PRIVACY POLICY

This Privacy Policy based on the General Data Protection Regulation (GDPR) explains what personal data is collected in connection with our business, how we process, use and protect this data, for what purposes we use it, and your rights related to your personal data.

THE FUNDAMENTAL PRINCIPLE OF OUR BUSINESS IS PRIVACY AND PROTECTION OF PERSONAL DATA

Privacy of individuals and protection of personal data are fundamental human rights. It is our duty to take care of the personal data we collect, process and store. Your personal data is our responsibility and we collect and process it only when it is necessary while ensuring security measures to protect it.

CHAOS d.o.o. adheres to the following principles with the aim of protecting the privacy and personal data of its users and all persons whose personal data we process:

  • We do not collect more personal data than is absolutely necessary
  • We do not use personal data for purposes about which you are not informed in time
  • We do not store personal data if it is no longer necessary
  • We never sell, rent or distribute personal information
  • We do not send personal data to third parties without your knowledge and if it is not legal
  • We do not use any automated processing for decision making or profiling
  • We do not transfer personal data outside the EU/EEA without your informed consent
  • We continuously ensure that personal data is securely stored and protected.

It is important to read this Privacy Policy and we hope you will take the time and give it your attention. We tried to make it as clear as possible and understandable to everyone, with the desire to maintain your full confidence in the way we handle your personal data.

If, after reading it, you will have further questions about the protection of personal data, please feel free to contact our Data Protection Officer at any time:

Igor Barlek, CIPP/E, Data Protection Officer

  • by email to bi@biconsult.hr or
  • by mail to the address CHAOS d.o.o., Ulica Ive Režeka 15, 42000 Varaždin.

​We regularly improve our Privacy Policy in order to improve the protection of your data.

This Privacy Policy was updated on August 25, 2023.

1. WHO WE ARE

CHAOS d.o.o. is the manager of the personal data processing of you as our business partners and potential clients and determines the purposes and methods of processing your personal data and ensures the provision of all personal data security measures.

Also, as a contractual party to our business partners, CHAOS d.o.o. is in the vast majority of personal data processing in the role of processor on behalf of business partners as processing manager, who give us full confidence in providing a wide range of services with the highest measures of data protection and processing security.

The controller of your personal data through this website is:

CHAOS d.o.o.

Ive Režeka Street 15

42000 Varaždin

2. WHAT DATA DO WE PROCESS, HOW AND FOR HOW LONG

Business cooperation and its establishment

We collect your data that you give us when you intend to enter into business cooperation or use our services intended for business users and which are necessary for the execution of the contract, such as name and surname, address, contact information (e-mail address, phone number) and we process them during the duration of our contractual relationship. This includes the data necessary for the delivery of contracted services and the issuing of invoices, data proving the authority to enter into a contract, as well as data collected during communication with us.

Selection of candidates for jobs and employment

During candidate selection and employment procedures, we collect basic data about candidates with the intention of entering into an employment contract, name and surname, residential address, email address, phone number, education and work experience, and other data that you submit to us via your resume, as a set of your personal data important for carrying out the selection and employment procedure. After the end of the selection process, we hire the selected candidates and collect all necessary data in accordance with legal obligations, while applications and personal data of unsuccessful candidates are returned upon request or permanently destroyed, and based on your consent we retain them for possible employment in the future.

Collection of your personal information on our website

Although you can use our website without providing personal information, when you contact us through our contact form or directly through our e-mail address, for the purposes of possible employment, establishment of a business relationship or inquiries, we collect your first and last name and e-mail address. As long as we have open communication in terms of establishing business cooperation, we will store and continue to use your personal data necessary for the establishment of our business relationship as well as for the duration of our contractual relationship. If there will be no further communication between us, we will delete all your personal data no later than 6 months after the last communication.

Our website is not intended for providing services to minors under the age of 16, and for this purpose it is necessary to attach the consent of parents or holders of parental responsibility before providing personal information through our contact form.

Cookies

Our website uses small text files and places them on your computer or device in order to customize the interface of your web browser. Cookies necessary to ensure the functionality of our website cannot be turned off. They are typically set in response to your actions involving a request for services, such as cookie settings, logging in, or filling out forms. Your prior consent is necessary for the use of other cookies with which we would collect your personal data, and even in the absence of your free consent, you can still fully use our website and have unhindered access to all its contents.

Our website uses the following optional statistical and marketing cookies:

Name Type Duration Description
_GRECAPTCHA permanent 6 months Is used for the contact form for spam filtering
pll_language permanent 1 year Used to remember the selected site language

3. WHO HAS ACCESS TO YOUR DATA

We cooperate with exclusively reliable business partners who help us provide and improve our services and make our direct communication with you more effective. We provide access to your personal data to authorized external processors for the purpose of processing personal data on our behalf and based on our express instructions based on concluded contracts on personal data processing in accordance with Article 28 of the GDPR. These partners are required to strictly comply with the obligation of confidentiality in accordance with this Privacy Policy, with the contracts we have concluded with them and in accordance with the GDPR obligations.

Our chosen external processors are business partners who provide us with IT services and maintenance services for business applications and systems, web and email hosting, without which we would not be able to ensure the fulfillment of the highest quality of our services.

4. YOUR RIGHTS

You are free to contact us at any time in order to exercise your rights in the area of protection of your personal data. Your rights are as follows:

The right to access personal data

You have the right to access your personal data and to be informed about which data and how we process it, for what purpose and for what period. We ensure the possibility to receive a copy of your personal data.

The right to correct personal data

You have the right to correct or supplement inaccurate or incomplete personal data collected by us.

The right to erasure of personal data

You have the right to ask us to delete your personal data, when the data is no longer necessary to fulfill the purpose for which it was collected, when you submit a justified objection or your personal data is processed illegally.

The right to object

You have the right to object to certain handling of your personal data. For example, you can request that we stop processing your personal data for direct marketing purposes via the newsletter.

The right to restriction of processing

You can ask us to restrict data processing, for example, when deletion, correction or objection regarding your personal data is pending and/or when we do not have a valid basis for processing your data and you want us to keep it. When processing is restricted, your data will be stored and will not be processed further. For example, if you dispute the accuracy of your data, the processing of such data will be restricted until it is ensured that the data is correct.

If you want to exercise any of the aforementioned rights, feel free to submit a request:

  • via email at info@chaos.hr or
  • by mail to the address CHAOS d.o.o., Ulica Ive Režeka 15, 42000 Varaždin.

We will respond to your request as soon as possible, and no later than one month after receiving your request. In the event that we are unable to securely confirm your identity, we will be free to request additional verification of the applicant’s identity.

If you believe that our handling of your personal data is not legal, you can file a complaint directly with the competent supervisory body at any time – the Personal Data Protection Agency (AZOP), Selska cesta 136, 10 000 Zagreb, phone: 01 4609 000, email: azop@ azop.hr.

IMPROVING THIS PRIVACY POLICY

We reserve the right to adjust and improve the text of this Privacy Policy from time to time, primarily in order to comply with legal changes, that is, in case of changes in the purposes and methods of processing. However, we will not limit or diminish your rights arising from this Privacy Policy or from the corresponding legal regulations. In the event that there are changes that may affect your rights, we will notify you in a timely and direct manner in an appropriate manner.