Privacy
Policy Personal Data Protection Policy SPARK DATA OÜ (hereinafter: SD)
The Personal Data Protection Policy regulates all the principles and rules of personal data processing.
SD respects your privacy and is committed to protecting your personal data. SD, in its capacity as a controller, processes your data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation (OG 42/2018) and other relevant regulations applicable in the Republic of Croatia.
In order to exercise the right to personal data protection in accordance with the General Regulation and the Act on the Implementation of the General Data Protection Regulation (OG 42/2018), we also ask for your consent to the use of your personal data.
Giving consent refers to all personal data that SD can collect in certain situations when visiting the company's websites, contacting in the context of establishing business cooperation, interacting with SD in the capacity of a business user, supplier, business partner, etc. This includes, but is not limited to, personal data collected through surveys, whether online or offline.
One of the activities of SD is market research and public opinion polling, and in this context we collect and process survey data. What you tell us in one of our surveys will not be linked to you personally or passed on to third parties.
Purpose of collecting personal data:

When contacting you, we may ask you to share your personal data with us for the following purposes:
To participate in SD's web activities on the Internet, including web (online) surveys and our social media
channels/pages To participate in telephone or other types of surveys
To save your data for future interactions and communication with SD
Accessing the form/link of inquiry for the offer of services
Accessing the form/link of the application for part-time/permanent work
Accessing client online services
Personal data of employees for the purpose of exercising the rights arising from the
employment relationship Through cookies; If you would like more information about how we use cookies, click here.

When doing business with SD as a business client, we will ask you to share your personal information with us for the following purposes:
To manage customer
relationships To provide access to information
To
communicate To analyze and understand customer
interactions To provide access to client online services
Answering questions or resolving requests/queries for the provision of a service

In general, we process your personal data only for the purposes of which we have informed you.

Purposes of personal data processing:

Legitimate interest
Legal right based on and prescribed by the Labour
Act Protection of persons and property by video surveillance measures to a limited extent within the company's
premises Other purposes of which individuals are informed in accordance with the provisions of the General Data Protection Regulation data protection.

Principles of personal data protection:
SD processes data:
Lawful – only if the processing is permitted by law and within the limits prescribed by law.
Fair – taking into account the specifics of the relationship with you, applying all measures for the protection of personal data, making it easier for you to exercise your rights.
Transparent – by providing all information in a clear and easily accessible way within the limits set by the General Data Protection Regulation.
With purpose limitation – by processing personal data for the purposes for which they were collected, and for other purposes taking into account (a) any link between the purposes of collecting the personal data and the purposes of the intended continuation of processing; (b) the context in which the personal data was collected, in particular in relation to our relationship with you; (c) the nature of the personal data, in particular whether special categories of personal data are processed in accordance with Article 9. of the Regulation or personal data relating to criminal convictions and criminal offences in accordance with Article 10 of the Regulation. Regulation; (d) the possible consequences for data subjects of the intended continuation of processing; and (e) the existence of appropriate safeguards.
With storage limitation – keeping data in a form that allows the identification of an individual only for as long as necessary for the purposes for which the personal data is processed, and longer only if permitted by the Regulation.
In addition to reducing the amount of data – we make sure that the data we process is adequate, relevant and limited to what is necessary.
Paying attention to accuracy – we take care of the accuracy and timeliness of data and delete incorrect data in accordance with the requirements of the Regulation.
With regard to integrity and confidentiality – we take technical and organizational measures to ensure the appropriate security of personal data depending on their risk, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage by applying appropriate technical or organizational measures.
Lawfulness:
The lawfulness or legal bases of data processing can be:
the conclusion or performance of a contractual obligation in which you are a party to
our legitimate interest to the extent that it is more significant than the interest of the data subject not to process the data or
your consent,
another legal basis in accordance with the Regulation.
Personal information that SD may collect:
When you interact with SD via email, web, or social media (e.g., if you like SD on Facebook), we may ask for or receive certain information such as:
Name and surname
Email
address Phone number
IP address
Cookie
ID Internet browser
Operating system

When you interact with SD as a business client, we may collect the following information:
Name and surname
Email
address Phone number
Business address
Name and address of the company you work
for [personal details that may be relevant to the business relationship, e.g., your professional experience, etc.]
IP address
Internet browser
Operating system
Model and type of device from which you accessed
Methods of collecting personal data:
You may share personal data with SD through (but not limited to):
Communication with SD (may be service-related or through a request for quotation that you have sent to us)
Communication with one of SD employees by e-mail, telephone or written or verbal
Ordering a service
Requesting to receive messages on a mobile phone/device
Voluntary participation in surveys
Participating in social media activities related to the promotion of SD (e.g. by selecting the "like" or "share" options).
Cookies placed on your computer or mobile device when you visit our websites.
When you interact with SD as a business customer/user, supplier or business partner, data is also collected through:
Entering into cooperation agreements
Providing services to SD
Communicating with SD
When accessing SD
business premises Voluntary participation in surveys
If you do not want SD to use your personal data, you can let us know at any time at the e-mail address: dpo@SparkDATA.agency
Sharing personal data with others:
We will not share your personal data with other suppliers of products or services, business partners and other third parties.
If we are required by law to obtain your consent or for any other reason we believe that your consent is necessary in certain circumstances, we will ask for it before sharing your personal information.
After you provide us with your personal data, it is possible to update, change or request their deletion in writing via the e-mail address: dpo@SparkDATA.agency. You can also use the same address to ask other privacy questions or raise your privacy complaints.
You can revoke your consent at any time and via our website: www.datacontent.co in the corresponding form. The withdrawal of consent does not affect the lawfulness of the processing of personal data that, on the basis of consent, was carried out up to the moment of withdrawal of consent.
Your rights:
At your request, we will inform you whether and what personal data is being processed about you. If all legal requirements are met, you have the right to rectification, deletion or restriction of the processing of personal data. You can withdraw all statements of consent that you have provided (in case the collection and processing is based on consent) and you can object to the processing of data only for the purpose for which it was collected/processed. You also have the right to receive the information you have made available to us in a structured, up-to-date, and machine-readable format; and you can request the transfer of this data to you or to third parties. We are obliged to respond to your request within one month from the date of receipt of your request, unless a longer period of time is requested for the same, in which case the same period must not exceed 2 months. You also have the right to file a complaint with the competent supervisory authority – in Croatia it is the Personal Data Protection Agency (more on this at www.azop.hr), if you suspect a violation in the process of processing your personal data.
All rights are subject to proportionate restrictions in accordance with the Regulation.
Choices you have:
Consent
To be collecteddata and their use, you may be asked to give your consent, in legally determined cases where consent is required.
Right to erasure You
can request the deletion of all or part of your personal data, for which you have previously given your consent to use.
Data
portability You have the ability to transfer your personal data from one electronic processing system to another without hindering the data controller.
Revocation of consent
is your right to withdraw your consent in whole or in part, without consequences or explanations, and to request the cessation of the processing of your personal data. You can submit a revocation in 3 (three) ways, in writing by mail to the address SPARK DATA OÜ, Sombre tee 2, Harju maakonda, Harku vald, Suurupi kula 76907, Estonia; By e-mail at: dpo@SparkDATA.agency or via our website www. SparkDATA.agency on the corresponding form.
Data storage: For the vast majority of our surveys,
personal data is anonymized/pseudonymized immediately after collection, which means that data that can in any way establish a link between the survey data and you personally is deleted from your answers.
If we process the data on the basis of your consent, we keep the data until you withdraw your consent and in accordance with the instructions of ESOMAR.
The SD keeps certain data permanently with regard to legal obligations arising from the employment relationship, i.e. on the basis of the Labor Act.
Personal data that is no longer needed is either irreversibly anonymized/pseudonymized or destroyed in a secure manner.
Data from the video surveillance system are regularly deleted, and are kept for a maximum of 6 months, except in cases when they are necessary for conducting proceedings before the competent authorities.
Additional information:
Technical and Integrated Data
Protection SD protects your data, taking into account the latest developments, the cost of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying degrees of probability and severity for the rights and freedoms of individuals arising from the processing of data, at the time of determining the means of processing and at the time of the processing itself, implements appropriate technical and organizational measures to enable the effective application of the data protection principles.
The CJEU shall also implement appropriate technical and organisational measures to ensure that only personal data that are necessary for each specific purpose of processing are processed in an integrated manner. We apply this measure to the amount of personal data collected, the scope of its processing, the storage period and its availability.
Records of processing activities SD
, as the controller, keeps records of processing activities that include:
the name and contact details of the controller, if applicable, of the joint controller, and the data protection officer;
the purposes of the processing;
a description of the categories of data subjects and categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case ofreferred to in the second subparagraph of Article 49(1), documentation of the appropriate safeguards;
where possible, the envisaged time limits for the deletion of the different categories of data;
where possible, a general description of the technical and organisational security measures.
In the event of a personal data breach,
the SD ensures that in the event of a personal data breach, it reports the personal data breach to the Personal Data Protection Agency in accordance with the Regulation without undue delay and, if feasible, no later than 72 hours after becoming aware of the breach, unless the personal data breach is unlikely to cause a risk to the rights and freedoms of individuals.
When the Regulation prescribes it, the SD shall also notify the data subjects of the personal data breach without undue delay.
The Data Protection Impact Assessment (DPA
) does not carry out data processing operations that are likely to cause a high risk to the rights and freedoms of data subjects. However, if certain processing exceptionally meets the conditions of high-risk, SD will carry out an assessment of the impact of the envisaged processing operations on the protection of personal data in accordance with the requirements of the Regulation prior to processing.
Scope:
Links to other websites
On the websites of the SD company, you can find links to other websites with useful information. Such websites may operate independently of SD and may have their own privacy notices, statements, or policies. We strongly recommend that you review them to find out how your personal data may be processed in connection with these websites, as we are not responsible for the content of websites that are not owned or operated by SD, as well as the use or privacy practices of the same.
Please note that we accept and take seriously our responsibility to protect the personal information you entrust to us from loss, misuse, or unauthorized access.
Please read this document carefully in order to be familiar with the terms and conditions and giving consent to the use of your personal data by SPARK DATA OÜ., as the Personal Data Collection Manager.