Data controller for this website is Parser compliance d.o.o., Ulica Milana Amruša 19, Zagreb, VAT No: 59211267966.
We process personal data for the six following purposes:
- the (technical) maintenance, analytics, and improvement of our website,
- when we maintain contact with you over the telephone, post, or e-mail regarding our services (e.g. to create our offer) and products,
- management of our customer base,
- the regular business operations,
- sending newsletter via e-mail to our clients, business associates, and persons who gave their consent over Mailerlite system for this purpose,
- sending information on activities of the Privacy Club.
Maintenance and improvement of our website
Based on legitimate interest, we use the information about visits to our website, to analyse which web pages are visited most frequently. This information allows us to analyse and improve our website in a privacy-friendly way. To analyse and improve the use of our website we do not store analytical cookies on your device. We use only script that allows us to collect analytics information.
What actually happens during the website analysis?
To enhance visitors’ privacy, we do not actually store the raw visitor IP address in our database or logs. We run it through a one-way hash function to scramble the raw IP addresses and make them impossible to recover.
To further enhance visitor privacy, we add the website domain to their IP hash. This means that the same user will never have the same IP hash on two different websites. If we didn’t do this, the hash would effectively act like a third-party (cross-domain) cookie.
Network Address Translation allows many unique users to share the same public IP address. For this reason we also add the User-Agent string to the hash, although we don’t store the actual User-Agent string.
In summary, here’s how we assign a hash that we use for unique user counting:
hash(website_domain + ip_address + user_agent)
If you give us your contact details (e.g. when you contact us by e-mail or telephone), we will only use them to contact you, create an offer for cooperation or similar.
If you purchase one of our products or services, we may also use your email address to inform you about important updates by email and to advise you on how to get the most out of our products.
If you do not wish to receive these e-mails, please send as a message to firstname.lastname@example.org or unsubscribe via the unsubscribe button at the bottom of each e-mail.
Due to some of our legal obligations, we process contact, payment, and communication data of (former) customers for our regular business operations. We send invoices, keep accounts, and store correspondence with (former) customers on our e-mail server and in online work folders. We store data in accordance with the relevant laws (e.g. Accounting Act – 11 years).
Based on legitimate interest, we process contact data (company name, contact person’s name, e-mail address, company address) of our (potential) customers in order to track and analyse the sale of our products and services for no longer than 11 years.
Lawfulness of processing
Personal data may be processed only if there is a legal ground for doing so. Pursuant to the General Data Protection Regulation (GDPR) we process personal data on the following legal grounds:
- Consent: If you are not our customer, you can give consent for receiving our newsletter. Likewise, based on the consent, you can join our Privacy Club.
- Contracts/precontractual agreements: when you, as a customer, purchase products and/or services from us or want to do so, and it is necessary for us to process your personal data to be able to do so.
- Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records for a certain period of time, in accordance with tax and accounting legislation.
- Legitimate interest: if you have been a customer in the past or we have sent you an offer, we will retain your contact details 11 years after the last instance of our contact to be able to contact you in the future for possible follow-up projects/offers. Also, on the grounds of legitimate interest, we send news from the field of personal data protection, information security, and offer our services and products to our customers.
Recipients of personal data
We do not provide any personal data to third parties, unless we are legally obligated to do so. We do, however, make use of the services of several suppliers in the field of ICT technologies. We have concluded data processing agreements with these organisations. Data processors may only process personal data on our behalf and under our supervision, only for purposes we determine and under strict confidentiality. When we work with self-employed providers, temporary employees, or partners who are not processors and it is necessary to exchange personal data, we enter into a confidentiality agreement.
For data that our data processors transfer outside of the European Union to provide information services (e.g. Clio, Trello and Microsoft Office) we use security measures for data transfer, like Privacy Shield mechanism.
We use Mailerlite services for sending newsletter.
We do not store personal data longer than it is necessary for the purpose for which we obtained it. This assessment is based on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period (e.g. business operations – data is stored for no longer than 11 years since the termination of business cooperation).
We have enabled encryption of the traffic on our website. This makes the data traffic between you and our web server unreadable, so that third persons have no access to it. We also made sure to secure your data in an appropriate way in all our systems. We do this with all kinds of technical measures (e.g. antivirus, complex passwords etc.), including physical security of access to our office, but also with organisational measures.
Pursuant to the General Data Protection Regulation, you have the right to access your personal data on request and, if necessary, to amend and delete the data. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Also, in some cases it is possible to invoke the right to data portability.
In any event, you have the right to object the processing of personal data for marketing purposes that is based on legitimate interest.
If you have any objection, you can contact the relevant supervisory authority which is Croatian Personal Data Protection Agency (“Agencija za zaštitu osobnih podataka” – AZOP) for the Republic of Croatia.
For any questions and requests, please contact us on email@example.com.