a request via the email address info@blueframe.agency or by mail to the Company’s address Bernarda Bernardija 8, Zagreb. In order to process your request we may request verification of your identity.

  1. Conclusion

Under no circumstances will we misuse your personal data

When processing we act in accordance with the law and the General Data Protection Regulation

We process data only for a specific and lawful purpose

We respect your rights

If you have questions about how we handle your personal data or if you would like to exercise your rights described in point 6 of these Rules, contact us at info@blueframe.agency or by mail at the Company’s registered address Bernarda Bernardija 8, Zagreb.