PRIVACY POLICY AND TERMS AND CONDITIONS OF USING PERSONAL DATA

This privacy policy refers to confidentiality of personal data collected in the process of purchasing and/or registration of customers on website www.dadaandrocco.com, that is, in the process of user’s subscription to the list of recipients of e-mails with news, promotions, discounts and other opportunities. This privacy policy is an integral part of the Terms and Conditions of Purchase of www.dadaandrocco.com.

Dada & Rocco d.o.o. complies with current regulations with the aim of protecting the customer’s and/or user’s data privacy, particularly of the EU General Data Protection Regulation (GDPR). This privacy policy describes the way Dada & Rocco d.o.o. (hereinafter: Controller), processes personal data.

Guests and users of www.dadaandrocco.com are advised to read everything hereby stated in order to understand more easily which data Dada & Rocco d.o.o. processes and collects, for which purpose, on which legal basis, who and why they are shared with, which protection measures are implemented and what are the user’s and/or customer’s rights related to the access, rectification and erasure, as well as the right to object.

The user, that is, the customer, may at any time inquire regarding personal data by sending an e-mail to info@dadaandrocco.com or by contacting the number:  + 385 91 6135 433

By accepting this Privacy Policy by clicking, opening an account, registering or by user or customer subscription to the list of recipients of e-mails with news, promotions, discounts and other opportunities, the customer, that is, the user, is confirming that he/she read, understood and consents to the personal data protection in the manner determined by this Privacy Policy.

What is personal data?

Personal data we use are: name, surname, e-mail, cell phone number, address, postal code, city, state, region, IP address, RFID tags and cookies on websites, photo, video recording, PIN.

Which type of personal data is Dada & Rocco d.o.o. collecting and processing?

During shopping, Dada & Rocco d.o.o. shall require the following information from the Customer: name, surname, e-mail, cell phone number, address, postal code, city, state, region, and during login shall also ask password and username. After the person is subscribed as notification recipient, it shall have the access to the profile and to the change of entered data.

All data that the users and/or customers are entering by subscribing to the list of recipients of e-mails with news and discounts, are protected by name and password.

The user or customer confirms that he/she agrees with personal data processing by clicking the button: „I have read and I am accepting the General Terms and Conditions of business “.

Giving personal data is the customer’s, that is, user’s decision. If such data are not given to the Company for a certain activity, such activity shall not be allowed to the customer, that is, to the user; because without required data, this will not be technically doable.

Apart from this data, we are automatically collecting data from your computer, which can include IP address, and there are also situations where we are automatically collecting other types of data such as the time and date of accessing the website www.dadaandrocco.com, data on hardware, software, or web explorer you are using, the operative system of your computer, the application version and language settings.

We can also collect data on clicks and pages displayed to you. Dada & Rocco d.o.o. recommends customers/users to take care of their entrance password for the user account of www.dadaandrocco.com. While choosing the combination of password characters, we recommend combining case sensitive letters and numbers, and to definitely use at least six characters password.

For what purpose is Dada & Rocco d.o.o. collecting and processing personal data? 

Dada & Rocco d.o.o. collects and processes personal data of guests that is, of users for the purpose of conducting a safe authentication of guests, that is of users who are accessing www.dadaandrocco.com, realization of contract on purchase of merchandise or services, delivery of merchandise to the customer, communication with customers; that is with users, possible legal proceedings related to contract realization, and we are also partially applying automated processing in order to continuously improve our processes in the interest of guests, that is of users, in order to make the offer for the customer more individualized, and to maximally adjust our offer of products and services to the customers’, that is, users’ habits and needs.

Dada & Rocco d.o.o. collects and processes personal data of customers, that is of users who are recipients of notifications on news and discounts for the purpose of sending news, invitations to participate in award winning contests by e-mail, by social networks or other communication channels, possible legal proceedings related to realization of contract for the purpose of creating user profile with the goal of receiving individualized notifications, exploring market and improving the efficiency and quality of our services.

We don’t collect children’s data. If we find that such data have been transferred to us without consent of parents or guardian for the children under the age of 16, we shall remove it without postponement. Juveniles under the age of 16 must not use the site www.dadaandrocco.com. No part of said website is designed to attract anybody under the age of 16.

What is the legal basis of personal data processing?

By entering their personal data and by confirming (clicking) the acceptance of General Terms and Conditions of Business and of this Privacy policy and Terms and Conditions of using personal data; customers, that is, users, are entering into a contractual relation which is the basis for products and services purchase according to the customers’, that is, the users’ choice on website www.dadaandrocco.com. Therefore, processing that personal data is legal because the actions are taken on the customer’s that is, on the user’s request for the purpose of realizing the products and services purchase on the customer’s, that is, on the user’s order. Customers, that is users, by entering their personal data and by confirming (clicking) the Login button or by reservation, clicking the button: „I have read and I am accepting General Terms and Conditions of Business“ and by clicking the button: „I have read and I am accepting the Privacy Rules“, are consenting to processing of their personal data.

The users who are subscribing to receiving notifications on products and opportunities by entering their data on website www.dadaandrocco.com and by double checking the accuracy of the e-mail address, are consenting to processing their personal data. The user can withdraw the consent at any time by notifying the data protection officer on the e-mail: info@dadaandrocco.com or by contacting the number: +385 91 6135 433 (Mon – Fri: 8-16 h).

Who are the recipients with whom Dada & Rocco d.o.o. share personal data?

Dada & Rocco d.o.o. shall not share personal data of guests, that is of users, with other parties except when this is explicitly stipulated by the law and on request of public authorities.

Personal data processing during credit and debit card payment

Dada & Rocco d.o.o. in the moment of payment on the website www.dadaandrocco.com, as a requirement of paying for products and services by credit or debit cards are asking the consent of the customer that is of the user for activating the process of payment through the company Corvus INFO d.o.o. Zagreb, Buzinski prilaz 10, the provider of processing and charging (credit or debit) cards of the contracting partner and of the Processor. For that purpose, personal data of the customer, that is, of the user (name and surname, address, card data) are temporarily stored at Corvus INFO d.o.o. Zagreb, Buzinski prilaz 10, who stores that data according to PCI DSS certificate, the highest level of protection and storage of confidential data. The guest, that is, the user activates the processing and charging cards by confirming (clicking) the link „pay “.

Personal data: name, surname, e-mail, cell phone number, address, postal code, city, state
Card data: number of payment card

The stated data is processed:

  • for the purpose of processing transactions initiated by the customer, that is, the user;
  • for the needs of providing Card Storage services, that is, for the purpose of electronic storage of personal and card data of the customer, that is, of the user.

Processing personal data shall last as much as it takes for completing the Contract, that is, for fulfilling the purpose of personal data processing, that being:

  • for providing on-line authorization service – 13 months from the day of executing particular transaction that is, on the day of charge
  • for providing Card Storage service – to the expiration date of a particular payment card, that is, to the expiration date of on-line authorization service, depending which comes last.

Corvus gains access to personal data collected by Dada & Rocco d.o.o., that is, by the Controller who shall deliver and/or enable Corvus to access personal data, and for the card data, the Controller authorizes the Processor (Corvus) to collect them on behalf of the Controller.

The Controller keeps the formal control an ownership over collected data, while the card data, due to their sensitive nature, are being collected and processed exclusively within the system under control of the Processor, where they are subject to additional levels of protection.

The Seller informs the customer, that is, the user that Corvus INFO d.o.o. does not store the security code (CVV) from (the debit, credit) card of the customer. CVV is a three-digit or four-digit number the customer, that is, the user separately enters during the card payment. The customer, that is, the user, shall continue to enter that number as additional security check. Dada & Rocco d.o.o. is therefore warning the customer, that is, the user, to take care of the data stated on the card, so that said data wouldn’t be available to third persons and abused.

Period of personal data storage

Dada & Rocco d.o.o. stores personal data of registered customers that is, of users of website www.dadaandrocco.com during the period the purpose of processing is being achieved, and that is the period from the moment the registration is active until six months after the customer’s that is, the user’s registration ended; during which period possible reclamations from the previous period will be resolved. Dada & Rocco d.o.o. stores personal data of the User recipient of notifications of news and discounts for the period the purpose of processing is being achieved and that is the period from the moment the registration is active, that is, until the User unsubscribes from the list of recipients of e-mails on news and discounts.

 

Access and rectification of personal data

Customers, that is, users have the possibility to access their personal data at any time after registering on the site and accessing the “profile” where they can rectify their personal data shared on the site www.dadaandrocco.com. Customer, that is the user, can ask and gain from Dada & Rocco d.o.o. complete information on stored personal data, as well as their rectification by sending an e-mail to the e-mail address of the personal data protection officer: …@………..hr.

Personal data erasure (right to be forgotten) 

The customer, that is, the user, has the right to request erasure of personal data (right to be forgotten) at any time. The customer, that is, the user, can do so by sending a request on the e-mail address of the data protection officer info@dadaandrocco.com, and the data shall be erased within thirty days, or by sending the form for personal data rectification or erasure, which you can download here. The data on purchase through website remains stored on the account for the stated reservation according to other legal obligations. The Users have the possibility to submit an erasure request in any notification received by the Seller on e-mail, that is, can send an e-mail to the e-mail address of the data protection officer info@dadaandrocco.com requesting to erase their personal data.

Dada & Rocco d.o.o. has, according to relevant regulations, appointed the Data protection officer who you can contact regarding all questions related to personal data processing or realization of your personal data protection rights. Contact: info@dadaandrocco.com  or + 385 91 6135 433 (Mon – Fri: 8:00 – 16:00 h).

Right to object

If, despite all measures taken for personal data protection, you believe you have grounds for an objection, contact the e-mail address of the personal data protection officer info@dadaandrocco.com

Security measures for personal data protection

Collected data are in electronical form and protected by the SSL certificate which encrypts the data thus ensuring that the communication between the customer’s that is, the user’s computer and the site www.dadaandrocco.com is carried out by the secure protocol. Dada & Rocco d.o.o. takes data protection seriously and takes various caution measures in order to protect personal data. Unfortunately, no data transfer through Internet, or any wireless network can be 100% secure. As a result, although Dada & Rocco d.o.o. conducts reasonable personal data protection measures, it cannot guarantee protection of any information transferred to or from the website www.dadaandrocco.com and is not liable for actions of any third party who receives such information.

Amendment of the Privacy Policy

This Privacy Policy and Terms and Conditions of personal data use, can be amended by Dada & Rocco d.o.o. at any time, by publishing the amended text of the Privacy Policy on the website www.dadaandrocco.com. Therefore, Dada & Rocco d.o.o. is inviting the customers, that is, the users to occasionally view this Privacy Policy. If customers, that is, users, do not agree with this Privacy policy, we are directing them to leave and not access and not use the website www.dadaandrocco.com.
Amendment of the Privacy Policy and Terms and Conditions of Personal Data Use enter into force immediately after being published on website www.dadaandrocco.com.

Continuation of use of website www.dadaandrocco.com by the customer, that is, the user, even after the amendments entered into force, means that the customer, that is, the user, confirms and accepts the amended Privacy Policy and Terms and Conditions of Personal Data Use.

Does www.dadaandrocco.com use cookies?

Website www.dadaandrocco.com uses cookies, with primary goal to enable better user experience.

Does www.dadaaandrocco.com have third party cookies?

We use several outsourced services that save limited cookies to the user. These cookies are placed for normal functioning of certain possibilities that facilitate the users to access the content, as well as sharing it with other internet services.

Social networks

Sharing the content of the website www.dadaandrocco.com on social networks, sets up cookies. Website www.dadaandrocco.com apart from that, also uses Mailchimp service.

Measuring visitors’ rate

Our website uses Google Analytics, web analysis service provided by Google, Inc. (“Google”). Information generated by the cookie on your use of our website (including your IP address) shall be transferred to Google and stored on servers in the Republic of Ireland where it shall be kept for 26 months the longest, after which it shall be erased. Google shall use that information for the purpose of evaluating your use of our website, by making reports on activities on the website for websites operators and by providing other services related to the websites’ activities and the use of Internet. Google can also transfer that data to third parties, if this is required by law, or if such third parties are processing data on behalf of Google. Google won’t link your IP address to another data in possession by Google. You can receive more information on Google privacy rules on the link http://www.google.com/privacy.html.