Homepage / Privacy Policy
Privacy Policy
ROYAL HILL d.o.o., registered office: Rudina Balinac 2, Aljmaš, PIN: 89476306890, (hereinafter: “Royal Hill”), pays special attention to the protection of personal data and privacy (hereinafter: “privacy protection”) of visitors browsing our web pages, our business partners, job applicants, employees, former employees, as well as other persons (hereinafter: “Users”), pursuant to the General Data Protection Regulation (EU 2016/679) (hereinafter: “Regulation” and/or “GDPR”), applicable regulations, best practices and internationally accepted standards, in accordance with business and security requirements.
Confidential and responsible processing of personal data is a cornerstone of the corporate culture of Royal Hill d.o.o. (hereinafter: “Royal Hill”). This particularly refers to the personal data of employees, business partners, job applicants, visitors, etc. (Data).
The Privacy Policy describes the rules we adhere to when processing personal data, as well as information related to data linking, consent, data protection, where data is processed, in which cases we transfer it to third parties, what your rights are and who you can contact regarding the protection of your privacy.
ABOUT THE POLICY ON THE PROTECTION OF PERSONAL DATA
The aim of the personal data protection policy it to provide users with clear and transparent information about the processing and protection of their personal data in one place, as well as to enable simple monitoring and management of their personal data and consents.
The policy does not minimize any rights and does not establish obligations for the Users in relation to the processing of personal data, which the Users have on the basis of valid regulations and possible contractual provisions on the protection of personal data.
The policy is a unilateral legally binding act describing the purpose and goals of collecting, processing and managing personal data, which is based on leading global practices in the field of personal data protection. The policy ensures an adequate level of data protection in accordance with the Regulation and other applicable laws related to the protection of personal data.
The policy applies to all Royal Hill web pages and domains and to all services and products that involve the processing of personal data. It primarily refers to natural persons who submit a request for services, who use services, or come into contact with Royal Hill in any way. By respecting the legitimate interests of Users who are legal entities, the Policy also applies to legal entities, as appropriate and in accordance with applicable regulations.
The aim of the Policy is to establish appropriate processes for the protection and management of the personal data of data subjects, i.e. web page visitors, business partners, job applicants, our employees and other persons whose personal data is processed.
When you submit your data, you agree to be in contact with us and thereby give us the right to process your personal data in accordance with the indicated purpose. The protection of privacy of your data is permanent.
The Policy was published in the form of an official document and comes into effect as of 1 April 2022.
Please check the Personal Data Protection Policy periodically for possible changes that will be indicated on the Royal Hill web pages.
DEFINITIONS OF TERMS CONTAINED IN THIS POLICY
Personal data – any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data is name, address, e-mail address, IP and MAC address, GPS location, RFID tags and cookies on websites, phone number, photo, video recordings of individuals, OIB, biometric data (fingerprint, retinal scan), genetic data, data on education and professional training, information on salary, credit debt, bank account information, information regarding health, sexual orientation, voice and any other data relating to an actual person, i.e. the owner of the personal data that can be used to directly or indirectly identify that person.
Processing – any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller – the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
Processor – a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Recipient – a natural or legal person, public authority, agency or another body, to which personal data is disclosed, whether a third party or not;
Third party – a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
Consent – see point 8. of the Policy.
Filing system – any structured set of personal data accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis
Personal data breach – a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
Identifiable person – a person who can be identified (directly or indirectly), in particular by reference to an identification number or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Special category of personal data – personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life or personal data on criminal and misdemeanour proceedings.
SCOPE
The policy shall apply to all personal data of Users or Potential Users.
Personal data is any data relating to a natural person whose identity is determined or can be determined, directly or indirectly (hereinafter: “data” or “personal data”). Data processing is any operation performed on personal data, such as collection, recording, storage, use, transfer of personal data and access to personal data.
The policy shall not apply to anonymous data. Anonymous data is data that has been modified in such a way that it cannot be linked to a specific natural person or cannot be linked without a disproportionate effort, and is, therefore, in accordance with current regulations, not considered to be personal data.
The Policy applies to all Royal Hill services and products that involve the processing of personal data. The last expression of the User’s will regarding the processing of their personal data shall apply to all other services that the User uses.
As a rule, Royal Hill is the data controller in relation to the personal data of its Users in terms of the current regulations on the protection of personal data.
THE PRINCIPLES OF PERSONAL DATA PROCESSING
4.1. Trust
We want to be a reliable partner for Users in protecting their privacy and justify the trust they have placed in us. Furthermore, we want to be completely transparent and clear regarding the processing of the Users’ personal data.
Users can always contact us with a request for alteration of their personal data or with an expression of will about the purposes for which they want or do not want their data to be processed.
4.2. Lawfulness and best practice
When processing personal data, we act in accordance with the law, but at the same time, we always strive to apply higher standards and the best European practice, all in accordance with the recommendations of the most respected external consultants. All Royal Hill employees who come into contact with personal data must sign a Statement of Confidentiality and undergo continuous training on personal data protection.
Royal Hill periodically conducts an internal audit of the implementation of all personal data protection policies, with the aim of complying with legal regulations and improving the level of protection within the Company.
4.3. Restricted purpose of processing
We collect and process personal data only for specific and lawful purposes and we do not further process it in a way that is inconsistent with the purpose for which the data was collected, unless otherwise prescribed by law or based on the User’s consent.
4.4. Data minimisation
We always use only the data that is appropriate and necessary to achieve a certain legal purpose, and no more than that.
4.5. Processing in anonymous form
Whenever possible and justified, we use data in anonymous form. Data in an anonymous form is primarily anonymous data. However, whenever possible and justified, especially for the protection of the Users’ personal data, we apply the pseudonymisation of personal data, i.e., we use special pseudonymisation procedures (e.g. substitution, hashing, etc.) to “mask” data in such a way that it cannot be linked to an individual User without the use of additional information that is kept securely and separately (e.g. the use of a key).
4.6. Integrity and confidentiality
We process personal data in a secure manner, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage (e.g., access to Users’ personal data is only available to authorized persons who require it for the performance of their work, and not to other employees).
4.7. Quality of personal data
For us, the quality of the data we process is of utmost importance. The personal data we process must be accurate, complete and up-to-date in order to ensure maximum protection of Users’ data and to prevent possible abuse. That is why it is important for us that the User informs us of any change in data immediately or as soon as possible.
4.8. Limited storage period
We store and process Users’ data only as long as it is necessary for the execution of a certain legitimate purpose, unless a longer or shorter storage time is provided for a particular purpose by the applicable regulations or in other cases expressly prescribed by law. After that, data is permanently deleted or made anonymous.
Generally, we store data in accordance with regulatory requirements and best practices to enable traceability in the supply chain, consumer safety, protection and preservation of integrity, standards etc. The duration of data storage depends on the nature of the data and is subject to change.
In accordance with the stated principles, Users’ data shall be accessed by employees of Royal Hill depending on their authorization and positions, in order to successfully fulfil the tasks defined for their position. Furthermore, part of services is performed on behalf of Royal Hill by other legal entities with whom Users’ data will be shared only if it is necessary for the fulfilment of obligations arising from relevant contracts or if the sharing is based on Users’ express request or consent.
Royal Hill shall forward Users’ data to other economic entities or government institutions if there is a legal basis for this.
HOW WE COLLECT PERSONAL DATA
Royal Hill collects Users’ personal data (hereinafter: “data”) in several ways:
-
- We primarily collect data directly from a User or a Potential User, in such a way that they provide it to us. The most common example of this type of data collection is submitting a request for a particular service or product, where the User, if they want to use a particular service or product, provides data and documents necessary for their identification (e.g., name, surname, address, copy of documents, PIN etc.). We also collect data during communication with a User via telephone, e-mail, via the Human Resources department, web pages and contact forms on web pages, Internet portals and social networks, when resolving complaints, processing applications, requests, etc. The data thus collected is used for the purpose of fulfilling the User’s request. In cases where it is possible and legally permissible, Royal Hill shall not collect copies of documents, but shall rather request them for consultation and shall make a special note thereof. This shall especially apply to documentation containing biometric or particularly sensitive personal data.
- We collect data that occurs automatically when a User uses services and/or products or provides a service and/or product.
- We collect data from publicly available sources such as, for example, data from publicly published registers, public telephone directory, publicly available services, commercial services or publicly available numbering.
- We collect data based on contracts concluded with business partners.
- We collect data based on concluded work contracts and/or service contracts, i.e. when performing work or providing a specific service.
- We collect data based on video surveillance installed in the Company’s business premises, i.e. records of entrances and exits within the Company’s business premises, as well as data obtained from GPS devices installed in company vehicles and/or work machines. The use of video surveillance is described in more detail in the publicly available Ordinance on the Use of the Video Surveillance System. The system for monitoring and controlling vehicles and work machines has been installed by the employer with the purpose of controlling the use of vehicles in accordance with the rules for the use of company vehicles, as well as the efficient performance of work operations with a work machine. Personal data that may be collected through the GPS system for monitoring and control is: current location, speed and status of the vehicle, previous movements of the vehicle (mapping the route of the vehicle), detailed reports and statistics on the use of the vehicle (daily, weekly, monthly), total distance and driving time, location and time of stopping the vehicle, speeding, visits to facilities of interest or given movement zones (POI and Geofencing (entrance/exit from the movement zone)), statistics and analytics of vehicle use during working hours and outside working hours, vehicle operation, fuel consumption, use and proper use of the vehicle. The above data shall be kept for 5 years.
A prerequisite for any collection of Users’ personal data is the existence of an appropriate legal basis based on the law, legitimate interest or consent of the User.
WHAT TYPES OF PERSONAL DATA DO WE COLLECT
Depending on the contracted service or product, the Users’ consent and the purpose for which individual data is used, Royal Hill is authorized to collect the types of User data listed below. In doing so, we always collect only the data that is necessary to achieve a certain legal purpose, a legitimate business interest and public interest.
Furthermore, Royal Hill does not process special categories of data or personal data in connection with criminal convictions and punishable acts, except for the certificate of no criminal record, which is provided for inspection upon the conclusion of an employment contract and is returned to the employee.
6.1. Contract data
Contract data in a broader sense includes the so-called master data, i.e. data provided by the User for the purpose of concluding and executing a contract (e.g. name and surname, date and place of birth, postal address, delivery address, contact information (telephone, email etc.), PIN, JMBG, information on ownership, possession, lease, rental, concession, bank account number, marital status, citizenship, nationality, information on health, disability, information on children, professional training etc.).
6.2. Communication between Users and Royal Hill
This communication includes, for example, Users’ written or electronic communication with Royal Hill, communication on social networks, Users’ preferred communication channels, sending requests, applying for jobs, etc.
We may also automatically collect certain information from your device when you visit our website and other linked web pages (“our website”). This information may display personal data such as: IP address, name of file accessed, date and time of access, amount of data transferred, notifications of successful access, web browser, device type, and unique device identification numbers. We may also collect information on how your device has interacted with our website, such as information about web pages you have accessed and which links have been opened.
By collecting this information, we can better understand who visits our website, where visitors come from and what content on our website they are interested in. We use this information for our internal analysis, to improve the quality of our website and to adapt it to the interests of our visitors.
Some of this information may be collected using cookies or similar technologies on our website.
For details, please see the section on cookies on our web pages or the terms of use of our web pages.
6.2.1. Sending requests, résumés or job applications
Royal Hill allows you to send applications, résumés, job applications and other supporting documents through its website.
In addition to the data you submit yourself, Royal Hill may access certain personal data when conducting a selection interview or testing.
Personal data obtained in this way is used and processed during the selection process depending on the changing needs for employment at Royal Hill or its subsidiary companies.
If a User sends an application and other documentation for a specific tender, Royal Hill shall use this data exclusively for the selection process for that tender. Upon completion of the procedure, Royal Hill shall delete/destroy the obtained personal data, except in the case of employment of the person providing the personal data or their express written request, i.e., consent for the data to be stored in the candidate database for the purposes of future employment.
If a User sends an unsolicited job application, they must also sign a document providing their consent for the submitted data to be stored in the candidate database and used for the needs of future selection procedures or job offers. The data collected in this way shall be kept by Royal Hill for 5 years from the date of obtaining the last consent. If requests, résumés, applications, etc. have been sent by mail and no consent has been attached to them, Royal Hill shall, ask the candidate to submit a signed consent within 8 days, unless it requires excessive effort. If the candidate does not provide their consent within the stipulated period, the submitted personal data shall be destroyed. (For more on Consent, see point 7.)
Personal data provided when applying for a job or completing an internship, as well as during selection testing or interviews, shall only be available to employees of the Human Resources department, and in certain cases shall be provided to employees in internal organizational units of Royal Hill who participate in the selection process and the implementation of the tender procedure, who have previously signed the Statement on the confidentiality of personal data.
6.3. Information on Potential Users
This data includes master data, especially contact data (e.g. first name and surname, e-mail address), but also interests of the Potential User in Royal Hill services or products. As a rule, Royal Hill shall record the data of Potential Users who contact it with the desire that Royal Hill inform them and/or offer them certain products and/or services. Data on Potential Users is deleted or made anonymous after 5 years or, at the request of a Potential User, earlier, with the exception of cases in which we keep data longer due to legal obligations (e.g., in the event of a dispute).
6.4. Collection of data from external sources
From time to time, we may receive personal data about you from external sources, e.g., data from publicly available registers, published information on websites and from the media.
6.5. Special categories of personal data (sensitive data)
Sensitive personal data is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Special categories of personal data are usually processed pursuant to one of the following legal bases:
(a) if you have provided your explicit consent (Article 9(2)(a) of GDPR);
(b) if processing is necessary for the establishment, exercise or defence of legal claims (Article 9(2)(f) of GDPR);
(c) if processing is necessary to protect your vital interests in exceptional circumstances, and you are incapable of giving consent (Article 9(2) (c) of GDPR).
As a rule, Royal Hill shall not collect sensitive data other than religion and trade union membership, exclusively for the purpose of fulfilling legal obligations, i.e., fulfilling the obligations/realization of workers’ rights prescribed by internal acts (Collective Agreement, Labour Regulations).
FOR WHAT PURPOSES DO WE USE THE COLLECTED PERSONAL DATA
In order for Royal Hill to be able to provide a service to the User, and in accordance with the legalities mentioned below, it is necessary to process a minimum set of data required for the quality provision of a service. Otherwise, if the User refuses to provide the requested set of data, Royal Hill may consequently not be able to provide the User with the service or process their request.
Therefore, the User’s personal data is processed when one of the following conditions is met:
7.1. Performance of contract
Royal Hill collects and processes (hereinafter: “uses”) the User’s data primarily for the purpose of concluding and executing a contract (a contract is any clear expression of will) between the User and Royal Hill, employment and termination of employment. This particularly includes the use of data in order to verify the User’s identity, the User’s ability to pay, the provision of the contracted service, the calculation and collection of costs, contacting the User if required in connection with the provision of the service, resolving complaints, eliminating defects, monitoring and ensuring the quality and security of services and products, customer support, advice and assistance in the use of products and services and other actions related to the conclusion and execution of contracts in accordance with the law.
The legal basis for data processing for these purposes is the necessity for the performance of the User’s contract or taking measures at the User’s request before the conclusion of the contract. In the event that the User does not wish to provide the necessary information for the purpose of concluding and performing a contract, Royal Hill may not be able to conclude the contract and/or perform certain actions related to the execution of the contract.
Royal Hill also collects personal data for the fulfilment of obligations under the employment contract, i.e. the exercise of rights from the Collective Agreement and Labour Regulations.
7.2. Legitimate interest
Furthermore, Royal Hill uses certain data of the User exclusively for the purpose of keeping its records, and for the purpose of protecting the legitimate interests of the User, except when these interests are superseded by the User’s interests or their fundamental rights and freedoms that require the protection of personal data. This includes, for example, the use of User’s data for the purpose of preventing, detecting and processing abuses to the detriment of the User or the Company, ensuring the safety of employees, Users, products and services, creating services and offers that meet the needs and wishes of the User, marketing and advertising, ensuring superior user experience, personalized customer support, optimization of the electronic communication network etc.
The legal basis for processing data for these purposes is the legitimate interest of Royal Hill, except when that interest is superseded by the interest or fundamental rights and freedoms that require the protection of the User’s data and/or the legal basis for the protection of the key interests of the User or another natural person. Exceptions are the cases listed in Article 7 of the Policy, where the legal basis is consent.
7.3. For the purpose of fulfilling legal obligations and performing tasks of public interest
On the basis of a written request based on applicable regulations, Royal Hill must submit or provide access to certain personal data of the User to competent state authorities.
The legal basis for data processing for these purposes is the fulfilment of legal obligations, as well as the performance of tasks of public interest.
We undertake to comply with the laws of the Republic of Croatia and valid European regulations. Furthermore, we are obliged to comply with the relevant requirements of certain industry standards (such as ISO, HACCP, GLOBAL GAP, OHSAS standard).
MEASURES FOR PROTECTION OF PERSONAL DATA
The data controller shall ensure that only authorized persons who have signed the Statement of Confidentiality and who have undergone internal training on the protection of personal data have access to personal data.
The data controller shall ensure the protection of personal data in such a way as to ensure that the IT network and systems are protected from:
fire,
floods,
power loss,
unauthorized access,
that anti-virus protection is used,
that encryption and
pseudonymisation of data are used, when possible, as well as other appropriate measures that ensure the greatest possible level of information security.
In order to avoid unauthorized access to personal data, written data is kept in file folders, in locked cabinets, and in safes, while computer data is protected by assigning a username and password known to the employees who process the data, and is, for further security and confidentiality, stored on portable memory drives and backed-up on the server.
ON CONSENT
Consent is a freely given, specific, informed and unambiguous indication of the User’s agreement to the processing of personal data relating to him or her given in the form of a statement or by a clear affirmative act (opt-in). Consent may be given in writing or in another appropriate way. Consent may be given and withheld at any time, free of charge. Consent is not necessary for all forms of data processing.
The User may change their consent and/or deny the right to process their personal data in writing (by e-mail or post if it is possible to unequivocally determine the identity of the person submitting the request) or by coming to the Royal Hill office. Depending on the communication channel, such change and/or denial shall be recorded no later than within 48 hours of receipt, provided that the User is unequivocally identified.
THE RIGHTS OF DATA SUBJECTS / USERS
In accordance with the currently applicable law, you have the following rights:
The right to be informed – you have the right to know what personal data is collected, from which sources and for what reasons. We have given you the opportunity to contact us at any time and request that this information be delivered to you.
The right to rectification – you have the right to request the rectification of any inaccurate personal data. It is our duty to ensure the accuracy of the personal data we process and we strive to do so at all times, in contact with you. However, despite our best efforts, the processing of incorrect data is possible. In that case, we undertake to comply with your requests for rectification of data.
The right to be forgotten – you have the right to request that we delete your personal data from our servers. As such, it is our obligation to comply with your request, unless we need to keep your data pursuant to the law. Royal Hill undertakes to delete or anonymise your personal data from all databases related to processing based on consent, in accordance with technical possibilities.
The right to restriction of processing – according to the General Data Protection Regulation, you have the right to restrict the processing of your personal data in certain cases. We have conducted an in-depth review of our purposes and processing methods and have not found a case where such example could be applicable. Any requests made pursuant to this right shall be considered as withdrawal of consent and shall result in nothing but the most important notices being sent to you.
The right to data portability – you have the right to request that your personal data be provided in a structured form. Royal Hill undertakes to respond to your request within 30 days from the date of submission of your request. We will only send you personal information that you have provided to us, or that we have collected from publicly available sources or from our partners.
Right to object – the General Data Protection Regulation ensures that you may object to any data processing that takes place based on the company’s legitimate interest.
Automated decision-making – Royal Hill does not conduct automated decision-making, except to provide you with customized advertising services after you have visited our website, for which we obtain your express consent. You can withdraw your consent at any moment.
Requests by a data subject by which the data subject invokes one of their rights arising from GDPR from the data controller must be made in writing. It is not possible to proceed with the request before the identity of the data subject has been unequivocally established.
The forms for exercising a right can be requested at info@royalhillestate.com.
INTERNATIONAL TRANSFER OF DATA
Your personal data may be transferred and processed in other countries outside the European Union, for which the appropriate level of data protection has not yet been established by the European Commission and which cannot ensure the same high level of protection. Personal information may be subject to government rights to access under applicable local laws and regulations. However, we have taken appropriate security measures to ensure that your personal data is protected in accordance with this notice. We will ask for your consent in cases where the transfer is not determined by special laws or other security measures. Security measures are available upon request.
On our website, you will be expressly warned about the possible international transfer of data outside the European Union.
In certain cases, our business partners who perform certain services for us (maintenance of information systems and equipment and business applications, physical and technical protection, subcontractors under a specific contract, etc.) have access to a certain category of personal data. Royal Hill will warn you if one of the business partners has access to your personal data and will, in certain cases, ask for your consent. Royal Hill requires its business partners to implement the highest standards of protection of personal data.
Personal data provided when applying for a job or completing an internship shall in certain cases be provided to employees in internal organizational units of Royal Hill who participate in the selection process and the implementation of the tender procedure, and who have previously signed the Statement on the confidentiality of personal data.
PROCESSORS
Based on a contract, which must be made in writing, the data controller may entrust individual tasks related to the processing of personal data within the scope of their work to another natural or legal person (processor).
Tasks related to the processing of personal data may only be entrusted to a processor who is registered to perform such activities and who provides sufficient guarantees regarding the performance of appropriate measures for the protection of personal data or classified data if they meet the conditions established by special regulations governing the field of information security.
HOW LONG DO WE STORE YOUR DATA
We keep your personal data for the duration of the business relationship as long as it is necessary to meet a purpose or as long as there are contractual or legal retention obligations or documentation obligations (e.g. pursuant to relevant tax regulations, the Civil Obligations Act, the Labour Act etc.), legal time limits, legal obligations established by the relevant laws on education, when there are legitimate interests.
When there are no legitimate purposes for further storage of your personal data, it shall be deleted or anonymised. If this is not possible (for example, because your personal data is stored in security archives), we shall store your personal data securely and make it unavailable for further processing, until deletion is possible.
Detailed time limits for the storage of documentation and personal data are prescribed by the Ordinance on the Protection and Processing of Archival and Registry Materials.
DATA PROTECTION OFFICER – DPO
The controller shall appoint a data protection officer.
The data protection officer shall report directly to the responsible person of the data controller; they may not receive instructions from other employees of the data controller and shall be in charge of direct contact with the competent supervisory authority.
The data protection officer shall ensure the legality of the processing of personal data and the exercise of the right to the protection of personal data in accordance with the applicable legislation, and shall in particular perform the following duties:
informing and advising the data controller or processor and the employees who perform the processing about their obligations arising from this Regulation and other provisions on data protection of the European Union or a member state;
monitoring compliance with legal regulations on data protection and the policies of the data controller or processor in relation to the protection of personal data, including the distribution of responsibilities, raising awareness and training of personnel participating in processing procedures and related audits;
providing advice, when requested, regarding data protection impact assessment and monitoring its implementation;
cooperation with the supervisory authority and acting as the contact point for the supervisory authority on matters regarding processing, including prior consultation and consultation, as necessary, on all other matters.
When performing their tasks, the data protection officer shall take into account the risk associated with the processing procedures and shall take into account the nature, scope, context and purposes of processing.
The data protection officer should have skills and expertise that include the following:
expertise in national and European laws and practices in the field of personal data protection, including an in-depth understanding of the Regulation,
active understanding of the implementation of processing procedures,
understanding of information technology and personal data security,
knowledge of the data controller’s business and work organization system,
the ability to promote a culture of personal data protection within the activities of the data controller.
The data protection officer may not be:
a legal representative of the Controller,
the person who collects and processes personal data,
the head of human resources
the head of the IT department
or any other person who is a member of senior management, but also a person who, in their position, determines the purpose and method of processing personal data and is in a conflict or potential conflict of interest.
WHO CAN YOU CONTACT
The User may exercise their rights by contacting or submitting the appropriate request to the following e-mail address: info@royalhillestate.com, or to the postal address: Royal Hill d.o.o., Rudina Balinac 2, Aljmaš.
The request form for handling personal data is also available on our website.
FINAL PROVISIONS
This Policy shall enter into force on 01/01/2022!
All amendments to the Policy shall be published on the Company website, with the indication of the number of amendment (ver.) and the month of the last update.