PRIVACY POLICY
EXPRIMERE HOLDINGS LTD. PRIVACY POLICY
Data protection of our customers, our users, our employees but also all other individuals represents basic principle and priority of EXPRIMERE HOLDINGS LTD., trading name EXPRIMERE, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ Company number: 13017616
(hereinafter: the “Company”).
We are aware that by doing business with us, you have entrusted us as not only as your business partner or employer, but also that you have provided us with some of your personal data and all responsibilities arising therefrom. Therefore, we have issued this privacy policy as our key document in order to establish a system of data protection and transparency in our business.
This privacy policy has been drafted in accordance with the EU General Data Protection Regulation 2016/679 applicably as of 25 May 2018 (hereinafter: the “GDPR”), as well as all other national data protection legislation and by applying all adequate technical and safety measures in order to protect the personal data from nay unauthorised access, misuse, breach, loss or destruction thereof.
This privacy policy has been drafted in accordance with above mentioned rules, but as such it has no impact on our duties and responsibilities imposed by the GDPR or national legislation. Kindly note that duties imposed to us by the GDPR and the relevant national legislation are applied by the company in a broader sense than the rules contained herein.
Data controller is: the Company.
Controller’s contact details: Denis Toth
email: denis.toth@exprimereholdings.com.
Phone No: +385955140054.
Data protection officer (hereinafter: the “DPO”) contact details are: Denis Toth
Data processor is: Denis Toth
In case we use third party services to process your personal data, such processing of the personal data is strictly mandated to us and we are also liable to protect your personal data in such a case. Any questions that you may have regarding protection of your personal data may be addressed to us at any time and at above mentioned emails or phone numbers.
1. General information
This privacy policy and statements contained herein describe in detail the data we collect, your rights arising therefore, as well as the way and for which purposes we process your personal data.
2. Collection of personal data
Personal data is all and ay piece of information that refers to an individual that is identified or may be identified, as further defined under section 4 below.
Your personal data is collected only through contact with you and with your explicit consent. Kindly bear in mind that some of you personal data is available on line (e.g. from social media such as Facebook, LinkedIn, Instagram, etc). The Company is aware of such data, but is not collecting or processing it without your explicit consent (either given directly to us or the third party social media source).
We collect and process your personal data only for the purposes that had been disclosed to you and for which you had given us your explicit written consent or in cases where data collection and processing is a mandatory obligation under the relevant law.
Unless you inform us otherwise (withdraw your consent), we shall collect and process your personal data only for the given purpose. We shall immediately stop with data collection and processing immediately once you withdraw your consent or once there is no legal basis to do so.
The Company reserves the right to protect its legal interests as data collector and may: (i) undertake activities to determine user identity, (ii) your requests will be processed only if they had been filed by predefined means of communication, (iii) determine whether your request has valid legal basis and we shall revert accordingly, (iv) may deny your request and file appropriate legal action should we think the request is obviously without any legal basis or if this is a manner of blunt abuse of the law.
3. Purpose of personal data collection
Various personal data may be collected from a number of sources and for various purposes:
I By contacting you we may ask that you share your personal data with us for the following purposes:
- Providing of our services
- Enhancing our user experience
- Sending you information on our services, as well as information on our latest offers
- Your employment with the Company
- Participation n web based activites including our social media pages (Facebook, LinkedIn, Instagram)
- Storing your personal data for future interactions and communication with the Company
- helping us to improve and advance our services
- problem solving with regards to our everyday business and providing of our services
- sending promotion messages or specific advertising messages based on information you shared with us
- any other purpose for which you had given us your written consent
II By doing business with the Company as an employee, business partner, client or a supplier we may ask you to provide us with your personal information for the following purposes:
- employment with the Company
- information access
- resolving issues and service requests
- any other purpose for which you had given us your written consent
4. Types of personal data that is collected
The Company collects and processes your personal data based on your explicit written and voluntary consent that has been given either by: (i) visiting our web page or our social media (Facebook, LinkedIn, Instagram), (ii) filing contact request, (iii) filing information on data collector, (iv) sending your remarks regarding our work, (v) filing job request, (vi) filing cooperation request or any other similar manner.
Personal data that is collected by interacting with the Company in whatsoever manner are:
- name and last name
- telephone number
- data contained in your resume
- personal tax number
- copy of your ID
- social media profile
- information on personal interests and preferences
- other information regarding your personal interests in context of business activities conducted by the Company
- Any other data that you may have delivered us on your own accord.
When communicating with the Company as a client, supplier or a business partner we may collect and process the following personal data:
- name and last name
- telephone number
- business address
- company name and company tax ID
- your position within your company
- personal details that may be relevant to our business relationship, such as your education, expertise level, etc.
We collect your personal data through:
- signing a cooperation agreement or an employment agreement
- providing services to the Company
- communicating with the Company
- developing partnerships
- by accessing our business premises
- participating in fairs, events, promotions of the Company
- voluntarily participating in polls organised by the Company,
- by viewing your profiles on social media such as FaceBook, Linkedin, Instagram, etc.
While doing business with us we need you to give us your personal data required for such business undertaking to take place and that is required to fulfil our contractual obligations or that is required under the law. Without such data we may refuse to do business with you, or we may even terminate an existing agreement. However, you are not required to provide your consent for data collection and data processing that is not relevant for an agreement with us or that is not prescribed by the law.
Furthermore, we may collect personal data through our cookies on our web page, including among others:
- IP address
- Cookie ID
- +Data on the internet browser that you are using
It is imperative to stress out that you may, and you have full legal right to do so, stop all your interactions with us, i.e. you may seek that your personal data is deleted (as further defined below) as well as to refuse your consent to use of all or just some cookies.
Conclusively, the Company may not collect any sensitive data, such as data regarding your health, your credit score, etc. For any such collection your additional consent is required. Refusal of consent may arise with terminating of doing business with you or providing you with an inadequate user experience, as some of these types of data are mandatory to fulfil our legal obligations. Regardless of said, none of our decisions is based on automated data processing.
The Company does not collect data of minor under the age of 16.
5. Legal basis and purposes of data collection
The Company collects your personal data for the following purposes:
- To fulfil our legal obligations – your personal data is collected and processed in accordance with applicable laws as well as to make relevant notify and applications required by us under the applicable laws and data collection is necessary for us to fulfil our mandatory legal obligations;
- To fulfil individual contracts – your personal data is collected and processed with purpose to fulfil contractual obligations and such data collection is necessary to fulfil this purpose;
- With purpose of contacting you in order to efficiently fulfil our agreements, requests for delivery of information, by your applications to newsletters, based on consent given to us by you or based on legitimate interest of data controller;
- With purpose of protecting property and life – based on our legitimate interest our business premises may be under video surveillance;
- With purpose to participate in promotions based on consent that you had given us by applying to such a promotion;
- Promotion purposes – based on consent you had previously given us we may publish your photographs, etc.
- Any other purpose, provided however that you had been previously notified and that you had given your consent.
All of your personal data is processed based on the law, contract, legitimate interest and our voluntary, explicit and written consent.
5. Time period of storing your personal data
The company collects and stores your personal data only for the purposes specified in this privacy policy or prescribed in mandatory laws and for period of time necessary to fulfil the respective purposes. Therefore we delete your personal data immediately we receive your deletion request, immediately when contractual relationship had ended or once our legal obligations pertaining to data collection have expired, i.e. immediately after we do not receive your consent for collecting your data.
Further below you may find and overview of the personal data, respective purposes and times of storage:
Personal data |
Provided by |
purpose |
Legal basis |
Time of data collection |
Identification data for emyployemtn (e.g. name, last name, account number, tax number, copy of personal ID) |
Directly by user |
Fulfilment of contract – enabling the company to render services and employment (if any) |
User consent |
For the duration of employment, but no longer than 2 years from termination |
Directly by user |
Request of competent state bodies to deliver data |
Legal obligation |
Up to 10 years from termination |
|
Directly by user |
Prevention of misuse |
Legitimate interest / Legal obligation |
Up to 10 years from termination |
|
Contact data (e-mail, address, phone number) |
Directly by user |
Fulfilment of contract – enabling the company to render services under respective agreement |
User consent |
For the duration of agreement, but no longer than 2 years from termination |
Directly by user |
Sending newsletters, notifications, etc. |
User consent |
Until recall of consent |
|
Directly by user |
Preventing issues with communication, enabling filing of written requests and objections |
User consent |
Until recall of consent |
|
Directly by user |
Prevention of misuse |
Legitimate interest / Legal obligation |
Up to 10 years from termination |
|
Data on previous employment (data on employer, references, contact details, data on pension insurance and duration of previous employment) |
Directly by user |
Fulfilment of contract – enabling the company to render services under respective agreement |
User consent |
No later than you employment with third party/termination of current employment agreement |
Your IBAN data and data relevant to opening of your bank account, utility bill |
Directly by user |
Your employment and payment of your salary |
Contract fulfilment/ legal obligation |
N olater than termination of your employment, but in any case up to 10 years from termination |
Directly by user |
Request of competent state bodies to deliver data |
Legitimate interest / Legal obligation |
up to 10 years from termination |
|
Directly by user |
Prevention of misuse |
Legitimate interest / Legal obligation |
up to 10 years from termination |
|
Publicly available social media profiles |
Directly by user |
Identity check, employment with the Company |
Legitimate interest |
Until recall of consent on social media |
Digital data: geolocation/IP, address, type of device used, ID of device, data on internet service providers, country of origin, OS version geo- |
Directly by user |
Providing of services by the Company, improving user interface, delivery of data to Company’s services users |
User consent |
Until recall, no later than 12 months from employment/contract termination. |
Directly by user |
Prevention of misuse |
Legitimate interest |
Up to 12 months |
|
Phone records |
Telecom companies |
Fulfilment of contract |
Legal obligation |
Up to 10 years, in accordance with accounting regulations |
Other data -e.g. answers from marketing polls |
Directly by user |
Better understanding of user needs, enhancing user experience |
User consent |
Up to 12 months |
6. Data consent management
At any given time you are free to amend your consent for your personal data collection and/or processing (amend it, completely or partially withdraw it) either by sending us an e-mail to legal@exprimereholdings.com or by sending us registered mail to EXPRIMERE, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Should you recall your consent, we will no longer use your personal data for the given purposes, but that may result in terminating of services or benefits given thereunder.
Withdrawal of your consent does not impact the legitimacy of data processing that was based on prior given consent once it has been withdraws.
Should you wish to again give us your consent you may do so in a manner it was given before.
Kindly note that if you do not give us your personal data that might be needed or relevant for performing under an agreement signed with you, we might not be able to provide you with agreed service, hence we will not be liable for any such failure of service providing.
7. Your rights
This Company is constantly keeping track of the legitimacy and legality of this privacy policy as well as internal rules of conduct so that neither action taken by this company is or can be construed in a manner that may result in violating your personal data. The Company is using its endeavours to secure you your rights as follows:
- Right to access and information regarding personal data use – you may at any given time seek information if your personal data is being used or processed, the purposes for data use/processing, type of data being collected, third parties to which your data is being shared with, time period of keeping your data, as well as source of personal data that has not been directly given by you;
- Right to correction – in case any of your data is incomplete or incorrect you may at any given time seek rectification
- Right to deletion – you may at any given time seek deletion of your personal data
- Right to limit data processing: you may limit processing of your data if
- You dispute the data being correct,
- You think the data processing was illegal, but you do not wish the data to be deleted, but seek limited use of such data and
- If you think we do not need your data for the provided purposes, but you need the data for any of your claims or in case an objection to data processing has been filed.
- Right to object to any further processing
- Right to seek access and transfer data– you may ask of us to send you the data you have given us in a structured machine-readable form:
-
- If we are processing your data based on your consent which may be revoked and
- if processing is made by automatization procedures.
- Right to seek protection with competent authorities – should you feel we have at any time violated your rights or any of data protection regulations, you may seek protection before competent authorities under national legislation.
Under Croatian laws you may file a complaint to the Croatian Data Protection Agency.
Bearing in mind stated above, the Company has adopted a series of technical and other measures in order to protect your personal data, as further elaborated in Schedule 1 to this privacy policy
Identity verification: In doubt or in cases where such obligation is imposed by mandatory law, we may seek additional information with purpose of verification of identity.
Misuse of rights: in case you are using any of your given rights contrary to their given purpose we may charge you administrative fees or refuse to process your request(s).
Data breach: Anybody who suspects that personal data has been breached must immediately notify us of such an incident with a detailed description of the breach. incident Notifications are sent to: denis.toth@exprimereholdings.com our DPO shall register the incident internally, notify the management board and all competent authorities.
Kindly note that the Company has internal procedures in place with regard sto data breach.
8. Third party data transfer
We shall not transfer your personal data to third parties, unless:
- You give us your explicit written consent for data transfer to a specific third party and for specific purpose or specific individual;
- If ordered to do so by State bodies, such as courts, ministries, agencies, etc.
- If the data is needed for courts and other competent state authorities for procedures they are handling, provided however that written proof of this fact is provide
- If your data is to be sent to tax office, pension insurance health insurance all based on legal obligations of the Company,
- If your data is to be sent to tax office for the procedures, they are handling within their competence and
- If within contractual obligations with third parties we need to deliver your data to such parties and such data is delivered to the digital services companies, such as amazon, Microsoft, etc by using standard data protection clauses.
Kindly note that while using digital services of big IT companies such as Google, Google analytics, Microsoft, etc. the Company has accepted the unilateral terms of doing business with these companies. However, the Company does not have means of verifying whether these large It companies transfer your personal data to third parties outside of warranties given by these IT companies. The Company is using its best endeavours to minimise this risk by using pseudo anonymization of your personal data.
9. Use of digital services (internet pages, applications)
Kindly note that we collect only personal data that has been made available to us either by you by filing contact request either by asking us to do business with you, ither by filing a job application and any other electronic means of communication. In order to promote our services our web page contains “cookies” that may be stored on your computer. Cookies may be rejected either partially or completely. For more information see below.
10. Cookies
A cookie is a piece of information (a .txt file) that had been stored onto your computer by the web page you are visiting. Cookies usually save your settings/web page settings, such as preferential language or IP address. Once you load your web page again the web browser is sending back the cookies pertaining to such a web page. This enables the web page to load to information adjusted to your needs.
Cookies also enable you the best possible web browsing experience as the “remember” your preferences, so you really do not have to manually input all of relevant details. For an example: cookies enable you to load one web page and should you transfer to another one you do not need to log on to the previous one for it to have the expected content and functionality. Furthermore, all of your web settings will be stored for the next time you load this web page.
By using cookies we cannot access your files stored locally on your computer and we cannot read your personal information from the content of the cookies.
Which cookies do we use and why
Your consent refers to the following domain: https://exprimereholdings.com/
Your current status is: allow all cookies
Your ID number of your consent is: [•]
Change your consent / withdraw your consent
STRICTLY NECESSARY (9)
Necessary cookies make the web page usable by enabling its base functions such as web page navigation and access to restricted areas. Web page may properly function even without these cookies
Cookie | Service provieder | Purpose | Expiry | type |
_grecaptcha | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | Persistent | HTML Local Storage | |
_GRECAPTCHA | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | 179 days | HTTP Cookie | |
CookieConsent | Stores the user’s cookie consent state for the current domain | 1 year | HTTP Cookie | |
PH_HPXY_CHECK | [•] | Used to detect and prevent brute force attacks on the website. | Session | HTTP Cookie |
rc::a | This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website. | Persistent | HTML Local Storage | |
rc::b | This cookie is used to distinguish between humans and bots. | Session | HTML Local Storage | |
rc::c | This cookie is used to distinguish between humans and bots. | Session | HTML Local Storage | |
wc_cart_hash_# | [•] | On hold | Persistent | HTML Local Storage |
wc_fragments_# | [•] | On hold | Session | HTML Local Storage |
BALANCED (3)
By anonymous data collection and data flow the statistical cookies help the web page owners to understand how visitors communicate with said web page.
cookie | Service provider | purpose | duration | type |
_ga | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years | HTTP Cookie | |
_gat | Used by Google Analytics to throttle request rate | 1 day | HTTP Cookie | |
_gid | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 day | HTTP Cookie |
PERSONALIZED (1)
Marketing cookies are sued to track visitors f the web page. The purpose of these cookies is web advertising that is relevant to individual users and that encourage the user to participate in interaction with the web page, which is also necessary to web publishers and third-party advertisements.
Cookie | Service provider | purpose | Duration | type |
ads/ga-audiences | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor’s online behaviour across websites. | Session | Pixel Tracker |
How can I change or disable cookies?
Applicable laws stipulate that we may store cookies on your computer if they are necessary to web page functionality. We need your consent all other types of cookies. Should you chose not to accept cookie storage, you may do so in cookie preferences.
Once your consent has been given, you may withdraw it at any time without specifying a reason by simply clicking “withdraw consent” on this web page.
Furthermore, cookies may by generally declined or erased in web browser preferences.
Our web page enables you to freely, withing your web browser through interaction in the cookie banner to choose whether you wish to accept or decline some or all of the cookies.
In case you wish to delete or disable cookies on your computer you need to do so by updating your web browser preferences. Different types of web browsers enable different levels of cookie control. At any given moment, your web browser will offer you the option to accept, deny or delete the cookies, and you may choose which cookies you wish to delete – from third party cookies to cookies addressed by the specific web page. For more information regarding cookie settings please refer to your default web browser • Chrome • Firefox • MS Edge • Opera • Safari, etc.
The following web pages contain more information regarding cookies:
http://www.allaboutcookies.org/
http://www.youronlinechoices.com/hr/
http://www.aboutads.info/choices/
by turning the cookies off you decide whether you wish to store cookies on your computer. In case you disable the cookies you will still be able to browse our web page, but some of its functionality may be impaired.
For all other information regarding cookies or any other question regarding protection of your personal data, please feel free to contact us at any time at: legal@exprimereholdings.com
11. Technical and organisational measures
Please note that the Company has undertaken all technical and organisational measures in order to protect your personal data from loss, breach of third party access. If you have any questions with this regard, please feel free to contact us at any time. All measures applied are specified in Schedule 1 to this privacy policy.
.12. Final provisions
All matters that are not regulated by this privacy policy shall be regulated in accordance with the laws of Croatia.
Everybody who feels her/his personal data have been breached or violated may seek protection of her/his personal data before competent court against th Company. The burden of proof regarding the damages lies within the respective individual, whereas burden of proof of legal and proper data collection and processing lies with the Company.
Company’s third party liability for reach of data protection is limited to actual damage. All other damages are explicitly excluded.
IN case of breach or suspicion of breach and individual should firstly contact the Company for mediation purposes, either by filing respective claim by email to: legal@exprimereholdings.com or by filing petition by registered mail to EXPRIMERE HOLDINGS LTD, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. The Company is obliged to answer any such petition within 8 days of receipt thereof. In case a Company receives such a request prior to starting respective litigation, and individual is obliged to initiate court mediation first and then in case court mediation was unsuccessful an individual may file his/her claim before the competent court.
All judicial matters shall be finally resolved by habitually competent courts in London.
Hs privacy policy has been drafted and enacted on this. The Company owns all documents and information arising herefrom and the management board is obliged to review the rules set herein at least once a year.