Privacy Policy for Website Visitors and Security Statement

This Privacy Policy informs you about the processing of your personal data that we collect when you visit our website. In the collection and processing of this data, we act as a data controller in the sense that it is defined by the General Data Protection Regulation.

General information

The company ALMAGEA d.o.o., Ulica Julija Knifera 4, 10020 Zagreb, OIB: 23349571806, is responsible for processing personal data.

The contact information through which all information regarding the processing and use of personal data can be obtained are:

  • via e-mail to: almagea@almagea.hr
  • or  if you want to contact us by mail you can do it at the address:

ALMAGEA d.o.o.

Julija Knifera Street 4,

10020 Zagreb

Processing of personal data

ALMAGEA d.o.o. (hereinafter: ALMAGEA) understands that your privacy is important to you. We respect your privacy and protect your personal data. This may include any information that may lead to you as an individual. ALMAGEA processes your personal data that you have entrusted to us when registering in the web shop, by signing up for the newsletter on our website www.almagea.hr, through reviews of our products and services or by asking questions on one of the provided contact channels.

Web shop

We may collect the following personal data for the purposes of the realization of the purchase contract and the delivery of the goods:

  • First and last name
  • Address
  • Country
  • Phone number
  • E-mail
  • Data on payment method

The legal basis for the processing of personal data collected through the web shop is the realization of a contract in which the respondent is a party (Article 6, paragraph 1, point b) of the General Data Protection Regulation).

Newsletter

The personal data that is collected by signing up for the newsletter are:

  • E-mail address

Personal data collected through the registration for the newsletter are used exclusively for the delivery of the newsletter to the e-mail address entered in the registration by the user and are not used for other purposes. Signing up for newsletter delivery is not a condition for using the web shop.

By giving consent for the use of personal data when signing up for ALMAGEA’s marketing newsletter, you give permission for the use and storage of personal data for marketing purposes until you withdraw your consent, that is, unsubscribe from receiving the newsletter. You can withdraw your consent at any time as easily as you gave it without giving a reason by clicking on the link in the marketing newsletter. Alternatively, you can revoke your consent by contacting us by e-mail at: almagea@almagea.hr or by mail to the address: ALMAGEA d.o.o., Ulica Julija Knifera 4, 10020 Zagreb.

Upon revocation of consent, we will no longer use your data for marketing purposes and you will no longer receive the ALMAGEA newsletter.

The legal basis for processing personal data is your consent to inform you about our products and services. (Art. 6. para. 1 pt. a) of the General Data Protection Regulation).

Reviews

ALMAGEA uses different methods to collect information on client satisfaction with the use of its products and services. One of the most important methods for this purpose is the direct collection of your opinion about the products and services that you use as our client. In order to improve our products and services or resolve complaints, we may collect the following data:

  • First and last name
  • E-mail

The legal basis for the processing of personal data is our legitimate interest (Art. 6. para. 1 pt. f) of the General Data Protection Regulation) to monitor client satisfaction for the purpose of improving and adjusting our products and services.

We can publish individual reviews on our website or social networks, where the user’s personal data will not be visible.

Contact form

To find out more about our products and services, you can contact us through the available forms on our website. In this case, we will also collect your personal data such as:

  • First and last name
  • Address
  • Company where you work
  • E-mail
  • Phone number

The legal basis for the processing of personal data is our legitimate interest (Art. 6. para. 1 pt. f) of the General Data Protection Regulation) to respond to your inquiries and provide you with the necessary information about our products and services.

We may contact you several times by e-mail or telephone after receiving your inquiry to ensure that you have received the information you need, that is, that you are satisfied with the answer received.

We will keep your personal data that we have received through a query/review/complaint on our website for as long as we communicate with each other in connection with providing answers, that is, providing information about our products and services. After 60 months have passed since the last communication, we will delete all your personal data. The above does not affect your right to request that we delete your personal data from our records at any time earlier.

Purpose, method of processing and storage of personal data

All personal data are used exclusively for the purposes for which they were collected and for which there is a valid legal basis, and will not be made available to third parties in any way, except for the purpose prescribed by law.

As an exception to the above, when it is necessary to provide a particular service, the data can be made available to our suppliers (for example, for product delivery), who then act as processors. In any such case, ALMAGEA will ensure adequate protection of your personal data by concluding data processing contracts with the aforementioned companies and persons.

Upon termination of the purpose for which the data was collected or the expiration of the period for which consent was given or termination of the contractual relationship or after the expiration of the warranty period of the purchased product and at the latest after the expiration of all legal obligations related to the storage of personal data, we will delete or anonymize the collected personal data.

Automated individual decision-making and sending data outside the EU

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you.

We currently do not use automated individual decision-making on the websites we own or in the services we provide.

We do not deliver your personal data outside the European Union, that is, to countries that are considered “third countries” in accordance with the General Data Protection Regulation.

Use of cookies

When you visit our website to learn more about us and our products, that is, to review the information we put on the pages, we use cookies with the aim of ensuring the optimal functioning of the pages, collect useful information about visitors that will allow us to further improve our services as well as in order to generally improve the user experience.

Cookies can be installed on your browser by ALMAGEA or by a third party, such as an advertiser.

For more information on the way and purposes of using cookies, we suggest you look at our Policy on the use of cookies.

Your rights regarding personal data

You have the following rights at all times:

  • the right to ask us for information on which personal data we process (including to receive a copy of that data) as well as to correct it if the specified data is incorrect.
  • withdraw consent at any time if we process your personal data based on consent as a legal basis for processing. Please note that withdrawal of consent does not affect the legality of processing data processed on the basis of consent before it was withdrawn.
  • the right to the right to transfer data to another data controller when it is technically feasible;
  • the right to request that we stop using your personal data for a certain period of time if you believe that we are not processing them in accordance with the law.
  • the right to ask us to delete your personal data in cases where we process them based on your consent or on the basis of legitimate interest as a legal basis for processing or in some other case provided for by regulation.
  • the right to submit a complaint regarding the processing of personal data.

If you want to exercise any of the above-mentioned rights, you can contact us using the above-mentioned contact information.

In the event that you use any of the above-mentioned rights disproportionately often and with the obvious intent of abuse, ALMAGEA reserves the right to charge you a reasonable fee for handling the request or reject your request.

The right to object to the Agency for Personal Data Protection

If you have a complaint about the way we use your data, we suggest that you first contact us to resolve the problem, but you can also contact the Personal Data Protection Agency at the e-mail address: azop@ azop.hr or by mail to the address:

Agency for the Protection of Personal Data

Selska cesta 136

HR – 10000 ZAGREB

We regularly review and when appropriate, as our services and use of personal information evolve, we periodically update this Policy. In case we want to use your personal data in a way that we have not previously identified, we will contact you to provide you with information and, if necessary, ask for your consent. We advise you to regularly visit these Rules so that you can get current information about the way we process your personal data.

Date of the last update of these Rules: 26.02.2021.

Online Payment Security Statement

When paying on our web store, use CorvusPay – an advanced system for securely accepting payment cards online.

The CorvusPay system ensures complete confidentiality of your card and personal data from the moment you enter them in the CorvusPay payment form. Payment data is transmitted encrypted from your web browser to the bank that issued your card. Our store never comes into contact with complete information about your payment card. Also, the data is inaccessible even to employees of the CorvusPay system. The isolated core independently transfers and manages sensitive data, keeping it completely secure.

The form for entering payment data is secured by an SSL transport code of the highest reliability. All stored data is additionally protected by encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all requirements related to the security of online payments prescribed by the leading card brands, i.e. it operates in accordance with the norm – PCI DSS Level 1 – the highest security standard of the payment card industry. When paying with cards included in the 3-D Secure program, your bank, in addition to the validity of the card itself, also confirms your identity using a token or password.

Corvus Pay considers all collected information confidential and treats it accordingly. The information is used exclusively for the purposes for which it is intended. Your sensitive data is completely safe, and its privacy is guaranteed by the most modern protection mechanisms. Only the data necessary to perform the work is collected in accordance with the prescribed demanding procedures for online payment.

The security controls and operational procedures applied to our infrastructure ensure the immediate reliability of the CorvusPay system. In addition, by maintaining strict access control, regular security monitoring and in-depth checks to prevent network vulnerabilities, and planned implementation of provisions on information security, they permanently maintain and improve the level of system security by protecting your card data.

Thank you for using CorvusPay!

Card acceptance logos

Security of Online Payments

While conducting payments on our web shop you are using CorvusPay – an advanced system for secure acceptance of credit cards on the Internet.

CorvusPay system ensures complete privacy of your credit card data and personal data from the moment you type them into the CorvusPay payment form. Data required for billing is forwarded encrypted from your web browser to the bank that issued your payment card. Our store never comes into contact with your sensitive payment card data. Similarly, CorvusPay operators cannot access your complete cardholder data. An isolated system core independently transmits and manages sensitive data while at the same time keeping it completely safe.

The form for entering payment data is secured by an SSL transmission cipher of the greatest reliability. All stored data is additionally protected by hi-grade encryption, using hardware devices certified by FIPS 140 2 Level 3 standard. CorvusPay fulfills all of the requirements for safe online payment prescribed by the leading credit card brands, operating in compliance with the PCI DSS Level 1 standard – the highest security standard of the payment card industry. Payments made by cards enrolled with the 3-D Secure program are further authenticated by the issuing bank, confirming your identity through the use of a token or a password.

All information collected by Corvus Pay is considered a secret and treated accordingly. The information is used exclusively for the purposes for which they were intended. Your sensitive data is fully

secure and it’s privacy is guaranteed by the state of the art safeguard mechanisms. We collect only the data necessary for performing the work in accordance with the demanding prescribed procedures for online payment.

Security controls and operating procedures applied within the CorvusPay infrastructure not only ensure current reliability of CorvusPay but permanently maintain and enhance the security levels of protecting your credit card information by maintaining strict access controls, regular security and in-depth system checks for preventing network vulnerabilities.

Thank you for using CorvusPay!

Conversion statement