Data controller for this website is BRIGHTDOCK Llc, Croatia, Rijeka (City of Rijeka) Nikole Tesle 9, VAT No: 85019089633.
We process personal data for the six following purposes:
- The (technical) maintenance, analytics, and improvement of our website,
- When we maintain contact with you over the telephone, post, or e-mail regarding our services (e.g. to create our offer) and products,
- Management of our customer base,
- The regular business operations,
- Sending newsletter via e-mail to our clients, business associates, and persons who gave their consent over https://sendgrid.com/ system for this purpose and we use them as our newsletter system provider
- Recruitment and employment purposes.
Use of the website
Maintenance and improvement of our website
You can find more information about Google Analytics by visiting the following website https://policies.google.com/technologies/partner-sites
- If you give us your contact details via contact form on our website or when you contact us by e-mail or telephone) (i.e. Personal Name, Company E-mail, your budget, and your Query (project details)), we will only use them to contact you, create an offer for cooperation or similar.
- If you purchase one of our products or services, we will also use your email address to inform you about important updates by email and to advise you on how to get the most out of our products.
- If you apply for job via contact form on our website we will use your personal data acquired (i.e. Personal Name, E-mail, Phone, which position you are applying for, and an upload space for them to upload your CV) for solely for our recruitment and employment purposes.
- You can use contact form on our website to contact us for cooperation or apply for job opening. If you do not wish to use the contact form, you can contact us by e-mail: email@example.com .
Due to some of our legal obligations, we process contact, payment, and communication data of (former) customers for our regular business operations. We send invoices, keep accounts, and store correspondence with (former) customers on our e-mail server and in online work folders. We store data in accordance with the relevant laws (e.g. Accounting Act – 11 years).
Based on legitimate interest, we process contact data (company name, contact person’s name, e-mail address, company address) of our (potential) customers in order to track and analyse the sale of our products and services for no longer than 11 years.
Recruitment and potential employment
In order to process your job application, we will process your personal data delivered either via contact form on our website or via email to us (i.e. Personal Name, E-mail, Phone, which position you are applying for, and an upload space for them to upload your CV) for recruitment and potential employment purposes and we will not process them for any other purposes. Such data will be stored by us not longer than 1 year.
Lawfulness of processing
Personal data may be processed only if there is a legal ground for doing so. Pursuant to the General Data Protection Regulation (GDPR) we process personal data on the following legal grounds:
- Consent: If you are not our customer, you can give consent for receiving our newsletter.
- Recruitment/employment: when applying for job with us we will collect, process your data only for that purpose.
- Contracts/precontractual agreements: when you, as a customer, purchase products and/or services from us or want to do so, and it is necessary for us to process your personal data to be able to do so.
- Legal obligation: if we receive a legitimate claim to provide data to a competent authority. We are also legally obliged to keep personal data in our financial records for a certain period of time, in accordance with tax and accounting legislation.
- Legitimate interest: if you have been a customer in the past or we have sent you an offer, we will retain your contact details 11 years after the last instance of our contact to be able to contact you in the future for possible follow-up projects/offers. Also, on the grounds of legitimate interest, we send news re offer our services and products to our customers.
Lawfulness of processing
We do not provide or share any personal data to third parties unless we are legally obligated to do so. We store such data only stored internally in our G Suite (Google Drive) and we keep them protected by state-of-the-art technology.
Transfer of data
The Internet is a global environment. Using the Internet to collect and process personal data necessarily involves the transmission of data on an international basis. Any such transfer is made in accordance with regulatory requirements that ensure such transfer and/or country maintains the same level of personal data protection. Brightdock opted for industry-approved storage providers with the highest privacy and data security standards.
We do not store personal data longer than it is necessary for the purpose for which we obtained it. This assessment is based on the type of personal data, the product or service for which we have obtained the data, and what you, as the data subject, can reasonably expect as a retention period (e.g. business operations – data is stored for no longer than 11 years since the termination of business cooperation, newsletter data until consent withdrawal, recruitment/potential employment purposes up to 1 year etc.).
We have enabled encryption of the traffic on our website. This makes the data traffic between you and our web server unreadable, so that third persons have no access to it. We also made sure to secure your data in an appropriate way in all our systems. We do this with all kinds of technical measures (e.g. antivirus, complex passwords etc.), including physical security of access to our office, but also with organisational measures.
Pursuant to the General Data Protection Regulation (GDPR), you have the right to access your personal data on request and, if necessary, to amend and delete the data. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Also, in some cases it is possible to invoke the right to data portability.
In any event, you have the right to object the processing of personal data for marketing purposes that is based on legitimate interest.
If you have any objection, you can contact the relevant supervisory authority which is Croatian Personal Data Protection Agency (“Agencija za zaštitu osobnih podataka” – AZOP) for the Republic of Croatia.
For any questions and requests, please contact us on firstname.lastname@example.org.