Privacy policy
01 Introduction
This site is owned and operated by Croative Ltd, Banjol 759, Rab (“Croative”, “we”, “our” or “us”) and this Privacy Policy discloses how we collect data, what information we collect, why we collect it, how we use it, how long we store it for and procedures we have in place to safeguard your privacy. We are the data controller and are responsible for your personal data. It also means we are responsible for the processing which extends to those of our subcontractors who process your information based on our instructions.
We keep your personal data confidential and if you have questions about how we handle personal data, please let us know. The first point of contact for privacy aspects at our organization is the Data Protection Officer, who can be contacted via email: gdpr@croative.co or via phone: +385 97 667 1447.
You have the right to make a complaint to Croatian Personal Data Protection Agency (AZOP), the Croatian supervisory authority for data protection issues (https://azop.hr/).
This Privacy Policy should be read together with our Cookies Policy.
We reserve the right to make changes to this Privacy Policy (together with other related Croative GDPR documents), in accordance with the requirements and changes in European Union legislation or the General Data Protection Regulation.
This Privacy Policy was last updated on 9 October 2023 and the most recent version of the Privacy Policy can always be found on our website.
02 How we collect your personal data
Personal data refers to any information or pieces of information that could identify you either directly or indirectly from one or more identifiers or from factors specific to the individual.
We only collect information which is necessary, relevant and adequate for the purpose you are providing it for. This Privacy Policy relates to personal data we receive via:
Our website: https://croative.co
Our contact channels: where you provide or submit your personal information to us by our “Contact Us” form on our website or via email and/or phone
We may collect your personal data:
Directly from you when you interact with us directly, correspond with us or submit information to us by email, phone, on social media
Automatically when you access and browse our website, we collect information about your usage and activity on our website, using certain technologies, such as cookies
Information that is publicly available
Our website may include links to third-party websites, plug-ins and applications. Following those links or enabling those connections may allow third parties to collect or process data about you, but please be advised that we do not control these third-party websites and we are not responsible for their privacy practices, so we encourage you to read their privacy policies.
03 Personal data we collect
Croative processes personal data of:
Website visitors
Geo location, IP address and Cookies (more information about our Cookie Policy can be found here)
Job Candidates
Data collected by applying for an open job position or by sending an open application
Personal Information: name and surname, address, email, phone number
Professional Data: data from Cover Letter and CV/Resume (such as education and training information, previous employment etc.)
Potential Clients
Name and surname, email and/or phone number
Newsletter Subscriptions
Email address, cookies
04 Data retention
We will not retain your personal data for longer than necessary for the purposes set out in this Policy.
We will keep the data you’ve sent us via e-mail or registration at croative.co until you request its removal, or as required by law. You have the right to request to view, remove, or change your data by emailing hey@croative.co. If the request adheres to the privacy law requirements, we will take the applicable action.
05 Goals of and legal basis for processing
We rely on one or more of the legal grounds in order to process your personal data.
Depending on collected data, we process the personal data in order:
to comply with a legal obligation
to be able to implement and perform our services
to give you the information needed
for marketing purposes or messages about our services via newsletter
to enable us to be practical and efficient using cookies
to process a job application
All gathering of personal data is based on either:
1. consent of the person sharing the data;
2. the execution of a contract to which the data subject is party;
3. compliance with a legal obligation
4. the legitimate interest of Croative or a third party
5. the vital interest of the data subject or another person, or the public interest
We will not use the data for any purpose nor on any basis other than those listed above. If we need to process personal data for reasons other than those mentioned above, we will explicitly ask for your permission.
We also collect your information that you make available to us when you cooperate with us, or use our services, which are necessary for the execution of the contract), and we process them for the duration of our contractual relationship. This includes data necessary for the delivery of contracted services, and the issuance of invoices, data proving the authority to enter into a contract, and data collected during communication with us (e.g. contact information).
06 Social media
All data gathered through Croative’s social media which can be considered personal data pursuant to the GDPR is processed in accordance with this Privacy policy in a manner prescribed by law.
Specifically, Croative can be found on the following social media whose privacy policy is linked below:
Facebook, LinkedIn, Instagram, Youtube, Twitter.
07 Provision to third parties
In the context of the quality of our services, we can make use of the services of third parties which consist of our contractors and suppliers. In regard to data protection they have the role of processors or subprocessors, who process the personal data on the basis of our exact order. If these third parties have access to the personal data or they themselves record and/or otherwise process, we conclude a DPA with those third parties. This means, among other things, that these third parties may only process your personal data for the aforementioned purposes.
We use Google Analytics and Hotjar for internet analytics, reCAPTCHA Google service for protection from spam and abuse, and mailchimp for our newsletter, their privacy policies are linked here.
We will only process and store the personal data within the European Economic Area, unless otherwise agreed in a written contract. Exceptions to this are situations in which we want to map contact moments via our website. Your data will be stored by third parties outside the EU when using Google Analytics, Hotjar, mailchimp, and Google Privacy Policy and Terms of Service apply. We suggest that you read their privacy policies via the corresponding links.
In connection with the processing activities described in this Policy, your data may be transferred to and/or processed in countries outside of the EU and the European Economic Area (“EEA”). The US and other countries may have data protection laws that differ from the laws of your country. In these cases, we provide appropriate safeguards to protect your personal data pursuant to Article 45 and 46 of the GDPR. These safeguards include compliance with the European Commission’s standard contractual clauses for transfers of personal data and reliance on the appropriate legal framework.
08 Security
We have taken appropriate organizational and technical measures for the protection of the personal data, insofar as these can reasonably be required of us, taking into account the interest to be protected, the state of the technology and the costs of the relevant security measures:
our employees and any third parties who necessarily have access to the personal data are obliged to confidentiality
our employees have received a correct and complete instruction on the handling of personal data
our employees are sufficiently familiar with the responsibilities and obligations according to the GDPR
we do not tolerate situations that can bring Croative into violation of laws and regulations
If there is a data leak incident regarding the personal data concerned, we will notify you no later than 72h after we notice the data breach or have been informed about this by our subprocessors.
09 Automated decision making
Croative does not conduct any decision making process without human intervention, so-called automated decision making, that could have a significant impact on you.
10 Your rights
You have the right:
to access and right to be informed
to rectification and right to erasure
to restriction of processing personal data and right to object
to data transfer
not to be subject to a decision based solely on automated processing
These rights can be exercised by contacting our Data Protection Officer, via email or phone number stated below. Let us know what right you want to exercise and the information to which your request relates, and enough information to identify you. Please note that we may ask you to provide proof of identity when considering your request.
If this does not lead to a satisfactory outcome, then there is always the right to file a complaint with the Personal Data Protection Agency (in Croatia: AZOP); the supervisory authority in the area of privacy or any other supervisory authority in his/her habitual residence, place of work or place of the alleged infringement of the data subjects rights. If you have questions about how we handle personal data, please let us know and feel free to reach directly to our Data Protection Officer via email: gdpr@croative.co or via phone: +385 97 667 1447.