Privacy Policy

In order to help us protect your privacy, please read this text in full to understand which information we collect from you and how we use it. In this text, to refer to you as the user of our website, we use the legal term data subject.

You may send all questions related to data confidentiality to info@nikel.com.hr or contact our personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

Personal data collection

PRIRODA LIJEČI d.o.o. collects personal data such as your email address, name, home or work address, phone number, data received though your questions in the “write to us” section, and data used to register to make a purchase on our website.

PRIRODA LIJEČI d.o.o. also automatically collects data about your computer’s hard disk or software. This data can include: your IP address, type of browser, domain name, time of access, and website address. PRIRODA LIJEČI d.o.o. uses this data in order to be able to offer its services, maintain their quality, and obtain general statistics related to the usage of its website.

Usage of your personal data

PRIRODA LIJEČI d.o.o. collects your personal data and uses it to maintain its website and provide you with the services you request.

PRIRODA LIJEČI d.o.o. will not forward your data to third parties.

PRIRODA LIJEČI d.o.o. will not sell or lease user lists to third parties without your permission.

PRIRODA LIJEČI d.o.o. keeps your personal data in accordance with the retention periods prescribed by binding legal regulations. If there are no prescribed retention periods, we keep the data for as long as it is necessary to fulfil the purpose of its collection, including applicable limitation periods. When those periods expire, we erase your personal data or destroy it in other appropriate ways.

In the event of a system breach and your personal data being stolen, you will be notified within 72 hours.

You have the right to access the personal data we collected, processed, and keep about you.

Registering on our website

The data subject can register on the controller’s website using his personal data. The personal data which is transferred to the controller is determined by the appropriate registration inputs. Personal data that the data subject inputs is collected and stored exclusively for the controller’s internal use and for his own purposes.

When registering on the controller’s website, the data and the IP address assigned by the internet service provider and used by the data subject are recorded. This data is kept in the background since this is the only way to prevent misuse of our services and enable an investigation into committed offences if necessary. Storing this data is necessary for the controller’s security. This data is not transferred to third parties, unless there is a legal obligation of transferring the data or if the transfer is needed for the purpose of criminal prosecution.

The data subject’s registration, with the voluntary provision of personal data, must enable to controller to offer the content or services which are due to their nature only available to registered users. Registered persons can change the personal data which they provided during registration or completely erase it from the controller’s data collection at any time.

The controller must provide information about which personal data is stored about the data subject upon his request, at any time. Furthermore, the controller shall rectify or erase personal data upon the data subject’s request, under the condition that there are no legal storage obligations.

Contact via the website

The website of PRIRODA LIJEČI d.o.o. contains information which enables quick contact via electronic media as well as direct communication, which includes an email address. If the data subject contacts the controller via email or contact form, the transferred personal data is automatically saved. Personal data voluntarily transferred to the controller by the data subject is automatically stored for the purpose of processing or further communication with the data subject. This type of personal data is not transferred to third parties.

Routine erasure or blocking of personal data

The controller shall process and keep the data subject’s personal data only for the time required to achieve the purposes for which the personal data is kept or until the period allowed by EU legislation or other legislation under whose jurisdiction the controller is expires.

If the reason for storing personal data cannot be fulfilled or if the retention period determined by EU legislation or other applicable legislation expires, the data subject’s personal data shall be routinely blocked or erased in accordance with legal preconditions.

Social media

Our website contains buttons of social media networks which can be used to recommend PRIRODA LIJEČI d.o.o. offers. If you click on this kind of button, the website operators may be sent the following data: your IP address, browser and operation system information, screen resolution, installed browser addons such as Adobe Flash Player, location of the visitor, URL of the current website.

Using PayWay as a payment method

The controller has integrated PayWay components into this website. PayWay is an online payment service provider. The company PRIRODA LIJEČI d.o.o. uses T-Com’s PayWay, which uses the latest standards in data security – Secure Socket Layer (SSL) protocol with 128-bit data encryption and MD5 algorithm. ISO 8583 protocol ensures that the data transfer between T-Com’s systems and authorisation centres of credit card companies is carried out via a private network which is protected from unauthorised access by a double firewall.

The owner of PayWay is Hrvatski Telekom d.d., Ulica grada Vukovara 23/4, 10000 Zagreb, Croatia.

If the data subject chooses “PayWay” as the payment option in the online store during the ordering process, we automatically transfer the data subject’s data to PayWay. By choosing this payment method, the data subject agrees to the transfer of personal data required to process the payment.

Personal data which is transferred to PayWay usually includes the first name, last name, address, phone number, or other data required to process the payment. Processing of the sales contract also requires this kind of personal data related to a specific order.

The data transfer is used for processing the payment and preventing fraud. The controller will transfer personal data to PayWay, especially if there are valid reasons for the transfer. PayWay will forward the personal data sent between PayWay and the controller to credit agencies. The purpose of this transfer is to perform identity checks and credit checks.

PayWay will, if necessary, transfer personal data to its subsidiaries, service providers, or subcontractors to the extent necessary to fulfil contractual obligations or provide data to be processed as a part of an order.

The data subject can withdraw his consent to PayWay’s processing of his personal data at any time. The withdrawal will not affect personal data which must be processed, used, or transferred in accordance with the (contractual) processing of the payment.

You can find more information about PayWay at https://www.hrvatskitelekom.hr/poslovni/ict/payway

Rights of the data subject

THE RIGHT TO BE INFORMED
In accordance with EU legislation, every data subject has the right to be informed of whether or not his personal data is being processed by the controller PRIRODA LIJEČI d.o.o. If the data subject wishes to exercise his right to be informed, he may, at any time, contact the controller at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

THE RIGHT OF ACCESS TO PERSONAL DATA
In accordance with EU legislation, every data subject has the right to obtain free information about his stored personal data as well as a copy of his personal data from the controller. Furthermore, European provisions and regulations enable data subject to access the following information:

the purpose of the processing of personal data;

the type of requested personal data;

the recipient or the type of recipient his personal data was shared with, especially recipients from third countries or international organisations;

where possible, the estimated retention period, or if not possible, the criteria used to determine the period;

whether the data subject has the right to request from the controller the rectification or the erasure of his personal data or a restriction of the processing of his personal data or whether the data subject has the right to object to such processing;

whether he has the right to lodge a formal complaint with a supervisory authority;

if the personal data was not collected directly from the data subject, the available information about the source of the personal data;

whether there is an automated decision-making process related to Article 22 (1) and (4) of the General Data Protection Regulation, and if there is, the available information about the automatisation mechanism, as well as the importance of the due consequences to the data subject.

Furthermore, the data subject has the right to be informed if his personal data is transferred to third countries or international organisations. In this event, the data subject has the right to be informed of the security measures used to transfer the data.

If the data subject wishes to exercise his right of access, he may, at any time, contact the controller at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

THE RIGHT TO RECTIFICATION OF PERSONAL DATA
In accordance with EU legislation, every data subject has the right to have his incorrect personal data rectified by the controller at any time. In regard to the purpose of the processing of personal data, the data subject has the right to complete his incomplete personal data by, among other methods, providing a statement of completion.

If the data subject wishes to exercise his right to rectification, he may, at any time, contact the controller at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

THE RIGHT TO ERASURE OF PERSONAL DATA (THE RIGHT TO BE FORGOTTEN)
In accordance with EU legislation, every data subject has the right to request his personal data to be erased by the controller without delay. The controller must erase the personal data without delay if at least one of the following conditions apply and the processing is not mandatory:

The personal data is no longer necessary for the purpose for which it was collected or processed.

The data subject withdrew his consent to the processing of his personal data based on Article 6 (1) or Article 9 (2) of the General Data Protection Regulation, and a legal basis for the processing of data no longer exists.

The data subject objects to the processing of data in accordance with Article 21 (1) of the General Data Protection Regulation, and there is no legal basis for the processing, or the data subject objects to the processing of data according to Article 21 (2) of the General Data Protection Regulation.

The personal data was processed unlawfully.

The personal data must be erased in accordance with a legal obligation as defined by EU legislation or the laws of the member country the controller is a citizen of.

The personal data was collected related to information society services in accordance with Article 8 (1) of the General Data Protection Regulation.

If at least one of the aforementioned reasons are applicable, and the data subject requests the personal data collected by the website of PRIRODA LIJEČI d.o.o. to be erased, he may contact the controller via email at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

The controller will ensure that the personal data is erased.

Where the controller allows personal data to be published, and the aforementioned personal data must be erased in accordance with Article 17 (1), the controller shall take reasonable measures, including technical measures, and taking into account technical capabilities and costs, to notify other controllers of the data subject’s request for the erasure of all links, copies, or replicas of his personal data, as long as its processing is no longer necessary. The controller of the website of PRIRODA LIJEČI d.o.o. shall ensure the aforementioned measures are taken in each specific case.

THE RIGHT TO RESTRICT THE PROCESSING OF PERSONAL DATA
In accordance with EU legislation, every data subject has the right to restrict the processing of his personal data by the controller in cases where the following applies:

The accuracy of the personal data is contested by the data subject, which enables the controller to verify the accuracy of the personal data.

The personal data was unlawfully processed, and the data subject oppose erasure of the personal data and requests a restriction of usage of such personal data instead.

The controller no longer needs to process the personal data, but the data subject needs it to establish, exercise, or defend legal claims.

The data subject has objected to the processing of his personal data in accordance with Article 21 (1) of the General Data Protection Regulation and is awaiting a review of whether the legitimate grounds of the controller override those of the data subject.

If at least one of the aforementioned reasons is applicable, and the data subject requests the processing of his personal data collected by the website of PRIRODA LIJEČI d.o.o. to be restricted, he may contact the controller via email at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb. The controller shall ensure that the processing of the personal data is restricted.

THE RIGHT TO DATA PORTABILITY
In accordance with EU legislation, every data subject has the right to receive his personal data from the controller in a structured, commonly used, and machine readable format. The data subject has the right to transfer the aforementioned personal data to a different controller without hindrance, as long as the processing of personal data is based on consent in accordance with Article 6 (1)A or Article 9 (2)A of the General Data Protection Regulation, or on a contract in accordance with Article 6 (1)B of the General Data Protection Regulation, and the data is automatically processed, as long as the processing of the data is not necessary for purposes which are in the interest of the public or to fulfil the official duties of the controller.

Furthermore, based on the existing right to data portability from Article 20 (1) of the General Data Protection Regulation, the data subject has the right to have his personal data directly transmitted from one controller to another if it is technically feasible and if this procedure does not adversely affect the rights and freedoms of other data subjects.

To exercise his right to data portability, the data subject may, at any time, contact the controller of the website of PRIRODA LIJEČI d.o.o. at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

THE RIGHT TO OBJECT
In accordance with EU legislation, every data subject has the right to object, based on his own situation, at any time, to the processing of his data on the basis of Article 6 (1)E and (1)F of the General Data Protection Regulation. This can also be applied to profiling on the basis of this Regulation.

In the event of an objection, the website of PRIRODA LIJEČI d.o.o. shall not continue processing personal data, unless there are compelling legal grounds for the processing of the personal data which override the interests, rights, and freedoms of the data subject, or if it is required to establish, exercise, or defend legal claims.

If the website of PRIRODA LIJEČI d.o.o. processes personal data for marketing purposes, the data subject has the right to object to the processing of his personal data for such purposes at any time. This also applies to profiling which is closely related to the purposes of such direct marketing. If the data subject objects to the processing of his personal data for direct marketing, the website of PRIRODA LIJEČI d.o.o. shall no longer process the personal data of the data subject for direct marketing.

Additionally, the data subject has the right, on the basis of his particular situation, to object to the processing of his personal data by the website of PRIRODA LIJEČI d.o.o. for the purpose of scientific research or statistics in accordance with Article 89 (1) of the General Data Protection Regulation, unless the processing of the data is for the performance of a task carried out in the public interest.

To exercise his right to object, the data subject may, at any time, contact the controller of the website of PRIRODA LIJEČI d.o.o. by sending the objection to info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

In addition, in the context of using information society services, despite the Regulation 2002/58/EC, the data subject may use his right to object to automatic processing using technical specifications.

AUTOMATED DECISION-MAKING, INCLUDING PROFILING
In accordance with EU legislation, every data subject has the right not to be the subject of decisions made exclusively on the basis of automated processing of personal data, including profiling, which can cause legal or similar consequences to him, as long as the decision (1) is not a part of an agreement made between the data subject and the controller, or (2) is permitted under EU laws or the laws of the member state which prescribe appropriate measures for preserving the rights, freedoms, and interests of data subjects, or (3) is not based on the explicit consent of the data subject.

If the decision (1) is necessary for the agreement made between the data subject and the controller, or (2) is based on the explicit consent of the data subject, the website of PRIRODA LIJEČI d.o.o. shall take measures which will preserve the data subject’s rights, freedoms, and interests, as a minimum the right to human intervention by the controller to whom he can express his view and challenge the decision.

If the data subject wishes to exercise his rights related to automated decision-making, he may, at any time, contact the controller of the website of PRIRODA LIJEČI d.o.o. at info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.

THE RIGHT TO WITHDRAW CONSENT
In accordance with EU legislation, every data subject has the right to withdraw his consent to the processing of his personal data at any time.

If the data subject wishes to exercise his right to withdraw his consent, he may, at any time, contact the controller of the website of PRIRODA LIJEČI d.o.o. by sending a message to info@nikel.com.hr or the controller’s personal data protection officer: Lucija Štirjan, Vlaška 40, Zagreb.