Effective date: May 1st, 2018

Revised on: February 15th, 2019

 

I. Introduction

 

We at Adria Scan are committed to protecting all personal data we are provided with, as well as data we gather, all while providing the best possible technological and business solutions to our clients and potential customers.


Adria Scan is one of the fastest growing companies in the field of identity management software solutions. Since the company was founded in 2006 in Croatia, we have been constantly evolving to become one of the most trusted providers of identity management software solutions and services worldwide.

We strive to keep strict and transparent policies regarding all and any personal data we have in our possession, across all areas of our business. Privacy policy, as stated below, is here to guide you through the steps we take in order to keep your personal data safe and our business processes aligned with the newest data protection policies.

If you have any questions, suggestions or complaints regarding our privacy policy or personal data usage, please contact our appointed Data Protection Officer at dpo@adria-scan.com.

 

II. Definitions

 

This Privacy policy points out all the ways Adria Scan obtains personal data and all the steps we are taking to keep them safe. In regards to the personal data we collect, Adria Scan acts as Data controller.


Most important definitions for our Privacy Policy:

  • Adria Scan”, “we”, “us” or “our” refers to Adria Scan d.o.o. company founded in Zagreb, Croatia, with registered office and place of business at Radnička 9, Kerestinec, 10 431 Sv. Nedelja, Croatia.
  • You” means any natural person using Adria Scan services and web pages, contacting Adria Scan via phone, email or web page forms, applying for a career with Adria Scan or any other natural person whose personal data Adria Scan collects and processes.
  • Personal Data” means any data or information which can lead a natural person to be identified, directly or indirectly.
  • Data controller” refers to natural or legal person which, alone or jointly with others, determines the purposes and means of the data processing and is responsible for processing such data in a manner consistent with the applicable European and national regulations on the personal data protection.

Full list of definitions on Protection and Collection of Personal data can be found in Article 4 of GDPR. Link here: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX%3A32016R0679 

 

III. Principles for processing personal data

 

Adria Scan respects all principles of personal data collection and processing and strives to implement them in all areas of our business scope.


 

Adria Scan follows GDPR appointed principles by which all personal data must be collected and processed. This Privacy policy will help you understand:

  • The way and legal basis on which we collect and process personal data under principle of Lawfulness, fairness and transparency
  • Why we collect specific personal data and for what purpose under the principle of Purpose limitation
  • That we collect only necessary pieces of personal information we need to be successful in our business operations under the principle of Minimization
  • That we do all we can to keep our personal data collections up to date and as accurate as possible under the principle of Accuracy
  • How we store it, and for how long, to comply with the principle of Storage limitation
  • How we protect collected personal data, and who has the access to which sets of personal data to comply with the principle of Integrity and Confidentiality

 

IV. Personal data Adria Scan collects and processes – types, how we process them, legal basis for collection, retention period and who we share collected data with

 

Adria Scan processes only personal data collected through communications with our clients, customers, potential customers, employees and potential employees.

We collect only minimum personal data required for specific purposes and process them only for the purpose they were collected for, unless there is another legal base obtained for additional usage.

We use following legal bases to collect and process personal data: legal obligation, contract, consent and legitimate interest.

Collected personal data is stored for:

  • data collected and processed by legal obligation or contract – a period of time required by law
  • data collected and processed according to consent or legitimate interest:
    • for a period of time required to fulfil the purpose data was collected for
    • or until we receive the request for erasure of personal data.

Adria Scan will not share collected personal data with any person or entity, unless we have a legal basis for such disclosure of your personal data.


 

Adria Scan acts as Data controller and collects several sets of personal data. We collect and process your personal data if you are:

 

A. Customer, client or partner

 

If you are listed as a contact person for one of our newest customers, who just purchased our system, or a contact for one of our long-term customers – your personal data will be logged in our CRM Contact database.

  • Type of personal data collected
    • Your first and last name, along with contact phone number, Skype, email address, position/department within the company you work for, city, country and region will be entered into our CRM and accessible to our Sales, Operations and Technical Support employees to follow through with all obligations we have towards our clients.
  • How we process the data
    • Minimum of personal data we need to functionally communicate with our customers is stored in our CRM Client Contacts database and is used for the purpose of providing services tied to our products – hardware delivery, software installation, technical support, license extension, offering new products.
  • Legal basis for data collection and processing
    • Data collected from our customers and clients is collected and processed on the legal basis of contract, legitimate interest and consent.
    • There are instances where our Customer or Client will provide us with contact details – first and last name, email address and phone number – of their employees authorized by the Customer for specific business areas (e.g. contact person for shipping and import, for billing and finance, for technical support) – in this case we will also enter received personal data into our CRM Client Contact Database.
  • Retention period
    • Personal data collected for this purpose is kept until we receive the request to erase or change certain contact information (e.g. employee is no longer working with the customer company, has changed position/department etc.).
  • Who we share it with
    • Contact database is kept in our CRM – cloud-based application Salesforce and is shared only between internal departments who are tied to customer acquisition and service delivery – Sales Department, Operations Department and Technical Support Department (in other words, access to Contact Database is granted only to employees of those departments).
    • However, if there is a problem with Salesforce, their support team may also have access to limited set of your personal data, for the purpose of resolving the problem. Details on how Salesforce processes your personal data you can find at link here: https://www.salesforce.com/company/privacy/
    • We may also share your contact information with our couriers and import agencies for the sole purpose of hardware delivery and import procedures. Personal data shared is limited to first and last name, email address and contact phone number. Contact person and contact information is always requested from the customer prior to organizing the shipping of goods and is shared based on either direct consent of contact person or by Customer appointing and sharing contact information of their employee authorized for this specific area.

 

B. Potential customer, client or partner – Prospect

 

If you contacted our Sales team via web page contact form, built-in web application Intercom, email, phone, requested a presentation/demo of our solutions either via web or directly, or already are in negotiation with our Sales team regarding our product and terms of sale, then personal data you provided us with is collected and stored in our Prospects database.

 

  • Type of data
    • Your first and last name, along with contact phone number, email address, position/department within the company you work for, city, country and region will be entered and stored in our CRM and accessible to employees of our Sales, Operations and Technical Support departments to follow through with sales process.
  • How we process your data
    • Personal data you provide us with through our web contact form, Intercom, email or phone call while inquiring about our products will be entered into our Prospects database in CRM. Entered data will be limited to above listed information needed to effectively communicate with you as a potential customer with the sole purpose of presenting our products and services, as well as completing the sales process.
  • Legal basis
    • Personal data in our Prospects database is collected on the legal basis of consent you gave us by contacting our company or by starting negotiations with our Sales and Operations Departments.
  • Retention period
    • Personal data collected for this purpose is kept until we receive the request to change certain contact information (e.g. employee is no longer working with the customer company, has changed position/department etc.) or until the consent is retracted.
  • Who we share it with
    • Prospects contact database is kept in our CRM – cloud-based application Salesforce and is shared only between internal departments who are tied to customer acquisition and care – Sales Department, Operations Department and Technical Support Department (in other words, access to Prospect Contact Database is granted only to employees of those departments).
    • However, if there is a problem with Salesforce, their support team may also have access to limited set of your personal data, for the purpose of resolving the problem. Details on how Salesforce processes your personal data you can find at link here: https://www.salesforce.com/company/privacy/
    • If you contacted us via built-in app Intercom on our web site, contact data you provided us with will also be stored there for a short period of time, until the next scheduled deletion of personal data. Intercom’s Terms and Polices regarding personal data can be found via link here: https://www.intercom.com/terms-and-policies#terms_customer-data
    • Cookie policy for all Adria Scan websites can be found here: http://www.adria-scan.com/cookie-policy/
      • If you opted to allow Analytics Cookies on our website, we have also shared some of your personal information with Google Analytics. However, based on our company policy, only personal data we collect is your geolocation – to have better overview of our potential customers worldwide. Google Analytics Terms of Service can be found via link here: https://www.google.com/analytics/terms/us.html

 

C. Potential customer, client or partner – Marketing or Sales Lead

 

If you contacted our Sales team via web page contact form, built-in web app Intercom, email or phone with only general interest in mind, or if we met you during exhibitions or conferences and you gave us your business card, personal data provided will be entered into our CRM Marketing or Sales Lead database.

If we received your personal info via referral from our existing customers or if we received it via direct phone calls or emails directed to the potential customers or clients within our area of expertise we believe we have legitimate interest in obtaining contact information for, we will also enter collected personal information into our CRM Marketing or Sales Lead database.

 

Important note: If your personal contact data is obtained by Adria Scan this way, and you do not wish to be contacted or kept in our database, please read this Privacy policy and follow all the steps to ensure your right to erasure is executed. Contact for all your inquiries is dpo@adria-scan.com.

 

  • Type of data
    • Your first and last name, along with contact phone number, Skype, email address, position/department within the company you work for, city, country and region will be entered and stored in our CRM and accessible to employees of our Sales/Sales development and Operations departments to follow through with sales research and sales execution process.
  • How we process your data
    • Personal data you provide us with through our web contact form, Intercom, email or phone call while inquiring about our products; you provide us with directly and in person via business card or personal data we receive through referral, direct phone calls or email – will be entered into our Marketing or Sales Lead database in CRM.
    • Entered data will be limited to information listed under article Type of data – only information needed to effectively communicate with you as a potential customer, with sole purpose of presenting our products and services.
  • Legal basis
    • Personal data in our Marketing or Sales Lead database is collected on the legal basis of consent you gave us by contacting our company or providing us with your Business card and on the basis of Legitimate interest in case we contacted you based on several facts:
      • One of our existing customers referred us to you or recommended your business as one of interest to us
      • Your company is part of the same corporation/chain/franchise as one or more of our existing customers
      • We already work closely with a large number of companies in the same business/branch/scope of work as your company, and we believe we have a legitimate interest in offering you our solutions
  • Retention period
    • Marketing or Sales Lead personal data collected is stored:
      • for a period of time required to fulfil the purpose data was collected for
      • until we receive the request to change certain contact information (e.g. employee is no longer working with the customer company, has changed position/department etc.)
      • until you retract your consent to be contacted – in this case we will also have to keep your minimal information to know NOT to send any more information your way
  • Who we share it with
    • Marketing or Sales Lead database is kept in our CRM – cloud-based application Salesforce and is shared only between internal departments who are tied to customer acquisition and care – Sales Department and Operations Department (in other words, access to CRM Marketing or Sales Lead databases granted only to employees of those departments).
    • However, if there is a problem with Salesforce, their support team may also have access to limited set of your personal data, for the purpose of resolving the problem. Details on how Salesforce processes your personal data you can find at link here: https://www.salesforce.com/company/privacy/ .
    • If you contacted us via built-in app Intercom on our web site, contact data you provided us with will also be stored there for a short period of time, until the next scheduled deletion of personal data. Intercom’s Terms and Polices regarding personal data can be found via link here: https://www.intercom.com/terms-and-policies#terms_customer-data .
    • Cookie policy for all Adria Scan websites can be found here: http://www.adria-scan.com/cookie-policy/
      • If you opted to allow Analytics Cookies on our website, we have also shared some of your personal information with Google Analytics. However, based on our company policy, only personal data we collect is your geolocation – to have better overview of our potential customers worldwide. Google Analytics Terms of Service can be found via link here: https://www.google.com/analytics/terms/us.html
    • Collected and confirmed Marketing or Sales Lead contacts will also be used in marketing tools and applications used for sending email campaigns, mostly Reply.io. Privacy policy of Reply.io can be found here: https://reply.io/privacy-policy/

 

D. Job Candidate/Potential Employee

 

If you choose to apply for a position with Adria Scan and become a job candidate, we will collect and process personal data you provide us with in your CV and in completed Employee assessment form.

 

  • Type of personal data
    • Data we collect includes your first and last name, address, contact phone number and email address, education and information on past employment, as well as all other information you wish to provide us with on your job application and CV.
  • How we process your data
    • Your CV and Employee assessment forms are collected through TalentLyft cloud application we use for quick and efficient job application and employee assessment process, and copies are kept in our internal database. All data collected is used for employee assessment and determining the candidate who is the best fit for the job opening in the company.
  • Legal basis
    • All data mentioned above is collected and processed based on your consent given to us upon applying for the open position in Adria Scan.
  • Retention period
    • All data received is kept during employee assessment process and for a period of 6 months after the process is over. After that period expires, all personal data received is erased both from TalentLyft application and from our internal database.
  • Who we share it with
    • Job candidates’ database is accessible to members of Management. If you have been selected for further steps in our selection process (e.g. filling in assessment forms, attending interviews etc.), your personal data will also be presented to Head of Department responsible for the open position you have applied for.
    • As mentioned in the article before, we use TalentLyft application to help us manage all applications for new open positions.
    • Adria Scan’s full Privacy Policy regarding TalentLyft and job application process can be read before applying to the job opening on TalentLyft web page.
    • If there is a problem with TalentLyft, their support team may also have access to limited set of your personal data, for the purpose of resolving the problem. TalentLyft Privacy policy can be found and read at the link here: http://help.talentlyft.com/terms-and-security/terms-of-service/privacy-policy

 

V. International transfers of personal data

 

All personal data collected is stored and processed in our headquarters in Zagreb, Croatia. There are cases where, while providing our services, we may allow access to our database to our partners outside of EEA area. When that is the case, we take all appropriate and legally necessary steps to ensure that such data is processed according to applicable laws and regulations.

As specified in Article IV. of this privacy policy, there are cases your personal data may be processed both inside and outside of the European Union by support teams of different cloud applications and tools we use while collecting and processing personal data collected. Access to your personal data in those cases is always subject to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations.

Your personal data will not be disclosed to parties who are not authorized to process them.

 

VI. Data rights

 

All-natural persons whose personal data Adria Scan has collected as a part of our business processes have following rights:

  • Right to be Informed
  • Right of Access
  • Right of Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object
  • Rights in relations to Automated Decision Making

 

Important note: We will make sure to receive and process your request to exercise the rights above, regarding your personal data, to the best of our ability. However, please consider that some of the personal data, as specified in Section IV. of this Privacy policy, is collected, stored and processed according to Law or other legal requirements, as well as contractual obligations. In those cases, your requests will be processed according to the applicable regulations.

To exercise your rights as listed above, you can contact us either via email address here dpo@adria-scan.com or our headquarters main landline phone number: +385 1 3370 348.

To find out more about your rights related to your personal data you can follow this link to the original text of GDPR, Chapter 3: https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX%3A32016R0679

 

VII. Changes to privacy policy

 

Our Privacy policy may change from time to time to reflect changes in our internal procedures or our business processes. All changes will be published on or web page and date of revision will be highlighted at the top of this policy information.

We encourage you to visit our pages and check for any changes on a regular basis.