Privacy policy

Contessa d.o.o. undertakes to protect private data of its Clients by collecting only the necessary and basic information about the users we need to have in order to fulfill our obligations; notify customers about data usage, giving customers the ability to use their data regularly, including the option to remove their name from a list of marketing campaigns. All client data is carefully kept and available only to employees who need this information to perform their duties. All employees of Contessa d.o.o. as well as business partners are obliged to respect the principles of privacy protection.


1. General

CONTESSA d.o.o. seriously understands the protection of your personal data and takes all necessary technical and organizational measures to protect them in accordance with the law of the Republic of Croatia and the European Union, in particular in accordance with the General Data Protection Regulation (GDPR).

This privacy policy describes which personal information we collect, how we use it, how we keep it from unauthorized access, and your rights in relation to this information.

The head of personal data processing is:

CONTESSA d.o.o., Rova 23, 51511 Malinska, OIB: 84585921286

The contact you can send your queries is:

Address: Rova 23, 51 511 Malinska


2. Personal data

Personal information is any information relating to a natural person who is identified or identifiable; a person who can be identified is a person whose identity can be identified directly or indirectly, in particular on the basis of an identification number or one or more features specific to her physical, psychological, mental, economic, cultural or social identity.

The processing manager, in accordance with the purposes listed below and the privacy policy, collects the following personal information:

  • Basic data on the respondent (name and surname, address, date of birth, location);
  • Contact information and data about your communication with the handler (email address, telephone number, date, time and content of mail or email communications, date, time and duration of telephone calls);
  • Data on the respondent’s use of the web site of the processing manager (dates and times of visits to the website, visited pages ie URLs, time of retention on a particular page, number of visited pages, total time of the website visit, actions on the website) and usage data Received messages (email, SMS) of the processing manager;
  • Data from volunteered forms by respondents;
  • Other data volunteered by the respondent to the bidder in the application for certain services for which this information is required.

3. Purpose of processing and legal basis for processing personal data

The specific purpose and way of processing your personal information is greatly dependent on the type of relationship that we collect from your information. In our business, we are guided by the fundamental principles of personal data protection, which means that we handle the data legally, transparently and fairly, and that processing is limited only to the purpose for which the data is collected and that only data that are necessary for that purpose are processed. Your personal information is kept only as much as is necessary for the purpose of processing purposes, except when we are bound by certain regulations to store personal information longer, or when our legitimate interests require it (for example, to set up, enforce or protect legal requirements). Accuracy, reliability, confidentiality and integrity of your personal information are also the principles we are handling. Access to your personal information only has authorized persons.

CONTESSA d.o.o., as the manager of personal data processing, protects your privacy and handles only those personal data that are necessary and obtained through its business, whether the information is provided to you by third parties or publicly available sources, following:

  • Performance of contractual obligations – when processing is necessary for the performance of a contract you are a party or for taking action on your request prior to the conclusion of the contract;
  • Satisfaction with legitimate interests – where necessary, we process personal information beyond contractual relations and to satisfy our legitimate interests. For example, such legitimate interest may be: conducting court proceedings and keeping records of them, protecting persons and property, meeting your requirements, responding to your inquiries and comments; (implementation of promotional activities, cookie data also used to display relevant ads on websites and social networks)
  • The necessity to respect the legal obligations;
  • Processing of personal data for a particular purpose or for a number of special purposes as described in the Privacy Act, upon receipt of your personal processing privileges for a particular purpose. Your privet is in compliance with the relevant provisions of the Regulation, it is not advisable and is free. You also retain the right to revoke your privy at any time.

4. Freedom of Choice

About the personal data that you give to the handler of your choice. However, if you decide that you will not provide the information necessary to meet any of your requirements, the processing manager will not be able to meet your request.

5. Timely Preservation of Personal Data

Processing Manager will keep your personal information as long as necessary to achieve the purposes for which the personal information was collected and processed.

All personal data processed by the processing manager under the law are retained by the processing manager within the statutory period.

All personal data processed by the processing manager due to contractual relationship with the respondent shall be kept by the processing manager for a period of time necessary for the performance of the contract and for another 5 years after the termination of the contract, except in the event of a dispute between you and the manager of the contract , when the processing manager keeps the data 5 years after the final court judgment or settlement, and in the event that no court dispute has been reached, the processing manager keeps the data 5 years after the day of the peaceful settlement of the dispute.

All personal data handled by the processing manager based on the subject’s privacy or legitimate interest, the processing manager keeps it permanently until the retractor has been withdrawn by the respondent, ie the request for processing interruption. This processing manager’s data is deleted prior to retrieval by the respondent only if the purpose of processing the personal data is achieved or, if so specified by law.

6. Security of personal data

Processing Manager takes all necessary (technical and physical) measures to ensure the security of your personal information. Your data at any time is protected against loss, forgery, manipulation, unauthorized access, and unauthorized disclosure.

Handwritten records of personal data are kept in registers, in lockers, while personal data are encrypted in personal computer and server encryption format and firewalls (firewall, antivirus software).

7. Forwarding personal data

Processing Manager Your personal information will be forwarded to third parties only in cases where it is required by law or other regulation (HZMO, CZZO, Tax Administration and other competent bodies).

The Manager of Processing Your personal information may also be entrusted to the IT System Administrator, which may process this information solely on behalf of and under the Authorization Manager’s authority and in accordance with this Privacy Policy.

8. Internet and Website

Privacy of data

We would like to say that when visiting CONTESSA d.o.o. at Your personal information remains confidential unless you want to disclose them voluntarily. We undertake not to disclose the information we received to other parties, except in the cases listed in the previous chapter.

Server statistics

Our global network server uses statistical software. These programs are a standard feature of all Internet servers and are not unique to our sites. Such statistical programs allow us to customize your pages in a way that is as effective and simpler for our visitors (identifying information that most or less interested in our users, customizing pages for individual web browsers, improving the structure of our site, and visiting our sites.)


To facilitate browsing our web pages, our global network server uses cookies. It is a very small text file that the server places on a user’s computer for the purpose of tracking the selection of individual language variants of our pages as well as when accessing parts of the pages that require a username and password entry. Cookies can not be used to run programs or set up viruses on your computer. The cookies that our Internet server sets are deleted automatically from your computer at the end of the session, that is, the moment you leave our site. An overview of our pages is also possible without using a cookie if your web browser is set up.

E-mail message

When you send us an e-mail with personal information that you can identify, either by e-mail with a question or comment, or a form you email us, we use this information solely for the purpose and scope necessary to fulfill it of your requests.

9. The rights of the respondent

  • Right to Retire Privilege: If you have been granted access to the processing of your personal data, you have the right to withdraw this Privilege, and the withdrawal of Privileges shall not affect the lawfulness of processing prior to its withdrawal; by withdrawing the privation for the respondents, no negative consequences will occur, however, after you have withdrawn the data processing privileges necessary to exercise your rights, you will no longer be able to exercise a particular right;
  • The right to access personal data: from the processing manager you have the right to receive confirmation of whether your personal information is processed and when processed, access to personal information and the following information: processing purpose, personal data category, data forwarding, data retention time or criteria for determining the same , the right to correct or delete personal data, the right to restrain processing, the right to a complaint, the right to complain to the supervisory authority, the data source (if no data has been collected from you);
  • Right to Personal Data Correction: You have the right, without unnecessary delay, to obtain correction of incorrect personal information pertaining to you from the Processing Manager and to supplement incomplete information;
  • The right to delete personal data („right to forget“): you have the right, without unnecessary delay, to obtain from the processing manager the deletion of personal data relating to you if one of the following conditions is met:

a) The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

b) If you withdraw the facility on which the processing is based and there is no other legal basis for the processing,

c) If you file an objection, and there are no more legitimate reasons for processing;

d) Personal data is unlawfully processed;

e) Personal data must be deleted in order to respect the legal obligation of Union law or the right of the Member State to which the processing manager is subject;

except in so far as the processing is necessary:

a) To exercise the right to freedom of expression and information;

b) In order to comply with a legal obligation requiring processing in the law of the Union or of the Member State to which the master is subject or for the performance of tasks of public interest or in the exercise of the official authority of the processing manager;

c) For the purposes of public interest archiving, for the purposes of scientific or historical research or for statistical purposes to the extent that it is probable that the right of deletion may prevent or seriously jeopardize the attainment of the objectives of such processing;

d) For the purpose of establishing, acquiring or defending the legal requirements;

  • Right of processing limitation: you have the right of processing manager to obtain a processing limit if one of the following is met:

a) If you dispute the accuracy of personal data, the period during which the processing manager can check the accuracy of the personal data;

b) Processing is illegal and you are opposed to deleting your personal data and instead seek to limit their use;

c) The processing manager no longer needs personal data for processing purposes, but you are looking for them to set up, enforce, or defend the legal requirements;

d) Have filed a complaint against processing under Article 21 para. 1 of the General Data Protection Regulation, expecting confirmation that the legitimate reasons of the processing manager over your reasons arise;

  • Right to Data Transfer: You have the right to receive the personal information that you refer to, which you have provided to the Manager in a structured, commonly used and machine-readable format, and you have the right to transfer this data to the other processing manager without interruption by the processing manager who is personal the data provided, if the processing is based on the recipient or the contract and if the processing is carried out by an automated means; when exercising this right you are entitled to direct transfer from one manager to another, if technically feasible; this right does not apply to the processing necessary to carry out tasks of public interest or to carry out the official authority assigned to the processing manager and shall not adversely affect the rights and freedoms of others;
  • Right to complaint:

a) If the processing of personal data is necessary for the performance of a public interest task or in the exercise of the official authority of the processing manager, and where the processing is necessary for the legitimate interests of the processing manager or a third party, you have the right, at any time, to complain processing of personal data relating to you; if you lodge such a complaint, the processing manager may no longer process your personal information unless it demonstrates that there are convincing legitimate grounds for processing that go beyond your interests, rights and freedoms or for the purpose of establishing, enforcing, or defending the legal requirements;

b) If personal data is processed for the purpose of scientific or historical research or for statistical purposes, you have the right, at any time, to object to the processing of personal data relating to you, based on your particular situation, unless processing is necessary for carrying out the task performs for the public interest; necessary for the performance of a task carried out for reasons of public interest;

  • The right to complain to the supervisory authority: you have the right to file a complaint with the supervisory authority, especially in the Member State where you have a habitual residence where your workplace or place is allegedly violated, if you consider that processing of personal data pertaining to you violates the General Regulation data protection; in the country where you are resident, in which you are working or allegedly involved a violation, if you believe that processing of personal information pertaining to you violates the rules on the protection of personal data;
  • The right to an effective remedy against the supervisory authority: you have the right to an effective remedy against the legally binding decision of the supervisory authority that is yours, as well as if the competent supervisory authority does not resolve the complaint or notify you within three months of progress or the outcome of the submitted complaints

All questions and requests related to the exercise of your rights in connection with personal data can be sent to: CONTESSA d.o.o., Rova 23, 51511 Malinska, Croatia or to the e-mail:

For the purposes of reliable identification of the data subject when exercising the right to personal data, the processing manager may request the provision of additional information and, in the event that the respondent can not be reliably identified, may refuse to act upon the request.

10. Rights of respondents in case of personal data violation

In the case of personal data breach, the processing manager shall inform the supervisory authority (Personal Data Protection Agency), unless it is unlikely that personal data breach will cause a risk to the rights and freedoms of the individual.

In the event of a breach of personal data likely to cause a high risk to an individual’s rights and freedoms, the processing manager is obliged to notify the respondent unless he has taken appropriate technical and organizational protection measures (eg encryption) or has taken any further action to ensure that it is no longer likely to be at high risk for the rights and freedoms of the respondent or would require a disproportionate effort (in the latter case, there should be public notice or similar measure to inform the respondents in an equally effective manner).

11. Announcement of Changes

Any change to the Personal Data Protection Policy will be posted on the CONTESSA d.o.o website. By using the Website you confirm that you agree to and agree to the full contents of this Personal Data Protection Policy.

developed by RedCode