Privacy Policy

We are a company named Armatus Prudentia ltd with registered seat at Srebrnjak 124, 10000 Zagreb, Republic of Croatia, OIB (“Croatian PIN”) 60536611486.

We are providing consulting services and solutions regarding ICT business, project management with strong focus on implementation of European Union regulations and projects funded by European Union, as well as business legal advisory and more. All our services and solutions come with special emphasis on digitalization, globalization and networking.

If you have any question regarding this Privacy Policy or processing of your Personal Data, please feel free to contact us on the following e-mail address: info@armatusprudentia.eu. If you prefer sending us a written letter, you can send it on the following address: Srebrnjak 124, 10000 Zagreb, Republic of Croatia.

In order to clearly understand our Privacy Policy, please carefully read the meaning of terms stated below:

General Regulation means regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural party regarding the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation);

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Personal Data means any information relating to an identified or identifiable natural person, an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Data Subject means a person whose Personal Data is processed, and whose identity identified or identifiable; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by European Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by European Union or Member State law;

Joint Controllers means two or more Controllers jointly determine the purposes and means of processing;

Processor means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller;

Recipient means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a Third party or not;

Third party means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, Processor and party who, under the direct authority of the Controller or Processor, are authorized to process Personal Data;

European Union means the European Union’s institutions, bodies, offices, and agencies set up by, or based on, the TEU, the TFEU or the Euratom Treaty;

International organization means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or based on an agreement between two or more countries;

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;

Consent means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

This Privacy Policy contains all important information about the processing of your Personal Data. We issued this Privacy Policy as data Controller. If we act as data Processor, we will process your Personal Data according to applicable laws and instructions issued by data Controller. More about our role as data Processor you can find below.

In this Privacy Policy you can find the following information: categories of Data Subjects and their processed Personal Data, purposes of processing and its legal basis, categories of the Recipients of Personal Data, information about the rights of Data Subjects, as well as other information that we are obligated to provide in accordance with the applicable regulations.

Any changes regarding this Privacy Policy will be published on our website.

The terms used in this Privacy Policy that have a gendered meaning, regardless of whether they are used in male or female gender form, refer to both the male and the female gender.

Under the subtitles below, you can find categories of processed Personal Data, purposes of processing and lawfulness of processing regarding each category of Data Subjects.

Our Clients

If you are our client, we may process the following categories of your Personal Data (depending on a specific service we provide to you, the processing may include only some of the categories listed below):

• Identification data – Name and surname, OIB (“Croatian PIN”) and residence.
• Contact data – Mobile/phone number and (or) e-mail address.
• Financial data – Bank account number.

If you are a representative / contact person acting on behalf of our client, we may process the following categories of your Personal Data:

• Identification data – Name and surname.
• Contact data - Mobile/phone number and (or) e-mail address

We process above-mentioned Personal Data for the following purposes:

• For the purpose of promotion and realization of our business relationship. In this case, the processing is necessary in order to take steps prior to entering into a contract (lawfulness of processing based on Article 6 Par. 1 Point b of the General Regulation).
• For the purpose of providing our services, i.e. fulfilling our rights and obligations arising from the contract. In this case, the processing is necessary for the performance of the contract (lawfulness of processing based on Article 6 Par. 1 Point b of the General Regulation).
• For the purpose of self-promotion and marketing activities. In this case, the processing is necessary for the purpose of our legitimate interest as a service provider (lawfulness of processing based on Article 6 Par. 1 Point f of the General Regulation).
• For the purpose of fulfilling our legal obligations to which we are the subject, for example supervisory of competent authority. In this case, the processing is necessary for compliance with a legal obligation to which we are the subject (lawfulness of processing based on Article 6 Par. 1 Point c of the General Regulation).

Our Business Partners

If you are our business partner, we may process the following categories of your Personal Data (depending on our business relationship, the processing may include only some of the categories listed below):

• Identification data – Name and surname, OIB (“Croatian PIN”) and residence.
• Contact data – Mobile/phone number and (or) e-mail address
• Financial data – Bank account number.

If you are a representative / contact person acting on behalf of our business partner, we may process the following categories of your Personal Data:

• Identification data – Name and surname.
• Contact data - Mobile/phone number and (or) e-mail address.

We process above-mentioned Personal Data for the following purposes:

• For the purpose of promotion and realization of our business relationship. In this case, the processing is necessary in order to take steps prior to entering into a contract (lawfulness of processing based on Article 6 Par. 1 Point b of the General Regulation).
• For the purpose of providing our services, i.e. fulfilling our rights and obligations arising from the contract. In this case, the processing is necessary for the performance of the contract (lawfulness of processing based on Article 6 Par. 1 Point b of the General Regulation).
• For the purpose of self-promotion and marketing activities. In this case, the processing is necessary for the purpose of our legitimate interest as a service provider (lawfulness of processing based on Article 6 Par. 1 Point f of the General Regulation).
• For the purpose of fulfilling our legal obligations to which we are the subject, for example supervisory of competent authority. In this case, the processing is necessary for compliance with a legal obligation to which we are the subject (lawfulness of processing based on Article 6 Par. 1 Point c of the General Regulation).

Sending us a Message

If you send us a message via the contact form on our website, through our social media platforms or directly to our e-mail address, we may process the following categories of your Personal Data:

• Identification data – Name and surname.
• Contact data – Mobile/phone number and (or) e-mail address.
• Other data – message content (if it contains any personal data).

We process above-mentioned Personal Data for the following purposes:

• For the purpose of making a contact and answering your message. In this case, the processing is necessary for the purpose of our legitimate interest as a service provider (lawfulness of processing based on Article 6 Par. 1 Point f of the General Regulation).
• For the purpose of fulfilling our legal obligations to which we are the subject, for example supervisory of competent authority. In this case, the processing is necessary for compliance with a legal obligation to which we are the subject (lawfulness of processing based on Article 6 Par. 1 Point c of the General Regulation).

Blog Writers

If you are writing for our blog “Read and Learn”, we may process the following categories of your Personal Data:

• Identification data – Name and surname, picture.
• Contact data - Mobile/phone number and (or) e-mail address.
• Other data - Data on education and acquired title, current job position.

We process above-mentioned Personal Data for the following purposes:

• For the purpose of publishing your articles on our blog “Read and Learn”. In this case, the processing is necessary for the purpose of our legitimate interest (lawfulness of processing based on Article 6 Par. 1 Point f of the General Regulation).
• For the purpose of using / publishing your picture on our blog “Read and Learn”. In this case, we will use your consent as our legal basis for processing (lawfulness of processing based on Article 6 Par. 1 Point a of the General Regulation).
• For the purpose of fulfilling our legal obligations to which we are the subject, for example supervisory of competent authority. In this case, the processing is necessary for compliance with a legal obligation to which we are the subject (lawfulness of processing based on Article 6 Par. 1 Point c of the General Regulation).

Visitors of our Social Networks

We are using the following social networks for promoting our business activities: Facebook, Twitter, YouTube, Instagram, LinkedIn.

We are in the position of a Joint Controller together with social network platforms when processing your Personal Data (collected when visiting our social networks). Social network platforms process your Personal Data in accordance with their own Privacy Policies.

We are collecting a minimum of your Personal Data when visiting our social networks. We only collect a number of visitors as a statistic data for the purpose of tracking popularity of our account on respective social network.

You can find more about Privacy Policies of each social network platform on the following links:

• Facebook: https://www.facebook.com/privacy/explanation,
• Twitter: https://twitter.com/en/privacy,
• YouTube: : https://www.mic.com/articles/163045/you-tube-privacy-policy-everything-you-need-to-know,
• Instagram: https://help.instagram.com/402411646841720,
• LinkedIn: https://www.linkedin.com/legal/privacy-policy.

We treat your Personal Data with confidentiality, and we protect them in accordance with applicable legal regulations (international, European and national), as well as best practices. Third parties have a right to access and process your Personal Data only in the below-described situations:

Third party as a Processor – We can allow the access and processing of your Personal Data to Third parties providing us services necessary for our operational business. Third parties can provide services such as IT services, advertising, translation, postal and courier services. Mentioned service providers have the access only to those categories of your Personal Data necessary for providing their services. In that case, your Personal Data is processed solely in accordance with our instructions.

Third party as a Controller - We can allow the access and processing of your Personal Data to Third parties providing us services based on our legal obligations or legitimate interest. Third parties can provide services such as tax and legal advisory. In that case, your Personal Data is processed in accordance with our instructions, as well as their statutory powers and rules of profession.

Third party as competent authority - We allow the access and processing of your Personal Data to the competent authorities during the audit supervision activities or other activities based on their legal obligations. In that case, the competent authorities are processing your Personal Data in accordance with their statutory powers.

We as a Joint Controllers – We can allow the access and processing of your Personal Data to Third parties who are Joint Controllers with us. For example, when we are a party of a multilateral contract.

We as a Processor – When we have the role of the Processor (situations when we process your Personal Data on behalf of and in accordance with instructions of a third party - Controller), Controller of your Personal Data is obliged to inform you about the processing and transfer of your Personal Data. Of course, you can always contact us regarding our processing of your Personal Data, and we will provide you the requested information.

We are trying to avoid transfers to third countries and international organizations in our everyday business. If we do transfer your Personal Data to third countries or international organizations, we are ensuring an adequate level of data protection. In such situations, we are taking the two-step approach in order to justify such a transfer (requesting your explicit consent and applying additional safeguards prescribed by the General Regulation).

In order to provide an adequate level of data protection, we undertake actions that are reasonable and effective, considering the sensitivity of Personal Data we process and the risk of unauthorized access and processing. Some of the measures we use are the following:

• Pseudonymization of the data bases, when possible;
• Sophisticated IT solutions;
• Use of secure Personal Data exchange methods;
• Control of access to the data bases;
• Supervision of the premises where the data bases are stored, i.e. the resources on which they are stored.

Personal Data for which the law prescribes data retention period are kept during the statutory prescribed period and are deleted in an additional period of three months.

If you are our client and there is no statutory retention period defined, we keep your Personal Data for the entire duration of the contract we signed. Upon the termination of the contract, we will delete your Personal Data in the shortest possible, reasonable time.

If you are our business partner and there is no statutory retention period defined, we keep your Personal Data for the entire duration of the contract we signed. Upon the termination of the contract, we will delete your Personal Data in the shortest possible, reasonable time.

Personal Data we process on the legal basis of legitimate interest, we keep as long as the legitimate interest exists. We delete them in a period of three months from the moment our legitimate interest ceased to exist.

Personal Data that we process based on your consent, we keep as long as we have your consent. If you withdraw your consent, we will delete your Personal Data in the shortest possible, reasonable time. If consent is given for a specific period, after the expiration of that period, your Personal Data will be deleted in the shortest possible, reasonable time.

We do not conduct profiling of our clients, partners or others whose Personal Data we process.

We do not apply an automatic decision-making system based on your Personal Data.

You can exercise your rights by submitting your request to the following e-mail address: info@aramtusprudentia.eu or if you prefer submitting your request in the form of a written letter, you can submit it to the following address: Srebrnjak 124, 10000 Zagreb, Republic of Croatia.

Upon receipt of your request, we will send you a confirmation of our acknowledgement. Our response upon your request will be sent within 30 days of receipt.

Please make sure that your request contains the following information:

1. Title of the request should specify your request as "Request of the Data Subject",
2. Information about your identity so we can identify you and your Personal Data (for example, name, surname, Croatian PIN etc.),
3. Right you want to exercise (please, see the rights below).

When exercising your rights, processing of your Personal Data is necessary for the compliance with our legal obligations stated in the General Regulation, respectively the processing in necessary for enabling exercise of your rights.

Below you may find your rights and their descriptions. Each right is marked as an individual subtitle.

The Right of Access to Your Personal Data

You have the right to obtain a confirmation as to whether or not your Personal Data is being processed, as well as access to your Personal Data. You have the right to access the following information:

• the purposes of processing,
• the categories of your Personal Data,
• the recipients or categories of recipient to whom your Personal Data has been or will be disclosed, in particular recipients in third countries or international organizations,
• retention periods regarding your Personal Data,
• the existence of your rights to erasure, rectification, restriction of processing, the right to object and the right to lodge a complaint with a supervisory authority,
• the existence of automated decision-making (including profiling) and meaningful information about the logic involved, as well as envisaged consequences of such processing,
• where personal data is transferred to third countries or international organizations, information of the appropriate safeguards taken for such transfer,
• where your Personal Data is not collected from you, any available information about the source of your Personal Data.

The Right to Rectification of Inaccurate Personal Data

You have the right to request the rectification of your incorrect Personal Data, as well as the right to have incomplete Personal Data completed. If you are exercising this right, you must prove the inaccuracy or incompleteness of your Personal Data (for example, attaching supporting documentation etc.).

The Right to Erasure

You have the right to request an erasure of your Personal Data, where one of the following grounds applies:

• your Personal Data is no longer necessary,
• you withdraw the consent on which the processing is based,
• you object to the processing,
• your Personal Data is unlawfully processed,
• your Personal Data must be erased for the compliance with a legal obligation under EU Law or our national law.

We will make your Personal Data unusable in a manner that prevents anyone from accessing, reading out and processing your Personal Data. We will inform you about the technique used for erasing your Personal Data.

The Right to Restriction of Processing

You have the right to request the restriction of processing your Personal Data. The restriction of processing does not relate to the retention period of your Personal Data. Methods used for restriction could include the following:

• temporarily moving your Personal Data to another processing system,
• making your Personal Data unavailable for usage,
• temporarily removing published Personal Data from our website.

The Right to Data Portability

You have the right to request the transfer of your Personal Data when the processing is based on your consent or on a contract and is carried out by automated means. You have the right for your Personal Data to be transmitted directly from us to another Controller, if it is technically feasible. However, exercising your right should not adversely affect the rights and freedoms of others.

The right to Object about the Processing of Your Personal Data

You have the right to object at any time to the processing of your Personal Data, relating to your particular situation, necessary for the performance of a task carried out in the public interest or for the purpose of our legitimate interest. Objecting to the processing has an effect only on the future processing activities, unless you are objecting about the direct marketing, which takes effect immediately.

The Right to Withdraw the Consent

At any time, you have the right to withdraw the consent for the further processing of your Personal Data. The withdrawal of the consent shall not affect the lawfulness of processing based on the consent before its withdrawal.

The Right to Complaint to the Authority

At any time, you have the right to complaint to the competent body for the protection of Personal Data in relation with processing and protection of Your Personal Data.

The competent body is Croatian Personal Data Protection Agency (“Agencija za zaštitu osobnih podataka”) with registered seat at Martićeva ulica 14, 10000 Zagreb, Republic of Croatia, e-mail address: azop@azop.hr, telephone: 00385 (0)1 4609-000, Web site: www.azop.hr.