JADRANKA d.o.o., having its registered office in Mali Lošinj, Dražica 1, PIN: 70741052040 (“JADRANKA”), respects the privacy of all persons whose personal data it collects. Privacy protection is one of the core principles of our operations. The purpose of this Privacy Policy is to inform you about and explain more specifically the types of personal data JADRANKA collects as a controller and for what purpose, the manner in which we protect personal data, and the rights you have in that regard.
CONTENTS:
GENERAL SECTION
- DATA CONTROLLER AND REGULATORY FRAMEWORK
- SCOPE OF APPLICATION
- DATA PROTECTION OFFICER
- PERSONAL DATA PROTECTION PRINCIPLES
- LAWFULNESS OF PERSONAL DATA PROCESSING
- TYPES OF PERSONAL DATA PROCESSED
- TRANSFERRING DATA TO THIRD PARTIES
- DATA RETENTION PERIOD
- DATA SUBJECT RIGHTS
- PROTECTION OF PERSONAL DATA OF CHILDREN
- SOURCES OF PERSONAL DATA
- TECHNICAL AND ORGANIZATIONAL DATA PROTECTION MEASURES
- ACTIONS TAKEN IN THE EVENT OF A PERSONAL DATA BREACH
SPECIAL SECTION
- JOB APPLICANTS AND EMPLOYEES
- STAFF SELECTION
- EMPLOYMENT RELATIONSHIP AND OTHER COMPARABLE RELATIONSHIPS
- BUSINESS PARTNERS
- RADIO MALI LOŠINJ - RADIO JADRANKA
- RETENTION PERIOD
- PUBLIC NOTICES
- VIDEO SURVEILLANCE
- WEBSITES, COOKIES, AND INTERNET TECHNOLOGIES
- FINAL PROVISIONS
General Section - Basic Information
Controller and Regulatory Framework
In its role as a controller, JADRANKA undertakes to protect your personal data. We collect, process and store your personal data pursuant to the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, i.e. the General Data Protection Regulation – GDPR (“Regulation”), the Act on the Implementation of the General Data Protection Regulation (Official Gazette, 42/2018), and other relevant regulations applicable in the Republic of Croatia.
Scope of Application
This Policy applies to all circumstances in which JADRANKA processes personal data as a controller unless defined otherwise for specific processing situations in some other policy or document of JADRANKA. In any case, the core personal data processing principles, the contact details of the Data Protection Officer, and other provisions laid down in the General Section of this Policy apply, without exception, to all circumstances in which we process personal data, regardless of whether such processing is specifically covered by the Special Section of this Policy or not. In the Special Section of this Policy, we describe in more detail certain specific situations in which we process data, which account for the vast majority of the processing activities performed by JADRANKA.
Data Protection Officer
JADRANKA has appointed a Data Protection Officer (“DPO”). If you have any questions with regard to personal data protection or you wish to exercise any of the rights guaranteed to you under the Regulation, you can contact our DPO by e-mail at the following e-mail address: dpo@jadranka.hr, or by mail at the following postal address: JADRANKA d.o.o., n/p DPO, Dražica 1, 51550 Mali Lošinj, Republika Hrvatska.
All requests delivered to the address of our DPO which do not concern personal data protection, such as job applications, letters of inquiry for reservation of accommodation at our facilities, and similar, will be forwarded directly to the competent business divisions, sectors, and/or departments of JADRANKA GROUP. In such cases, the DPO will not provide a special answer to the sender.
Personal Data Protection Principles
JADRANKA regards the principles of data processing as core values that must be adhered to in all stages of personal data processing, i.e. from the time the data are collected until the moment they are destroyed or erased, or until the processing is discontinued for some other reason. JADRANKA processes data:
- lawfully - the processing is considered possible if and to the extent, it is permitted by law;
- fairly - taking into account the specific circumstances of each individual relationship, implementing all appropriate safeguards to ensure the protection of personal data and privacy in general, and allowing the data subjects to exercise their rights;
- transparently - data subjects are informed about the processing of their personal data; more precisely, they are informed about all aspects of data processing at the time the data are collected and are ensured simple and quick access to their data throughout the period during which their data are processed, including the possibility of checking the relevant data and receiving a copy of the same pursuant to the provisions of the Regulation; access to certain information may be restricted, but only if such restriction is prescribed by law or if necessary for the purpose of protecting third parties;
- ensuring purpose limitation - personal data are processed only for the purpose for which they have been collected; they may be processed for other purposes as well, but only if the conditions defined in the Regulation are met; more precisely, to process data for other (related) purposes, the following must be considered: (a) any link between the purposes for which the personal data have been collected and the purposes of the intended further processing; (b) the context in which the personal data have been collected, in particular regarding the relationship between the data subjects and JADRANKA; (c) the nature of the personal data, in particular whether special categories of personal data are processed, pursuant to Article 9 of the Regulation, or whether personal data related to criminal convictions and offenses are processed, pursuant to Article 10 of the Regulation; (d) the possible consequences of the intended further processing for data subjects; and (e) the existence of appropriate safeguards;
- ensuring storage limitation - the data are kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; they may be kept for longer periods, but only if permitted by the Regulation;
- ensuring data minimization - only such data which are adequate, relevant, and limited to what is necessary are processed; in particular, we are very careful not to collect any data in respect of which no justification for processing exists;
- ensuring accuracy - we take reasonable steps to ensure that the data are accurate and kept up to date and that all inaccurate data are erased or rectified;
- ensuring integrity and confidentiality - we ensure appropriate security of the personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures; the relevant measures are applied to take into consideration the risks associated with different types of data processing.
The Lawfulness of Personal Data Processing
In order to ensure the lawfulness of personal data processing, JADRANKA processes personal data only if and to the extent that one of the following applies:- the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; this is the most frequent purpose for which the data concerning data subjects are processed; this type of processing rests on the grounds of an existing or potential contractual relationship;
- the processing is necessary for compliance with a legal obligation to which the controller is subject; as a legal entity, JADRANKA is subject to a number of obligations prescribed by various regulations; this particular obligation refers primarily to the collection of data, but very often also includes submission of data to state authorities;
- the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, taking into consideration the reasonable expectations of the data subject based on his or her relationship with the controller, in particular where the data subject is a child; in cases where it relies on this legal basis, JADRANKA assesses whether the processing is appropriate considering the business needs, takes steps to minimize invasiveness as well as makes sure that the interests of the data subject do not override the legitimate interests of JADRANKA or some third party; the purposes for which this type of processing may be performed include, for example, administrative purposes, computer network security protection, direct marketing, operational improvements; data subjects have the right to object to the processing of their data in any of the mentioned circumstances;
- the processing is necessary in order to protect the vital interests of the data subject or of another natural person; the right to personal data protection is not an absolute right; JADRANKA regards that right as equal to other fundamental rights and applies the principle of proportionality in the determination of the same; JADRANKA accepts the possibility that, in certain situations, it may be necessary to process personal data to protect the vital interests of the data subject or of another natural person;
- the data subject has consented to the processing of his/her personal data for one or more special purposes; in cases where it processes personal data relying on consent, JADRANKA takes steps to ensure that such cases refer to situations in which the act giving, refusing to give or withdrawing consent does not produce any, formal or informal, consequences; where the processing is based on consent, the data subject has the right to withdraw his/her consent at any time without negative consequences; such withdrawal will not affect the lawfulness of the processing based on consent before its withdrawal.
In exceptional cases, JADRANKA may process certain data it would not ordinarily process, e.g. it may collect information for the purpose of implementing a recommendation issued by the Croatian Institute of Public Health (“HZJZ”) in the event of epidemics and similar situations and/or circumstances.
Type of Personal Data Processed
Special Categories of Personal Data: JADRANKA will process special categories of personal data only in the circumstances defined in Article 9 of the Regulation. More specifically, we may process certain employee data that belong to special categories of personal data, e.g. trade union membership data (for the purpose of exercising special rights under relevant regulations, for example), information regarding religious or philosophical beliefs (for the purpose of exercising the right to additional non-working days on religious holidays, for example, provided however that the relevant person voluntarily discloses such information for the said purpose), or certain data concerning health (for the purpose of complying with special safety-at-work regulations or maintaining an employee register, for example, or in situations where special health certificates are required for specific jobs, and similar).
Data Concerning Criminal Convictions and Offenses: if and to the extent permitted by law, JADRANKA may also process personal data concerning criminal convictions and offenses, e.g. employee non-conviction certificates.
Personal data that do not belong to either of the two previously mentioned groups: in fact account for the largest part of the data that we process, including primarily identification and contact details, e.g. first and last name, PIN, and the data created when the data subjects move within the facilities or on the premises under video surveillance.
Most of the personal data collected by JADRANKA are obtained directly from data subjects. We therefore kindly ask that you do not provide any ‘sensitive data’ (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, bank/credit/debit card numbers or account numbers, were not requested, and similar), unless the provision of such data is necessary. If you intend to provide sensitive data, for any reason, please be advised that by doing so you give your explicit consent to the collection and use of such data in the ways described in this Privacy Statement/Policy, or in the manner described at the time such data are disclosed.
Transferring Data to Third Parties
JADRANKA shares personal data with others only if and to the extent permitted by law.
For the purpose of complying with its statutory obligations, JADRANKA transfers certain data to third parties, e.g. it submits guest data into the eVisitor system and sends the relevant employee data to the competent institutions, including the Croatian Pension Insurance Institute (“HZMO”), the Croatian Health Insurance Fund (“HZZO”), the Tax Administration, the Central Registry of Affiliates (“REGOS”), and pension companies. There are also situations in which JADRANKA is required to submit or make particular data available for inspection by different institutions and authorities. In that context, we may occasionally submit employment-related data to the Croatian Employment Service, e.g. for the purpose of registering our employees for participation in Active Labor Market Policy measures; to the competent Police Department or the Ministry of Internal Affairs, e.g. if senior state officials stay at our facilities, or if required in connection with the issuance of work permits; to the Ministry of Tourism when offering employment to scholarship recipients; to the Ministry of Economy and Entrepreneurship in connection with the use of investment subsidies; as well as to insurance companies; banks; and others, in situations prescribed by the regulations.
Certain employee data are also transferred to banks and pension funds for the purposes of the payroll process, and certain data may be transferred to creditors in accordance with enforcement regulations. Sometimes we share data in accordance with contractual obligations. For example, when pupils attend practical training at our facilities, we exchange data with the relevant schools and faculties; or when our employees participate in events organized by different schools (e.g. Gastro and similar), we share the relevant employee data with such schools.
Furthermore, we share certain personal data with business entities for the purpose of arranging specific services, e.g. medical examinations for employees (contracted occupational medicine service provider); institutions organizing statutorily required education and training (e.g. Safety at Work, Minimum Hygiene Requirements, Toxicology); organizers of other types of educational activities attended by employees of JADRANKA for registration purposes; hotel and other accommodation facilities where the relevant employees are accommodated while attending such activities; audit companies conducting the statutory audit; notaries public when certification is required; the Financial Agency for the purpose of obtaining business certificates; entities subject to public procurement regulations when responding to public tenders (as a bidder); as well as for the purpose of assigning and using company cards, mobile devices, or purchasing fuel.
We may also transfer data to other business entities, that act as data processors, i.e. those that process data in the name of JADRANKA, as the data controller. We are primarily referring to business associates of JADRANKA that provide IT services. They keep the relevant personal data in their databases or have the possibility of accessing them during the period in which they are processed. We enter into written agreements with such entities for the purpose of regulating their authorizations and obligations with regard to the processing of personal data, in accordance with the requirements laid down in the Regulation.
There are certain situations in which external entities determine the purposes and means of processing jointly with JADRANKA. In those situations, such external entities and JADRANKA act as joint controllers. For the purpose of regulating such relationship, joint controllers determine in a transparent manner their respective responsibilities for compliance with the obligations arising from the Regulation, in particular as regards the exercising of data subject rights and their respective duties with regard to ensuring transparency of processing, unless their responsibilities are defined by law.
Where the processing involves a transfer of personal data to third countries, JADRANKA will ensure that high standards of protection are applied in order to guarantee the highest possible level of personal data protection, in accordance with the rigorous requirements laid down in the Regulation. To be more precise, if it intends to make an international transfer of personal data, JADRANKA will inform the data subject of its intention to transfer his or her personal data to a third country or an international organization as well as of the existence or non-existence of an adequacy decision issued in that regard by the European Commission. Any transfer of personal data to a third country must be performed in accordance with Chapter V of the Regulation.
Data Retention Period
The data relating to data subjects will be processed and stored during the period defined in the relevant statutory regulations if the obligation to store such data is prescribed by law (e.g. the records on the basis of which invoices are issued are kept for 11 years). In situations where JADRANKA is authorized to determine the retention periods at its sole discretion, the data will be stored for as long as necessary depending on the purpose of processing, the legitimate interests of JADRANKA, and the interests of data subjects regarding erasure.
Data Subject Rights
Regardless of the basis for collecting data, data subjects can exercise the following rights free of charge, within the limits prescribed by the Regulation:
Right to Obtain Information: the data subject has the right to obtain information about the processing and the purposes of the processing. JADRANKA takes care that the data subject is provided all the information necessary to ensure a fair and transparent processing, taking into account the context of such processing.
Right to Erasure (“right to be forgotten”): the data subject has the right to request from JADRANKA that the personal data concerning him or her be erased without undue delay in accordance with the conditions laid down in the Regulation. To exercise this right, data subjects must send a written request to JADRANKA, the data controller. Requests can also be sent by electronic means. In your request, you should specify exactly which data you want us to erase considering that your data can be kept relying on different legal bases, e.g. a data subject can at the same time be our guest and a job applicant. You can request that the personal data concerning you be erased if one of the following applies:- your personal data are no longer necessary in relation to the purposes for which we have collected or otherwise processed them,
- you have withdrawn your consent on which the processing is based and there is no other legal ground for the processing,
- you have objected to the processing of your personal data and we have no overriding legitimate grounds for the processing,
- the personal data have been unlawfully processed,
- the personal data have to be erased to comply with a legal obligation.
Right to Access Data: at the request of the data subject, JADRANKA will confirm whether or not personal data concerning him or her are being processed and, if they are, we will ensure access to the relevant personal data and the purpose(s) of processing, the categories of personal data concerned, the potential recipients to whom the personal data will be disclosed, and other data in accordance with the requirements prescribed by the Regulation. The data subject has the right to receive a copy of the personal data undergoing processing. Access to personal data may be restricted only in cases defined by the law, or where such restriction does not adversely affect the fundamental rights and freedoms of others.
Right to Rectification: the data subject has the right to request from JADRANKA that the personal data concerning him or her which are inaccurate be rectified without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed. To exercise this right, data subjects must send a written request to JADRANKA, the data controller. Requests can also be sent by electronic means. In your request, you should specify exactly which data are inaccurate, incomplete, or out-of-date and in what sense they should be rectified, as well as provide the necessary documents to corroborate your statements.
Right to Data Portability: the data subject has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format in accordance with the requirements laid down in the Regulation.
Right to Object to the Processing: where JADRANKA processes data based on its legitimate interests which override those of the data subject, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her.
Right to Restriction of Processing: the data subject has the right to request from JADRANKA that the processing of their personal data be restricted if he or she contests the accuracy of the personal data; if he or she believes that the processing is unlawful and opposes the erasure of the personal data and requests the restriction of their use instead; or if he or she has objected to the processing, pending the verification whether legitimate grounds of the controller override his or hers.
In any case, data subjects may also:
- file a complaint with the Data Protection Officer (DPO), or
- lodge a complaint with the supervisory authority (i.e. Personal Data Protection Agency) if they believe that their data protection rights have been violated.
Written requests should be sent to the contact address of our Data Protection Officer: dpo@jadranka.hr, or by mail to our postal address: JADRANKA d.o.o., n/p DPO, Dražica 1, 51550 Mali Lošinj, Republika Hrvatska.
JADRANKA has the right to protect its own interests as the controller and has the obligation to protect the interests of the data subjects. It may therefore perform certain activities for the purpose of verifying the identity of the person submitting the request.
Furthermore, JADRANKA may design a request form to ensure that requests are handled in the most efficient way possible.
At request, JADRANKA will provide information about the actions taken with regard to the exercise of data subject rights without undue delay and, in any case, within 30 (thirty) days from the date of receipt of the request. This period may, if necessary, be extended for additional two months, depending on the complexity and number of requests received. JADRANKA will inform the data subject of such extension within 30 (thirty) days from the date of receipt of the request, along with the reasons for the delay.
If the data subject submits his or her request by electronic means, JADRANKA will whenever possible, provide its answer in the same manner, unless the data subject requests otherwise.
Actions taken in an effort to honor a data subject request are generally free of charge. However, where requests received from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, JADRANKA may either charge a reasonable fee taking into account the administrative costs or refuse to act on the request.
Protection of Personal Data of Children
JADRANKA advises parents and guardians, or other relevant legal representatives, to teach children/minors (persons under 18) how to use their personal data safely and responsibly, in particular on the Internet. We will process the personal data which concerns children/minors only if we obtain the prior consent of their parent/guardian (for example, we may process the personal data relating to scholarship recipients, etc.).
Sources of Personal Data
In most cases, JADRANKA obtains personal data directly from data subjects. When providing personal data to JADRANKA for whatever purpose (applying for a job, etc.), you guarantee that the information is accurate, that you are legally capable and authorized to use the relevant information, and that you fully agree and accept that we may collect and use your data in accordance with the applicable statutory regulations and the conditions defined in this Privacy Policy.
In some cases, JADRANKA may obtain personal data from other natural and legal persons as well. More precisely, we may obtain personal data from employment intermediation and staffing agencies. When providing personal data which concern other persons to JADRANKA, you guarantee that the information is accurate, that you are legally capable and authorized to use the relevant information, and that the data subjects whose personal data you are providing fully agree and accept that we may collect and use their data in accordance with the applicable statutory regulations and the conditions defined in this Privacy Policy.
Technical and Organizational Data Protection Measures
JADRANKA, as the controller, takes care that the highest technical and organizational data protection standards are applied. Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons posed by the processing, JADRANKA implements appropriate technical and organizational measures, both at the time of the determination of the means for processing and at the time of the processing itself, to ensure effective application of the data protection principles.
In addition, JADRANKA applies appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed. We apply the relevant measures to the amount of personal data collected, the extent of their processing, the period of their storage, and their accessibility. In particular, such measures are applied to ensure that personal data are not made accessible by default, i.e. without the individual's intervention, to an indefinite number of natural persons.
Actions Taken in the Event of a Personal Data Breach
JADRANKA, as the controller, will assume the obligation to notify the competent supervisory authority in the case of a personal data breach without undue delay and, where feasible, no later than 72 (seventy-two) hours after becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The notification sent to the supervisory body must contain all information defined in the Regulation.
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, JADRANKA, as the controller, will communicate the personal data breach to the data subject without undue delay. In particular cases prescribed by the Regulation, communication to the data subject will not be required.
Special Section
Job Applicants and Employees
JADRANKA employs a large number of natural persons. This chapter of the Privacy Policy regulates the protection of personal data in the processes associated with employment, development and education performed at JADRANKA. The data subjects therefore primarily refer to our existing and former employees, job applicants, persons attending practical training (i.e. pupils), persons attending a professional development program, students working on the basis of the so-called ‘student employment contract’, scholarship recipients and other persons whose data we process in connection with labor and related relations.
As data processor, the company JADRANKA TURIZAM d.o.o. carries out activities related to selection, employment, training, employment termination, occupational health and safety, as well as all other employment-related activities for JADRANKA as data controller, and the two have mutually entered into a relevant agreement.
In the context of employment, JADRANKA processes data for the following purposes:- staff selection, which includes collection and further processing of the relevant job application and supporting documents, testing and evaluation, gathering and analysis of applicant data from publicly available sources, including the applicant data publicly disclosed by the applicant himself or herself, if relevant in terms of the risk associated with a specific position;
- reputation risk mitigation, which includes collection and analysis of information concerning employees and persons who are in a relationship with JADRANKA which is comparable to an employment relationship from publicly available sources, including such which is publicly disclosed by the data subject himself or herself, if relevant in terms of the risk associated with a specific position;
- contract conclusion, i.e. the data are processed for the purpose of concluding an employment contract, a service contract, a student employment contract, a contract with regard to participation in practical or occupational training, a scholarship contract with persons who are not in an employment relationship with JADRANKA, or in any other comparable relationship;
- exercising financial and other rights, in which case the processing of data is necessary for the purpose of exercising financial and other rights of employees, persons in a comparable relationship and other persons (e.g. children, spouses or insurance beneficiaries), e.g. the right to participate in the Active Labor Market Policy measures (i.e. Permanent Seasonal Worker, and other), or certain additional rights defined in the collective contract of JADRANKA in case of special circumstances (e.g. the birth of a child), etc.;
- contract performance, in which case the processing of data is necessary for the purpose of ensuring contract performance on the part of the data subject, including the performance of work duties, the associated monitoring, and all the relevant measures ensuring the performance of work duties;
- registration of stay, in which case the processing of data is necessary when the data subjects are accommodated in private facilities intended for workers for the purpose of registering their stay with the competent authorities;
- performance management, which includes the collection and processing of information concerning the achievement of predefined goals, timely achievement of goals, additional analyses performed for the purpose of defining future goals, managing human resources, and determining the amount of remuneration, as well as concerning other relevant measures;
- remuneration, which includes the processing of data associated with employee remuneration, i.e. payment of the fixed and variable parts of remuneration, and in certain situations the processing of data concerning the breaches of ethical and other internal rules, the data from the performance management system, the data concerning education and training program attendance, and any other relevant data;
- education and training, which includes the processing of data performed for the purpose of ensuring education and training to persons working under the management of JADRANKA, the processing of data performed in connection with knowledge testing and the preparatory activities associated with the application and registration of data subjects for participation in such programs, the processing of data for the purpose of analyzing the acquired knowledge and the processing of other information relevant in terms of organization and implementation of education and training programs, and further actions following program completion;
- drafting employee reports, which includes the drafting of reports for the purpose of complying with the statutory obligations of JADRANKA, for the purpose of exercising certain rights, for the purpose of fulfilling our obligations in cases where certain additional employee benefits, budgets, etc. are allocated and claimed;
- provision of information, which includes the collection and processing of data for the purpose of providing quality and timely information to applicants about job openings and active application processes, i.e. career opportunities at JADRANKA; collection and processing of data for the purpose of providing quality and timely information to all employees of JADRANKA about the newly introduced changes or special notices relevant in the context of exercising the rights arising from the employment relationship or other important notices issued in connection with the general developments and activities performed within JADRANKA in the context of exercising the rights arising from the employment relationship or some other comparable relationship; for this purpose and with the aim of ensuring quick and efficient provision of information, the relevant information is delivered over the phone and/or to the official e-mail address(es) of employees or their private e-mail address(es) if they have consented to the use of the same for that purpose; furthermore, JADRANKA may offer to its employees the possibility of using certain applications providing various information and news about JADRANKA and other companies within the JADRANKA GROUP and/or its partners, which the employees voluntarily install on their mobile devices;
- protection of people and property, which includes the monitoring of entrances/exits from business premises; the use of official mobile devices, computer equipment, the Internet and phone connections, vehicles; the offices and other property of JADRANKA; and access to the property of guests as prescribed by internal acts;
- termination of employment, which includes the processing of data for the purpose of terminating the employment relationship or some other comparable relationship, and for the purpose of complying with the relevant statutory and contractual obligations;
- ethical conduct monitoring, which includes the processing of data used in the context of any procedure performed for the purpose of assessing compliance with the regulations concerning ethical conduct and protection of dignity, or actions taken as part of other disciplinary procedures, regardless of whether the data subject is the person who has been reported or the person who has reported someone else;
- safety at work, in which case the processing of data may be necessary for the purpose of complying with special safety-at-work regulations, including the alcohol blood test and testing for other addictive substances in accordance with the applicable regulations.
In addition to the purposes listed above, we may also process personal data for other specific purposes. In any case, such processing will be performed only if and to the extent permitted by law, or for as long as necessary for exercising the rights and obligations arising from or in connection with the employment relationship, or any other comparable relationship.
The JADRANKA database contains information about existing and former employees, job applicants, persons attending practical training (i.e. pupils) and persons attending a professional development program, students employed on the basis of the so-called ‘student employment contract’, scholarship recipients, and other persons whose data are processed in the context of labor and related relations are maintained in special applications. We have entered into appropriate arrangements with the entities responsible for maintenance and support of such applications, in particular regarding their role as processors.
Staff Selection
As a potential employer, JADRANKA collects, processes, and stores information concerning the persons applying for positions at JADRANKA. We keep the relevant data in the applicant database relying on the fact that they have provided such data voluntarily:- by completing an online application form that serves as a CV of a sort,
- by applying via e-mail,
- by visiting our Human Resources Sector and completing the relevant application forms,
- or in some other manner.
JADRANKA may also obtain applicant data indirectly, i.e. from local and foreign employment agencies. In such cases, the relevant agencies are required to inform the applicants that their personal data will be processed by JADRANKA.
The applicants can send their applications in the form of:- open applications, in which case applicant data will be stored and processed for the purpose of contacting the applicants in connection with employment during a period of 10 (ten) years relying on the legitimate interest of JADRANKA;
- applications for specific jobs, in which case the application process has a defined deadline, and the applicant data are stored and processed during the application process and for a period of 5 months following its completion for the purpose of contacting the applicant in connection with the position for which he or she has applied; applications of this kind are archived for a period of 10 (ten) years; during that period, JADRANKA may also contact the applicant, relying on its legitimate interest, in the case of some other job opens for which he or she has the necessary qualifications and meets all other requirements.
In the case of both, open applications and applications for specific jobs with a defined deadline, applicant data that are processed on the basis of a special consent will continue to be processed for the purpose of contacting the applicant in connection with employment until he or she withdraws such consent.
JADRANKA relies on its legitimate interest as the legal basis for using the provided e-mail addresses as well as all other contact details for the purpose of contacting the applicants in connection with employment. For example, we may send an automatic reply to applicants who have applied for a position with us to inform them that their application has been received and that the applicants whose qualifications and experience match the requirements of specific jobs will be contacted. We may also deliver a message to the provided phone number informing the applicants of the proposed job interview time, the documents required for the purpose of establishing an employment relationship, and similar. In addition, JADRANKA has a legitimate interest to contact, in the previously described ways, the persons who have previously performed temporary positions for the company, mainly seasonal jobs, in connection with employment in the upcoming seasons.
The personal data which are stored are generally obtained directly from applicants. However, relying on its legitimate interest to ensure that only the finest applicants are selected, JADRANKA may also create certain personal data based on the activities performed in the process of recruitment, e.g. a record of results of job interviews, tests and evaluations, and may also collect personal data from third parties, primarily for the purpose of verifying the data obtained during the recruitment process by contacting the relevant third parties (e.g. employment agencies, education and training providers), or using various publicly available sources.
Employment Relationship and Other Comparable Relationships
As an employer, JADRANKA collects, processes and keeps all employee-related data in an electronic employee database created and maintained in an IT application and in the physical employee files. The types of employee data that are collected are defined in the Ordinance on the Content and Manner of Keeping Employee Records published by the Ministry of Labor and Pension System.
In general, the data required for establishing an employment relationship include: a copy of the worker’s ID card; a copy of the worker’s current account or payment instructions obtained from the bank; a copy of the worker’s protected account (if opened); a certificate of non-conviction; the worker’s PIN; proof of professional qualifications (i.e. a copy of the worker’s high school or university diploma); the worker’s e-employment record, i.e. a certificate of years of pensionable service (which can be obtained from the Croatian Pension Insurance Fund or via the e-Citizen service); the worker’s electronic tax card, i.e. the so-called “PK form” (which can be obtained from the Tax Administration or via the e-Citizen service; the persons who are being employed for the first time, i.e. those who do not already have a tax card, must go to the competent Tax Authority and open it); birth certificates for children under 15. In addition to the previously stated information, third-country citizens (i.e. persons who are not citizens of the states that belong to the European Economic Area (“EEA”), which includes the European Union, the Monarchy of Lichtenstein, the Kingdom of Norway, and the Republic of Iceland), or the Swiss Confederation, who are either citizens of a third country or stateless persons) will generally be requested to provide the following additional data for the purpose of employment: a copy of their passport; the name of their father and/or mother; and their date and place of birth.
In general, the data required to conclude an employment contract with pupils and students include the following: a certificate issued by the school/university confirming the status of the relevant person as a pupil/student in the relevant academic year or a copy of the student’s record book confirming enrolment in the current academic year; a copy of his or her ID card; a certificate of payment of the Student Center membership fee (not required in the case of all student centers); a certificate confirming that a gyro account has been opened with a bank (issued by that bank) and the relevant account number; a photo or a copy of the student’s x-card; PIN.
Besides the information stated above, JADRANKA may also keep in its employee files other information collected during the recruitment process or the employment relationship, which are defined in the relevant company regulations (e.g. data concerning rewards, warnings, reminders, confirmations, certificates, and similar).
All employee data are kept in our employee database, starting from the date on which the employment relationship is established, and are regularly updated until the termination of the employment relationship. They are treated as records of permanent value in accordance with the relevant regulations.
In our database, we also store the data concerning persons who are in a business relationship with us which is comparable to an employment relationship and the data concerning persons attending practical training or a professional development program at our facilities. We keep such data from the beginning of the relevant program and regularly update them until the program ends, all in accordance with the relevant regulations. Pupils attending practical training at our facilities represent a special case as they may be minors. We treat them with special attention and take special care to ensure that their data are collected and stored pursuant to special regulations, subject to permission from both the school and the parents.
With regard to the manner and period for which they are stored, the data concerning employee salaries and payrolls are governed by special regulations. In any case, all employees of JADRANKA and all other persons with whom JADRANKA maintains a business relationship comparable to an employment relationship, and persons attending practical training or a professional development program at our facilities enjoy all data subject rights.
Business Partners
In our operations, we also process information concerning our existing or potential business partners, including:- natural persons who are, who could become or who used to be business partners of JADRANKA, e.g. sole traders, independent professionals (e.g. attorneys, medical doctors, etc.), persons hired on the basis of service contracts (e.g. singers, painters, photographers, and similar), and other natural persons with a status of an entrepreneur; and
- natural persons who, in the context of a particular segment of operations, represent legal entities with which JADRANKA has, could have or used to have a business relationship (e.g. persons executing deliveries in the name of their employers (trade companies); persons to whom invoices for their employers (legal entities) are sent; persons signing contracts on behalf of a trading company represented by persons executing the handover on behalf of the relevant trade company; persons who organize congresses in the name of their legal entities, and similar).
- contract conclusion, in which case the data are processed for the purpose of concluding a contract in connection with any segment of operations of JADRANKA (e.g. for the purpose of sending inquiries, special offers, requesting information concerning contract signatories, sending tender documents for the legal entities represented by the data subjects, and similar);
- contract performance, in which case the processing is necessary for the purpose of performing a contract, including the fulfillment of contractual obligations, the associated monitoring activities, and the measures required to ensure execution of obligations (e.g. in connection with defining the time and place of delivery of equipment in accordance with the contract; or defining the location to which invoices will be sent, etc.);
- provision of information, which includes the collection and processing of data for the purpose of ensuring quality and timely provision of information.
In addition to the purposes listed above, we may also process personal data for other specific purposes. In any case, such processing will be performed only if and to the extent permitted by law, or if necessary for exercising the rights and obligations arising from a business relationship.
In the context of business relationships, we collect the following data subject information:- first and last name,
- e-mail,
- phone number,
- the function performed within the legal entity which the data subject represents (e.g. a sales representative, an administrative secretary, and similar),
- profession, if the data subject is a natural person with whom a contractual relationship is established (e.g. singer, painter, photographer, attorney, medical doctor, etc.),
- in certain cases, letters of recommendation and CVs (e.g. for consultants),
- details provided in blank promissory notes, promissory notes and bills of exchange,
- bank account no. (IBAN), if the business partner is a natural person with whom a contractual relationship is established,
- other information depending on the nature of the business relationship.
- expressions of interest in establishing a business relationship received from data subjects,
- business correspondence associated with a particular former or current business relationship (e.g. correspondence conducted for the purpose of contract performance),
- publicly disclosed information (e.g. information entered in the court register, published on the website of business partners, in magazines, bulletins, and similar).
In addition to the mentioned types of personal data and ways in which they can be obtained, we may also process personal data for other specific purposes. In any case, such processing will be performed only if and to the extent permitted by law, or if necessary for exercising the rights and obligations arising from a business relationship.
Radio Mali Lošinj - Radio Jadranka
As part of JADRANKA d.o.o., Radio Mali Lošinj - Radio Jadranka is dedicated to the protection of the personal data of its listeners, users and business partners. In accordance with the General Data Processing Regulation (GDPR) and the relevant national legislation, all necessary measures are taken to ensure the security and confidentiality of personal data.
Personal Data Collection and Processing
Radio Jadranka collects and processes personal data exclusively for the explicitly listed and legitimate purposes, including:- Communication with listeners: data is collected for the purpose of participating in contests, surveys or sending comments and questions.
- Marketing activities: with consent, personal data may be used for the purpose of communicating information on broadcasts, events and promotions.
- Business cooperation: business partner data is collected and processes for the purpose of entering into or performing an agreement.
Types of personal data
Personal data which may be collected include, but is not limited to:- name and surname,
- contact information (address, telephone number, e-mail),
- demographic data (age, sex),
- interests and preferences.
We take adequate technical and organisational measures for the protection of personal data against unauthorised access, loss, misuse or destruction. Systems are protected using the latest security protocols and the access to personal data is exclusively limited to the employees who need such data to perform their duties.
Radio Jadranka undertakes to regularly update and improve its privacy practices in order to ensure maximum personal data protection for all users.
Retention Period
The data concerning the data subjects who have established a business relationship with JADRANKA as natural persons are kept in accordance with the applicable statutory regulations (e.g. we are required to store all invoices and bases for issuing invoices pursuant to statutory regulations).
Where JADRANKA is authorized to determine the data retention periods at its sole discretion, such periods are determined taking into account the purpose of processing and the interests of data subjects regarding the destruction of the relevant data. It has been determined that the data which concern the aforementioned data subjects will be stored for a maximum of 10 (ten) years, counting from the date of termination of the contractual relationship (if it existed).
Public Notices
On its websites, social network profiles, video walls, and notice boards installed in its facilities, and also in its newsletters, JADRANKA publishes information relevant to both its existing and potential employees, and business partners, and the wider public. Such notices may contain a limited set of personal data, e.g. first and last name, function, job-related data, videos, statements, and photographs.
When processing data in connection with public notices, we rely on our legitimate interest to inform the public. Certain notices are published for marketing purposes, however. In such cases, we take care to ensure that the interests of data subjects are respected. More precisely, JADRANKA will not publish the personal data of a data subject whose interest not to publish specific personal data which concern him or her override our interest to publish them. In some situations, information may also be published on the basis of consent. In such cases, we take care that the highest standards are applied.
Our public notices are of a permanent nature. In that manner, we ensure that the information provided can refer to both current events and previous activities.
If the objection to the processing of personal data for this purpose expressed by a data subject is proved founded, or if the data subject withdraws his or her consent, where the processing is based on consent, we will stop processing the personal data that concern the relevant data subject for this purpose in any manner feasible.
Video Surveillance
In its role as a controller, JADRANKA has a legitimate interest to implement video surveillance measures to protect its facilities, people, and property. Where certain job positions are concerned, it also has a statutory obligation to install security cameras to make video recordings of employees and other persons moving within the perimeter covered by the security cameras.
JADRANKA marks all locations placed under video surveillance in a prescribed manner.
We are aware that video recordings contain the personal data of all persons moving within the perimeter covered by the cameras (i.e. guests, employees, business partners, etc.) and we, therefore, protect such data with particular care. To be more precise, JADRANKA implements an integrated security system, an access authorization system, and a deletion policy defined in internal security regulations.
The video recordings are regularly overwritten, i.e. they are automatically deleted after no more than 6 (six) months from the date on which they are made. In exceptional circumstances, video recordings will be kept for a longer period of time if they serve as evidence in procedures held before competent state authorities. Such video recordings will be archived in the central alarm system, and subject to restricted access.
JADRANKA is allowed to use its video recordings for the purposes of court and/or criminal proceedings. The personal data contained in the relevant video recordings may also be made available to third parties, data processors, and contractual partners of JADRANKA that are registered and qualified for providing property and people protection services. These entities will not use such data for any purpose. Their duty is to keep the central surveillance and alarm systems safe and operational. All other details regarding video surveillance are defined in the relevant special regulations.
Websites, Cookies and Internet Technologies
JADRANKA has website: https://jadranka.hr/. It is possible that even more websites will be created in order to provide the best possible service to our users, as well as to enable them to access the content which interests them more simply and quickly.
The provisions of this Privacy Policy apply to all our websites, including the sub-domains, mobile phone applications, applications for Apple devices, blogs, and other online communication channels. Some applications may be subject to special privacy rules. Users are advised to read the data protection policies published in those applications.
In this context, JADRANKA may obtain personal data from visitors to its websites and users of its applications. The relevant data are used for the purpose for which they are initially provided, which is determined taking into consideration the information received at the moment of collection, or for the obvious purpose identified from the context in which such data are collected. The users can control the personal data provided in online forms or applications. The automated processing enabled by cookies may be an exception to this rule, as explained below.
For instance, on its website, JADRANKA offers the opportunity to submit a job application with JADRANKA and similar options. In all such cases, you provide JADRANKA with the data required to fulfil the respective purpose. Furthermore, in case you posted a comment on a social network or other websites, JADRANKA may ask your permission to use your comment with name attribution.
The legal basis for the processing of personal data which concerns the visitors to JADRANKA websites is our legitimate interest or data subject consent, where such consent is requested from the data subject.
We may implement a wide range of new tools on our websites to enhance user experience. In all such cases, we will make special arrangements with the service providers in which any processing of personal data will be described in detail.
This Privacy Policy does not regulate the treatment of information that belongs to other companies and organizations, which may in some cases be linked to the websites of JADRANKA and which may use cookies, pixel symbols, and other technologies. We, therefore, advise you to read their privacy respective rules and terms of service. Furthermore, the collection of data from the websites created for the purposes of specific events on which JADRANKA is named only as a sponsor, partner, and similar, is not controlled by JADRANKA. The same applies to the websites whose links are provided on our websites, but which do not refer to any of JADRANKA's websites. Finally, by using different social networks, such as Facebook, Instagram, etc., you accept the terms of use of those platforms, including, among others, the rules regarding personal data processing.
JADRANKA advises you to make yourself familiar with those rules.
Just like many other portals, the websites of JADRANKA use ‘cookies’ (small files placed on your computer when you visit our websites to ensure the basic or additional website functionalities) and other technologies, which serve to facilitate content delivery, depending on your interests, processing of reservations or requests, and/or analyzing the details of your visit. Cookies may not be used to reveal your identity.
JADRANKA uses various types of cookies which differ…
…in terms of function:- strictly necessary cookies – they enable a website to function; a website cannot function without these cookies (it cannot be opened and may not even be visible); strictly necessary cookies are used for the transmission of communication and are necessary for providing information society services explicitly requested by the user; these cookies also enable the basic analysis of a website with the aim of improving its functioning based on fully anonymized data, i.e. not your personal data or any data which can in any manner be attributed to you; your consent is not necessary for placing the cookies of this type on your device, and is therefore not requested;
- functionality cookies – these cookies enable a more advanced analysis of the functioning of a website; they are used to analyze user behavior; the collected anonymized data are used to determine the preferences and interests of website visitors, which allows us to customize our websites and make access to the website content and use of the website functionalities as simple as possible; the cookies of this type may not be placed on your device without your consent;
- marketing cookies – these cookies are used to analyze your interests and preferences for the purpose of informing you about special or personalized offers, sending you the news and notifications of events organized via online channels (e-mail, internet, web campaigns); you will be requested to provide your consent to enable the use of cookies of this type.
- first-party cookies – these cookies are created and placed by the website you are visiting and may be permanent or temporary; they enable a website to store data to be used when the user visits the same website again;
- third-party cookies – these cookies are created and placed by one or more websites, other than the one you are visiting; they enable other websites to track the use of the website you are visiting for marketing or analytical purposes.
- permanent (stored) cookies – these cookies remain on your computer even after you close the web browser; they are used by the websites to store data, such as username and password, language settings or cookie preferences, so that you do not have to enter them each time you visit a particular website; the cookies of this type can stay on your computer or mobile device for days, months, or even years;
- temporary (session) cookies - these cookies are deleted once the web browser is closed; they are used by the websites to store temporary data, such as the last few pages you have opened while visiting a particular website or the items you have put in your shopping cart while visiting a website which serves as a specialized online store.
The cookies placed by JADRANKA websites are stored in the user’s browser for a maximum of 2 years.
You can delete the cookies stored on your computer at any time. However, by doing so, you also disable any further processing of your personal data using the relevant technology. Web browsers implement different procedures for deleting cookies.
Below are the links where the cookie deletion procedures of the most popular browsers are explained:
Mozilla Firefox:
https://support.mozilla.org/hr/kb/Brisanje%20kola%C4%8Di%C4%87a
Microsoft Edge:
https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Google Chrome:
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hr
Final Provisions
We have updated our Privacy Policy. The updated version is applicable as of August 14, 2024. It is published on the following website https://jadranka.hr/en/zastita-privatnosti. The relevant document can also be obtained at the JADRANKA Headquarters office.