Who we are
Our website address is: https://grafko-caspar.hr.
This website is operated by Grafko-Caspar d.o.o., hereafter referred to as ‘we’, ‘us’ or ’Grafko’, with place of business in Optujska ulica 82, 42000 Varazdin, Croatia. In this data protection statement we describe the data we collect during your visit of our website and the processing purpose, as we are the responsible party pursuant to Art. 4 para. 7, EU-GDPR. As the protection of your person-related data is of paramount importance to us, we strictly comply with the legal provisions of the EU-GDPR when collecting and processing your person-related data. In this statement we inform you in detail on the extent and the purpose of our data processing, as well as your rights as the person concerned in the processing of data. Please read the data protection statement carefully before you continue using our website. We hope you entrust us with the consent to process your data.
What personal data we collect and why we collect it
The use of our website is principally possible without providing person-related data. The use of individual services may though cause deviations in the provisions which we refer you to separately. We therefore in principle only collect and store those data you yourself provide – apart from the cookies detailed below – when completing our input mask or in which ever way you interact actively with our website. Person-related data is all information relating to the identification or determination of natural persons. Typical details for example are your name, your address, telephone number or date of birth. Person-related data exceeding the information stored by cookies are only processed by us when voluntarily provided by you, for example when you register with us, conclude a contractual relationship with us otherwise establish contact with us. This concerns only contact data such as information relating to the specific matter. We use the person-related data provided by you only when required for the scope of the fulfilment of the respective purpose of the processing (e.g. registration, newsletter dispatch, processing an order, dispatch of information material and advertising, processing of a competition, answering enquiries, enabling access to specific information) and/or permitted by law (specifically pursuant to Art. 6 EU-GDPR) (e.g. the distribution of advertising and information material to existing customers).
The purpose of the processing of your data is the operation of our website and the focused availability of company specific information including the presentation of our product range and services (marketing). Any additional use of your data only occurs should you expressly consent in advance. Your consent – as more closely explained in detail below – is revocable at any time in the future.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
a. We only collect person-related data transmitted from your browser to our server, even simply using our website for information purposes, i.e. when you are not registered or transfer information in any other way. As soon as you visit our website we collect the following data listed below which we require for technical reasons in order to display our website to you and to maintain its stability and security pursuant to Art. 6 para. 1 p. 1 lit. f EU GDPR:
Date and time of inquiry
Time zone difference to Greenwich Mean Time (GMT)
Content of request
Access status / http status code
Respective transmitted data volume
Website on which the request was entered
Operating system and its interface
Language and version of browser software
b. Supplementary to the above mentioned data use of our website creates cookies which are stored on your server; these constitute small text files, these are stored on your hard disk designated by the browser you use, and through which specific information is transmitted via the cookie (placed in this context by us) to the respective originator. Cookies are not able to supply any programs at the current state of technology or transmit viruses to your computer, but only serve ensure the more effective and user friendly internet service.
c. Our website(s) use the following types of cookies, the extent and function is explained below:
Transient cookies are deleted automatically when you close your browser. These include especially session cookies which store a session ID enabling association of the various queries generated by your browser in the joint session. This enables your server to be recognized again when you return to our website. These session cookies are deleted when you log out or close the browser.
Persistent cookies are deleted automatically after a defined time period which may differ depending on the cookie. You are able to delete the cookies in your browser settings at any time.
d. Your browser settings may be altered in such a way that you for example reject the acceptance of third parties cookies or all cookies. In this case we advise you that not all the functions of our website may be available.
e. We also deploy cookies to enable identification of your next visit, should you have an account with us – otherwise you need to log in for every visit.
f. The flash cookies we use are not captured by your browser but by your flash plug-in. We also use HTML5 storage objects which are inserted on your terminal unit. These objects store the required data independently of the browser you use have no automatic expiry date. You may prevent the processing by flash cookies by installing the commensurate add-ons in your browser or setting your browser to private mode.
Embedde content from other websites
How long we retain your data
Data provided to us specifically related to customer service or for marketing and information services is stored principally for a period of three years after our last contact. Should you wish we could delete your data though before expiry of this period, provided there are no legal impediments to the contrary. Should a contractual relationship be initiated or concluded we process your person-related data after the completion of the contract until expiry of the applicable guarantee, warrantee, limitation periods and legal storage periods, moreover until the conclusion of any legal disputes where the data is required as evidence.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
You are entitled as a person concerned in our data processing to the following rights and legal assistance pursuant to the General Data Protection Regulation and the Data Protection Act:
Right to information (Art. 15 EU-GDPR)
You are entitled as the person concerned to request information and if so which information on your person-related data is processed. It may be necessary to establish your identity in a commensurate manner for your own security ensuring no unauthorized person obtains information on your data.
Right to amendment (Art. 16) and deletion (Art. 17 EU-GDPR)
You are entitled to have incorrect person-related data corrected without undue delay or – in consideration of the purpose of the data processing – the completion of incomplete person-related data as well as the deletion of your data, provided it complies with the criteria pursuant to Art. 17 EU-GDPR.
Right to a limitation of processing (Art. 18 EU-GDPR)
You are entitled to limit the processing of all person-related data in compliance with legal requirements. The data is only then processed from receipt of the limitation request with the individual consent or the enforcement and assertion of legal rights.
Right to data portability (Art. 20 EU-GDPR)
You may request the unimpaired and unlimited transmission of person-related data collected to a third party.
Right of revocation (Art. 21 EU-GDPR)
You may, for reasons arising from your specific circumstances, object at any time to the processing of person-related data concerning yourself, to ensure your justifiable interests or those of a third party. Your data is no longer processed after the objection, unless there are compelling justifiable reasons for the processing, which prevail over your interests, rights and freedoms or the processing serves the enforcement, exercise or defence of legal claims. You are entitled to object to data processing serving direct advertising with future effect.
Revocation of consent
Should you separately grant consent to the processing of your data this may be revoked at any time. This type of revocation affects the admissibility of the processing of your person-related data after you notify us.
Should you undertake to assert your rights arising from the GDPR as mentioned above, then we are to advise you or comply with the request without undue delay but within one months at the latest after receipt of your submission regarding the measures requested.
We undertake to respond to all justifiable requests within the legal framework without charge and without undue delay.
The data protection authorities are responsible for all submissions regarding infringement of your right to information and privacy, correctness or deletion.
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
There is no transmission of your data to third parties in principle unless we are legally obliged, the transmission of data is required for concluding a contractual relationship between us or you consent in advance specifically to the transfer of your data. External processing contractors or other cooperation partners only receive your data when it is required for the processing of the contract or we have a justifiable interest. Should one of our processing contractors come into possession of your person-related data then we ensure that they comply with the provisions of the data protection law in equal measure.
Your person-related data is not sold or otherwise marketed to third parties outside the Group.
How we protect your data
We implement numerous technical and organizational security measures in the protection of your data against manipulation, loss, destruction and access by third parties. Our security measures correspond to the technological development on the internet and are continually updated.
Tools and applications used
A. Our website includes links to other websites and are for information purposes only. These websites are outside of our control and as such are not covered by the provisions of this data protection statement. Should you activate a link then it is possible that the provider of the website collects data related to you and processes data in compliance with their data protection statement which may deviate from ours.
B. Our website also offers the possibility of interacting with various social networks via plug-ins.
Facebook and Instagram, managed by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Google+, managed by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Linked In, managed by LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
Youtube, managed by Youtube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA
When you click on a plug-in of one of these social networks then it activates and sets up a connection to the server of the respective network. We have no influence on the extent and content transmitted by clicking on the plug-in to the respective provider of this social network.
We recommend you read the data protection provisions of the respective social networks should you require further information on the type, extent and purpose of the data collected by the providers of these social networks.
You have the opportunity of subscribing for our newsletter free of charge. This newsletter provides you with all the latest news and information on our company as well as customized advertising at regular intervals. We require a valid email address in order to send you our newsletter. We continually review your email address entered into our registration page to establish whether receipt of the newsletter is actually desired. This is achieved by us sending you an email to your email address recorded after which receipt is confirmed by clicking on the link provided. Your confirmation of the email completes registration for our newsletter. (Double Opt-In) We store your IP address, date and time of registration directly on first registration for the newsletter. This is due to security reasons should a third party misuse your email address and subscribe to our newsletter without your knowledge. No further data is collected and processed in connection with the newsletter subscription, the data is used only in reference to the newsletter. Should you not object your data is transmitted internally in our group for analysis purposes as well as the transmission of information for advertising purposes. Your data provided in conjunction with the newsletter is compared with data that is possibly available to us by other means (e.g. the purchase of goods or booking services) within our group.
There is no transfer of your data relating to the newsletter registration to third parties who are not part of our group. You may cancel subscription to our newsletter at any time, details are available in our confirmation mail and in every newsletter.
We will update this Policy as needed to reflect changes in our services and customer feedback. When we post changes to this Policy, we will publish it on our webpage. If there are material changes to this Policy or in how Grafko-Caspar d.o.o. will use your personal information, we will notify you by prominently posting a notice of such changes prior to implementing the change. We encourage you to periodically review this Policy to remain informed of how we are protecting your information.
If you have any questions or feedback about this notice, please don’t hesitate to contact us:
Optujska ulica 82
42000 Varaždin, Croatia
phone: +385 042 332 555