This are the Privacy policy of IDENTITY CONSORTIUM d.o.o., Trogirska ulica 2, Varaždin, OIB: 44867795324 (hereinafter: „IDENTITY“) which applies to all visitors of the IDENTITY website, as well as those submitting information to IDENTITY via their contact forms at IDENTITY’s websites, social media accounts and similar third party services (hereinafter collectively: User).

GENERAL PROVISIONS

• IDENTITY is the data ‘controller’ in relation to the personal data the User provides to IDENTITY while visiting IDENTITY’s website and/or submitting information to IDENTITY for the purpose of acquiring information of the Services provided by IDENTITY, or for the purpose of acquiring such services and as such, IDENTITY determines the purposes and the way in which User’s personal data is, or will be, processed.
  • This Privacy policy aims to give the User information on how IDENTITY collects and processes any personal data it collects from the User, or that the User provides to IDENTITY.
  • Personal data means any information relating to an identified or identifiable natural person, whereas a natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or other.

METHODS OF DATA COLLECTING

• IDENTITY collects personal data from the User through:
• direct interactions such as filling in forms or by corresponding with IDENTITY in person, by e-mail, phone, post or otherwise, which includes personal data the User provides to IDENTITY while contacting them in one of the described ways,
• automated technologies or interactions with IDENTITY’ website (www.identyum.com), where IDENTITY may automatically collect technical data about User’s equipment, browsing actions and patterns. This personal data is collected specifically by using cookies and other similar technologies, as described below,
• third parties or publicly available sources, for example, analytics providers such as Google.

DATA THAT IS BEING COLLECTED AND PROCESSED

• IDENTITY collects the following User’s data:
• personal identification and contact data which includes: name, email address, mobile number,
• technical data which is collected when the User browses IDENTITY website automatically about the User’s visit to the website, including, but not limited to, information about the IP address used to connect the User’s computer to the internet, browser type and version and browser plug-in types and version.

LEGAL BASIS FOR THE DATA COLLECTION AND PROCESSING

• IDENTITY collects and processes User’s personal data in following situations:
• to execute an Agreement IDENTITY is about to enter into with the User or has entered into with the User (i.e. when the User contact IDENTITY to acquire its Services),
• where the User has given IDENTITY his/her prior consent to collect and use User’s personal data (for example marketing),
• where it is necessary for IDENTITY’ legitimate interests (or those of a third party) and User’s interests and fundamental rights do not override those interests. IDENTITY shall not collect and use User’s personal data for activities where IDENTITY’ interests are overridden by the impact on the User (unless User has given his prior consent or IDENTITY is otherwise required or permitted to by law),
• where IDENTITY needs to comply with a legal obligation.
  • The following table contains a description of all the ways IDENTITY uses personal data, legal ground for the use of the personal data and IDENTITY’ legitimate interests, where applicable.

Purpose/Activity	Legal basis for data processing	Type(s) of Data used
To enter into an Agreement for the provision of Services; to execute and manage the Agreement	Performance of a Contract, legal obligation	Personal identification and contact data
For marketing purposes (sending newsletter and other)	Consent	Personal identification and contact data
Requesting User’s participation in online surveys	Consent	Customer Testimonials
Posting User’s testimonials and reviews on Website	Consent	Customer Testimonials
Use of necessary, functional and analytical cookies	Legitimate interests (in operating website); Consent	Technical data
To maintain statutory records	Legal obligation	Service records

• IDENTITY may process User’s personal data for more than one lawful ground depending on the specific purpose for which IDENTITY is using the data.

ACCESS TO THE DATA AND DATA TRANSFER

• Personal data collected and processed by IDENTITY are processed by employees and external associates, as well as other data processors with whom IDENTITY has concluded appropriate agreements based on which the data processors are obliged to use the said data exclusively in accordance with the guidelines of IDENTITY and strictly for the purpose specified by IDENTITY, with the obligation of data confidentiality and data protection.
  • IDENTITY will not share collected and processed data with third parties beyond the purposes specified in these rules and/or beyond the scope of consent. Data can be transferred:
• if it is necessary for the performance of the requested services, i.e. the fulfillment of assumed contractual obligations,
• if the User has given their consent to such transfer,
• to third parties, namely other data processors, with whom IDENTITY has concluded appropriate agreements based on which it guarantees an equal level of protection of personal data.

USER’S RIGHTS

• Each User has the right to submit a written request to IDENTITY requesting:
• confirmation of whether personal data relating to the User is processed or not,
• notification about data related to the User whose processing is in progress and about the source of this data,
• notification of the User’s right to correct or delete personal data or limit the processing of personal data relating to the User or the right to object to such processing,
• notification of the right to submit a complaint to the supervisory body;
• inspection of the records of the collection of personal data and their copying,
• printout of data on who and for what purposes and on what legal basis received personal data relating to the User for use,
• notification about the logic of any automatic data processing that applies to the User,
• supplementing, changing and/or deleting personal data that is incomplete, incorrect and/or not up-to-date,
• deletion of personal data based on the “right to be forgotten”,
• limitation of personal data processing.
  • IDENTITY is obligated to comply with the User’s request from previous point without delay, and no later than within 30 (thirty) days from the date of receipt of the written request. Written requests are sent in writing to the address of the IDENTITY’ headquarters, either directly or by registered mail with return receipt, or by e-mail.
  • IDENTITY is obligated to inform the User about the addition, modification or deletion of personal data no later than 30 (thirty) days from the date of receipt of the written request, as well as all recipients to whom personal data has been disclosed to, provided that the same is possible and does not require disproportionate effort.
  • The user has the right to ask IDENTITY to delete personal data relating to them, which request IDENTITY is obligated to comply with if one of the following conditions is met:
• personal data are no longer necessary in relation to the purposes for which they were collected,
• the user has withdrawn the consent on which the processing is based,
• the user files an objection to the processing,
• personal data was illegally processed.
  • The User has the right to obtain from IDENTITY the limitation of personal data processing if one of the following is met:
• the User disputes the accuracy of personal data, in which case the processing is limited to the period during which IDENTITY is able to verify the accuracy of personal data;
• the processing is illegal and the User objects to the deletion of personal data and instead requests a limitation of their use;
• IDENTITY no longer needs personal data for processing purposes, but the User requests it in order to establish, exercise or defend legal claims.
  • The User has the right at any time to file an objection to the processing of personal data relating to them and IDENTITY may no longer process such personal data unless it proves that there are convincing legitimate reasons for the processing that go beyond the interests, rights and freedoms of the User or for the purpose of setting , realization or defense of legal claims.
  • All requests, inquiries, objections or other related to the processing of personal data by IDENTITY, are submitted:
• by post to the address Trogirska ulica 2, 42000 Varaždin, Republic of Croatia.
• by e-mail to: support@identyum.com

DATA KEEPING

• IDENTITY will only retain User’s personal data for as long as necessary to fulfill the purposes it collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.

LINKS TO OTHER WEBSITES

• IDENTITY’ Website may include links to third-party websites, plug-ins and applications. This includes Social Media Features, such as the Facebook Like button and Widgets, the “Share this” button or interactive mini-programs that run on the Website. Clicking on those links or enabling those Features may allow third parties to collect or share data about the User. For example, these Features may collect User’s IP address or which page User is visiting on the Website and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on the Website. IDENTITY does not control these third-party websites or Features and is not responsible for their privacy statements. User’s interactions with these Features are governed by the privacy policy of the company providing it.

COOKIES AND OTHER TRACKING TECHNOLOGIES

• A cookie refers to a text file containing a small amount of information that is sent to User’s browser when User visit a website. The cookie is then sent back to the originating website on each subsequent visit, or to another website that recognizes it.
• Web beacon refers to an often-transparent graphic image, usually no larger than 1 pixel x 1 pixel, that is placed on a website or in an email that is used to monitor the behavior of the user visiting the website or sending the email. It is often used in combination with cookies.
• IDENTITY may collect information through the use of cookies, web beacons or similar analytics-driven technologies.
• IDENTITY uses following cookies:
• strictly necessary cookies which are cookies that are required for the operation of the website. They include, for example, cookies that enable a User to log into secure areas of the website.
• analytics/performance cookies which are types of cookies allow IDENTITY to recognize and count the number of visitors and to see how visitors move around their website when they are using it. This helps IDENTITY improve the way their website works, for example, by ensuring that users can easily find what they are looking for.
• functionality cookies which are used to recognize a User when he/she returns to the website. This enables IDENTITY to personalize their content for the User, greet them by name and remember their preferences.
• targeting cookies which record User’s visit to the website, the pages the User has visited and the links User has followed. IDENTITY will use this information to make its website and the advertising displayed on it more relevant to User’s interests. IDENTITY may also share this information with third parties for this purpose.
• Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which IDENTITY has no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
• User can block cookies by activating the setting on his/her browser that allows them to refuse the setting of all or some cookies. However, if browser settings are used to block all cookies (including essential cookies) User may not be able to access all or parts of IDENTITY’ website.

CHANGES TO THIS PERSONAL DATA PROTECTION POLICY IDENTITY is authorized to change this Personal data protection policy from time to time, in particular to reflect any key changes in its Services or as required by regulatory authorities. Any changes to this Personal data protection policy will be posted on the IDENTITY website.