Perfectus d.o.o., Otočki prilaz 11, 23000 Zadar, Croatia, OIB 25618284246 or by email firstname.lastname@example.org
2. THE LEGAL BACKGROUND
The law on data protection legislation General Data Protection Regulation EU 2016/679 (the “GDPR”) sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we collect and process your data with your consent. For example, when you transact business with us or ask to receive information about our services or any of the yachts on our website.
When collecting your personal data, we will always be clear which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
If the law requires us to, we may need to collect and process your personal data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, for example to service existing business relationships and contracts, and which does not materially impact your rights, freedom or interests. In more unusual circumstances, we may use your personal data to help us to establish, exercise or defend legal claims.
We will also use your address details to send you direct marketing information, to inform you about our services and yacht-related updates that we think might interest you.
3. WE COLLECT YOUR PERSONAL DATA:
• When you wish to do business with us or to work for us.
• When you visit our website/app or submit your information via the website/app.
• When you ask Yacht IN to send you information about a yacht or service.
• When you contact us by any means with queries, complaints etc.
• When you book any kind of appointment or meeting with us.
• When you engage with us on social media.
• When you download or install one of our apps.
• When you comment on or review our services.
• When you have given a third-party permission to share with us the information they hold about you.
• We collect data from publicly available sources where the information is made public as a matter of law.
4. WHAT SORT OF PERSONAL DATA DO WE COLLECT?
The types of personal information we collect about you depends on your relationship with us. They include:
• Your personal contact details such as name, title, postal addresses, email addresses and telephone numbers.
• Technical information, such as information from your visits to our website/app or relating to the event invitations, updates, marketing materials and other communications we send to you electronically. • Your communication preferences regarding marketing materials.
• Any other personal information you provide to us during your relationship with us, such as dietary requirements, any physical disability and your views and comments.
• Identification and background information we may collect about you as part of our business acceptance procedures and recruitment procedures.
• Copies of documents you provide to prove your identity where the law requires this or where we require it when you transact with us. This may include a copy of your passport or equivalent ID document. This will include details of your full name, address, date of birth and facial image. If you provide a passport, the data will also include your place of birth, gender and nationality.
• Details of your yachting preferences.
• Financial information, such as your bank account details.
• The company you work for and your position.
• Details of your visits to our websites or apps, and which site you came from to ours.
• Your social media username(s), if you interact with us through those channels, to help us respond to your comments, questions or feedback.
• We can take photos at events and courses and to publish them on our website/app for marketing purposes.
5. HOW AND WHY DO WE USE YOUR PERSONAL DATA?
We want to give you the best possible client service and yachting experience. One way to achieve that is to ensure we have all the relevant information, which may also include your personal data.
We then use this to inform the Yacht IN team and to tailor our services accordingly.
The data privacy law allows this as part of our legitimate interest in understanding our clients so we provide the highest levels of service.
Of course, if you wish to change how we may use your data, you will find details in the ‘What are my rights?’ section below.
Please be aware that if you choose not to share your personal data with us, or if you refuse certain contact permissions, we might not be able to provide some services that you may have asked for.
This is how we will collect your personal data and why:
• In the course of our business acceptance procedures to manage, administer and improve our provision of services to clients and to administer any service or support which you have requested, based on your consent given at the time of request.
• To provide information requested by you. We may also keep a record of your requests to inform any future communication and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
• To protect our business and you from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard our dealings with you. We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our website/app. We will do all of this as part of our legitimate interest.
• To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our clients from fraud.
• If we discover any criminal activity or alleged criminal activity. We aim to protect the individuals we interact with from criminal activities.
• With your consent, we will use your personal data to keep you informed by post, email and telephone about relevant services, events that you may be interested in, and so on. Of course, you are free to opt out of hearing from us by any of these channels at any time.
• To send you relevant, personalized communications by post and email in relation to updates and services. We will do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post and/or email at any time.
• To send you communications required by law or which are necessary to inform you about the services we provide to you. For example, legally required information relating to any service we have agreed to provide. These messages will not include any promotional content and do not require prior consent when sent by email, post or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
• To display the most interesting content to you on our websites or apps, we will use data we hold and will do so on the basis of your consent to receive app notifications and/or for our website to place cookies or similar technology on your device.
• To develop, test and improve the systems and services we provide to you. We will do this on the basis of our legitimate business interests.
• To comply with our contractual or legal obligations to share data with law enforcement.
6. GOOGLE ANALYTICS and COOKIES
Our websites use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies" (text files stored on users' computers) which allow an analysis of the website usage. The information generated by the cookies about the use of the websites by the users are usually transmitted to a Google server in the USA and are stored there.
In the case of the IP anonymization activation on our websites, the Google users IP address will be shortened beforehand within European Union member states or in other states members of the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the US and shortened there. IP anonymization is active on our websites. On behalf of the operator of our websites, Google will use this information to evaluate the use of the websites by the users, to compile reports on the website activities and to provide further services relating to website usage and internet usage to the website operator.
The shortened IP address provided by Google Analytics within the User Browser will not be merged with any other data provided by Google. Users can prevent the storage of cookies by the opt-out function on the Yacht IN website or alternatively by an appropriate setting of their browser software; Yacht IN, however, points out to users that in this case, not all functions of our websites may be fully utilized.
Furthermore, you can prohibit Google from collecting and analyzing the cookie generated data about your use of the website by installing the browser plugin provided on this link: https://tools.google.com/dlpage/gaoptout?hl=en
7. COMBINING YOUR DATA FOR PERSONALISED DIRECT MARKETING
We want to send you information that is most relevant to your interests at particular times. To help us form a better, overall understanding of you as a Yacht IN client, we combine your personal data gathered across Yacht IN as described above. For this purpose we also combine the data that we collect directly from you with data that we obtain from third parties to whom you have given your consent to pass that data on to us.
8. HOW WE PROTECT YOUR PERSONAL DATA
We are implementing technical and organisational measures to secure your personal data from accidental or intentional manipulation, loss, destruction, alteration and unauthorised disclosure as pursuant to the Article 28 of the General Data Protection Regulation. The security measures are being continuously improved in line with technical progress.
9. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We process your personal data - if necessary - for the duration of the entire business relationship (from the initiation, performance to the termination of a business relationship and until all open claims in connection with the business relationship have been satisfied in full).
The above listed data will be stored and processed until you withdraw your consent to this processing. The withdrawal of your consent has no effect on the lawfulness of the data processing up to this time.
After the business relationship ends, your data will be stored until expiry of the warranty, limitation and compensation periods as well as until expiry of legally binding retention periods and upon termination of any legal dispute in which the data is required as proof.
The data that you have provided us for marketing and information purposes, such as for sending a newsletter, is stored until you revoke your consent.
10. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We sometimes share your personal data with other trusted third parties. Examples of the kind of third parties we work with are:
• IT companies who support our website, app and other business systems.
• Operational companies such as delivery couriers, transfer companies etc.
• Direct marketing companies who help us manage our electronic and printed communications with you.
• Data insight companies to ensure your details are up to date and accurate.
Sharing your data with third parties for their own purposes:
We will only do this in very specific circumstances, for example:
• For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
• We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our clients into consideration.
• For further information please contact us.
11. WHERE YOUR PERSONAL DATA MAY BE PROCESSED
We may need to transfer your personal information to locations outside the jurisdiction in which you provide it, or from where you are viewing this website/app, in order to use it on the bases set out above. If you are an EU citizen or reside in the EU we will transfer your personal information outside the EU in accordance with EU data protection laws to ensure that it remains protected and secure.
If you reside in a jurisdiction outside the EU, you may also have rights under applicable laws in connection with your personal information that we collect, hold and process.
12. WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
We think it is important that you are able to control your personal information. You have the following rights: • Access to the personal data we hold about you, free of charge in most cases. • The correction of your personal data when incorrect, out of date or incomplete. • That we stop using your personal data for direct marketing (either through specific channels, or all channels). • That we stop any consent-based processing of your personal data after you withdraw that consent. You can contact us to request to exercise these rights at any time.
Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). If we choose not to action your request we will explain to you the reasons for our refusal. Generally, we will only disagree with you if certain limited conditions apply.
If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data is collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
13. HOW CAN YOU STOP THE USE OF YOUR PERSONAL DATA FOR DIRECT MARKETING?
There are several ways you can stop direct marketing communications from us:
• Click the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails from that particular team within Yacht IN.
• In our apps, you can manage your preferences and opt out from one or all of the different push notifications by selecting or deselecting the relevant options in the ‘Manage Notifications’ section.
• Email the Data Protection Officer at email@example.com
• Or write to us at: Perfectus d.o.o., Otočki prilaz 11, 23000 Zadar, Croatia
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
14. IF YOU LIVE OUTSIDE THE EUFor all non-EU residents
Where this Notice is available in a language other than English, then in case of any dispute about its meaning, the English version will take precedence.
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we will need to transfer your personal data between countries to enable us to supply services you have requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the EU or elsewhere.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the EU or elsewhere.
We will ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that is not set out in this Notice. We will also make sure we adequately protect the confidentiality and privacy of your personal data.
We will ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.