Privacy Policy and Terms of Use
PRIVACY POLICY
Effective Date: 17.3.2023.
1. Introduction
This Privacy Policy applies to our Website available at https://www.tabu.hr (hereinafter: Website), where we, the company Transparentići d.o.o., headquartered in Zagreb, Ulica Filipa Vukasovića 1, OIB: 99456386807 ("Transparentići," "we," or "our," as applicable), process certain Personal Data when you use specific functionalities of our Website.
Transparentići informs you, in accordance with Articles 12, 13, and 14 of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals concerning the processing of Personal Data and on the free movement of such data, repealing Directive 95/46/EC (hereinafter: "General Data Protection Regulation" or "GDPR"), about who the data controller is (the person responsible for processing Personal Data), who the data recipients are (persons to whom the data are forwarded under contract and legal provisions), what Personal Data we process, for what purposes, and how long we retain the data.
Transparentići acts as the data controller within the meaning of the GDPR, and this Privacy Policy provides insight into our practices regarding the collection and processing of Personal Data and outlines the terms of using our Website.
Please read this Privacy Policy carefully as it contains important information about why and how we process the Personal Data you provide to us or that we collect in connection with your use of our Website (hereinafter: Personal Data).
2. Definitions
"Personal Data" is any data relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Data Subject" is any identified or identifiable natural person whose Personal Data are subject to processing by the data controller.
"Processing" is any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Data Controller" is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Data Processor" is a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the data controller.
"Recipient" is a natural or legal person, public authority, agency, or another body to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
"Consent" of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.
"Personal Data Breach" is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed.
"Supervisory Authority" is an independent public authority established by a Member State pursuant to Article 51 of the GDPR (in the Republic of Croatia: the Croatian Personal Data Protection Agency).
3. What Personal Data We Collect and How We Use Them
Transparentići collects and processes certain Personal Data about you, namely information that can directly or indirectly identify you, especially through identifiers (hereinafter: "Personal Data"), in the following cases:
- When you contact us via the contact form or email,
- When we process your job application or open job request,
- On our social networks,
- For conducting marketing activities,
- When you are our client,
- When you visit our Website (so-called cookies), and
- When you use certain functionalities of our Website.
We do not collect Personal Data unless you provide it voluntarily, except for certain Personal Data collected through information systems and programs used for the operation of our Website, whose transmission is necessary for the use of Internet communication protocols and will not require more information than necessary to execute a specific activity.
If you do not wish to provide us with Personal Data (except for Personal Data related to the use of Internet communication protocols, which are usually collected when visiting the Website), you can still access our Website, but you may not be able to use certain functionalities of our Website.
3.1. When You Contact Us via the Contact Form or Email
Transparentići processes Personal Data of users who contact us via our contact form or email, where the Personal Data may relate to names, surnames, email addresses, and contact phone numbers of users.
We process these Personal Data only during communication with the user who contacted us and retain them for as long as necessary to resolve the user's inquiry.
Personal Data collected when you contact us via the contact form or email are accessible only to authorized persons within our company, bound by a confidentiality statement, for the purpose of responding and resolving your request.
3.2. Job Applications and Open Job Requests
Transparentići processes Personal Data of candidates applying for our job advertisements and retains them until the job competition is completed. After the job competition is completed, we retain candidates' Personal Data until the end of the competition, unless candidates consent to remain in our database, in which case we retain such data for up to 2 (two) years after the application.
Transparentići collects open applications from candidates who wish to work with us. Candidates' Personal Data are retained for up to 2 (two) years from the date of receiving the open application, so we can contact certain candidates if needed.
Personal Data of job candidates and open applications are accessible only to authorized persons within our company, bound by a confidentiality statement, who process and analyze applications for the purpose of contacting candidates and potential employment.
3.3. Social Networks
Transparentići has access to Personal Data about its contacts on social networks, such as names, surnames, employer company, likes, comments, connection requests, messages, and memberships in specific groups.
Transparentići uses social networks to respond to possible inquiries from connected persons and to inform social network members about news in its work.
Personal Data collected via our social networks are accessible only to authorized persons within our company, bound by a confidentiality statement, who manage our social networks.
3.4. Marketing Activities
Transparentići conducts marketing activities, such as sending newsletters, promotional messages, and notifications about our services and products.
Such activities are carried out when there is explicit consent from the user for such types of activities, and such consent can be withdrawn at any time by unsubscribing by clicking on the link at the bottom of each newsletter or by sending an email to our email address listed in section 15 of this Policy.
3.5. Business Cooperation with Clients
Clients of Transparentići are persons with whom we have entered into appropriate agreements and contracts for the provision of services (hereinafter: "Clients"). The contractual relationship with Clients is governed by appropriate agreements on Personal Data processing and the Personal Data Processing Policy, which further specify our rights and obligations regarding the contractual relationship and Personal Data processing.
3.6. When You Visit Our Website (so-called cookies)
To make visiting our Website as pleasant, functional, and convenient as possible, our Website stores a certain amount of information on your computer, known as “cookies.” When you first visit our Website, a form will appear where you can agree to the use of cookies and, if so, which ones. If you do not accept cookies, you will still be able to browse the Website, but some options and functionalities of our Website may not be available to you.
A cookie is a piece of information stored on your computer, mobile device, or tablet, which may be delivered directly by the website you visit (first-party cookies) or in cooperation and for the needs of the website from a third party (third-party cookies). Cookies generally store your settings, website settings, and the like. When you open the Website again, your Internet browser sends back the cookies that belong to this Website. This allows the Website to display information tailored to your needs. Cookies can have a wide range of information, including Personal Data. Such Personal Data can be stored only if you allow it. The Website cannot access information that you have not provided, nor can it access any other file on your computer.
Cookies are used for the purpose of:
- Easier browsing of the content on the Website and using all its functionalities to ensure the best possible user experience;
- Collecting information about how you use our Website, evaluating which part of it you visit or use the most; this allows us to know how we can provide an even better user experience when you revisit our Website;
- Distinguishing and identifying users of different Internet browsers.
Cookies can be categorized by their source as:
- First-party cookies - stored by the original website you are visiting, such as our Website, an online store website where you shop online, etc.,
- Third-party cookies - installed on your device via the website you visit by another domain.
Cookies can be categorized by their duration as:
- Temporary cookies (session cookies) – used for storing temporary data, such as the last few pages the user visited on a website or items in a shopping cart on an e-commerce site. They are removed from the computer or device after the web browser is closed.
- Permanent (persistent) cookies – used for storing data such as login names and passwords, language settings, or cookie preferences so the user doesn't have to enter them again on the next visit to the website. Storing persistent cookies requires your consent, and they can remain on the computer or device for days, months, or up to a maximum of 2 years.
Cookies used by Transparentići
FIRST CATEGORY – NECESSARY COOKIES
Necessary cookies are essential for the proper functioning of the website, improving user experience, and collecting data about website usage without identifying the visitor. This includes cookie acceptance status, privacy settings, login, form filling, and notification statuses on our website. Without these cookies, we cannot guarantee the best user experience, and some parts of the website may not work correctly.
SECOND CATEGORY – PERFORMANCE COOKIES
To improve our website and enhance user experience, we use third-party cookies that allow us to collect data on how visitors use our website. These cookies cannot personally identify you; they only collect data such as which part of the website the user clicked on, how many parts of the website were opened, how long each session lasted, and what error messages were received, if any. These cookies are not necessary; you do not have to accept them and can disable them at any time.
Such performance cookies include third-party cookies from Google Analytics and Hotjar.
If the visitor accepts these cookies, Google Analytics (with anonymization function) is activated, allowing us to statistically track the number of visits to our website. All information collected by these cookies is aggregated with data from other website visitors, making such data anonymous. Google Analytics is one of the most widespread solutions for analyzing web traffic, helping us understand how you use our site and how we can improve your user experience based on this information. At https://tools.google.com/dlpage/gaoptout, you can find a Google add-on for your browser to prevent Google Analytics from storing cookies on your computer.
We also use Hotjar cookies to measure our website's traffic, understand our users' needs better, and optimize our services. Hotjar cookies help us understand user experience (e.g., how much time users spend on a particular web page, which links they decide to click, what users do and do not like, etc.), enabling us to build and maintain our service based on user feedback. Hotjar uses cookies and other technologies to collect data about our users' behavior and their devices (IP address recorded and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and preferred language used to display the web page. Hotjar stores this data in a pseudonymized user profile. More information about Hotjar cookies can be found at https://www.hotjar.com/privacy/.
THIRD CATEGORY – MARKETING COOKIES
We use Facebook pixel and LinkedIn Insight Tag cookies for marketing purposes. These cookies are not necessary; you do not have to accept them and can disable them at any time.
The Facebook pixel is an analytical tool used by Facebook to measure the effectiveness of our ads for statistical and marketing purposes and to optimize ads for the future. The collected data does not contain personal data but anonymous data, meaning we cannot link the collected data to a specific person. However, Facebook itself stores and processes personal data, so your Facebook profile may be used by Facebook for its own advertising purposes following Facebook's data policy (https://www.facebook.com/about/privacy/). You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
LinkedIn Insight Tag is a tracking technology used by LinkedIn to show LinkedIn users more relevant ads based on their interests. Based on this cookie, we receive aggregated and anonymous reports from LinkedIn about advertising activities and information on how you interact with our website. The data obtained through the cookie is used to collect anonymous statistics and the previously mentioned reports and to display ads based on your interests. More information on LinkedIn data protection can be found at https://www.linkedin.com/legal/privacy-policy.
Enabling and Disabling Cookies
Cookies that are not strictly necessary are activated only after visitor consent. If you visit our website for the first time, a notification will appear inviting you to consent to the use of cookies. If you give your consent, we will store a cookie on your computer, and this notification will not appear again until the cookie expires. After the cookie expires or if you actively delete it beforehand, the notification will reappear on your next visit, inviting you to consent again.
You can also accept or decline some or all cookies by adjusting your browser settings. Some browsers allow you to browse websites in "anonymous" mode, limiting the amount of data placed on your computer and automatically deleting persistent cookies when you end your browsing session. There are also many third-party applications that you can add to your browser to block or manage cookies. You can also delete cookies previously set in your browser by selecting the option to delete browsing history and including the option to delete cookies. More detailed information about cookies and adjusting browser settings can be found at www.allaboutcookies.org.
Cookie Retention Period
The lifespan of cookies we collect as the first party is up to 2 years, while the lifespan of third-party cookies is determined by third-party policies. The retention period for third-party cookies can be checked for each third party individually, and we have no influence on their duration.
3.7. Processing of Personal Data when Using the Online Form on the Website to Check Salary Amount
Website users can easily compare their salaries with other workers employed in the same position with other employers by filling out a short online form.
To prevent false data entries, multiple entries, and misrepresentation of average salaries for specific positions, and to verify the accuracy of the entered data, website users must enter their email address when filling out the online salary comparison form.
Since the email address can be considered personal data under the General Data Protection Regulation (GDPR), it is necessary to obtain the user's consent before submitting their email address for processing personal data.
Only authorized persons within our company, bound by a confidentiality statement, have access to these personal data, verify the accuracy of the entered data, and prevent multiple entries via the online form.
4. Purposes, Legal Basis for Processing, and Possible Consequences of Not Providing Personal Data
When you provide your personal data, we will limit the processing to the purpose for which it was collected, following the terms of these Rules. Processing your personal data includes:
1. Taking steps at your request before entering into a contract (e.g., answering questions and comments, fulfilling requests, sending offers, receiving offers, communicating with you, processing open job applications),
2. Executing a contract to which you are a party (e.g., providing our services, granting access to specific areas and features on the website),
3. Complying with legal obligations to which we are subject (e.g., for disclosures required by law, regulation, or court order),
4. Conducting data analytics or delivering communications via electronic tools (email, social network), whether automated or not, under appropriate legal grounds, based on legitimate interest or given consent.
Providing personal data for the above purposes from 1 to 2 is voluntary, but any refusal to provide such data may prevent Transparentići from entering into a contract with you, responding to your requests, providing services, receiving and processing your application, and complying with legal obligations to which the company is subject.
Providing personal data for the purposes described in point 4 is also voluntary. Refusal to provide such personal data or objection to data processing on relevant grounds related to your specific situation may prevent the company from conducting data analytics or communicating with you in certain situations. We may still contact you for administrative purposes, such as confirming an application or processing your further requests.
If you have given consent for a specific purpose, you may withdraw your consent at any time, and we will no longer process your personal data for that purpose.
5. Principles of Processing and Security of Personal Data
Personal data must be:
- Processed lawfully, fairly, and transparently concerning the data subject ("lawfulness, fairness, and transparency"),
- Collected for specific, explicit, and legitimate purposes and not further processed in a way that is incompatible with those purposes ("purpose limitation"),
- Adequate, relevant, and limited to what is necessary for the purposes for which they are processed ("data minimization"),
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate data, concerning the purposes for which they are processed, are erased, rectified, or removed without delay ("accuracy"),
- Stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation"),
- Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
Transparentići specifically commit to:
- Before starting the processing of personal data, determine the purpose of the data processing, which must be clear, unambiguously defined, and determined, and must comply with the Constitution of the Republic of Croatia, constitutional laws, as well as laws and international treaties binding for the Republic of Croatia.
- Establish conditions for the processing of personal data to ensure that the right of the data subject, prescribed by law, to collect personal data exclusively for a specific purpose, is not restricted. It is prohibited to collect personal data under the pretext of another processing purpose or another activity.
- Ensure that only personal data, the scope and content of which correspond to the specified processing purpose and are necessary to achieve the specified purpose, is processed.
- Ensure that personal data is processed and used only in a manner that corresponds to the purpose for which it was collected. It is unacceptable to combine personal data collected for various purposes.
- Ensure that personal data is processed in a manner that allows for the identification of the data subject only for a period no longer than necessary to achieve the purpose of the processing.
- Destroy or anonymize personal data when the purpose of the processing ceases to exist. When the processing purpose no longer exists, personal data can only be processed to the extent necessary for historical research, scientific research and development, or statistical purposes. When processing personal data for the purposes mentioned in the previous sentence, the data processor is obliged to mark and anonymize such data.
6. Your Rights
Every user of our website has the right to:
- Know what their personal data is being used for.
- The user can access their personal data in their user profile at any time.
- The user can correct their personal data at any time.
- The user can request the deletion of their personal data from our databases at any time.
- The user has the right to request that their personal data be used exclusively for the purpose for which they gave consent.
- The user can object to the processing of their personal data at any time.
- The user has the right to be informed in case of any breach of the privacy of their personal data.
7. Disclosure of Personal Data
Your personal data may be disclosed, closely related to the above-mentioned purposes, to:
- Entities necessary for sending mail and e-mails, removing duplicate information from service recipient lists, analyzing data and providing support, providing customer services, usually processing personal data on behalf of Transparentići as data processors, such as cloud service providers (as defined in Article 8 below);
- Entities maintaining our IT systems;
- Persons authorized by Transparentići to process personal data, who are subject to an appropriate legal obligation of confidentiality;
- Collaborators of Transparentići, who are subject to an appropriate contractual obligation of confidentiality;
- Relevant services and public authorities when required by applicable law or in good faith (e.g., to comply with legal provisions or during legal proceedings in relation to Transparentići, to protect and defend the rights or property of Transparentići or, in emergency circumstances, to protect the personal safety of Transparentići’s clients or the public).
8. Transfer of Personal Data to Third Countries
The central database of our systems, where the personal data we collect and process is stored, is located on servers within the European Union.
Certain personal data we collect may also be located with cloud service providers for the storage and analysis of personal data, which are providers located outside the Republic of Croatia or the European Union. All cloud service providers for the storage and analysis of personal data have joined the Privacy Shield agreement between the European Union and the United States, ensuring adequate protection of personal data. We enter into appropriate contractual clauses on data protection with providers of storage and analysis of personal data, i.e., data processors.
9. Personal Data Retention Period
Transparentići will process your personal data only for the time necessary to achieve the purposes described under Article 4 of these Rules. After the purpose for which they were collected ceases, we no longer use your personal data, and they remain in our storage system and are kept for the duration required by legal regulations on the retention of archival material. After these periods expire, we delete personal data.
10. Links to Other Websites
Our site may contain links to other websites that are not owned, operated, or maintained by Transparentići. When you leave our site, you should note and read the terms and privacy policies of each website you visit. You should also independently assess the authenticity of any website that appears or claims to be one of our sites (including those linked via e-mail). Despite any links that may exist on our website, unless otherwise stated, we do not control, recommend, or endorse and are not associated with these websites or their content, products, services, or privacy policies. Downloading materials from certain websites may result in the violation of intellectual property rights or the introduction of viruses into your computer system.
Also, Transparentići has no influence on possible changes in the rules and terms of service use of cookies provided by third parties.
11. Personal Data Security
The security of your personal data is extremely important to us, so we have set up appropriate technical and organizational measures and physical, electronic, and managerial procedures to protect the data we collect. Due to the open nature of the Internet, we cannot guarantee that communication between you and us or information stored on our website or on our servers will be completely secure from unauthorized access by third parties.
Only authorized persons have access to personal data, are aware of their responsibilities, and are obliged to maintain the confidentiality of personal data and the privacy of all our users.
For this purpose, we regularly analyze and check the technical and organizational measures we use to always maintain the highest level of security and protection of personal data.
12. Governing Law and Jurisdiction
All matters relating to our site and these Rules are governed by Croatian law. You agree that in connection with proceedings relating to this site and these Rules, the exclusive and local jurisdiction of the courts in the Republic of Croatia shall apply.
We do not guarantee or imply that our content/materials on our site are suitable for use outside the Republic of Croatia.
If any provision of these Rules is null, void, or unenforceable, such provision shall not apply to the extent that it is null, void, or unenforceable, and this shall not affect the validity of the remaining provisions of these Rules.
13. Changes to the Privacy Policy
Transparentići reserves the right to change or update these Rules at any time and without prior notice. Please check for any changes or updates to our Rules from time to time, which will be posted here and will show the updated effective date on the first page of the Rules if any changes or updates are made.
All rights not expressly provided for in this document will be governed by the General Terms of Transparentići or applicable Croatian legal regulations.
14. Contact Information
For any questions related to the Privacy Policy, as well as for exercising rights under the General Data Protection Regulation, you can contact us via our online form available at https://www.tabu.hr/kontakt or via email at info@tabu.hr.
Dostavljanje Osobnih podataka za svrhe opisane u točki 4. je također dobrovoljno. Nedavanje takvih Osobnih podataka ili prigovor obradi Osobnih podataka na odgovarajućim osnovama koje se odnose na vašu konkretnu situaciju, može spriječiti društvo da provodi analitiku podataka ili da s vama komunicira u određenim situacijama. Mi vas i dalje možemo kontaktirati u administrativne svrhe, kao što je potvrda prijave ili obrađivanje vaših daljnjih zahtjeva.
Contact us
Do you have questions related to the Tabu survey, your results or salary analysis? Let us know!