Guests and users of www.dadaandrocco.com are advised to read everything hereby stated in order to understand more easily which data Dada & Rocco d.o.o. processes and collects, for which purpose, on which legal basis, who and why they are shared with, which protection measures are implemented and what are the user’s and/or customer’s rights related to the access, rectification and erasure, as well as the right to object.
The user, that is, the customer, may at any time inquire regarding personal data by sending an e-mail to firstname.lastname@example.org or by contacting the number: + 385 91 6135 433
What is personal data?
Personal data we use are: name, surname, e-mail, cell phone number, address, postal code, city, state, region, IP address, RFID tags and cookies on websites, photo, video recording, PIN.
Which type of personal data is Dada & Rocco d.o.o. collecting and processing?
During shopping, Dada & Rocco d.o.o. shall require the following information from the Customer: name, surname, e-mail, cell phone number, address, postal code, city, state, region, and during login shall also ask password and username. After the person is subscribed as notification recipient, it shall have the access to the profile and to the change of entered data.
All data that the users and/or customers are entering by subscribing to the list of recipients of e-mails with news and discounts, are protected by name and password.
The user or customer confirms that he/she agrees with personal data processing by clicking the button: „I have read and I am accepting the General Terms and Conditions of business “.
Giving personal data is the customer’s, that is, user’s decision. If such data are not given to the Company for a certain activity, such activity shall not be allowed to the customer, that is, to the user; because without required data, this will not be technically doable.
Apart from this data, we are automatically collecting data from your computer, which can include IP address, and there are also situations where we are automatically collecting other types of data such as the time and date of accessing the website www.dadaandrocco.com, data on hardware, software, or web explorer you are using, the operative system of your computer, the application version and language settings.
We can also collect data on clicks and pages displayed to you. Dada & Rocco d.o.o. recommends customers/users to take care of their entrance password for the user account of www.dadaandrocco.com. While choosing the combination of password characters, we recommend combining case sensitive letters and numbers, and to definitely use at least six characters password.
For what purpose is Dada & Rocco d.o.o. collecting and processing personal data?
Dada & Rocco d.o.o. collects and processes personal data of guests that is, of users for the purpose of conducting a safe authentication of guests, that is of users who are accessing www.dadaandrocco.com, realization of contract on purchase of merchandise or services, delivery of merchandise to the customer, communication with customers; that is with users, possible legal proceedings related to contract realization, and we are also partially applying automated processing in order to continuously improve our processes in the interest of guests, that is of users, in order to make the offer for the customer more individualized, and to maximally adjust our offer of products and services to the customers’, that is, users’ habits and needs.
Dada & Rocco d.o.o. collects and processes personal data of customers, that is of users who are recipients of notifications on news and discounts for the purpose of sending news, invitations to participate in award winning contests by e-mail, by social networks or other communication channels, possible legal proceedings related to realization of contract for the purpose of creating user profile with the goal of receiving individualized notifications, exploring market and improving the efficiency and quality of our services.
We don’t collect children’s data. If we find that such data have been transferred to us without consent of parents or guardian for the children under the age of 16, we shall remove it without postponement. Juveniles under the age of 16 must not use the site www.dadaandrocco.com. No part of said website is designed to attract anybody under the age of 16.
What is the legal basis of personal data processing?
The users who are subscribing to receiving notifications on products and opportunities by entering their data on website www.dadaandrocco.com and by double checking the accuracy of the e-mail address, are consenting to processing their personal data. The user can withdraw the consent at any time by notifying the data protection officer on the e-mail: email@example.com or by contacting the number: +385 91 6135 433 (Mon – Fri: 8-16 h).
Who are the recipients with whom Dada & Rocco d.o.o. share personal data?
Dada & Rocco d.o.o. shall not share personal data of guests, that is of users, with other parties except when this is explicitly stipulated by the law and on request of public authorities.
Personal data processing during credit and debit card payment
Dada & Rocco d.o.o. in the moment of payment on the website www.dadaandrocco.com, as a requirement of paying for products and services by credit or debit cards are asking the consent of the customer that is of the user for activating the process of payment through the company Corvus INFO d.o.o. Zagreb, Buzinski prilaz 10, the provider of processing and charging (credit or debit) cards of the contracting partner and of the Processor. For that purpose, personal data of the customer, that is, of the user (name and surname, address, card data) are temporarily stored at Corvus INFO d.o.o. Zagreb, Buzinski prilaz 10, who stores that data according to PCI DSS certificate, the highest level of protection and storage of confidential data. The guest, that is, the user activates the processing and charging cards by confirming (clicking) the link „pay “.
Personal data: name, surname, e-mail, cell phone number, address, postal code, city, state
Card data: number of payment card
The stated data is processed:
- for the purpose of processing transactions initiated by the customer, that is, the user;
- for the needs of providing Card Storage services, that is, for the purpose of electronic storage of personal and card data of the customer, that is, of the user.
Processing personal data shall last as much as it takes for completing the Contract, that is, for fulfilling the purpose of personal data processing, that being:
- for providing on-line authorization service – 13 months from the day of executing particular transaction that is, on the day of charge
- for providing Card Storage service – to the expiration date of a particular payment card, that is, to the expiration date of on-line authorization service, depending which comes last.
Corvus gains access to personal data collected by Dada & Rocco d.o.o., that is, by the Controller who shall deliver and/or enable Corvus to access personal data, and for the card data, the Controller authorizes the Processor (Corvus) to collect them on behalf of the Controller.
The Controller keeps the formal control an ownership over collected data, while the card data, due to their sensitive nature, are being collected and processed exclusively within the system under control of the Processor, where they are subject to additional levels of protection.
The Seller informs the customer, that is, the user that Corvus INFO d.o.o. does not store the security code (CVV) from (the debit, credit) card of the customer. CVV is a three-digit or four-digit number the customer, that is, the user separately enters during the card payment. The customer, that is, the user, shall continue to enter that number as additional security check. Dada & Rocco d.o.o. is therefore warning the customer, that is, the user, to take care of the data stated on the card, so that said data wouldn’t be available to third persons and abused.
Period of personal data storage
Dada & Rocco d.o.o. stores personal data of registered customers that is, of users of website www.dadaandrocco.com during the period the purpose of processing is being achieved, and that is the period from the moment the registration is active until six months after the customer’s that is, the user’s registration ended; during which period possible reclamations from the previous period will be resolved. Dada & Rocco d.o.o. stores personal data of the User recipient of notifications of news and discounts for the period the purpose of processing is being achieved and that is the period from the moment the registration is active, that is, until the User unsubscribes from the list of recipients of e-mails on news and discounts.
Access and rectification of personal data
Customers, that is, users have the possibility to access their personal data at any time after registering on the site and accessing the “profile” where they can rectify their personal data shared on the site www.dadaandrocco.com. Customer, that is the user, can ask and gain from Dada & Rocco d.o.o. complete information on stored personal data, as well as their rectification by sending an e-mail to the e-mail address of the personal data protection officer: …@………..hr.
Personal data erasure (right to be forgotten)
The customer, that is, the user, has the right to request erasure of personal data (right to be forgotten) at any time. The customer, that is, the user, can do so by sending a request on the e-mail address of the data protection officer firstname.lastname@example.org, and the data shall be erased within thirty days, or by sending the form for personal data rectification or erasure, which you can download here. The data on purchase through website remains stored on the account for the stated reservation according to other legal obligations. The Users have the possibility to submit an erasure request in any notification received by the Seller on e-mail, that is, can send an e-mail to the e-mail address of the data protection officer email@example.com requesting to erase their personal data.
Dada & Rocco d.o.o. has, according to relevant regulations, appointed the Data protection officer who you can contact regarding all questions related to personal data processing or realization of your personal data protection rights. Contact: firstname.lastname@example.org or + 385 91 6135 433 (Mon – Fri: 8:00 – 16:00 h).
Right to object
If, despite all measures taken for personal data protection, you believe you have grounds for an objection, contact the e-mail address of the personal data protection officer email@example.com
Security measures for personal data protection
Collected data are in electronical form and protected by the SSL certificate which encrypts the data thus ensuring that the communication between the customer’s that is, the user’s computer and the site www.dadaandrocco.com is carried out by the secure protocol. Dada & Rocco d.o.o. takes data protection seriously and takes various caution measures in order to protect personal data. Unfortunately, no data transfer through Internet, or any wireless network can be 100% secure. As a result, although Dada & Rocco d.o.o. conducts reasonable personal data protection measures, it cannot guarantee protection of any information transferred to or from the website www.dadaandrocco.com and is not liable for actions of any third party who receives such information.
Does www.dadaaandrocco.com have third party cookies?
We use several outsourced services that save limited cookies to the user. These cookies are placed for normal functioning of certain possibilities that facilitate the users to access the content, as well as sharing it with other internet services.
Measuring visitors’ rate
Our website uses Google Analytics, web analysis service provided by Google, Inc. (“Google”). Information generated by the cookie on your use of our website (including your IP address) shall be transferred to Google and stored on servers in the Republic of Ireland where it shall be kept for 26 months the longest, after which it shall be erased. Google shall use that information for the purpose of evaluating your use of our website, by making reports on activities on the website for websites operators and by providing other services related to the websites’ activities and the use of Internet. Google can also transfer that data to third parties, if this is required by law, or if such third parties are processing data on behalf of Google. Google won’t link your IP address to another data in possession by Google. You can receive more information on Google privacy rules on the link http://www.google.com/privacy.html.