Data Privacy

This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) in connection with the provision of our services and within our online offering, including associated websites, features, and content, as well as external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”).
Regarding the terminology used, such as “processing” or “controller”, we refer to the definitions provided in Article 4 of the General Data Protection Regulation (GDPR).

Controller

Ljuban Vrdoljak
Nemira IV/9
21310 Omiš
Kroatien

Familie@vrdoljak.de
Link zum Impressum: https://www.vrdoljak.de/impressum

  • Types of Data Processed
    Inventory data (e.g., personal details such as names or addresses)
  • Contact data (e.g., email address, phone numbers)
  • Content data (e.g., text entries, photographs, videos)
  • Usage data (e.g., visited websites, interest in content, access times)
  • Meta/communication data (e.g., device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter referred to collectively as “users”).

Purpose of Processing

 

  • To provide the online offering, including its functions and content

  • To respond to contact inquiries and communicate with users

  • To implement security measures

  • For reach measurement and marketing

 

Definitions of Terms Used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). A person is regarded as identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier (e.g., cookie), or to one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

“Pseudonymization” means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and subject to technical and organizational measures that ensure the personal data are not attributed to an identified or identifiable individual.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The “processor” is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Legal Basis for Processing

In accordance with Article 13 of the General Data Protection Regulation (GDPR), we inform you of the legal bases on which we process personal data. For users within the scope of the GDPR (i.e., the EU and EEA), the following applies—unless otherwise specified in this Privacy Policy:

  • The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
  • The legal basis for processing data for the performance of our services and the fulfillment of contractual obligations, as well as responding to inquiries, is Article 6(1)(b) GDPR.
  • The legal basis for processing to comply with our legal obligations is Article 6(1)(c) GDPR.
  • If the processing is necessary to protect the vital interests of the data subject or another natural person, the legal basis is Article 6(1)(d) GDPR.
  • The legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is Article 6(1)(e) GDPR.
  • The legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR.
  • Where data is processed for purposes other than those for which it was originally collected, this is governed by Article 6(4) GDPR.
  • The processing of special categories of personal data (as per Article 9(1) GDPR) is based on the conditions laid out in Article 9(2) GDPR.

Security Measures

In accordance with legal requirements, we implement appropriate technical and organizational measures, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, in order to ensure an appropriate level of protection.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to data, as well as the access, input, transfer, availability, and separation of the data itself. We also maintain procedures to ensure data subject rights, deletion of data, and response to potential data breaches.

In line with the principle of data protection by design and by default, we take privacy into account during the development and selection of hardware, software, and procedures.

Collaboration with Processors, Joint Controllers, and Third Parties

In the course of processing data, we may disclose or transmit data to other persons or companies (such as processors, joint controllers, or third parties) or otherwise grant them access to the data. This only occurs:

  • on the basis of a legal permission (e.g., if data must be transmitted to third parties, such as payment service providers, to fulfill a contract),
  • if users have given their consent,
  • if a legal obligation requires it, or
  • based on our legitimate interests (e.g., when using web hosts, consultants, or other service providers).

If we disclose, transmit, or otherwise grant access to data within our corporate group, this is done for administrative purposes and constitutes a legitimate interest. Any such processing is carried out on a legal basis and in compliance with applicable data protection requirements.

Data Transfers to Third Countries

If we process data in a third country (i.e., outside the European Union, the European Economic Area, or the Swiss Confederation) or if such processing occurs in the context of using third-party services or disclosing/transferring data to other individuals or companies, this is done only:

  • to fulfill our (pre-)contractual obligations,
  • with your consent,
  • due to a legal obligation,
  • or based on our legitimate interests.

Where legally or contractually permitted, we process or allow data to be processed in a third country only if the conditions under the GDPR are met. This means that processing will take place, for example, based on specific safeguards such as:

  • an officially recognized level of data protection (e.g., via an adequacy decision),
  • or adherence to officially recognized special contractual obligations (e.g., Standard Contractual Clauses or the now-invalidated “Privacy Shield” for the USA, where applicable alternatives exist).

Rights of Data Subjects

As a data subject, you have the following rights under the applicable data protection laws:

  • Right to access: You have the right to request confirmation as to whether data concerning you is being processed, and to receive information and a copy of that data in accordance with legal requirements.
  • Right to rectification: You have the right to request the completion or correction of your personal data.
  • Right to erasure: You have the right to request the immediate deletion of your data, or alternatively, to request restriction of processing if deletion is not possible due to legal obligations.
  • Right to data portability: You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format and to request its transfer to another controller.
  • Right to lodge a complaint: You have the right to lodge a complaint with the competent data protection authority if you believe that your data is being processed unlawfully.

Right of Withdrawal

You have the right to withdraw your consent at any time with effect for the future.

Right to Object

You may object to the future processing of your personal data at any time, in accordance with legal requirements. This applies in particular to data processing for direct marketing purposes.

Cookies and Objection to Direct Marketing

“Cookies” are small text files that are stored on users’ devices. They serve various functions, such as saving user preferences, storing login status, or analyzing website usage.

There are several types of cookies:

  • Session cookies (transient cookies): These are deleted after a user leaves the website and closes their browser.
  • Persistent cookies: These remain stored even after the browser is closed and can be used to remember login status or user preferences for future visits.
  • First-party cookies: These are placed by the website itself.
  • Third-party cookies: These are placed by external providers, such as analytics or advertising services.

We may use both session and persistent cookies and will inform you accordingly as part of this Privacy Policy.

If you do not want cookies to be stored on your device, you can disable them in your browser settings. You can also delete stored cookies at any time in your browser settings. However, disabling cookies may limit the functionality of this website.

You may opt out of the use of cookies for online marketing purposes through:

Please note that blocking cookies may prevent the use of some features on our website.

Data Deletion

We delete the personal data we process in accordance with legal requirements or restrict its processing if deletion is not possible. Unless explicitly stated otherwise in this Privacy Policy, data is deleted as soon as it is no longer necessary for its intended purpose and there are no statutory retention obligations preventing deletion.

If data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. In such cases, the data is blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Changes and Updates to This Privacy Policy

We encourage you to regularly review the contents of our Privacy Policy. We will update it whenever changes to our data processing make this necessary. We will notify you if any changes require your involvement (e.g., renewed consent) or individual notification.

Business-Related Processing

We also process:

  • Contract data (e.g., contract subject, duration, customer category)
  • Payment data (e.g., bank details, payment history)

from our customers, prospective clients, and business partners in order to fulfill contractual obligations, provide customer service, conduct marketing, advertising, and market research.

Administration, Accounting, and Contact Management

We process data for administrative purposes, business organization, financial accounting, and compliance with legal obligations (e.g., archiving). This includes the same data processed in the course of providing our contractual services.

The legal bases for this processing are Art. 6(1)(c) and Art. 6(1)(f) GDPR. Affected persons include customers, prospective customers, business partners, and website visitors. Our legitimate interest in processing lies in administration, financial management, office organization, and maintaining business operations.

Data may be disclosed to financial authorities, consultants (e.g., tax advisors, auditors), and payment service providers.

Additionally, we may store information about suppliers, event organizers, and other business partners based on our legitimate business interests, for the purpose of future contact. This predominantly business-related data is generally stored permanently.

ten, speichern wir grundsätzlich dauerhaft.

Akismet Anti-Spam Check

Our online offering uses the “Akismet” service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA. This service is used based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Akismet helps distinguish between genuine user comments and spam. All comment data is sent to a server in the USA where it is analyzed and stored for four days for comparison purposes. If a comment is classified as spam, the data may be retained beyond this period.

The data processed includes: name, email address, IP address, comment content, referrer, browser details, system information, and timestamp of entry.

For more details on how Akismet processes data, see Automattic’s privacy notice: https://automattic.com/privacy/

Users may use pseudonyms or omit name/email fields entirely. To fully avoid data transmission to Akismet, please refrain from using the comment system. We regret that there is currently no equally effective alternative.

Contacting Us

When you contact us (e.g., via contact form, email, phone, or social media), we process the information you provide for the purpose of responding to your inquiry in accordance with Art. 6(1)(b) GDPR (contractual/pre-contractual communication) and Art. 6(1)(f) GDPR (other inquiries).

User information may be stored in a Customer Relationship Management (CRM) system or similar inquiry organization.

We delete inquiries once they are no longer necessary. We review necessity every two years. Statutory archiving obligations also apply.

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests in analyzing, optimizing, and operating our online offering economically, pursuant to Art. 6(1)(f) GDPR. Google uses cookies. The information generated by these cookies about your use of our website is generally transmitted to a Google server in the USA and stored there.

Google is certified under the EU-U.S. Privacy Shield framework and thereby guarantees compliance with European data protection law.
Privacy Shield Certification

Google processes this information on our behalf to evaluate website usage, compile reports on website activity, and provide other services related to website usage and internet usage. Pseudonymous user profiles may be created from the processed data.

We use Google Analytics with IP anonymization enabled, which means that Google shortens the IP address of users within EU member states or other EEA states before transmission. Only in exceptional cases will the full IP address be transmitted to a server in the USA and shortened there.

The IP address transmitted by your browser is not merged with other data from Google. You can prevent the storage of cookies by adjusting your browser settings. You can also prevent the data generated by the cookie and related to your use of the website from being collected and processed by Google by installing the browser plugin available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=en

For more information on how Google uses data and your options for settings and objections, please see:

Google Privacy Policy

Ad personalization settings

User-level data collected via Google Analytics is deleted or anonymized after 14 months.

Integration of Third-Party Services and Content

As part of our online offering, we use third-party content or service providers based on our legitimate interests (i.e., interest in the analysis, optimization, and efficient operation of our online services in accordance with Art. 6(1)(f) GDPR), such as videos or fonts (collectively referred to as “content”).

This always requires that these third-party providers recognize the users’ IP address, as they would not be able to send the content to the user’s browser without it. The IP address is thus necessary to display this content. We strive to use only content whose providers use the IP address solely for content delivery.

Third-party providers may also use pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These pixel tags can evaluate visitor traffic and usage behavior on this website. Pseudonymous information may also be stored in cookies on the user’s device, including technical information such as browser and operating system, referring web pages, visit duration, and other data concerning the use of our online offering, which may also be linked with such information from other sources.

Google Fonts

Google Fonts
We use fonts from Google Fonts, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Maps

We integrate maps from Google Maps, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, IP addresses and location data of the users, which, however, will not be collected without user consent (typically managed via device settings). This data may be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated

Instagram

Our website may include features and content from the social media platform Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include content such as images, videos, or text, and buttons that users can use to share content within Instagram.

If users are members of the Instagram platform, Instagram may associate the content and functions accessed on our website with the user’s profile there.
Instagram Privacy Policy: http://instagram.com/about/legal/privacy/