Privacy policy

Protecting your privacy and security is important to us.

Colas d.o.o. strictly adheres to the General Data Protection Regulation (GDPR) EU 2016/679, effective since May 25, 2018, and to the applicable national Data Protection Implementation Act when using and processing personal data.

Below, we provide detailed information about our policies regarding the purposes for which we collect and use your personal data, how we process it, and the procedures that allow you to monitor and exercise your rights.

The right to use personal and anonymous data within the legally permitted scope, with restrictions based on the rights of data subjects listed below, is held by Colas Hrvatska d.d.

This Privacy Policy applies exclusively to our website, www.colas.hr, which we manage. Please check the privacy policies (on data protection) on websites managed and controlled by third parties, as these sites are beyond our control, and Colas Hrvatska d.d. is not responsible for their content and personal data protection measures.

We encourage you to periodically review this Privacy Policy, as changes may occur and will be published on our website: www.colas.hr.

Changes to this Privacy Policy are effective from the date of publication on our site, under "Effective Date" and "Version" at the bottom of this document.

Legal Basis for Data Processing

We collect, process, and use personal data only for purposes for which it was collected, which includes the following:

  • Processing to comply with the company’s legal obligations
  • Processing to execute a contract in which the user is a client
  • Based on the client’s explicit consent
Collection of Personal Data

We collect personal data exclusively in accordance with the applicable personal data protection regulations. Personal data includes information that can identify you, which may include but is not limited to: full name, address, email address, company VAT ID, company registration number, MBS (company number), VAT identification number, authorized representative, phone number, fax number, business account, business bank name, and other data you share with us that you wish to keep confidential.

Colas Hrvatska d.d. processes your personal data, among other things, in the following cases:

  • If you contact us directly via email, phone, or personal messages on social networks to request information about our services or to order services and products—in this case, personal data is collected directly from you to create or fulfill an offer, contract, or invoice.
  • If you fill out a general contact form on our website to obtain additional information about our services.
  • We may indirectly collect personal data that is publicly available on websites not owned by Colas d.o.o. (e.g., social media posts), data obtained through cookies, or links.

If you are under 18 years of age, please do not provide us with any data without parental or guardian consent. If you are providing data on behalf of another person, ensure that the person is aware of this privacy policy before doing so.

Use of Personal Data

We collect your personal data solely for the purposes for which you explicitly provided it, which include:

  • Responding to your inquiries and issuing offers
  • Creating and executing contracts
  • Processing orders
  • Delivering services and products
  • Reviewing your job application if you contact us through our website or other means and submit your resume
  • Applying for employment
  • Acceptance of our newsletters
  • During business contact and cooperation, we may learn certain personal data about business partners or their employees for the purpose of professional activities, as well as for establishing close business contacts
  • When using our social media profiles or clicking "Like," we may receive content you voluntarily choose to share, such as information about your profile, photos, comments, opinions, depending on your social network privacy settings.
  • When using our website, we may collect information about your visit, such as the pages you view, the time and location of your activity, app settings, errors, and hardware activities.

We use (process) data only for specified, clear, legitimate, and expected purposes, and we do not share it with third parties or use it for unforeseen or unexpected purposes. Data is not collected in greater scope than necessary to achieve the stated purposes, and collected data is used primarily for:

  • Ensuring the sale of our services and products
  • Providing services in accordance with contractual obligations
  • Efficiently responding to your inquiry
  • Maintaining and providing our website and social media pages – we may combine information we collect from various sources to provide better customer support and deliver better, personalized service, content, advertising, and advertisements.
  • Sending catalogs, brochures, and other promotional materials
  • Establishing employment in accordance with applicable regulations
  • Correspondence related to the execution of each item in a specific project

Data is used exclusively to perform Colas d.o.o.'s core business activities and is not collected for marketing or other purposes.

Communication with Customers/Suppliers and Others:

  • Email (directly or via website)
  • Phone
  • SMS
  • Mail

When you send us an email with personal data that can identify you, we use this data to fulfill your requests. By providing your personal data, you agree to contact us, thereby giving us the right to add you to our mailing list—granting permission and your explicit consent to contact. The privacy of your personal data is maintained, and you may request removal from our mailing list at any time via links within each communication or by sending a direct request.

Documentation sent electronically with your consent is in PDF or image format. In the Colas d.o.o. system, business documentation is protected by the Colas d.o.o. VPN system, antivirus protection, and Colas d.o.o. information system (password for program access).

Data Processing

Data processing is conducted in accordance with the EU General Data Protection Regulation 2016/679 and applicable Croatian data protection laws and regulations.

Data Controller: Colas Hrvatska d.d., Međimurska ul. 26, 42000 Varaždin
Email: [email protected], tel: 042/352-500

As a Client (business partner) or user of our website, you have the right to obtain information regarding the processing of your personal data and to submit requests to exercise your rights. For requests related to your personal data, please contact our data protection officer at: [email protected].

Employment at Colas Hrvatska d.d.

When there is a need for new employees, Colas Hrvatska d.d. adheres to the following procedure:

  • The published job advertisement must state that, according to the General Data Protection Regulation (GDPR) EU 2016/679 and applicable Croatian laws and regulations, the candidate’s consent is required for processing personal data for selection and employment purposes.
  • The consent form is available on the official website: www.colas.hr.
  • Once the candidate submits their consent and all required documents specified in the job advertisement for selection at Colas Hrvatska d.d., the candidate selection and hiring process for the advertised position begins.
Data Processing That Does Not Require Consent

Detailed information on data processing that does not require consent:

General Contact Form

  • Contact form (inquiry/praise/complaint): When submitting the contact form, your personal data from the contact fields (name and surname, company name, email, phone/mobile) are processed.
  • Purpose: to respond to your inquiry.
  • Legal basis: legitimate interest.
  • Retention period: 12 months.
Legal Basis for Data Processing

If you are from the European Union, the legal basis for Colas d.o.o. to collect, process, and use personal data described in this Privacy Policy is the General Data Protection Regulation EU 2016/679, effective from May 25, 2018, and the applicable national Data Protection Implementation Act.

Colas Hrvatska d.d. may process your personal data because:

  • We must enter into a contract with you.
  • You have given us consent.
  • Data processing is in our legitimate interest and is not overridden by your rights.
  • We must comply with legal obligations.
Retention of Personal Data

Personal data (of clients, suppliers, job applicants, etc.) is stored and processed only as long as necessary to fulfill a legitimate purpose, unless applicable regulations specify a longer retention period for a specific purpose or to fulfill legal obligations (e.g., if we must retain your data to comply with legal obligations). In case of consent for marketing, data is stored until the consent is withdrawn.

All personal data of clients/suppliers that is collected and processed can be deleted upon your request, unless there is a legal obligation or legitimate interest (e.g., legal dispute) for a longer retention period. Personal data that is no longer needed is securely destroyed.

Data and accompanying documentation related to employment of candidates for a new position are retained for the legally prescribed period, after which the documentation is destroyed or returned to the candidate (in line with prior consent signed by the candidate for the advertised position).

Data Transfer

Your data, including personal data, may be transferred to and maintained on computers outside of your country or outside the European Union, where data protection laws may differ from those in the EU. If you are located outside Croatia and choose to provide information to us, please note that we transfer and process data, including personal data, in Croatia. Your consent to this Privacy Policy and the submission of your personal data represents your consent to such transfer.

Colas Hrvatska d.d. will take all necessary steps to ensure that your personal data remains secure and that it is handled in accordance with this Privacy Policy, ensuring that your personal data is not transferred to a company or country lacking adequate protection mechanisms for your personal data.

Disclosure of Data

Under certain circumstances, Colas Hrvatska d.d. may be required and obligated to disclose your personal data if required by law or if a valid request is received from government authorities (e.g., court, government agency, ministry, etc.).

Colas Hrvatska d.d. may disclose your personal data in good faith, believing that such action is necessary to:

  • Comply with legal obligations.
  • Protect and defend the rights or property of Colas d.o.o.
  • Prevent or investigate possible harmful actions related to the Colas d.o.o. website (web location).
  • Protect the safety of Colas d.o.o. website users (web location) or the public.
Data Security

Colas Hrvatska d.d. undertakes appropriate technical, organizational, and administrative measures to protect your data from loss, manipulation, or unauthorized access. These measures are regularly reviewed and continuously adapted to current technical standards. If a personal data breach occurs that may pose a significant risk to your rights and freedoms, we will inform you accordingly in compliance with applicable regulations.

Please note that in addition to the protection and security measures taken on our part, it is essential for you to also secure the safe storage and confidentiality of the user data provided to you or communicated to you.

Colas Hrvatska d.d. does not sell, rent, or lend users' personal data to third parties and protects your personal data from unauthorized access. Data on computer servers is stored in a controlled, secure environment. Recipients of your personal data are limited to authorized individuals who need to know your personal data due to their job functions. Colas Hrvatska d.d. will share your personal data with trusted business partners to whom Colas Hrvatska d.d. turns to process your request. They are contractually obligated to respect the confidentiality and security of the data they receive and may only use it for the purpose of the assigned task.

Colas Hrvatska d.d. will not send you unsolicited emails and is not responsible for accidental errors or force majeure events or other objective circumstances that cause accidental breaches of guaranteed data protection, but it guarantees that the error will be corrected, if possible, as soon as possible.

We only collect personal data necessary to fulfill legal obligations or that are provided to us voluntarily. We do not require you to send data to enable access to our website and do not ask you to disclose more data than is truly necessary.

Unauthorized attempts to upload or modify data on our website are strictly prohibited.

Your Rights

Regarding the processing of personal data, you have the right to exercise the following rights:

  • Right of Access – You have the right to request confirmation of whether your personal data is being processed, and if so, to access personal data and the following information: purpose of processing, categories of personal data involved, recipients or categories of recipients, processors, the retention period of personal data, information on your rights, and sources of data if not collected from you. If your personal data is transferred and processed outside the EU, you have the right to information on appropriate safeguards.
  • Right to Rectification – You have the right to obtain from us, at any time, the rectification of inaccurate or incomplete personal data concerning you, which we are obliged to carry out without delay. Taking into account the purposes of the processing, you have the right to supplement or request the correction of incomplete personal data, including by providing an additional statement.
  • Right to Erasure ("Right to be Forgotten") – You have the right to obtain from us the deletion of your personal data if there is no legal reason for further processing of that data on our part (e.g., if the data is no longer necessary in relation to the purposes for which it was processed). If such a legal reason exists, we will inform you in detail as part of the response to your deletion request.
  • Right to Restrict Processing – You have the right to request from us the restriction of processing of your personal data in the following situations:
    • If you dispute the accuracy of your personal data, for a period that allows us to verify the accuracy of the data.
    • If the processing of your personal data is unlawful and you oppose deletion and instead request a restriction of the use of the data.
    • If you request them for establishing, exercising, or defending legal claims and we do not need them for processing.
    • If you have objected to the processing of your personal data and are awaiting confirmation.
  • Right to Data Portability – You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transfer it to another service provider, i.e., data controller, if the following conditions are met: the processing is based on your consent or on a contract and is carried out by automated means. If technically feasible, you have the right to have your data directly transferred from us to another controller.
  • Right to Object – If the processing of your personal data is based on our legitimate interests, you have the right to object at any time to such processing of personal data to the extent that the processing relates to your data. If you object:
    • Regarding direct marketing, we will no longer process your personal data for direct marketing purposes.
    • Regarding other legitimate interest cases, we will no longer process your personal data for the purpose to which the objection relates, unless we demonstrate that there are compelling legitimate grounds for the processing that override your interests, rights, or freedoms, or if necessary for establishing, exercising, or defending our legal claims.
  • Right to Complaint – If you believe that we have violated data protection laws during the processing of your personal data, leading to an infringement of your interests, rights, or freedoms, please contact us so we can clarify any possible issues.
  • Right to Withdraw Consent – You have the right to withdraw your consent at any time, which you have given to Colas Hrvatska d.d. to process your personal data.
How You Can Exercise Your Data Protection Rights

All the rights listed above, as well as your questions regarding your personal data, can be exercised by directly contacting our data protection officer by sending a written message via email to: [email protected].

We will process requests and inquiries without unnecessary delay and in accordance with legal obligations, and we will inform you in writing about the measures we have taken.

If you believe that Colas Hrvatska d.d. is acting unlawfully and cannot resolve the matter with us, you have the right to file a complaint with the Croatian Data Protection Authority (AZOP).

Website and Cookie Usage

Colas Hrvatska d.d. respects the privacy of visitors and users of its website (www.colas.hr). This Privacy Policy also governs the collection and use of personal data from visitors to our website.

Colas Hrvatska d.d. and its website use cookies and automatically collect data using cookies.

Colas Hrvatska d.d. commits that your personal data will not be used for commercial purposes without obtaining your prior consent. Colas Hrvatska d.d. uses Google Analytics, a service provided by Google, for tracking and reporting on website traffic.

We do our best to ensure that all redirects from our website lead to sites that do not contain illegal and/or harmful content. However, web pages and addresses change rapidly, and we cannot always guarantee the content of every webpage we link to. We recommend that you review the Privacy Policies for each website you visit. Colas Hrvatska d.d. does not control or assume responsibility for the content, privacy policies, or practices of third-party websites or services.

Colas Hrvatska d.d. reserves the right to modify or discontinue any part of its website (www.colas.hr) and the terms of use at any time. Changes take effect upon publication on our website. The terms of use apply until terminated by you or us. Your termination can occur at any time and means discontinuing the use of our website and deleting all materials and content downloaded and used from our website.

All information submitted by a visitor or automatically recorded on our website is used exclusively in accordance with this Privacy Policy, the EU General Data Protection Regulation (GDPR) 2016/679, effective May 25, 2018, and the provisions of the applicable Law on the Implementation of the GDPR.

Website Use by Minors

We emphasize that all processing of personal data is to be used exclusively by individuals who have reached the age of 18. The use of systems and tools, as well as the resulting data processing, by users below this age limit is prohibited without appropriate parental or guardian consent. If you are a parent or guardian and know that your child has provided personal data, please contact us. If we notice such data processing, we will immediately stop processing it upon discovery and delete the data from our servers.

Social Networks

Social networks may also place cookies on your computer. This occurs on web pages that allow you to log in and register via social network accounts and if you share website content on social networks (e.g., via the "Like" button). When using these functions, please be aware that any information you provide, including your name, location, and email address, may be publicly accessible to others. We are not responsible for any information you submit through such interactive features and advise you not to disclose sensitive personal information (such as health data or credit card information) through such features. If you use these features, your personal information may remain on the page even after you stop using it.

The specific impact on your privacy will vary from network to network and depends on the privacy settings you choose on those networks. You can learn how to manage cookies on these social networks on their respective websites.

Facebook

Colas Hrvatska d.d. uses the Social Plugin from Facebook. We use the Like button, which is provided by Facebook Inc. (1601 S. California Ave., Palo Alto, CA 94304, USA). Visiting our Facebook page that contains such a plugin does not establish any connection with this company. This only occurs upon your explicit consent, which is requested after you click the appropriate button.

For information on the purpose and extent of data collection by Facebook, as well as related rights and privacy settings, please review Facebook’s data protection notices: http://www.facebook.com/policy.php.

If you do not want Facebook to associate data collected through our online presence with your Facebook account, you must log out of Facebook before visiting our website. You can also entirely disable Facebook plugins by using add-ons for your browser, such as the “Facebook Blocker.”

This Privacy Policy takes effect on May 25, 2018, Version 01.

We regularly review and assess data processing information to ensure it reflects the way we handle personal data. The current version is always available on our website, and if there are significant changes that affect your rights and freedoms, we will inform you directly.