We treat the data about our buyers responsibly, and we process and protect them in accordance with the standards established by the Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal data of the buyers collected via the webshop are processes exclusively for the purpose of concluding and fulfilling mutual agreements i.e. services. By using appropriate technical and organizational measures, we protect the personal data of the buyers and keep them in accordance with applicable laws in the Republic of Croatia.
On the expiry of the time limits prescribed by law, we delete personal data of our buyers and anonymize them or usage for statistical purposes.
Via our Website – lacroa.hr – we collect only these personal data which are necessary for concluding and realizing mutual agreement i.e. our obligations.
Personal data processing for marketing purposes
Personal data processing for marketing purposes is based on your voluntary and informed consent that can be revoked at any moment, at which revoking your consent does not influence the legality of processing prior to such revoking.
When we send you marketing messages, you will always have the opportunity to update your personal data, as well as the opportunity to change the manner of use or delete your personal data that we use for marketing purposes.
Principles of personal data protection
We approach all personal data with confidentiality, taking into consideration an appropriate level of safety and protection.
Before introducing new technologies that may be used for personal data processing, we conduct a thorough analysis and adjustment of technological and organisational measures in order to ensure the application of the highest standards of personal data protection.
During personal data processing we bear in mind the obligation of professional non-disclosure in the manner regulated by the European Union and the Republic of Croatia. All the data about the users are closely kept and are available only to the employees who need these data to perform their work duties. All our employees and business partners responsibly and without exception respect these principles of personal data protection.
Your data will never be revealed to the third parties without your explicit request and a clear, unambiguous and precise consent or when it is necessary in order to deliver the contracted service.
Exceptionally, we can reveal your personal data to the competent authorities, state and public bodies if that is necessary to fulfil legal obligations, to protect your life interests or life interests of other natural persons. Equally, at the request of the court or other authorised state body, and for the purposes of the judicial proceedings (regardless of the phase the proceeding is in) or other proceeding by the competent bodies, we may reveal your personal data in the scope and to the extent of such a warrant.
Payment by credit cards
The entry and transfer of personal data and data about the credit card number is protected by the highest security standards which are ensured by WSPay system for online authorisation of credit cards which is, in accordance with the demands of credit card institutions and credit card brands, as well as PCI DSS standard, protected by the SSL protocol of 256-bit encryption ensured by WspayTM system for online authorisation of credit cards. The authorisation and charge of credit cards is performed by using WSPay for the authorisation and charge in real time.
We do not record the number of your credit card, nor do we keep record of any transaction data. For charging via credit cards, lacroa.hr uses the services of the third party, i.e. authorised banking institution which protects your data through encryption.
Website lacroa.hr collects and records the data about IP addresses (Internet Protocol Address) of the users and on the location of the PCs for the needs of system administration, addressing malfunctions, confirming download of contents or advancing technical aspects of the internet service. Furthermore, it records the data about the usage of the Website lacroa.hr, such as e.g. common files about visits to certain sites and/or contents.
Such data do not represent personal data and cannot be directly or indirectly connected with a particular natural person, and are used solely for the purpose of advancing our service and adjusting and individualising the Website in accordance with the wishes and needs of individual users.
LA-CHRIS Ltd. respects the privacy of the users of lacroa.hr online store, and it processes all collected data exclusively to serve the purpose and intention they were given for, and in accordance with the General provisions and principles of data confidentiality.
LA-CHRIS Ltd. collects, processes and publishes the data about the manner and type of the usage of lacroa.hr website without connecting or revealing the user’s identity, i.e. their personal data.
In order to ensure the accuracy and updating of personal data, they will be kept or stored in as little as possible locations (i.e. only on the locations where it is necessary), so that we will enable the data subjects whose personal data is being processed to update their personal data in a simple and accessible manner, using good practice examples.
If it is established during data processing that certain personal data are inaccurate or not up to date, and they cannot be updated or such an update would result in disproportionate efforts or costs, such data shall be deleted.
Exercise of rights by data subjects
Exercise of rights by data subjects is of particular importance to us and therefore we approach each request for the exercise of such rights with utmost seriousness, guided by the General Data Protection Regulation.
A data subject has the right to receive a confirmation whether their personal data is being processed or not. If their personal data are being processed, the data subject can request an access to their personal data, the purpose of data processing, category of personal data concerned and potential recipients that the personal data were revealed to (or will be revealed to on the ground of valid legal basis).
A data subject has the right to request the correction or deletion of their personal data, i.e. restriction of personal data processing, as well as transferability of the data.
Exercise of rights by the data subjects cannot influence their right to address the Personal Data Protection Agency, or another supervisory body.
A request for the exercise of rights is submitted via e-mail address: firstname.lastname@example.org
Thus submitted request will be answered as soon as possible, and by latest within thirty (30) days. Appropriate steps will be taken to unambiguously determine the identity of the applicant before providing any information pertaining personal data.
We take security very seriously, particularly when it relates to unauthorised disclosure of personal data.
You may also request your personal data to be deleted without unnecessary delay if the personal data are no longer needed for the purposes they were collected for, or if they have to be deleted in order to comply with the regulations of the European Union or the Republic of Croatia.
In case of a personal data breach, particularly an unauthorised intrusion into the IT system, we will inform the Personal Data Protection Agency about such a breach within 72 hours.
If the personal data breach can cause a high risk for the rights and freedoms of an individual, we will inform without delay all data subjects whose personal data were breached.
If you consider that we do not treat your personal data appropriately or if you are under the impression that the processing of your personal data does not comply with the General Data Protection regulation, you have the right to address the Personal Data Protection Agency.