Privacy Policy

Personal data protection policy

UBS d.o.o. implements the obligation to protect the personal data of data subjects pursuant to the Act on the Implementation of the General Data Protection Regulation OG 42/2018, other laws on the basis of the exercise of official authority of the controller and the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

UBS d.o.o. recognizes the importance of protecting privacy, security and data protection for data subjects, so our goal is to protect their personal data for all of them and implement a system that will enable this.

The policy applies to all personal data of users that we collect and process, directly. Personal data is any data relating to an identified or identifiable natural person, directly or indirectly. Data processing is any action performed on personal data, such as the collection, storage, use, consultation and transfer of personal data.

This Policy does not apply to anonymous data. Anonymous data is data that cannot be linked to a specific natural person.

The purpose of collecting personal data from the data subject is based on the determinants of the law or on the consent of the data subject. All data we receive from other sources are regularly notified to the data subject, so if they are necessary for further processing, the consent of the data subject will be requested. The data subject can always withdraw consent to the processing of his or her data in a particular collection. It can also request the deletion of data using the principle of forgetting personal data.

Data protection of data subjects is a permanent obligation of the controller and processor and persons who are in any way in contact with the data.

The collected data of the data subjects are kept in an appropriate manner in accordance with the law, ensuring organizational, technical and programmatic protection measures in accordance with their confidentiality. All data must be protected from loss, destruction, alteration/falsification, manipulation and unauthorized access, as well as from unauthorized disclosure. The collected data will not be transferred to third parties without the legal basis or explicit permission of the data subject.

Anything that the data subject considers inappropriate in the processing of personal data should be notified to the Data Protection Officer and appropriate corrective measures will be taken.

The collection and processing of data from minors under the age of 16 is permitted only with the legal permission or consent of a parent or legal guardian.

This statement on the personal data protection policy of the data subject will be made public, and obliges all employees to comply with and implement it in practice. Any violation will be treated as a serious breach of duty.

Policy summary

In the organization UBS d.o.o. the privacy of individuals will always be respected in accordance with the laws, the EU General Regulation and the organizational principles of privacy set out in this policy. Personal data of employees and interest partners at our disposal may not be made available to third legal and natural persons without the consent of the data subject. Any errors in the protection of personal data will be notified to the data subject and AZOP, and The UBS d.o.o. will take all available measures to reduce the negative impact on the data subject.

Introduction

U UBS d.o.o.. all data that we obtain, process, store or transmit, relating to individuals (data subjects), must be adequately protected from unauthorized access or malicious changes. When obtaining, storing, processing or transmitting information relating to data subjects, we must respect their wishes and rights to privacy at all times. All employees at UBS d.o.o. who in any way come into contact with the data subject are familiar with all the privacy rules of the individual and have the obligation to sign a Statement of Confidentiality in which they are obliged to be held accountable in case of their contribution to the data breach of the data subject.

This site is owned by: UBS d.o.o. , Našička 7, Beli Manastir 31 300, Croatia

It is important to read this Privacy Policy and we hope you will take the time and your attention.

To facilitate your access to the desired information, please follow the content of this Privacy Policy.

We reserve the right to periodically adapt and improve the text of this Privacy Policy, primarily for the purpose of respecting legal changes, i.e. changes in the purposes and methods of processing.

Your rights arising from this Privacy Policy and the relevant legal regulations will not be limited in any way. If there is a change in rules that may affect your rights, you will be notified in a timely manner directly in an appropriate manner. User privacy and data protection are human rights and we treat them responsibly.

We have a duty to care for the respondents and their underage children whose data we have collected.

All data obtained from you is a responsibility and must be collected and processed only when necessary and only for the specific purpose for which it was collected.

The policy applies to all personal data of users that we collect and process, directly. Personal data is any data relating to an identified or identifiable natural person, directly or indirectly. Data processing is any action performed on personal data, such as the collection, storage, use, consultation and transfer of personal data.

This Policy does not apply to anonymous data. Anonymous data is data that cannot be linked to a specific natural person.

UBS d.o.o. respects the privacy of its users and visitors (data subjects) of its websites.

The controller of this website and your personal data is:

UBS d.o.o.

2018 BookingSuite

31 300 Beli Manastir

Croatia

Tel/Mob: +385 (31) 246 777 + 385 (98) 169 1977

e-mail: e-mail: ubs@ubs-bike.com

Personal Data Protection Officer:

Tel/Mob: +385 (95) 777 5555

e-mail address: dpo@bestit.hr

What is the purpose and legal basis for data collection?

Personal data are collected for the purpose of fulfilling legal obligations of UBS d.o.o., and for the fulfillment of obligations in the public interest.

The legal basis for the establishment of the processing of personal data derives from the law.

Article 6 EU General Data Protection Regulation "Lawfulness of processing" paragraphs (a) to (f).

Lawfulness of processing

Processing is lawful only if and to the extent that it fulfils at least one of the following:

(a) The data subject has given consent to the processing of his or her data for one or more specific purposes

b) Processing is necessary for the performance of a contract to which the data subject is a party or in order to take action at the request of the data subject prior to the conclusion of the contract

c) Processing is necessary for compliance with the legal obligations of the controller

d) Processing is necessary in order to protect the interests of the data subject or other natural person

(e) Processing is necessary for the performance of tasks in the public interest or in the exercise of official authority vested in the controller;

processing is necessary for the purposes of the legitimate interests pursued by the controller or of a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

How and what data do we collect?

Although you can use our website without providing any personal information, after contacting us via the contact form or directly via our e-mail address, UBS d.o.o. will contact you for the purpose of creating offers, contracts or further business communication.

The information you fill in in our contact form upon arrival at one of our branches or that we receive from you through social networks is personal information such as yours:

1. NAME AND SURNAME

2. PHONE OR MOBILE PHONE NUMBER, e-mail (for the purpose of creating offers, contracts and

Our Websites are not intended for persons under the age of 16, and if you are under the age of 16, do not provide us with your personal information without the consent of your parents or guardians.

How to collect and store data

Personal data may be collected and further processed if the principle of:

(a) Lawfully, fairly, transparently processed in respect of the data subject

(b) Collected for specific, express and lawful purposes and may not be further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest

(c) Appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed

d) Accurate and, where necessary, updated

(e) Kept in a form enabling the identification of data subjects only for as long as necessary for the purposes for which the personal data are processed; the personal data may be stored for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific and historical research purposes or for statistical purposes in accordance with Article 89. Paragraph 1, subject to the implementation of appropriate technical and organisational measures laid down in the Regulation to protect the rights and freedoms of data subjects.

(f) Processing in a manner that ensures adequate security of personal data, including protection against unauthorised and unlawful processing and against accidental loss, destruction or damage by means of appropriate technical or organisational measures;

g) The controller (UBS d.o.o.) is responsible for compliance.

Forwarding personal data

There is a legal basis on which UBS d.o.o. obliged to forward personal data. It is carried out on the basis of a written request based on the applicable regulations, according to the competent state authorities.

In accordance with the General Data Protection Regulation (GDPR), at your request, you will be provided with access to all your personal data available to us, the method of processing and the possibility of restriction of processing, modification or deletion of them.

The protection of the privacy of your data is permanent, and UBS d.o.o. takes all measures necessary to protect them in accordance with applicable regulations and good practices. We process personal data in a secure manner, including protection against unauthorized or unlawful processing and loss.

UBS d.o.o. does not exchange personal data of the data subject unless it has the consent of the data subject. They will also never share your personal information with any unauthorized third party or allow them access to your information.

Do we share information with third parties?

Where appropriate, your personal data may be provided to third parties to perform services such as:

• Audit service

• Payment institutions

• Accounting services

• Services of sending SMS, e-mail messages and communication through all other IT applications

Transfer of personal data to a third country or an international organisation

UBS d.o.o. does not forward your data to third countries or international organizations, so there is no need to meet the additional requirements of Chapter V of the General Data Protection Regulation.

 In certain circumstances, we have a legal obligation to forward your personal data, and the processing of personal data may include the international transfer of the same. A legal obligation may arise from national or EU regulations. For example, joint supervisory activities of member states' supervisory authorities sometimes need to be undertaken or action is necessary to recover a penalty imposed and unpaid. Therefore, your data is forwarded to other recipients when we are bound by the relevant regulations to the extent necessary to achieve the established purpose.

Your personal data will not be passed on to third parties for direct marketing purposes

Protecting your personal data means that:

• we will not use your data for any purpose other than that specified or contracted herein

• we will not provide your contact and personal information to any third party

• your contact and personal data may be disclosed to a third party only at your request (right of transfer) or with a court order

We collect only those personal data that have been voluntarily provided to us. We do not condition access to our site on the delivery of data.

Consents

Personal data is collected in a transparent and lawful manner. All data collected should be under consent, i.e. each user should explicitly approve that his data can be stored and used for a clearly defined purpose. It must also be clearly defined for what reason the data is collected and how it will be processed. For this purpose, UBS d.o.o. has created a document: STATEMENT ON GIVING CONSENT (CONSENT) FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA UBS ltd. We can also obtain your consent through the CONTACT form on our Website in which you give us permission to take the following personal data: Name, Surname, e-mail for the purpose of creating offers, contracts and further communication.

Processing of personal data obtained through video surveillance

We process your personal data on the basis of a legitimate interest within the meaning of Article 6(1)(f) gdpr, for the purpose of:

  • purpose: protection of persons and property Of UBS d.o.o.
  • legal basis: legitimate interest of UBS d.o.o.
  • recipients: video recordings can be submitted upon request to the competent authorities (police, court) if necessary for conducting procedures based on special regulations
  • retention: recordings obtained through the video surveillance system are kept for a maximum of six months or longer if they are excluded as evidence in court, administrative, arbitration or other proceedings
  • Rights of data subjects (natural persons recorded on video surveillance cameras): The right to access their personal data, the right to erasure them, the right to limit their processing and the right to object to their processing.

Cookies

Cookies are small files that your browser saves on disk when you visit our website. This allows our website to recognize your computer the next time you visit us, in order to offer you a personalized experience when surfing. Cookies are not aimed at spying on the user and do not follow everything the user does and are not malicious code or virus. Also, cookies are not associated with unwanted messages or spam, cannot save a password and are not intended exclusively for advertising or advertising. Information such as your name or e-mail address will not be saved – websites cannot access your personal information and files on your computer.

In order to use "cookies" in accordance with the Electronic Communications Act, the Personal Data Protection Act, EU Directives 2002/58/EC and 95/46/EC and the GDPR Directive, we need your consent. More about the use of cookies, types of cookies, managing cookies, cookie settings and turning off cookies can be found at the link: http://www. UBS d.o.o.. en/cookie settings/

Your rights:

  • Right of access to information: You have the right to access your personal data that we process about you and you can request detailed information in particular about their purpose of processing, the type/categories of personal data being processed including access to your personal data, recipients or categories of recipients and the envisaged period for which the personal data will be stored. Access to personal data may be restricted only in cases prescribed by Union or national law, or where such restriction respects the essence of the fundamental rights and freedoms of others;
  • Right to rectification/supplementation You have the right to request the rectification or completion of personal data if your data is not accurate, complete and up to date. To do this, please send your request to us as the controller in writing, including an electronic form of communication. Please note that the application needs to specify what specifically is not correct, complete or up to date and in what sense the above should be corrected and the necessary documentation should be submitted in support of its statements;
  • Right to erasure ("Right to be forgotten"): You have the right to request the erasure of personal data concerning you if one of the following conditions is met:
  • Your personal data is no longer necessary in relation to the purposes for which we collected or processed it;
  • you have withdrawn consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing;
  • you have objected to the processing of your personal data in accordance with Article 21(1) gdpr. the General Data Protection Regulation and if there are no stronger legitimate reasons for the processing;
  • the personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under Union or State law to which the controller is subject
  • personal data have been collected in connection with the offer of information society services referred to in Article 8(1).
  • Right to restriction of processing: in certain situations (for example where the accuracy of the data is contested or where the data subject wishes to retain his or her data) the data subject has the right to request that the processing be restricted with the exception of storage and some other types of processing;
  • Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format.
  • The right to withdraw consent at any time: The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing on the basis of consent before its withdrawal. Before giving consent, the data subject shall be informed accordingly. Withdrawal of consent must be as simple as giving it.
  • The right to source personal data and, where appropriate, whether they come from publicly available sources; If you have not received some of this data from the data subject but from another source, you are obliged to provide the data subject with information about the source of the personal data.

Users (data subjects) whose data UBS d.o.o. processes, have the right to know for what purpose their data is processed and about the period in which the data will be processed. Data subjects have the right to request the deletion of data and oblivion. They have the right to request the deletion of part of the data.

In case of your need to exercise any of the above rights, please feel free to contact us at our contact information.

We will try to respond to your request as soon as possible, no later than 30 days.

Right to lodge a complaint with the competent supervisory authority

You can object directly to the competent supervisory authority at any time, in particular in the EU country where you are habitually resident, place of work or place of alleged infringement, if you believe that our processing of your personal data is not lawful.

Direct contacts of the Croatian national supervisory authority are:

PERSONAL DATA PROTECTION AGENCY (AZOP)

10000 Zagreb

HR – 10 000 Zagreb

Phone: +385 1 4609 000

Phone: +385 1 460 099

e-mail: azop@azop.hr 

Web: http://www.azop.hr

Privacy objectives

UBS d.o.o. will:

  1. use methods that allow an understanding of data subjects' privacy risks for the data being processed
  2. take all measures to protect the data subject's personal data in terms of protecting his or her privacy
  3. preserve the integrity of data subjects' personal data
  4. consistently apply the established data subject privacy principles
  5. ensure that the Code of Conduct of Controllers and Processors is consistently implemented
  6. ensure that privacy will not adversely affect the user's acceptance of the product or service

Information security

When UBS d.o.o. collects information about you, we ensure that your personal data is protected from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. This is carried out through appropriate professional technical, physical and process measures.

All employees of the controller are obliged to keep their personal data by signing a confidentiality statement.

Privacy Policy

  1. A privacy impact assessment will be carried out for all systems or processes involved in obtaining, handling or storing personal data
  2. Employees will be aware and responsible for complying with privacy requirements applicable to their role
  3. Appropriate privacy monitoring activities in operational and project management processes will be ensured
  4. Data protection status reports will be available to everyone in the organization
  5. Data processing risks will be monitored and action will be taken when changes bring risks that are not acceptable
  6. Criteria for classification and acceptability of risks will be developed and treated in the processing of data subjects
  7. Situations that can lead the organization into violation of laws and regulations will not be tolerated

Exclusion of liability for damages

All damages and losses that may occur due to the use or inability to use this website are borne by the users themselves. This absolutely and completely excludes any possible liability of UBS d.o.o. for damage that users may possibly suffer by using this website.

Applicable law and jurisdiction

These terms of use are interpreted in accordance with the provisions of the applicable law of the Republic of Croatia, and all disputes that may arise in connection with the use of this site are subject to the jurisdiction of the courts of the Republic of Croatia.

Dear users, having become familiar with the binding Rules of Use, we wish you a pleasant stay on our website.

Application

All individual privacy policies their principles and guidelines form an integral part of this policy.

This policy and its determinants, on the day of publication, becomes an obligation of every employee in UBS d.o.o.  Any disrespect or circumvention of it shall be considered a breach of work duty.

Improving this privacy policy

We reserve the right to periodically adapt and improve the text of this Privacy Policy, primarily for the purpose of respecting legal changes, i.e. changes in the purposes and methods of processing.

However, we will not limit your rights arising from this Privacy Policy or from the relevant legal regulations. In the event that there are policy changes that may affect your rights, we will notify you in a timely and direct manner.

This Privacy Policy was updated on April 25, 2022.