Data privacy and protection of your data
Your privacy is important to us,
Orvas d.o.o. In this Privacy Notice, we would like to explain who we are, what personal data we collect about you, why we collect it and what do we do with it in an easy and readable way. Personal data means any data from which we are able, directly or indirectly, to identify you.
Please take time to read this Notice. If you do not agree to it, please do not provide us with your data.
2. What does this Privacy Notice cover
This Notice covers how we process your data whenever you interact with us, e.g. when you:
- visit any of our websites;
- use our social media channels;
- purchase and use our products and services, systems and applications;
- subscribe to our newsletters;
- provide to us your goods or services, systems or applications;
- contact our customer support;
- join our business events;
- participate to our contests;
- participate to our promotions;
or otherwise interact with us
as consumer, business customer, partner, (sub)supplier, contractor or other person with a business relationship with us.
“Processing” means any operation performed on personal data, which includes collection, recording, storage, modification or update, retrieval, consultation, use, disclosure by manual and/or automated means.
3. What is the data that we collect about you?
Depending on who you are (e.g. customer, consumer, supplier, business partner, etc.) and how you interact with us (e.g. online, offline, phone, etc.) we may process different data about you. In this notice we cover all possible personal data that we collect from you.
Data you provide directly to us (examples below)
|Categories of data||Examples of data|
|Personal identification||Name, last name, title, date of birth|
|Contact information||Email, phone number, address, country|
|Images||Pictures uploaded/ provided to us|
|Financial data||Credit card data, bank account information|
|Other information||Household information, interests, profession, preferences|
Data about your use of products and/or services that we collect automatically (examples below)
In addition to the information you provide to us directly (see above), we may collect information sent to us by your computer, mobile phone or other access device. For example, we may collect:
|Categories of data||Examples of data|
|Device information||Device model, unique device identifier, MAC address, IP-address, operating system version, and settings of the device you use to access, e.g. the websites/ apps/ services|
|Log information||Time and duration of your use of our digital channel or product|
|Location information||Your actual location (derived from your IP address or other location-based technologies), that may be collected when you enable location-based products or features such as through social media|
|Other information||Apps you use or websites you visit, links you click within our advertising e-mail, motion sensors data|
Information from third-party sources (examples below)
We may receive information about you from publicly available sources (as permitted by law) such as public databases, our marketing partners, or social media platforms when you choose to connect to such services.
We may combine this information with other information we receive from you.
Other (examples below)
You may choose not to provide certain types of information to us but doing so may affect your ability to enable certain functionality of the products and/or services.
In compliance with the law, we will not process data relating to:
- racial or ethnic origins;
- political opinions;
- religion or beliefs;
- trade union membership;
- genetic features;
- sex life;
- criminal convictions or related security measures;
- biometric data;
- genetic data.
If we had to process this type of data, we would always request your prior consent.
How do we use your data?
We may process your data for different purposes, but only for those which have a legal basis to process the data. Please find below the overview.
|Legal basis||Examples of Purpose|
Billing and delivering products and/ or services that you have purchased;
Enabling us to reach you for delivering you our products;
Registration to mobile applications or websites;
Service account management.
|Compliance with legal obligations and Public interest||
Disclosing data to government institutions or supervisory authorities as applicable in all countries in which we operate, such as reporting obligations, compliance audits, tax deductions, record-keeping and reporting obligations, compliance with government inspections and other requests from government or other public authorities;
Establish, exercise, or defend ourselves from legal claims.
Administrative communications, such as order confirmations, notifications about your account activities, and other important notices;
Providing support upon your request via communication channels, such as customer or contact center support;
Security and protection of our interests/assets, such as deploying and maintaining technical and organizational security measures, conducting internal audits and investigations, conducting assessments to verify conflict of interests;
Managing any internal complaints or claim.
Orvas d.o.o. may send you communication about our products, services, events and promotions. The communication is send via different channels: email, phone, SMS, post, social networks. We would like to provide you with the best experience, therefore this communication might be tailored to your preferences (for example, email as your preferred channel of communication with us – you can indicate it yourself or we can understand it based on the links you click in out emails). When required by law, we will ask your consent before starting the above activities. To give your consent, you can, for example, tick the box for acceptance of receipt of news and promotions or usage of your data for general ecommerce industry trend analytics. We also give you the opportunity to opt-out and withdraw your consent at any time. (e.g. unsubscribe email, send us a request for withdrawal of the consent, etc.)
If we ask you to provide us with your data, but you chose not to, in some cases we will not be able to provide you with the full functionality of our products, services, systems or applications. Also, we might not be able to respond to requests you might have.
When do we share your data?
To whom the data is disclosed: other Orvas entities, affiliates, service providers, business partners, public authorities, governmental authorities, contractors, others.
When the data is transferred abroad?
Which countries, under which instrument?
Your data will be processed by ourselves and other entities within the Orbico Group. In exceptional cases and only to fulfill the above described purposes described above, your data might be shared with following parties:
- Service providers: we may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers, shipping providers;
- Business partners: for example: MMK, Phobs, ..., they can provide you with the services you request;
- Public and governmental authorities: when required by law, or as necessary to protect our rights, we may share your data with entities that regulate or have jurisdiction over Orbico Group;
- Professional advisors such as auditors, lawyers, accountants, other professional advisors;
- Other parties in connection with corporate transactions such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
[Your information may also be processed in a destination outside of the European Economic Area]. Third parties are limited in their ability to use your information for other purposes than providing services to us and are also required to protect and handle your information in accordance with legal, regulatory and contractual obligations. We take reasonable steps to ensure that we retain information about you only for so long as is necessary for the purpose for which it was collected, or as required under any contract or by applicable law.
6. How do we keep/retain your data?
We keep your data for the period necessary to fulfill the purposes for which it has been collected (see above section “How do we use your data?”). Sometimes we might keep your data longer if required or permitted by law. We determine the period based on the following criteria:
- How long is the data needed to provide you with our products or services or to operate our business?
- Do you have an account with us? Then we will keep your data while your account is active.
Are we subject to a legal, contractual, or similar obligation to retain your data?
Examples can include mandatory data retention laws, government orders to retain data relevant to an investigation, or data that must be retained for the litigation purposes.
7. How do we secure your data?
To protect your data, we will take appropriate technical and organizational measures in line with the applicable data protection and data security laws, including requiring our service providers, business partners or professional advisors to use appropriate measures to protect the confidentiality and security of your data. We put in place measures to prevent risks such as destruction, loss, alteration, unauthorized disclosure of, or access to your data.
8. Who is responsible for your data?
Orvas d.o.o with its head office at Uvala Baluni 9, Split is responsible for processing the personal data it deems necessary to process. We are therefore the party whom you, as well as the supervisory authorities (AZOP- Agencija za zaštitu osobnih podataka – Agency for personal data protection), should contact for any questions you may have relating to the way our company uses your data. For some services, we rely on specialised partners. They therefore must follow our instructions and adhere to our policy on personal data protection. We ensure that our partners receive only the data that are strictly necessary to perform their contractual duties.
9. Which legislation applies?
The protection of your personal data is covered by the Regulation EU 2016/679, also known as the EU General Data Protection Regulation and applicable national data protection law of Sweden. We undertake to comply with our obligations and respect your rights whenever we process your data. If you wish to learn more about this subject, we advise you to visit http://azop.hr/.
10. Accessing your information
You are entitled to submit an inquiry to us and be advised about the data we process about you and how we process such data. You are also entitled at any time to withdraw your consent and/or request any erroneous data to be corrected. Please make your enquiries and requests in writing, sign and send your letter to the address Orvas d.o.o., Uvala Baluni 9, 21000 Split, Republic of Croatia. We will respond promptly and no later than within a month, unless extraordinary complexity would require an extension of the time to respond.
If you have any issues exercising your rights regarding personal data, you may
- contact the Orvas Privacy Manager: Jakov Mišura, Tel. 00385 95 344 4108; E-mail: email@example.com, and/or
- lodge a complaint with the supervisory authority: AZOP (Agencija za zaštitu osobnih podataka – Agency for personal data protection).
11.Confidential data protection
• User Privacy Notice
Points of sale must provide their buyers with the option not to participate in marketing campaigns, and the right to object to the processing of personal data by third parties.
Orvas Yachting takes data protection and privacy very seriously. We collect only relevant and necessary data to accomplish the specified purpose and to meet our obligations. Our buyers are informed about the way the collected data is used, moreover, they can control and determine how their personal data is used. Buyers can also decide whether they want their name removed from the list used for marketing campaigns.
All user personal data is kept strictly confidential. It is available only to employees who require such data to perform their work tasks. All employees of Orvas Yachting and business partners are obliged to demonstrate that their activities are compliant with the Data Protection Principles.
If the prices, indicated on the online point of sale, are given in some international currency (for example €, £, $...), the final price can also be in the same currency or it can be calculated and indicated in Croatian currency (HRK) before the checkout. It is necessary to provide the following statement of conversion (adapted to the language, currency and the exchange rate of the bank).
All payments will be effected in Croatian currency. The amount your credit card account will be charged for is obtained through the conversion of the price in Euro into Croatian kuna according to the current exchange rate of the Croatian National bank. When charging your credit card, the same amount is converted into your local currency according to the exchange rate of credit card associations. As a result of this conversion there is a possibility of a slight difference from the original price stated in our web site.
If the prices available on the online point of sale are given in the origin currency, and not in foreign currency, this statement about conversion can be used for the foreign customers: All payments will be effected in national currency. The charged amount on your credit card account is converted into your local currency according to the exchange rate of credit card associations.
• Statement about the Protection of Personal Data Transfer
Data protection pursuant to the General Data Protection Regulation of the European Parliament and the Council no. 2016/679- Regulation and implementation of the GDPR.
WSPay, being the processor of authorization and payment made by credit cards, uses personal data as the processor pursuant to the General Data Protection Regulation of the European Parliament and the Council no. 2016/679, and compliant with PCI DSS Level 1 Regulations for data transfers.
WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer. Personal data used for the purposes of authorization and payment are deemed to be confidential data. The following customer's personal data are necessary to fulfil the Agreement (authorization and payment): ·
- Name and Surname
- Telephone number
- Post Code
- Type of credit card
- Credit card number
- Expiry date (credit card)
- CVV number for credit card
WSPay does not process or use these personal data except for the purpose of fulfilling the Agreement, the authorization and the payment.
WSPay ensures to meet the requirements determined by applicable personal data protection regulations, for the processors of personal data, especially taking all necessary technical, organizational or security measures confirmed by PCI DSS Level 1 certificate.
- WSPay Usage Statement
Orvas Yachting (sales point) uses WSPay for online payments.
WSPay is a secure system for online payments, real time credit and debit card payments, and other payment methods. WSPay ensures the buyer and the merchant with the secure card data entry and transfer, which is also confirmed by PCI DSS certificate. WSPay uses 256-bit SSL encryption and TLS 1.2 cryptographic protocol as the highest protection standards for data entry and transfer.