1. Introduction

In addition to providing services in line with internal, national, and international norms, legislature and other regulation pertaining to quality, environmental protection, employee health and safety, and energy efficiency, the company CIAK Grupa d.d. pays special attention to protection of personal data, in accordance with the General Data Protection Regulation.

This Privacy policy defines the way in which we process your personal data.

Privacy policy is our way of informing you about the data we collect, methods we use to collect data, purposes for which we collect and use the data, entities with whom the data is shared, duration of data retention and your rights.

CIAK Grupa d.d. is dedicated to protection of personal data collected with the fundamental principles of data protection, primarily in line with the Regulation 2016/679 of the European Parliament of 27 April 2016 (General Data Protection Regulation), national legislature of the Republic of Croatia and the provisions set forth in this Privacy policy (henceforth: Privacy policy).


Personal data are defined as any information pertaining to an identified or identifiable individual. An identified or identifiable individual is a person who can be identified, directly or indirectly, especially through identifiers such as name, ID number, location, network ID, or one or more factors characteristic for physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.

By “processing”, we refer to all actions or sets of actions performed over personal data or based on sets of personal data, conducted via automatic means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, disseminating or making available through other means, alignment or combination, restriction, erasure or destruction.

2. Who controls the data

CIAK Grupa d.d. determines the purpose and means of processing your personal data and is regarded as the Controller of data processing.

Taking into consideration its legal responsibilities, data processing Controller is responsible for storing and using personal information via computers or physical files.

Contact details:

CIAK Grupa d.d.

Savska opatovina 36, 10 090 Zagreb

E: ciak@ciak.hr

CIAK Grupa d.d. employs a person in charge of personal data protection known as the data protection officer. If you have any questions regarding personal data you have provided us, please contact CIAK Grupa d.d at any time.

For additional information or for contacting us, please look at contact details or send an e-mail to our personal data protection officer ciak@ciak.hr.

3. Which data are collected

All of our activities are based on strict ethical and legal requirements and we support the privacy of all our clients and visitors of our websites. Because of this, the manner in which we collect and store data, including personal data, depends on how our websites and related services are used. We do not collect any kind of sensitive personal data about you.

3.1. Data collected through your interaction with us

Različite tehnologije mogu se koristiti na našim web stranicama u svrhu poboljšanja učinkovitosti i sigurnosti.

Different technologies can be used on our websites in order to improve their efficiency and security.

These technologies can lead to automatic collection of personal data by us or third parties. An example of such technologies are cookies and web analysis. Our website uses cookies; for more information, please refer to our Cookie policy.

3.2. Data you provide

Apart from data collected through automatic means (cf. 3.1), we process data provided by you. This includes, but is not limited to:

  • Data provided through purchases made in our web shop,
  • Data provided by submitting a complaint form,
  • Personal data provided by sending an e-mail or submitting a contact form

3.3. The data we collect:

  • first and last name,
  • adress,
  • e-mail adress,
  • IP address of visitor,
  • other data provided by you which you want to keep anonymous

4.  Purposes for which we collect personal data::

  • To provide services within the scope of our registered activities,
  • To respond to your inquiries as efficiently as possible,
  • To ensure providing and paying for requested services,
  • To conduct our internal statistical analysis,
  • To send promotional materials and special benefits,
  • To meet other obligations prescribed by the applicable law.

5.  Lawfulness of processing

Processing of personal data is lawful as it is based on consent provided by you, on the Contract made within the scope of our activities, or on fulfilling obligations prescribed by applicable legislature.

Processing is also lawful if it is deemed necessary to protect your vital interests, to perform the tasks which are in the public interest, or is based on legitimate interests of CIAK Grupa d.d.

6. Disclosing personal data

Your personal data can be disclosed to the extent necessary to be in line with our legal obligations and legislation and regulations pertaining to you.

Your personal data can be shared with your consent or without it, in cases where it is necessary for us to fulfill our obligations towards you.

We collect only those personal data which are provided voluntarily and we use them only for the purpose of providing services mentioned above.

7. Your rights

  • Right to submit a request to access your personal data
  • Right to change and/or delete your personal data
  • Right to limit the processing of your personal data
  • Right to transfer data

You can submit a request to access, change, correct, limit the processing of, transfer, or delete your personal data by contacting us via our e-mail address ciak@ciak.hr or by sending a written request to: CIAK Grupa d.d., Savska opatovina 36, 10090 Zagreb.

7. Data storage and security

CIAK Grupa d.d. recognizes the importance of data protection and continuously controls and encourages improvements of technological, professional and organizational security measures and procedures.

Our website is equipped with strict security measures intended to protect your personal data from unlawful destruction, accidental loss, misuse, alteration, unauthorized disclosure or access to personal data or other unlawful forms of processing.

CIAK Grupa d.d. is in no way responsible for loss of personal information in the process of sending the data to the website.

Only authorized employees and reliable third parties whose use of personal data is necessary to conduct personal interest, as defined above, shall have access to personal data.

CIAK Grupa d.d. shall store personal information for the duration defined by the applicable legislature, duration of business cooperation, or until the consent is revoked.

8. Supervisory authority

Supervisory authority for personal data protection:
Croatian Personal Data Protection Agency
Martićeva ulica 14, 10 000 Zagreb

Tel. 00385 (0)1 4609-000
Fax. 00385 (0)1 4609-099
E-mail: azop@azop.hr

Web: www.azop.hr

CIAK Grupa d.d. cooperates with the supervisory authorities in cases of personal data infringement and is obliged to contact them no later than 72 hours after identifying the infringement. If the infringement is highly likely to cause high risk for the individual, data processing controller shall immediately notify the supervisory authorities. If a type of data processing is likely to cause a high risk for individual’s rights and freedoms, the data processing controller shall conduct and assessment of effects of predicted procedures on personal data protection. A single assessment can be applied to multiple similar data processing procedures.

9. Changes to these policy

CIAK Grupa d.d. is obliged to comply with the fundamental privacy and data protection principles, which is why we regularly assess our privacy policy so as to be able to harmonize data processing with privacy and data protection principles.

This privacy policy can change from time to time in order to be up to date with the latest development and circumstances pertaining to the Internet and to be in compliance with the applicable legislature.

All changes made to the privacy policy shall be posted on this website.