With peace, love and communication, we guarantee the security of all your data.
We protect your privacy day and night.
This Privacy Notice (“Notice”) explains how PEPERMINT d.o.o. (in further text: PEPERMINT, Data Controller) collects, uses and manages your personal data that is located on the web site https://hr.weekend.hr/.
This Privacy Notice applies to all services offered by PEPERMINT, with the aim of the rules in a clear and transparent way to acquaint our visitors, partners and users of our services (hereinafter: data subjects) with the processing of their personal data and their rights.
PEPERMINT is dedicated to respecting and protection of your privacy. In regard to the data we collect, PEPERMINT is a Data Controller, that is, the one that determines the purposes, needs and means for which personal data is processed.
PEPERMINT as a website service provider is committed to protecting the privacy of personal information.
If you wish to contact us regarding this Notice or regarding your personal data, please use the following contact information:
Ulica Republike Austrije 27
You can also contact our external Data Protection Officer:
Ulica Republike Austrije 23
10 000 Zagreb
And now we will talk “a little” more about the rights, obligations and other issues that are relevant to the protection of your privacy and personal data! The text that follows is important and by no means boring and dry.
We collect your personal information when necessary to meet your needs and requirements, perform services or for the purposes of our business and the organisation of the HR.WEEKEND
PEPERMINT recommends all registration fee customers, visitors, users of our services or users of the site to take care of their login password for registration. We recommend combining uppercase and lowercase letters and numbers when choosing a password character combination. Use a password of at least six characters. We recommend changing the password periodically (at least once a year). We collect the above specific categories of your personal data either on the basis of the consent shown to you when you arrive at https://hr.weekend.hr/ via a pop-up window, or on the basis of a legitimate interest (for example in cases of cookies that are necessary for functioning https://hr.weekend.hr/ or when we are already sending you some interesting information and / or offers of shares as our weekender) or in order to fulfil our obligations arising from the applicable regulations of the Republic of Croatia.
If the processing is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent must be notified to the head of processing by e-mail: email@example.com or to firstname.lastname@example.org or to the address Ulica Republike Austrije 27, 10 000 Zagreb with the indication ˝n / r data protection officer˝. Such withdrawal shall not affect the lawfulness of processing based on consent prior to its withdrawal.
Please pay attention to the mandatory volume of data we ask you to provide, because in case the customer or user does not provide the required information which are specified as mandatory in order to perform an activity requested or expected by them, unfortunately they will not be allowed for enter into it, without the required data that activity will not be technically possible to carry out.
Processing of personal data in payment processing PEPERMINT, as a condition for paying for products and services by credit or debit cards, asks the customer for information to activate the payment process. When paying through contracted providers of card processing and payment services (credit or debit), PEPERMINT’s contractual partners as Data Processors or Independent Data Controllers, your data will be shared.
Data processing during payment is necessary in order to perform all actions that precede the purchase or conclusion of a contract with the Data Controller. When we talk about the legal basis of data processing related to certain types of payments or legal entities that provide these services, payment data such as name, surname, code, amount, account number or other transaction codes are shared with the card company or bank or third party through which payment is made, all at the request of the data subject who independently chooses the method of payment.
PEPERMINT warns customers or visitors to take care of the information stated on the card so that this information would not be available to third parties and so that it would not be misused. So, to summarise all the above, we generally collect your personal information directly from you either to enter a contract with us, to perform an action at your request, when you hire us to perform certain services provided by us or our contractual partners or fill out a specific form or when you want to receive our newsletter. We do not use your personal information for marketing purposes unless you tell us you agree to that. If you would like us to send you details about our products, the organisation of our events, services, offers and promotions, please subscribe to it by giving us consent when subscribing to the newsletter. We treat your personal information as confidential information and they are properly protected by PEPERMINT and / or our trusted partners.
Typical categories of information we collect from users are the following: name, billing address, billing address, financial information including credit, debit card information, or other payment information you provide when filling out forms on websites or when communicating with us by phone or email. We collect your personal data for:
What privacy rights do you have?
Please note that you have the right to request the following from PEPERMINT at any time:
● to give you access to your personal data
You can ask PEPERMINT what personal information about you does it use, and you can ask for access to that personal information. You have the right to know the purpose of processing, which categories of your personal data we store, entities or categories of entities with which we share your personal data, the time period we retain your data, as well as the source of the data in case the data is indirectly collected.
You can contact us if you want a copy of some or all of the personal data about you that we store.
|● request the correction of incorrect data||
We want your personal information to be accurate and up to date. You can ask us to correct or remove information that you think is incorrect or outdated.
|● request deletion of your personal data||
You can ask PEPERMINT to stop processing or even the erasure of personal data we store about you. If we need your personal data to perform a contractual obligation to you PEPERMINT could cease to be able to perform such contractual obligations. Also, if your personal data is required in order to be able to meet certain legal obligations (e.g., tax obligations), your request may not be able to be fulfilled.
● restricting access to your personal data (us and/or third parties) in certain processes or in full
If you want to challenge the accuracy of the data, or we no longer need your personal data for the purpose of the processing, but you need it to establish, enforce or defend legal claims, or you have objected to data processing on the basis that the Data Controller considers legitimate, you have the right to ask for restriction of the processing of your personal data.
● file a complaint about the way we use your personal data
Remember that you have the right to object to the processing of personal data that is based on a legal basis that the Data Controller considers legitimate.
● request data transfer to another Data Controller (transferability of rights)
If the processing is based on your consent or if it is carried out by automatic means, you have the right to ask the Data Controller to transfer the data to another data controller.
To exercise any of the above rights, please use the contact information provided at the beginning of the Privacy Notice.
If you believe that your rights are not being respected, you have the right to file a complaint with the Personal Data Protection Agency.
We store the personal information we collect about you in a secure environment. Your personal information is protected from unauthorised access, disclosure, use, alteration, or destruction by any organisation or individual.
The processed data is stored in our premises and secure IT systems, but sometimes we store the data on the servers of our trusted service providers located in the EU.
Some data is still stored in paper form, but we tend to digitise all the personal data we process. The processed data is stored in the Data Processor’s premises and IT systems, but sometimes we store the data on the servers of our trusted service providers.
PEPERMINT will ensure that personal data is kept in a secure location (which includes reasonable administrative, technical, and physical protection to prevent unauthorised use, access, disclosure, copying or alteration of personal data), which can only be accessed by authorised persons. All authorised persons sign a statement of confidentiality.
The data collected for the purposes specified in this policy will be retained only for as long as is necessary to fulfil the stated purposes. Your personal information will not be stored in a form that allows you to be identified for longer than PEPERMINT reasonably deems necessary to accomplish the purpose for which it was collected or processed. PEPERMINT will keep certain personal data for a period of time prescribed by law or a regulation that obliges PEPERMINT to retain data (see “How long will PEPERMINT keep your personal data?”).
If you have given us consent (for example, you have subscribed to our newsletter, selected a certain category of cookies to use), we will process your personal data until the consent is withdrawn. If you make a well-founded objection to the processing of personal data based on a legitimate interest, we will not process your personal data in the future.
In addition to all the above, it is important to point out the following; if judicial, administrative, or extrajudicial proceedings are instituted, personal data may be retained until the end of such proceedings, including a possible period for declaring legal remedies.
Privacy protection is important to us, so we will never share your personal information with third parties except for the purposes described in this Policy. We will always inform you when sharing and transferring data.
PEPERMINT cooperates with other companies. This means that we sometimes share your personal information, using secure IT systems. When we do so, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.
In some cases, our partners providing services on behalf of or for PEPERMINT may process your data outside the European Union. However, the contracts we conclude with such entities oblige them to treat your data using special security measures in accordance with the regulations in force in the Member States of the European Union.
On 10 July 2023, the European Commission adopted a new adequacy decision under which personal data can be freely transferred from the European Union to companies in the US participating in the Data Privacy Framework.
The adequacy decision is based on Article 45 of the General Data Protection Regulation. The General Data Protection Regulation (GDPR) is a mechanism that ensures the secure and lawful transfer of data to third countries. Companies in the U.S. that wish to participate in the Data Protection Framework must undergo a self-certification process and enrol in the list of companies that have accessed the Data Privacy Framework.
Also, if our contract partner is based in the US, we will review existing contracts and check the security standards that our partner guarantees to ensure the protection of all our data subjects with the latest standards approved and suggested by the relevant institutions.
The purposes for which we share data with our trusted partners are, for example, marketing needs, maintenance of the https://hr.weekend.hr/ website, advertising, payment processing, delivery, and other services in and outside PEPERMINT. These service providers are obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with our guidelines and exclusively for the purpose we have strictly determined. We also oblige them to adequately protect your data and to consider it a business secret.
Once a year, we audit all our partners to make sure that the protection of your personal data is still at the required level and that it complies with applicable regulations.
PEPERMINT will not retain your personal data for longer than the period required to fulfil the purpose of their use, and for a maximum period of 3 years, except in exceptional cases where the law prescribes a longer retention period (for example, data related to unilaterally terminated contracts and complaints will be kept for 1 year, data related to exercising of your privacy rights will be kept permanently, data related to prize contests will be kept for 5 years, data on lecturers for 5 years).
You can find out more about data retention periods by contacting our data protection officer.
We may use your personal information in several different ways, mainly to meet our legal and other obligations toward you, but sometimes to improve your experience of using the website, and for security reasons.
The purposes for which we use your data are described in these rules, and if your data is processed for other purposes, you will be notified before such (new) processing is carried out.
PEPERMINT wants to send you information about our activities and news that you might be interested in. Please note that you may opt out of receiving them at any time by exercising your rights set forth in this Policy. To subscribe to the newsletter, PEPERMINT collects and processes: e-mail addresses.
The newsletter contains the so-called tracking pixels. A tracking pixel is a miniature graphic element embedded in an email that is sent in HTML format to allow saving and analysis via log files. This allows statistical analysis of the success of marketing campaigns. Through tracking pixels PEPERMINT can see when and if an email was opened by you as a data subject and which links you followed. Personal data collected through tracking pixels in the newsletter is stored and analysed by PEPERMINT as the Data Controller in order to optimise the process of sending the newsletter, as well as adjust the content of future newsletters to the interests of data subjects.
Video surveillance and photography
We are aware that you also come to the HR.WEEKEND location to take pictures, record and be seen. Due to your expectations, as well as promotional actions, all material will be used globally for promotional purposes of the HR.WEEKEND
Numerous television crews and photographers will be filming at the HR.WEEKEND location and we especially emphasise that drones will be present to record the entire event. At the entrance to the venue where the HR.WEEKEND is held, there will be a special notice about filming and taking of photos. By entering, you agree that you may be filmed and photographed. You also agree that all material from the HR.WEEKEND may be used globally for promotional purposes of the HR.WEEKEND
When taking photos and recording and using the drone to record lectures and/or short video clips or the atmosphere, data such as your physiognomy, movement, hair colour, eye colour are processed.. The video surveillance system is also used to protect property and for security. The legal basis of processing in relation to visitors is a legitimate interest, while in relation to our workers and hard-working students and volunteers is the fulfilment of obligations arising from regulations on occupational safety.
To maintain the website and ensure that its functionality is at the expected level PEPERMINT uses a technology known as “cookies”.
Cookies are small files that we send to your computer that can be accessed later. They can be temporary or permanent. Thanks to cookies, you can easily search our pages. Cookies show us what interests you and other visitors to our website, which helps us improve it.
Read more about cookies in the Cookies Policy.
Other websites that can be accessed through the website have their own statements of confidentiality and data collection and the ways in which they are used and disclosed.
PEPERMINT is not responsible for the ways and conditions of work of third parties.
PEPERMINT collects and processes personal information through user interactions on social networks such as Facebook, Instagram and LinkedIn. PEPERMINT or authorised persons appointed by PEPERMINT have access to messages and/or posts on the mentioned social networks, however personal data collected through them, especially those contained in messages, is not stored, and further processed by PEPERMINT except for the purposes specified in this Policy.
In case you have questions regarding the collection and processing of data by Facebook, LinkedIn and / or Instagram or you want to exercise any of your rights guaranteed by the General Data Protection Regulation, contact:
META PLATFORMS IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Contact of the Data Protection Officer:
If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory body of Facebook, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.
On the https://hr.weekend.hr/, PEPERMINT as the Data Controller has installed Facebook components. Facebook is a social network.
A social network is a place of social connection on the Internet, an online community that typically allows users to communicate with each other in a virtual space. A social network serves as a platform to share opinions and experiences, or to provide the Internet community with personal or business-related information. Facebook allows its users to create private profiles, upload images and connect through friend requests.
Facebook is owned by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the person using Facebook lives outside the United States or Canada, the Data Controller for processing is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland. Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA is a standalone Data Controller.
By opening https://hr.weekend.hr/ the data subject’s browser will display the corresponding Facebook component as a result of using the Facebook plugin. An overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/. During this technical procedure, Facebook is provided with information about a specific subpage visited by the data subject.
In case you are, as the data subject, logged in to Facebook, Facebook can additionally detect each of your visits to https://hr.weekend.hr/. This information is collected through the Facebook component and remitted to the data subject’s Facebook account. If the data subject clicks on any Facebook button integrated on the https://hr.weekend.hr/ website, e.g., the “Like” button, or if the data subject sends a comment, Facebook can transfer the information to the data subject’s personal Facebook account and thus save personal data.
Each time a data subject is logged in to Facebook and at the same time visits the https://hr.weekend.hr/ website, Facebook will receive information about it via the Facebook component. This will happen regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want to transfer this type of information, he/she can prevent the same by logging out of the Facebook account before accessing the https://hr.weekend.hr/ website.
META PLATFORMS Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Contact of the Data Protection Officer:
If you wish to raise a concern about Instagram use of your information (and without prejudice to any other rights you may have), you have the right to do so with your local supervisory authority or Instagram International Company’s lead supervisory authority, the Irish Data Protection Commission or the Personal Data Protection Agency of the Republic of Croatia.
LINKEDIN IRELAND UNLIMITED COMPANY
Contact of the Data Protection Officer:
If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority for LinkedIn Ireland, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.
This Policy shall enter into force upon publication on the website.