Notice on the processing of personal data
MERITUS ULAGANJA d.d.
26 January 2023
- This Notice on the processing of personal data (hereinafter: The “Notice“) is given by MERITUS ULAGANJA d.d. with headquarters in Zagreb, Ulica Vjekoslava Heinzela 62A, PIN: 62230095889 (hereinafter: the “Company” or “We”) In this sense, the Company holds the position of the controller. The same Privacy Policy text applies to M Plus Croatia d.o.o. with headquarters in Zagreb, Ulica Vjekoslava Heinzela 62A, PIN: 45680057371.
- This Notice contains information about the processing of your personal data if you are our business or other partner, if you are interested in business cooperation or employment with us (hereinafter: “You”).
- This Notice is published on the date indicated above.
- In case of any questions or requests regarding the handling or protection of your personal data, please contact us at dpo-mplus@dlaw.hr or by post at the address of the company's headquarters Ulica Vjekoslava Heinzela 62A, Zagreb with the indication "PERSONAL DATA PROTECTION".
- Personal data means any data relating to a natural person on the basis of which an individual can be directly or indirectly identified. Direct identification means that it is clear from the data itself to which individual it refers. Indirect identification means that it is possible to identify an individual based on more data available to us.
- Data relating to legal persons are not personal data. Therefore, this Notice is intended exclusively for natural persons we can identify on the basis of the information available to us.
- What personal data do we process?
- If you have contacted us via any contact form on our website (contact form, data subject request), we process your following information:
- Name and surname, e-mail address and telephone number, your country of origin, your job title, company name of your employer, reason for contact, message;
- For what purpose do we process your personal data?
- To answer your message. In that case, the basis for the processing of your personal data is our legitimate interest, based on your message.
If you are a Facebook user and have visited our Facebook page, Facebook Ireland Ltd (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) and we are joint controllers of the processing of your personal data.
- Facebook processes your personal data as a visitor to our Facebook page in accordance with its rules (more on this at https://hr-hr.facebook.com/privacy/explanation), while we influence the same processing only by indicating which groups of Facebook users (for example by age, gender or similar) are of business interest to us.
- We are independently responsible for all our posts and messages via Facebook. Facebook was not involved in this process or consulted prior to a particular post/message. Facebook does not necessarily share our views, vision, etc., which arise from our posts/messages.
- We receive user data from Facebook exclusively on a statistical basis and anonymized for us. If you have left a comment, inquiry or similar on our Facebook page, we will not store or process your data separately.
- This also applies to our other social media web pages, such as Instagram or LinkedIn.
What personal data do we process?
- We process the personal data that you have given to us, or that we have collected for the purpose of employment with us, or the following data (the specific set of data depends on the method of application):
- Your basic information
- Name, surname, sex, date and place of birth;
- Your contact information
- Residence and domicile (street and house number, place, postal code), mobile and/or telephone number;
- E-mail, URL profile on social media;
- Additional information relevant to the employment relationship
- Education information (including name of educational institution, name of diploma, time of education, knowledge of foreign languages, using the computer, and driver's license)
- Information on previous work experience (including names/company names of previous employers and duration of employment)
- Information on previous projects (including project name, project URL, project description and project duration)
- Other information
- Photograph
For what purpose do we process your personal data?
- In order to carry out the recruitment procedure, i.e. the assessment and selection of candidates. In that case, the basis for the processing of your personal data is our legitimate interest based on your application for employment;
- If you have sent us an open job application, then at the time when we will be looking for potential candidates for a new job. In that case, the basis for the processing of your personal data is our legitimate interest;
- If you have given us your consent to collect your data in our records and we contact you for other jobs, then at the time when we will be looking for potential candidates for a new job. In that case, the basis for the processing of your personal data is your consent;
- In order to fulfill our legal duties.
What personal data do we process?
- We process the personal data you provide to us as well as those we collect when establishing and maintaining our business relationship. These are the following data (data of the authorized person and contact person):
- name, surname, PIN, relationship with the legal person (owner, director, employee or similar);
- phone, e-mail.
For what purpose do we process your personal data?
- In order to fulfill our contractual obligations to you and to take other necessary actions in connection with the conclusion and execution of the contract (for example, for the purpose of issuing invoices) or previous actions (for example, sending offers). In that case, the basis for the processing of your personal data is the execution of our contract or taking action at your request before concluding the contract;
- For other purposes when we have a legitimate interest in it as your business partner (for example when it is necessary to determine your satisfaction with our services, etc.);
- In order to fulfill our legal duties.
- We consider your personal data to be a business secret and as such we protect them in accordance with applicable legal regulations and best practice.
- Third parties have the right to access and process your personal data only in the situations described below:
- Third party service providers who provide us with services and products necessary for our regular business (for example, advertising, consulting, etc.) - who process your personal data exclusively for our needs, in accordance with our instructions;
- Third party service providers who provide us with services and products necessary for our regular business (for example, certification bodies, auditors and others) - who process personal data in accordance with their legal powers or rules of the profession;
- Competent authorities in the implementation of supervision over the legality of business and in the case of court and other similar proceedings. In that case, they process your personal data in accordance with their legal powers.
- We do not carry out automated decision-making based on your personal data or create profiles of data subjects.
- Your personal data is only exceptionally transferred to third countries, when it is processed for the purposes of our business by our affiliates or other recipients in those countries. In order to ensure an adequate level of protection, in these cases we enter into agreements with our affiliates or other recipients with standard approved clauses of the European Commission.
The protection of your personal data is extremely important to us. Some of the protection measures we implement are the following:
- Implement database pseudonymization whenever possible;
- Minimization in the handling of personal data (in a particular process we only handle the necessary set of data);
- Confidentiality in the handling of personal data that we require both internally and externally;
- The application of modern methods of protection and control of access to data resources containing personal data;
- Continuous monitoring of all resources used to process personal data.
- For personal data for which there is a statutory retention period (for example in accordance with accounting regulations), we retain your personal data during that mandatory period. We delete them after the expiration of the mandatory period, in an additional period of one year.
- For personal data for which there is no legally defined mandatory retention period, we proceed as follows:
- If you are our business partners, we retain your personal information for the entire duration of our business relationship. Upon termination of the business relationship, i.e. the year in which it ended, we delete your personal data after the expiration of the appropriate statute of limitations, additionally increased by one year;
- We store personal data that we process on the basis of your consent for the duration of the consent and delete it after the expiration of the consent. In the case of withdrawal of consent, we delete them as soon as possible;
- Personal data that we process based on our legitimate interest, we store as long as our legitimate interest exists - We delete them within a period of one year from the termination of our legitimate interest.
- In the event that you choose to exercise one or more of your rights listed below, we have the right to verify your identity, all for the purpose of protecting your personal information.
- You exercise your rights without cost. However, if you frequently (for example, less than 6 months have passed since your last request) or excessively (for example, requesting all your personal information in writing) request access to or transfer of your personal information, we have the right to ask you to bear our costs before carrying out such an action.
- You exercise your rights by sending your request to dpo-mplus@dlaw.hr and stating "Subject's request" as the subject of the message or by filing out the data subject form available on our website. In the message itself, you should indicate which right you want to exercise or what the subject of your request is. Upon receipt of the message, we will send you an acknowledgment of the receipt of your request.
Access to your personal data:
- You have the right to ask us to confirm whether we process your personal data, as well as access your personal data that we process.
Correction of incorrect personal data:
- You have the right to request the correction of your inaccurate personal data, as well as the right to supplement your personal data.
Restriction of personal data processing - If you dispute the accuracy of your personal data or in other situations provided for in the General Data Protection Regulation, you have the right to ask us to limit the processing of your personal data until such a situation is resolved.
Deletion of personal data - If you withdraw your consent to the processing of your personal data or when the legal basis for the processing of your personal data ceases or in other cases provided by the General Data Protection Regulation, you have the right to ask us to delete your personal data.
Portability of personal data
- You have the right to take and request the transfer of your personal data.
Objection to the processing or handling of your personal data:
- You have the right to object to the processing of your personal data as well as to our way of handling your personal data in general.
The right to withdraw consent
- You have the right to withdraw your consent for further processing of personal data at any time. The withdrawal of consent does not affect processing performed on the basis of consent prior to its withdrawal.
The right to complain to the Personal Data Protection Agency
- At any time, you have the right to complain to the competent authority for personal data protection - the Personal Data Protection Agency (www.azop.hr), regarding the processing and protection of your personal data.
Cookie Notice
MERITUS ULAGANJA d.d.
26 January 2023
- This Cookie Notice (hereinafter: The “Notice“) is given by MERITUS ULAGANJA d.d. with headquarters in Zagreb, Ulica Vjekoslava Heinzela 62A, PIN: 62230095889 (hereinafter: the “Company” or “We”) In this sense, the Company holds the position of the controller.
- This Notice contains information about the processing of your personal data if you are visiting our website www.mplusgroup.eu (hereinafter: “You”).
- This Notice is published on the date indicated above.
- In case of any questions or requests regarding the handling or protection of your personal data, please contact us at dpo-mplus@dlaw.hr or by post at the address of the company's headquarters Ulica Vjekoslava Heinzela 62A, Zagreb with the indication "PERSONAL DATA PROTECTION".
- A cookie is a small text file that our website stores on your computer or mobile device when you visit the site. Cookies may be classified into several categories:
- First party cookies are cookies set by the website you are visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
- Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
- Depending on their function, cookies may be:
- Necessary cookies: They help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Statistics cookies: They help website owners to understand how visitors interact with websites by collecting and reporting information.
- Marketing cookies: Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user.
- Statistics and marketing cookies will be stored to your device only if you have consented to that by using our cookie tool. Consent may be withdrawn at any time, while cookies can also be deleted by clearing the browsing history of your browser. For more details, check the privacy and cookie settings in your preferred browser. In addition, for more information on cookies, check allaboutcookies.org (please note that this is a third-party website with which we are not affiliated).
- Our websites (www.mplusgroup.eu ) use the following cookies:
Necessary cookies |
Cookie name | Purpose | Expiry |
cookiehub | Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the site. | 365 days |
Statistics cookies |
Cookie name | Purpose | Expiry |
__hstc | This cookie name is associated with websites built on the HubSpot platform. This is the main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). | 180 days |
hubspotutk | This cookie name is associated with websites built on the HubSpot platform. This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. | 180 days |
__hssrc | This cookie name is associated with websites built on the HubSpot platform. Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. | Session |
__hssc | This cookie name is associated with websites built on the HubSpot platform. This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. | 1 hour |
_ga_* | Contains a unique identifier used by Google Analytics 4 to determine that two distinct hits belong to the same user across browsing sessions. | 730 days |
_ga | Contains a unique identifier used by Google Analytics to determine that two distinct hits belong to the same user across browsing sessions. | 730 days |
ln_or | Used by LinkedIn to determine if Oribi analytics can be carried out on a specific domain. | 1 day |
Marketing cookies |
Cookie name | Purpose | Expiry |
_gcl_au | Used by Google AdSense to understand user interaction with the website by generating analytical data. | 90 days |
More information on the cookies provided by Google is available at: