Introduction d.o.o, Zagreb, Ulica Dure Crnatka 12 (office: Zagreb, Ulica Pere Budmanija 5) (hereinafter:, pays special attention to the protection of personal data and privacy (hereinafter: protection of privacy) of its users in accordance with applicable regulations and European best practice. Protecting user privacy is an integral part of our services and products and an important factor in the user experience.

With the Privacy Policy (hereinafter: the Policy), we want to provide our users with clear information on the processing and protection of their personal data and enable them to easily monitor and manage their personal data and consents.

The policy does not diminish the rights and obligations of users in relation to the processing of personal data, which users have on the basis of applicable regulations and possible contractual provisions on personal data protection. The policy is a unilateral legally binding act of

  1. Scope

  2. Principles of Personal Data Processing
  3. How We Collect Personal Information
  4. What Types of Personal Data We Collect
  5. For What Purposes do We Use the Collected Personal Data
  6. Linking Personal Data
  7. User Consent
  8. Cookies
  9. How We Protect Personal Information
  10. Where Personal Data is Processed
  11. Under What Conditions do We Pass on Personal Data to Third Parties
  12. User Rights (Correction, Deletion, Objection, Access, Restriction of Processing, Transferability)
  13. Who to Talk to
  14. Amendments and Transitional Provisions of the Policy

1. Scope

The policy applies to all personal data of users that collects, uses or otherwise processes, directly or through its partners. Personal data is any data relating to a natural person whose identity has been or can be established, directly or indirectly (hereinafter: data or personal data). Data processing is any action performed on personal data, such as the collection, recording, storage, use, transfer of personal data and access to personal data.

The policy does not apply to anonymous data. Anonymous data is data that has been modified in such a way that it cannot be linked to a specific natural person or cannot be linked without disproportionate effort and therefore, in accordance with the applicable regulations, is not considered personal data. applies the best European practice of data anonymization.

The policy applies to all services and products of Rač that include the processing of personal data. services are all services provided by The last statement of the user’s will regarding the processing of personal data applies to all other services of that the user uses. For example, if the user did not give any of the consents when contracting one service, but gave that consent subsequently, when contracting another service, it will be considered that he has given that consent. Also, the reverse is true, if the user gave one of the consents when contracting the first service, but subsequently denied that consent when contracting the additional service, it will be considered that he did not give the consent in question for the first service. Rač guides users according to the identification user number (ID) and, as a rule, one user has one ID to which the aforementioned rules apply. If the user has multiple IDs, it is possible to collect and record consents for each of them separately. is, as a rule, the head of processing in relation to the personal data of its users in terms of applicable regulations on personal data protection.

The policy primarily refers to natural persons who submit a request or use the services of (hereinafter referred to as Users) and / or are interested in using the services of Rač (hereinafter: Potential users). However, taking into account the legitimate interests of users who are legal entities, the Policy is appropriately applied to legal entities in accordance with the applicable regulations. In order to avoid ambiguities, the Policy in any case fully applies to employees of legal entities using when these employees are also in a contractual relationship with

2. Principles of Personal Data Processing

2.1. Trust

We want to be a reliable partner to Users in protecting their privacy and justify the trust they have placed in us. We also want to be completely transparent and clear regarding the processing of the User’s personal data. This is, among other things, the purpose of this policy, and especially through the active role of the User in data management. Users can always contact us with a request to change personal data relating to them or to express their will as to the purposes for which they want or do not want their data to be processed.

2.2. Legality and Best Practice

When processing personal data, we act in accordance with the law, but at the same time we always strive to apply higher standards and best European practice.

2.3. Limited Processing Purpose

We collect and process personal data only for a specific and lawful purpose and do not further process them in a manner that is not in accordance with the purpose for which they were collected, unless otherwise provided by law or with the consent of the user.

2.4. Reducing the Amount of Data

We always use only those data of the User that are appropriate and necessary to achieve a certain legitimate purpose, and not more data than that.

2.5. Processing in an Unnamed Form

Whenever possible and justified, we use the data in an unnamed form. Data in an unnamed form is considered primarily anonymous data. However, whenever possible and justified, especially for the protection of the User’s personal data, we pseudonymize personal data, i.e. we “mask” them with special pseudonymization procedures (e.g. substitution, hashing, etc.) in such a way that they cannot be connected to an individual User without use of additional information that is stored securely and separately (e.g. use of a key).

2.6. Integrity and Confidentiality

We process personal data in a secure manner, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage (e.g. access to personal data of users is available only to authorized persons who need it to perform their work, not other employees).

2.7. Quality of Personal Data

We attach great importance to the quality of the data we process. The personal data we process must be accurate, complete and up-to-date in order to ensure maximum protection of the User’s data and to prevent possible misuse. That is why it is important for us that the User informs us about any change in the data immediately or as soon as possible.

2.8. Limited Storage Time

We store and process the User’s data only for as long as is necessary for the execution of a certain legitimate purpose, unless the applicable regulations provide for a longer or shorter storage time for a particular purpose or in other cases expressly prescribed by law. After that, the data is permanently deleted or made anonymous.

3. How We Collect Personal Information collects personal data (hereinafter: data) of the User in the following basic ways:

3.1. Directly from the User or Potential User

We primarily collect data from the User or Potential User by providing it to us.

3.2. Automatically When the User Uses the Services and/or Products

For example, we collect information about the number called, the duration of the call, information about the Internet connection, IP address, communication time, and the like.

3.3. From Publicly Available Sources

For example, data from the court register, public telephone directory, publicly available services or publicly available numbering. A prerequisite for any collection of personal data of the User is the existence of an appropriate legal basis based on law.

4. What Types of Personal Data We Collect

Depending on the contracted service or product, the User’s consent and the purpose for which the individual data is used, is authorized to collect the types of User data listed below. In doing so, we always collect only those data that are necessary to achieve a certain legitimate purpose. Also, the requests for individual services indicate the information that is mandatory for the conclusion of the contract, while the provision of other information is voluntary.

4.1. Contract Data

Contract data in a broader sense include the so-called master data, ie data provided by the User for the purposes of concluding and executing the contract.

4.2. Usage Data

Data on use in the narrower sense are generated automatically, using certain services and products because they are necessary for the provision of the service and, for example, include: data on electronic communications (so-called traffic data, eg date, time, duration of communication on the number of the caller and the called number, on the signalization, on the approximate location of the device, data on the user’s device, the amount of used data traffic, IP address), data on how to use services and user habits when using products and services.

4.3. User Communication with

For example, written or electronic communication of the User with, communication with on social networks, etc.

4.4. Viewership data

For example, data on YouTube channel views, posts on other social networks and the like.

4.5. Potential Beneficiary Data

This information includes personal data, especially contact information (e.g. name and surname, e-mail address), but also the interests of the Potential User for services. As a rule, will record the data of those Potential users who contact with the wish that informs them and / or offers them certain products and / or services. Potential Beneficiary data is deleted or anonymized at the request of the Potential Beneficiary.

5. For What Purposes do We Use the Collected Personal Data

5.1. Execution of the Contract collects and processes user data (hereinafter: uses) primarily for the purposes of concluding and executing contracts between the User and This includes in particular the use of data to verify the identity of the User, the solvency of the User, the provision of the contracted service, billing and collection of costs, delivery of ordered products, contacting the User if necessary in connection with the service, resolving complaints, monitoring and ensuring quality and safety and products, customer support, advice and assistance in the use of products and services and other actions related to the conclusion and execution of contracts in accordance with the law.

The legal basis for data processing for these purposes is the necessity to execute the User’s contract or to take measures at the request of the User before concluding the contract. In the event that the user does not want to provide the information necessary for the purposes of concluding and executing the contract, will not be able to conclude the contract and / or perform certain actions related to the execution of the contract.

5.2. Internal Purposes

Furthermore, uses certain data of the User exclusively for the needs of’s own records, and for the purposes of protecting the legitimate interests of the User and / or This includes, for example, the use of User data to prevent, detect and prosecute abuse to the detriment of the User or, ensure the safety of employees, users, products and services of, create services and offers that meet the needs and desires of the User, ensure superior customer service. experiences, personalized customer support, market research and analysis, etc.

The legal basis for data processing for these purposes is the legitimate interest of, except when the interest or fundamental rights and freedoms that require protection of the User’s data and / or the legal basis for the protection of key interests of the User or other natural person are stronger than that interest.

5.3. Direct Promotion of Services and Products may also use all of the User’s contact information to send promotional notices about all services and products through all advertising channels, unless the User specifies otherwise. In order for the User to receive notifications that correspond to his wishes and habits, it is necessary that uses certain data of the User to create personalized promotional notices and offers for the User. The user may at any time declare that he no longer wishes to receive promotional notices. In this case, the User’s data will no longer be processed for the purposes of direct promotion. will send promotional notices about the services and products of third parties (partners) to the User only with consent.

5.4. For the Purpose of Fulfilling Legal Obligations

Based on a written request based on applicable regulations, is obliged to submit or provide access to certain personal data of the User to the competent state bodies (e.g. courts, police, Tax Administration).

6. Linking Personal Data

If necessary, we connect the personal data of the User related to a particular service or product of with the personal data of the same user related to other services and products of, all for the aforementioned purposes and respecting the legal bases in order to obtain more accurate information about needs and habits. User and ultimately be able to provide the User with optimal support, service and / or product.

If necessary, we process the personal data of the User together with the data of other Users. However, such processing is generally based on completely anonymous data or the explicit consent of the User to process a certain type of data, and only exceptionally on the legitimate interest of, if the data is pseudonymous.

When concluding the contract,, processing the User’s data, concludes about the so-called the Beneficiary’s profile with regard to the Beneficiary’s ability to meet its future obligations and accordingly decide on concluding a contract or requesting additional payment security for the purpose of concluding a contract, all in accordance with special regulations.

7. User Consent

The consent of the User is considered to be a voluntary, special, informed and unambiguous expression of the User’s wish by which the User, by a statement or clear confirmatory action, gives consent for the processing of personal data for certain purposes (so-called opt-in). Consent may be given in writing or by other appropriate means. Without the consent of the User:

  • we will never use the following data of the User for any purposes other than the execution of the contract, ie the provision of services, prevention of abuse, normal functioning or fulfillment of the legal obligation, and especially not for the purposes of direct promotion;

  • we will never send third-party promotional messages to the user;
  • we will never process the User’s data in other cases where consent is required by applicable regulations.

The user manages his expressions of will regarding the use of his own data, depending on his needs and interests. For this purpose, we enable the User to give or deny consent at any time in a simple and free manner, through various channels.

8. Cookies

In order to provide users and visitors with the best possible functionality and interesting content when they visit our websites or the websites of our partners, and to create services and offers that meet the needs and wishes of users, we use cookies and / or other common techniques (hereinafter: cookies). which collect certain data of the User (e.g. IP address from which the website is accessed, connection time, etc.). Detailed information about cookies used by each website is provided to the user immediately upon the first visit to the website. Based on this information, the User gives or denies his consent to the use of cookies when visiting the website. Cookie settings can always be adjusted in a web browser. is not responsible for cookies from other websites that are not owned by We will link the information about the User obtained by cookies with other data about the User in order to get to know the User better and provide a better User experience, only on the basis of consent.

Social networks publishes personal data of users on social networks only with the consent of the user. The publication of personal data on social networks is carried out only in the case of the implementation of prize games via social networks. In the event that the user wishes to participate in these prize games, he will be informed of the conditions for the use of personal data for the purposes of participating in the prize game. This personal data will not be used for other purposes. The type of personal data collected for the purpose of realizing prize games is the minimum set of data necessary for the realization of each prize game. Only by accepting the conditions of participation will the personal data be used for the purpose defined above. At any time, the user can withdraw his consent to participate in the prize game and the given data will be deleted.

9. How We Protect Personal Information

We use various technical and organizational measures to protect the User’s data from unauthorized access by persons inside and outside, alteration, loss, theft and any other data breaches and misuse in accordance with European best practice. These measures include, but are not limited to, the following:

  • our services and products, before we offer them to Customers, meet security and data protection requirements (so-called privacy by design and security by design);
  • best practice of data anonymization;
  • concluding a contract on personal data protection of the User with all so-called subcontractors;
  • implementation of all protection measures on the systems on which the User’s data are located;
  • conducting regular controls of security measures and personal data protection measures;
  • continuous education of employees.

10. Where Personal Data is Processed

As a rule, we process the User’s personal data in the Republic of Croatia. We also process them exceptionally in other countries (e.g. when a subcontractor from another country is hired to provide a certain service or part of a service that includes the processing of personal data), as a rule in the Member States of the European Union. We process them exceptionally in other countries as well, but always with the provision of adequate protection of personal data, at least in the way that personal data is processed in the Republic of Croatia (e.g. by applying the so-called EU Standard Contract Clauses for processors in third countries).

11. Under What Conditions do We Pass on Personal Data to Third Parties

User data are extremely important to never sells the User’s personal data to anyone. does not forward or exchange the User’s data with any other legal or natural persons (hereinafter: persons), except in the following cases:

a) if there is a legal obligation or explicit authority under the law (e.g. at the request of the court);

b) if we hire another person to perform certain tasks as the so-called subcontractors, ie executors of processing (e.g. printing and delivery of invoices, market research, system maintenance, verification of solvency, forwarding to debt collection agencies for collection of receivables). It is important to emphasize that the so-called. the subcontractor acts exclusively on the order of and ensures all measures of data protection of the User as if these tasks are performed by

c) if the data needs to be forwarded to third parties in order to perform the contract with the User (e.g. number portability);

d) if the other person is the holder of the User Agreement for the services used by the User;

e) cession, i.e. assignment of claims to third parties pursuant to Article 80 of the Civil Obligations Act;

f) based on the consent of the User.

12. User Rights (Correction, Deletion, Objection, Access, Restriction of Processing, Transferability)

In addition to the active role of the User in relation to the management of consents, ie the right of the User to withdraw consent at any time, the User also has the following active roles, all in accordance with applicable regulations:

a) The right to object: The user has the right to request at any time to stop receiving promotional notices about the services and products of The user also has the right to object to any other processing of user data based on the so-called. legitimate interest of, including the development of a profile based on these provisions (so-called opt-out). In that case, will not process the data for the stated purposes, unless otherwise prescribed by law.

b) obligation to keep data: The User has the obligation to keep secret and with due care all identification marks assigned to him by (e.g. username, password, etc.) because all actions taken with the User’s identification marks are considered actions of the User. Also, the User is obliged to change the password or other access data as soon as he suspects the unauthorized use of this data and to inform in case of suspicion of misuse of identification marks.

c) right of access: The User has the right to receive confirmation whether the User’s personal data are processed and, if such personal data are processed, access to such data and information on the purpose of processing, personal data categories, recipients or categories of recipients, on the envisaged period data to be stored or on the criteria used to determine that period, the existence of the User’s rights, the existence of automated decision making, including profile creation, and information on processing logic, importance and anticipated consequences of processing, protective measures if data is transferred to the so-called. third countries.

d) right to erasure: The user has the right to obtain the erasure of personal data relating to him without undue delay and under the conditions specified in the applicable data protection regulations.

e) right to correction: The User has the right to obtain the correction of inaccurate personal data relating to the User.

f) the right to data portability: The User has the right to receive personal data relating to the User, provided by, in a structured, commonly used and machine-readable format and has the right to transfer this data to another controller if the processing is based on consent or on contract and is carried out automatically. If this is technically feasible, the User has the right to a direct transfer from to another processing manager.

13. Who to Talk to

The User may exercise his rights referred to in Article 12 by submitting an appropriate request to the e-mail [email protected] or postal address d.o.o, Ulica Pere Budmanija 5, 10000 Zagreb or in another way provided by to the User, about the type of request.

If the User suspects a breach of his personal data, he reports his suspicion in writing to the e-mail address [email protected] or the postal address d.o.o., Ulica Pere Budmanija 5, 10000 Zagreb.

In case of any questions about this Policy and / or protection of personal data at, the User can contact the e-mail [email protected].

Also, the User is authorized to file a complaint to the Agency for Personal Data Protection.

14. Amendments and Transitional Provisions of the Policy

The policy enters into force and begins to apply to users on 25 May 2018 and is available on the website and in the business premises of Users will be notified of possible changes to the Policy in a timely manner, including through publication on the website.