Privacy Policy

Last modification:  20.06.2018 .

Privacy policy of the company Špica Sustavi doo

Last modified: June 20, 2018.

This Privacy Policy defines how Špica Sustavi doo, Radoslava Cimermana 64/A, 10 020 Zagreb (hereinafter: Špica or personal data processor) collects, stores and uses your personal data. This Privacy Policy became effective on June 20, 2018.

The privacy policy applies to (i) the use of the following websites operated by Špica:

• www.spica.hr 
• catalog.spica.hr 
• blog.spica.com 
• myhours.com 
• allhours.hr 
• allhours.com 
• myhours.com 
• doorcloud.com
• timeandspace.eu 
• frontmanfind.com 
• app.frontmanfind.com 
• voicextreme.com 

(hereinafter: website or websites), (ii) holding various types of events (for example, conferences, webinars, etc.) organized by Špica and registering for such events, (iii) registering on our marketing lists, (iv) informing and communication through our social networks and applications, (v) to fill out various contact forms on our website, (vi) to download catalogs and other documents available on our website (vii) use of e-learning portals, (viii) use of the Support Portal, (ix) use of our online store, (x) performance of e-marketing campaigns and (xi) Your use of any other current or future online or offline service (hereinafter all together from (i) to (xi): services).

Please read our privacy policy in detail.

About us

The manager of personal data processing is Špica Sustavi doo, Radoslava Cimermana 64/A, 10 020 Zagreb. In case of any questions, contact us by e-mail at info@spica.hr or by phone at +385 1 6593 730.

How do we collect, use and otherwise process your personal data?

We collect your personal data when you forward it to us, for example when you use our websites and their functions, when you contact us directly by email, phone, in writing or via social networks, when you order our services and/or products, when you accessed one of our websites or made your personal data available to us in any other way. In the event that it is permitted by law, we can also obtain information about you from other sources.

What types of personal data do we collect about you?

The types of information we collect about you may include information such as:

•  name and surname
• business e-mail address, or another e-mail address provided to us
• the company (for example, a company) where you work or where you worked
• job title
• telephone number 
• mobile number
• information about the computer or mobile device (e.g. IP address and browser type, device type)
• information about how users use our website (eg, which pages the user viewed, the time they viewed them, and what they clicked on).

We may also collect user personal data from certain publicly available sources, including but not limited to public online databases, business directories, media publications, social networks, websites and other publicly available sources, if this is in accordance with the law.

For what purposes do we use your personal data (processing purposes)?

We may use your personal data for one or more of the following purposes:

AND. 

1. To enable the use of our services and/or products when providing technical support and/or system implementation. As a rule, then, according to the GDPR, we are  the Processor  and we process the data on the basis of the signed contract

2. Use of necessary cookies on our websites (web pages). 

3. Marketing purposes: sending promotional e-mail messages, informing about our services or products (via e-mail messages, phone calls, etc.), segmenting data about you based on your activities and interests on our websites for the purpose of providing you customized (personalized) content and offers.

4. For the purpose of concluding a contract and/or sending an offer

5. Because legal regulations require us to take certain actions (for example, labor legislation, tax regulations, etc.)

6. Based on our legitimate interests, unless the interests or fundamental rights and freedoms of an individual take precedence

7. Communicating with our business advisors and legal representatives. This is necessary to fulfill our business interest for the purpose of obtaining legal or professional business advice. We will pass on, if necessary, your personal data to the smallest extent necessary, anonymized whenever possible.

8. Sharing of personal data with third parties (hereinafter: data recipients) who are connected with us, and in connection with the provision of services we offer, such as: (i) business partners in our sales chain, (ii) capital-related companies, (iii) suppliers or providers of e-mail services and (iv) suppliers or providers of various information and communication technology services. This will be necessary for the implementation of the contract we have entered into with you (or for the preparation of an offer), based on our legitimate interest for the efficient management and management of our business, for compliance with binding legal norms or for the purpose of direct marketing. When we share your personal information, we will do so subject to appropriate confidentiality restrictions and only to the extent necessary for any of those purposes.

9. For statistical and research purposes. We will anonymize the data and use it for research purposes, including market research, better understanding of our customers and adapting our products and services to the needs of future users.

10. Identifying possible criminal offenses or threats to public safety and sending personal data to competent authorities. Such actions are necessary for the purpose of preventing crime, fulfilling legal obligations, in the general public interest or to fulfill the legitimate interests of competent institutions and institutions working to prevent criminal acts.

11. In connection with any possible legal dispute or procedure, and with the purpose of resolving disputes in the manner prescribed by law.

B.)

With your express consent for marketing purposes, we inform you about our services, news, organization of events, etc.

When we process your personal data based on the consent (consent) you have given us, you can revoke the given consent (consent) at any time by sending us a request to the e-mail address info@spica.hr. Such revocation shall take effect no later than within 30 working days from the day we received your request.

In the event that you have sent a request for an offer and we have sent you an offer, based on legitimate interest, we will send you our marketing materials until you request the cessation of sending marketing materials or the expiration of a period of 10 years from the date of sending the offer.

Storage of personal data and period of processing

Your personal data is stored by Špica on its own servers or servers of our IT service providers, which are located in the EU. Your personal data is processed outside the European Economic Area in the case of using services located outside the European Economic Area.

Špica will process your personal data to the extent that is necessary and limited to what is necessary to fulfill the purpose and if we have a valid legal basis: processing is necessary for the execution of a contract, processing is based on consent, data processing is necessary to comply with legal obligations which we have as a Data Controller, if there are legitimate interests on our side, the processing is necessary for the execution of tasks of public interest or in the exercise of official powers, and if the processing is necessary for the protection of the key interests of individuals.

If you want more information about where and how long your personal data is stored, for more information about your rights to delete and transfer personal data, contact us at info@spica.hr.

How do we store your personal data?

We have taken appropriate technical and organizational measures to secure your personal data and protect it against unauthorized or illegal use or processing and against accidental loss or destruction or damage to your personal data, including:

• the principle of the smallest amount of data – collecting only the necessary categories of data
• training our employees on the importance, confidentiality and preservation of the privacy and security of your data
• access to personal data using a username and password for our employees and partners
• continuous updating and testing of our technology
• careful and responsible selection of our contractual subcontractors
• use of secure servers to store your personal data
• requiring proof of identity from each individual requesting access to personal data

Špica has a valid, regularly tested IS0 9001:2015 certificate, which is an internationally recognized standard in the field of IT security.

We would like to warn you that the transmission of information (including personal data) over the Internet is not always completely secure and that if you transmit any information to us over the Internet (via e-mail, through our website or otherwise), you do so entirely at your own risk. We cannot be liable for any damages, costs, expenses, lost profits, reputational damage or any other form of loss or damage suffered by you as a result of your transmission of data over the Internet.

Plugins and other tools

a) YouTube

We use YouTube operated by Google in our work. The controller in this case is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit our website, which contains the YouTube plugin, a connection is established with the YouTube server. 

If you have your own  account  and are registered on YouTube, YouTube profiles your activity, i.e. connects and tracks your activity and thus creates your profile. You can prevent this by signing out of your YouTube account.

YouTube helps our website to be more functional in marketing with the aim of providing information about our products and services, and based on the existence of a legitimate interest in accordance with Art. 6 (1) (f) of the General Regulation on the Protection of Personal Data (hereinafter: GDPR).

Additional information on the handling of personal data is available in  the Data Protection Statement  on YouTube https://www.youtube.com/static?template=privacy_guidelines.

b) Google Maps

We use the map service Google Maps via API. It is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. If you want to use Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. Spica has no influence on this data transfer or data storage.

The Google Maps service is used to make our website functional and facilitate locating the places you specify, and based on the existence of a legitimate interest in accordance with Art. 6 (1) (f) GDPR. Additional information on the handling of personal data can be found in the Google data protection statement at https://policies.google.com/privacy?hl=en.

c) Slack

We use the Slack communication tool of Slack Technologies, 500 Howard Street, San Francisco, CA 94105, USA (hereinafter: Slack Technologies) for internal communication. For this reason, personal data of parties, users and associates or contractual partners can be transferred to Slack Technologies servers located outside the European Economic Area.

We have entered into an agreement with Slack Technologies on the processing of personal data in which the latter undertakes to respect the EU’s personal data protection rights. With regard to international data transfer, we have entered into a data transfer agreement with Slack Technologies with so-called standard contractual clauses, by which Slack Technologies undertakes that international transfers of personal data will take place in accordance with EU personal data protection rules.

Slack Technologies is registered for the EU-US Privacy Shield with respect to international data transfers in the US.

The processing of personal data through the Slack tool is based on the existence of our legitimate interest in the sense of Art. 6 (1) (f) GDPR.

d) Intercom

We use the Intercom tool from Intercom Inc. for sending messages by e-mail, for the Live-Chat function in connection with our cloud services, and on our websites for the Allhours and Myhours tools. 98 Battery Street, Suite 402, San Francisco, CA 94111, USA. In doing so, we transmit the following data:

• email address
• name and surname
• phone number
• contact information of technical contacts.

Intercom Inc., with respect to the international transfer of data in the USA, is registered for the EU-USA Privacy Shield and thus obliged to comply with the personal data protection rules of the EU.

You can read more about Intercom’s privacy policy at https://www.intercom.com/terms-and-policies#privacy.

Intercom uses cookies stored on the computer that enable user analysis. On the basis of cookies, data obtained about your last visit to the subpage of our platform in the cloud is transferred to Intercom’s servers in the USA and stored there. Intercom will not combine your IP address with any of your other data that it stores.

The data of users who come into contact with us via the Live-Chat function are completely deleted after nine months. Any user who contacts us after their data has been deleted is considered a new user.

You can disable the use of these cookies by applying settings to your browser. This may hinder the operation of some services on our website (e.g. Live-Chat).

We use the intercom based on Art. 6 (1) (f) GDPR. Our legitimate interest is to optimize the operation of our services, i.e. better management of our relations with customers.

e) Chargify

Payment for products and services offered on the Allhours and Myhours websites is made through the provider Chargify, LLC, 118 Broadway Street, San Antonio, Texas 78205, USA. If you purchase our products or services, your purchase will be made through an SSL encrypted website operated by Chargify and the information transmitted will be stored on Chargify’s servers in the USA. Chargify, with respect to international data transfers, is registered in the US for the EU-US Privacy Shield.

In addition, we have entered into an agreement with Chargify on the processing of personal data in which they undertake to comply with the rules of personal data protection of the EU.

You can read more about Chargify’s privacy policy at https://www.chargify.com/privacy-policy/ and https://help.chargify.com/my-account /gdpr.html.

The legal basis on which we use the services of Chargify is Art. 6 (1) (f) and Art. 6 (1) (b) of the GDPR. We have a legitimate interest when it comes to optimizing the operation of our services, i.e. better management of our relations with users.

f) Braintree

We use payment service provider Braintree for the Allhours website. Braintree is a sister company of PayPal Inc. which performs credit card payment services. Your personal data will be passed on to Braintree for the sole purpose of fulfilling your online order/transaction. The data protection provisions are identical to PayPal’s terms and conditions. You can read more about Braintree’s privacy policy at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

We use the Braintree service based on Art. 6 (1) (f) and Art. 6 (1) (b) of the GDPR. Our legitimate interest is to optimize the operation of our services, i.e. better management of our relations with users.

g) GoToMeeting and GoToWebinar

To conduct online conferences (webinars), we use the GoToWebinar and GoToMeeting services of the Irish provider LogMeIn Ireland Limited (hereinafter: LogMeIn). LogMeIn and its affiliates operate a global server infrastructure. Data processed in the course of conducting individual online conferences (webinars) can be transferred outside the European Economic Area and are subject to the legislation of the country where individual LogMeIn servers are located, because LogMeIn in the course of conducting online conferences (webinars), depending on the provision of the current service, processes data of online conference (webinar) participants. LogMeIn and its American sister company LogMeIn USA, Inc., with respect to international data transfer in the USA, are registered for the EU-USA Privacy Shield.

We have concluded a contract with LogMeIn on the processing of personal data by which the latter undertakes to comply with the EU personal data protection rules.

You can read more about LogMeIn’s privacy policy at https://www.logmeininc.com/legal/privacy.

The legal basis for using GoToMeeting and GoToWebinar services is Art. 6 (1) (f) GDPR. Our legitimate interest is to optimize the operation of our services, i.e. better management of our relations with users.

h) Amplitudes

For the MyHours website, we use the analytical tool Amplitude of the American company Amplitude Inc. Amplitude with the help of device identifiers that process technical information stored on your mobile device, such as device type (e.g. iPhone 6), operating system (e.g. iOS 8.4), service provider name (e.g. Vodafone), as well as  events  that are registered in the Myhours application (use of certain functions of the application, such as the beginning and end of recording working hours or generating messages), which enables us to analyze the use of the Myhours application by individual users, so that we can improve the functions of the subject applications and thereby provide you with a better user experience. Data processed by Amplitude is stored on servers in the USA.

Amplitude Inc., with respect to international data transfers to the US, is registered for the EU-US Privacy Shield. With Amplitude Inc. we entered into an agreement on the processing of personal data, which obligates the latter to comply with the rules of personal data protection of the EU. You can read more about Amplitude’s privacy policy at www.amplitude.com/privacy.

By using the MyHours service, you consent to the processing of data by Amplitude in the manner described. You can prevent participation in Amplitude’s analysis by sending us a message to the email address info@spica.hr.

The legal basis for using the services of Amplitude is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in order to optimize the operation of our services, i.e. better management of our relations with clients.

i) ActiveCampaign

We use the ActiveCampaign platform of the company ActiveCampaign, 1 N, Dearborn, Chicago, IL 60607, USA, where the following information is stored: e-mail address, first and last name, telephone and/or mobile phone number, job function (position), name of the organization where they are employed. This data is stored by the provider ActiveCampaign on its servers in the USA.

ActiveCampaign makes efforts related to the security of stored data through various physical, technical and organizational measures, such as encryption of network links, prevention of access by unauthorized persons, application of secure passwords and prevention of unauthorized intrusions. The ActiveCampaign service tracks the delivery success of sent e-mail messages by collecting data on opened messages, clicks on links, applications and browsers, approximate location, IP address, logins and unsubscribes, and email delivery failures. This data is kept for a maximum of six months after the recipient unsubscribes from this e-mail marketing service.

ActiveCampaign’s privacy policy is available at https://www.activecampaign.com/privacy-policy/.

With regard to international data transfer, ActiveCampaign is registered for the EU-US Privacy Shield and is therefore obliged to comply with the EU personal data protection rules.

We have signed an agreement with the company ActiveCampaign on the processing of personal data, in which the company undertakes to process the data of our users in accordance with our instructions and not to forward them to third parties. Sending e-news is based on your consent in accordance with Art. 6 (1) (a) GDPR or if there is a legitimate interest based on Article 6 (1) (f) GDPR.

We use the services of ActiveCampaign based on Art. 6 (1) (f) GDPR. Our legitimate interest is the choice of technology service providers that offer tools that help us optimize our business, and in addition offer users a customized way of sending e-news, which also meets user expectations.

j) Microsoft Dynamics CRM

For the purpose of effective and secure customer relationship management (CRM), we use one of the leading and more advanced software tools Microsoft Dynamics CRM provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: Microsoft).

Microsoft is the holder of numerous certificates in the field of information security and compliance with legislation in the field of personal data protection. Your data is stored exclusively on our servers, which does not exclude the possibility that specialized experts from third countries occasionally access the stored data for the purposes of maintenance, elimination of incidents, i.e. performing upgrades and providing other forms of technical support. This type of access to stored data from third countries is based on the standard contractual clauses of Microsoft. You can read more about Microsoft’s standard contract clauses at www.microsoft.com/en-us/TrustCenter/Compliance/EU-Model-Clauses.

Microsoft is registered for the EU-US Privacy Shield with respect to international data transfers in the US.

We have entered into an agreement with Microsoft on the processing of personal data by which the latter undertakes to comply with the EU personal data protection rules. You can read more about Microsoft’s privacy policy at www.privacy.microsoft.com/en-us/privacystatement.

We use Microsoft CRM services based on Art. 6 (1) (f) GDPR. Our legitimate interest is to optimize the operation of our services, i.e. better management of our relations with customers.

How we use cookies and similar technology

A cookie is a small file that is saved on your computer when you use our web pages. Cookies are primarily used so that each user can be identified or separated from a group of other users who are using the same website at the same time. It is therefore a computer method of identity recognition.

Some cookies are deleted immediately when you close your browser. These cookies are called temporary (session) cookies, because they only last as long as the individual session lasts, and are no longer saved after the session ends. Cookies of this type usually only contain an identification code, which can only be recognized by the website that set the cookies. Other cookies have a certain life cycle, i.e. validity period, and are used to determine that you have already logged in to a certain website or store information about some settings, for example about language selection.

Each website can only access cookies set by that website and cannot access data from other websites.

You can reject some or all of the cookies we use on our website by changing your browser settings. However, this may reduce the ability to use our website, or some or all of its functions. For more information about cookies, including how to change your browser settings, visit www.allaboutcookies.org.

The list of cookies we use on our websites, with a description of their purpose, duration and other information, can be found on the  Cookies page 

International transfers of personal data

If we transfer your personal data outside the European Economic Area, we will do so after carefully reviewing the appropriate legal bases and safeguards, such as:

• data retention policies known as Binding Corporate Rules or BCRs
• standard contractual clauses adopted by the European Commission based on legal frameworks
• based on approved Codes of Conduct, if they exist
• approved certification mechanisms (such as EU-US Privacy Shield)
• or, when permitted, contractual clauses between the manager or executor of personal data processing and the data manager, executor or recipient of personal data in a third country or international organization.

What are your rights regarding the processing of personal data?

As a person whose personal data is processed, you have the following rights, which you can exercise by sending an e-mail message to info@spica.hr:

• to request access to your personal data and information about the use and processing of your personal data
• to request correction or deletion of your personal data
• to request that we restrict the use of your personal information
• to request your personal data that you have provided to us, which we will provide to you in a structured and machine-readable form (for example, an Excel table) and the right to transfer this personal data to another personal data controller
• to object to the processing of your personal data for specific purposes (for further information, see the paragraph entitled “Your right to object to the processing of your personal data for specific purposes”) and
• to withdraw the consent you have given us for the use of your personal data where there is a legal basis for the processing of consent. If you withdraw your consent (consent), this will not affect the legality of our use and processing of your personal data based on your consent before the day of withdrawal of your consent (consent).

You also have the right to lodge  a complaint with the supervisory authority , which for this purpose is the Personal Data Protection Agency (AZOP) in the Republic of Croatia, whose contact information is available here: www.azop.hr.

For additional information about your rights related to your personal data, including certain limitations that apply to some of these rights, see Art. 12 to 23 of the GDPR, which are available here: www.eur-lex.europa.eu/legal-content/SL/TXT/?uri=CELEX:32016R0679.

Your right to object to the processing of your personal data for certain purposes:

You have the following rights related to your personal data, which you can exercise in the same way as described in the previous chapter:

• to object to the use or processing of your personal data if we process your personal data based on the existence of legitimate interests on our part (Špica), including profiling (e.g. predicting your behavior based on your personal data) and
• to object to the processing of your personal data for direct marketing purposes (including any automated action we take based on the collection of personal data, if related to such direct marketing).

You can also exercise your right to object to the use or processing of your personal data for direct marketing purposes by:

• you click on the  unsubscribe link  at the bottom of any marketing email we send you and follow the instructions that appear in your browser after you click on that link or
• you send an e-mail message to info@spica.hr asking us to stop sending you marketing messages or with the words “OPT OUT”.

Each time you object to our direct marketing through a different communication method than the one you received marketing messages from us, you must provide us with your name and appropriate information that allows us to identify you in connection with the messages you received from us (for example, if you are from received an SMS from us and you want to unsubscribe via email, you may need to email us your phone number).

Changes to our privacy policy

It is possible to change our privacy policy (Privacy Policy). We will inform you about this. If you continue to access our website on or after that date, we consider that you accept our privacy policy (Privacy Policy).

If we intend to use your personal data for a purpose that is different from the purpose for which we collected the data, we will inform you of that purpose.

Changes to your personal data

Please inform us of any changes to your personal data that we have, so that the information we have about you is accurate and up-to-date.