Landscaping Hvar, a business for landscape design, development, maintenance, and consultancy, implements personal data protection measures in its operations in accordance with the General Data Protection Regulation (GDPR), as well as legal and regulatory obligations.
Data Controller:
Landscaping Hvar, a business for landscape design, development, maintenance, and consultancy (hereinafter referred to as the “Company”)
For any questions regarding the processing of your personal data and the exercise of your rights under the General Data Protection Regulation, you may contact the Data Protection Officer through the following means:
• In writing at the address: Landscaping Hvar, Bartola Kašića 16, 21460 Stari Grad
• By email: meetus@soil.team
We are fully committed to ensuring the continuous and effective implementation of this policy and expect the same from our employees and business partners.
This policy outlines the expected behavior of the Company, its permanent, temporary, and occasional employees, business partners, and third parties concerning the collection, use, storage, transfer, disclosure, or destruction of personal data processed in the Company’s business operations.
The following rules form an integral part of this Policy:
• PERSONAL DATA PROTECTION RULES define the purpose and methods of using personal data, the categories of personal data we collect, the period during which we process them, and the methods of informing you about data processing;
• WEB PRIVACY RULES define the ways of collecting and storing data gathered through the Company’s website;
• RECRUITMENT PRIVACY RULES define how we collect and use your personal data in relation to recruitment activities;
• RULES ON JOINT CONTROLLERS define the joint controllers, their roles, and the contact point for individuals.
PERSONAL DATA PROTECTION RULES
These rules relate to the privacy protection practices implemented by the Company when contracting and providing services to its clients. We have defined these personal data protection rules to clarify the purpose and method of using personal data, the categories of personal data we collect, the period during which we process them, and to inform you about all the ways we handle your data.
DATA WE COLLECT
During various forms of interaction with the Company (using the Company’s website, sending inquiries/requests via email or post, participating in competitions, entering into cooperation agreements), personal data may be collected, including but not limited to:
• Full name
• Residential address
• Personal Identification Number (OIB)
• Bank account number
• Email address
• Phone number
During various forms of interaction, the Company may also collect data that does not fall into the category of personal data, including but not limited to:
• Device information used to access the internet
• Type and version of the internet browser used
• Website usage data
LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
We process and use personal data only for the purposes for which they were collected. The processing of personal data is permitted only if and to the extent that at least one of the following conditions is met:
• The processing is necessary to comply with the Company’s legal obligations — including but not limited to processing data for issuing invoices, resolving complaints or objections in accordance with applicable regulations;
• The processing is necessary for the performance of a contract in which the user is a party, or in order to take steps at the user’s request prior to entering into a contract — for example, when concluding contracts with subcontractors, arranging delivery services in line with an agreement, etc.;
• The processing is necessary for the purposes of the legitimate interests of the Company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the user requiring the protection of personal data — for example, processing data for marketing purposes, such as informing clients about special offers or inviting them to events they might be interested in;
• Explicit consent has been given by the user based on clear information about the scope of data processing.
USE OF DATA
The Company uses personal data for the following purposes:
• Provision of services in accordance with contractual obligations – The Company may use personal data during the provision of agreed services and for various forms of communication throughout the cooperation process.
• Marketing and sales activities – The Company may use personal data to inform individuals about new benefits, services, discounts, or similar activities.
• Protection of Company employees – The Company may disclose personal data of individuals if it believes it is necessary or appropriate to protect the health and safety of employees, visitors, property, and/or users.
• Legal obligations of reporting and data processing
Methods of Data Collection
Personal data is collected in one of the following ways:
• Directly from the individual – data provided for the purpose of concluding or performing a contract, through visits to the Company’s premises, phone conversations with the individual, or through requests, proposals, etc., submitted to the Company by mail or other means.
• Indirectly – data that is publicly available on websites not owned by the Company (e.g., posts on social media, open forums, official registers), and data collected through the use of cookies, links, and similar technologies.
USER REQUESTS
The Company ensures the exercise of user rights regarding:
• Access to information
• Objection to processing
• Restriction of processing
• Data portability
• Data correction
• Data deletion
Users may submit requests to exercise their rights either in writing or verbally. A written request should be sent via email to meetus@soil.team or delivered in person to the Company’s registered office.
If an individual submits a request related to any of the above rights, the Company will review the request in accordance with all applicable data protection laws and regulations. The Company reserves the right to charge a fee for processing user requests in exceptional cases where the requests are unreasonable.
Users have the right to be informed, upon a valid request and successful identity verification, about the following:
• The purpose of personal data processing
• The source of the personal data, if it was not obtained directly from the user
• The category of personal data
• The recipients or categories of recipients to whom the personal data has been or may be transferred, along with the location of those recipients
• The intended retention period of personal data or the criteria used to determine that period
• The use of any automated decision-making, including profiling
All requests for access to or correction of personal data must be addressed to the Data Protection Officer, who will log each request upon receipt. A response to each request will be provided within 30 days of receiving the written request from the user.
PROCESSING PERSONAL DATA BASED ON USER CONSENT
In certain cases, the Company may request the consent of users or their holders of parental responsibility for the processing of personal data for specific purposes.
When the processing of personal data is based on consent, the user/holder of parental responsibility may withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out based on the consent before it was withdrawn.
DATA RETENTION
The Company will not retain personal data longer than necessary for the purposes for which it was originally collected.
The Company will retain your personal data for as long as necessary to provide products or services; as long as required under these Rules or at the time of data collection; as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements; or to the extent permitted by law.
Once the retention period expires, the Company will delete personal data in a manner that ensures it cannot be reconstructed or read.
DATA PROTECTION
The Company implements physical, technical, and organizational measures to ensure the security of personal data (e.g., to prevent loss or damage, unauthorized alteration, access, or processing, and other threats caused by human actions or physical/natural environments).
The implemented security measures aim to:
• Prevent unauthorized persons from accessing data processing systems where personal data is processed;
• Prevent authorized system users from accessing personal data beyond their needs and permissions;
• Ensure that personal data cannot be read, copied, altered, or removed during electronic transmission or transfer without authorization;
• Ensure the availability of system logs to identify who entered, changed, or deleted personal data from the system;
• Ensure that when processing is performed by a data processor, data is processed only in accordance with the instructions of the data controller;
• Ensure that personal data is protected against accidental destruction or loss;
• Ensure that personal data collected for different purposes can be processed separately;
• Ensure that personal data is not kept longer than necessary.
REQUESTS FROM JUDICIAL AUTHORITIES
In certain circumstances, personal data may be disclosed without the knowledge or consent of the user, when such disclosure is necessary for any of the following purposes:
• Prevention or detection of crime;
• Arrest or prosecution of offenders;
• Assessment or collection of taxes or duties;
• As ordered by a court or required by law.
HANDLING COMPLAINTS
In case of complaints regarding compliance with these or other rules related to personal data protection, please contact us at: meetus@soil.team.
If a complaint is received, we will investigate the entire situation regarding the use and disclosure of personal data according to these rules and aim to resolve the issue as quickly as possible.
PROTECTION OF CHILDREN’S PERSONAL DATA
Although the Company aims to inform the general public, we are fully aware that children require special protection in all respects, including the protection of personal data, as they may be less aware of the risks and consequences of disclosing their data.
In accordance with Article 19, Paragraph 1 of the Law on the Implementation of the General Data Protection Regulation (NN 42/2018), the Company considers children to be all individuals under the age of 16 and does not request or collect children’s personal data without the consent of a person with parental responsibility.
The Company will make every reasonable effort to process children’s data only with the consent of a holder of parental responsibility.
If the Company becomes aware that it has received children’s personal data without valid parental consent, it will make every reasonable effort to:
• Delete the data from its records as soon as possible;
• Ensure, if deletion is not possible, that the data is not used for any purpose;
• And in any case, ensure the data is not shared with any third party.
If a parent or guardian has any questions regarding the processing of their child’s personal data, they are encouraged to contact the Company’s Data Protection Officer.
WHERE YOUR PERSONAL DATA WILL BE PROCESSED
Your data will be processed within the European Economic Area. If it becomes necessary to transfer personal data outside this area, such transfer will only occur if the European Commission has confirmed that the third country provides an adequate level of data protection or if appropriate safeguards are in place in accordance with applicable law (e.g., binding corporate rules, standard contractual clauses).
RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY
At any time, you may file a complaint regarding the processing of your personal data if you believe we have violated Croatian or European data protection regulations. The competent supervisory authority is the Croatian Personal Data Protection Agency, Martićeva 14, Zagreb, azop@azop.hr.
WEBSITE PRIVACY POLICY
The Company acknowledges and values your right to data confidentiality and is committed to safeguarding the security of data collected via the Company’s website.
Your personal data is collected and used only based on the information you voluntarily provide to the Company through your use of the website.
Collected personal data is stored electronically, and appropriate technical and organizational measures are applied to prevent data breaches. Emails containing your personal data will be used only for the purpose of fulfilling your requests.
COOKIES
To ensure the proper functioning of the Landscaping Hvar website, small data files known as cookies are sometimes stored on your device. Most major websites do the same. Information is collected through cookies during web browsing. The legitimate interest of Landscaping Hvar in using cookies is to ensure correct website display and notifications, continuously improve user experience, and provide quality content and ads to users. Cookies used on the Company’s website are anonymized and are not intended for collecting or accessing user data.
What are cookies?
A cookie is a file stored on your computer or mobile device when visiting a website. It allows the website to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period, so you don’t have to re-enter them each time you return or navigate through the site.
Thanks to cookies, the Company’s website can:
• Track detailed visitor metrics to provide more relevant content;
• Continuously improve technical and content functionality;
• Detect and protect against risky behavior that may harm the site;
• Understand how users interact with content to improve and develop new services.
How do we use cookies?
Cookies may be used to recognize user visits, remember preferences, and improve the personalized user experience. All cookie-collected data is aggregated and used to improve and optimize the website. Cookies we serve are anonymized, and we cannot use them to identify visitors personally.
Cookies may collect data about how our website is used—for example: origin/location of visit, pages viewed, videos/articles accessed, keywords used, visit duration, device details, and visit metadata.
Purposes of cookies:
• Ensuring the proper operation of the website
• Proper content display
• Personalizing the interface (language selection, etc.)
• Device parameters
• Screen resolution and type
• Website improvements
• Collecting statistical data
We collect statistical data to provide quality content, enhance website and service quality, and better understand user needs in order to improve services and functionality accordingly.
For service customization
Cookies also help us tailor services by detecting potential issues and optimizing site features like remembering login data or language preferences, adapting the user interface, etc.
How third parties use cookies on our website
In some cases, we may work with third parties to offer better services on our website. The Company uses third-party tools like DotMetrics Audience and Google Analytics to measure website traffic.
Browser providers offer instructions on managing cookies. More can be found at the following links:
-
Google Chrome
-
Internet Explorer
-
Mozilla Firefox
-
Safari (Desktop)
-
Safari (Mobile)
-
Android Browser
-
Opera
-
Opera Mobile
For all other browsers, please refer to the relevant documentation provided by the browser’s vendor.
Additional information on disabling cookies
There are several websites that allow you to disable cookie storage for different services. You can find more information at:
SECURITY
The Company takes all security measures to protect user data during data entry, transmission, processing, and storage. Access to data is restricted and granted only to employees who need it to perform business-related activities.
Personal data provided to the Company when visiting the website will be stored for as long as the website is active. All data submitted during website visits will be destroyed no later than the website’s deactivation.
Users have the right to request, at any time, information about which of their personal data is being processed by the Company, as well as to request correction or deletion of such data by contacting the Data Protection Officer.
PRIVACY POLICY UPDATES
We regularly review our privacy policy to ensure it reflects how the Company processes personal data. The current version is always available on our website at soil.team, and if any significant changes are made that affect your rights and freedoms, we will notify you.
RECRUITMENT PRIVACY POLICY
This section outlines how the Company collects and uses your personal data in connection with recruitment activities. Personal data will be processed in accordance with the rules stated below.
By submitting personal data for employment or job application purposes, you voluntarily provide your personal information to the Company.
Collection of Personal Data
The Company requires certain information, including details of education and work experience, contact information, qualifications, and positions applied for. Additional/detailed information may include a CV, references, and similar documents.
Furthermore, the Company may collect information from third parties when verifying the accuracy of data provided by candidates (e.g., validating diplomas, work history, and/or references).
Sensitive Personal Data
During recruitment, the Company will not request or require sensitive personal data (e.g., religious affiliation, health status, sexual orientation, or political beliefs).
Voluntary Disclosure
Personal data provided during the recruitment process is submitted to the Company voluntarily. The Company will only request data necessary for a proper and legally compliant recruitment process.
Use of Personal Data
Data may be used for communication, managing the selection and hiring process, and complying with corporate, legal, and regulatory requirements. If you are hired, your data may also be used for employment and corporate management purposes.
Data Recipients and Sharing with Third Parties
The Company may share your personal data internally and with service providers or other third parties when necessary for candidate selection, hiring, corporate governance, procurement, legal or regulatory obligations, or in response to public authority or government requests related to national security or law enforcement.
The Company requires such service providers and third parties to maintain the confidentiality of your personal data and to use it only for the specific purposes for which it was disclosed.
Security and Confidentiality
The Company maintains a high level of administrative, physical, and technical security measures to protect the confidentiality of personal data and requires the same from its service providers. Employees who access personal information in the course of their duties must maintain the confidentiality of such data.
The Company may apply security procedures on its premises and in its IT systems to monitor and ensure safety. All monitoring is conducted in accordance with applicable laws.
Your Responsibilities
Each candidate is responsible for the data they provide to the Company. All information must be accurate, truthful, and not misleading in any way. Candidates must ensure that submitted data does not contain inappropriate, defamatory, or third-party infringing content.
If a candidate provides personal data of another person (e.g., a referee), they are responsible for informing that person in a timely manner and obtaining their consent.
LEGAL FRAMEWORK
This entire Privacy Policy is aligned with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC), applicable Croatian legislation, and our internal Rulebook on Personal Data Management and Protection.