EFFECTIVE MARCH 15, 2022
How we collect, use, and share your personal information.
About data protection
We are dedicated to keeping your personal information confidential. We do not sell, rent, or lease your data to third parties, we will not provide your personal information to any third party, individual, government agency, or company without legal ground.
We will handle your personal data respecting basic GDPR principles. We do not collect more personal data than necessary and we process it in a lawful, fair, and transparent manner. We’ve implemented appropriate security measures to make sure personal data isn’t accessed by hackers or accidentally leaked as part of a data breach. We keep data in a form that permits identification for no longer than is necessary for the specific purpose while the specific purpose is being explicitly described and justified. If certain data ceases to be accurate, they will be removed or rectified.
Infinum subsidiaries and affiliates are based in the EU, USA, UK, Montenegro and North Macedonia (in further text: Infinum entity, Infinum) and contact details of each Infinum entity are available at our Legal page.
Infinum designated a single data protection officer who is involved, properly and in a timely manner, in all issues which relate to the protection of personal data and is available at antispam email@example.com antispam .
Infinum determined, in a transparent manner, the responsibilities of roles of each Infinum entity vis-à-vis your personal data and the essence of the arrangement for each specific situation will be made available to you on request at antispam firstname.lastname@example.org antispam . However, irrespective of the terms of our internal arrangements you may exercise your rights contacting Infinum d.o.o. Croatia or contacting any other Infinum entity of your choice.
Collecting, using, storing and sharing of your personal data
Generally, we might process your personal data based on 4 legal grounds:
1) Consent (e.g., when you agree that we contact you if employment opportunity occurs);
2) Contractual relationship (e.g., processing your personal data is necessary for us to complete our contractual obligations);
3) Legal obligation (e.g., keeping financial records in accordance with tax and accounting legislation or when we receive a legitimate request for information from the competent authority);
4) Legitimate interest (e.g., contacting our clients for possible follow-up projects and offers).
Please note that we do not keep your data longer than necessary; all periods are specified in each particular category.
We use your personal information for the following purposes:
Handling inquiries and managing client relationships
We will keep your data for the period necessary to resolve your inquiry, for the duration of our (pre) contractual relationship, for the period we are legally obliged to keep data about our business partners or other business-related contacts, but we may also keep your contact data to contact you for possible follow-up projects and offers or ask for your feedback, on the basis of our legitimate interest.
Promoting and marketing our services
When you enter your email address in the form to receive our newsletter, or you give your consent that we can deliver you specific content regarding the topic you are interested in, your email address will be used only for that specific purpose. You can unsubscribe via the link at the bottom of each newsletter or by sending us an e-mail at antispam email@example.com antispam . Such activities are provided based on your explicit consent, and you can opt-out freely, without impact on previous processing, at any time using the option at the bottom of every material delivered.
We provide books, whitepapers, and other downloadable content on our website. Before downloading such content, you will be asked to provide your personal information. We will use your e-mail address to send requested resources and to solicit feedback. We may use your e-mail based on a legitimate interest to contact you for similar content and for the purposes of direct marketing based on our legitimate interest.
We may use your data for promotion and marketing of our services for the period we’ve got your consent to do so and for the purposes of direct marketing and purposes based on our legitimate interest until you request us to remove you from our mailing list and for an additional 5 years so that any potential disputes or issues may be resolved in this period.
Improving our services by conducting survey and gathering insights
We may contact you to provide feedback about your experience with our website, products and/or services in the form of online surveys to improve the quality of our services and to monitor the quality of our services, all based on our legitimate interest. We also may analyze your activity and interactions within our website to improve your user experience or to improve our services.
When you submit your personal data into web forms for the purposes of employment, they’re going to be used solely for the job you’re currently applying for, or the first position we think might fit your profile in case you’re applying for an unspecified position. We keep your data only during the job contest. You can also choose that we keep your data for five years after closing the contest you’re applying for. If a career opportunity that matches your profile opens during that time period, we’ll inform you. You can change this whenever by sending us an e-mail to antispam firstname.lastname@example.org antispam .
Infinum can organize recruitment-related events, in which situations we’re obtaining certain information such as your first name, last name, e-mail, phone, education, and CV to assess your suitability for participation in such an event. We will use your information for the duration of the event, except your contact information that we may use based on our legitimate interest to contact you for future similar events. However, we will ask you directly if you would like us to keep your data in case of future job opportunities, but for no longer than five years.
Based on legitimate interest or your specific consent we may contact you to inform you about various events and ask for your feedback. For that purpose, we need your first name, last name, e-mail address and we will process that data for the period of duration of our legitimate interest, or for the period we’ve got your consent to do so.
Processing base on legitimate interests
When you contact us for new business, employment, sponsorship, Infinum or a third party may have legitimate interests to process your personal information in a fair and balanced way that doesn’t impact your rights in an unnecessary manner. This ground may apply in a wide range of circumstances, e.g., sharing personal data with our external advisors, agencies, contractors, auditors, and affiliates for the purposes of enforcement of legal claims, direct marketing, fundraising, prevention of fraud, research and development, HR matters, accounting, network, and information security, internal administrative purposes, etc.
You have the right to object to the processing based on legitimate interest when the data is used for marketing purposes by contacting us at antispam email@example.com antispam .
Where we store your data and who do we share information with
Internally, your personal data is disclosed to our employees and associates only on a need-to-know basis. Respecting the same rule, we will share your personal data with other Infinum entities seated in the EU, USA, UK, Montenegro, and North Macedonia, based on legitimate interest for wide business-related reasons, such as research and development, HR matters, accounting, network, and information security, internal administrative purposes, prevention of fraud, etc.
In order to provide our services on the highest level, we cooperate with carefully selected companies and use their tools and services for managing client relations, billing, payments, administration, communication, business planning, HR and recruitment, sending emails on our behalf, customized advertising on our website, hosting, operation, optimization, and maintenance of our website, performing marketing activities, market research, organizing events, etc. Companies we cooperate with are seated within the EU, USA, UK and Canada. You may request a full list of the parties to whom we disclose your data by contacting us at antispam firstname.lastname@example.org antispam .
We may be legally obliged to disclose your personal data within the legal process, or court order from governmental authorities, for the purposes of law enforcement, national security, anti-terrorism, or other issues that are related to public security.
Certain organizational and corporate issues such as merger, transfer, acquisition, sale, or bankruptcy may occur and your personal data may be shared with third parties such as advisors, competent authorities, companies participating in such events, etc.
Data transfers to third countries
We pay a lot of attention to localizing most of our data processing within EU territory, as in respect of the dominant role of the EU-based Infinum entity regarding data processing operations, but also in respect to the choice of entities we collaborate with.
However, some of our third-party tools are provided by service providers based outside the EU or EU-based companies that share data with their affiliates seated outside of the EU. According to GDPR, a transfer of personal data to a third country or an international organization may take place where that third country, or the international organization in question, ensures an adequate level of protection. Also, there are countries that are still not covered with adequacy decisions. In such cases, according to GDPR, we transfer your data providing appropriate additional safeguards.
Upon request, you can obtain information about data transfers performed to the USA or any other third country not covered by adequacy decisions. We’ve thoroughly considered all elements of such relationships, concluded written contracts based on standard contractual clauses prescribed by the European Commission but also took care that our partners implement appropriate supplementary measures, safeguards, and policies.
For more information, please contact us at antispam email@example.com antispam .
1. Right of access (GDPR Article 15) – you have a right to ask us if and which of your personal are being processed, where, why, for how long and who are they shared with;
2. Right to rectification (GDPR Article 16) – you have a right to correct and supplement incomplete personal data;
3. Right to erasure or right to be forgotten with additional stipulations, among others if personal data has been made public (GDPR Article 17) – you can ask us to delete your personal data if they are no longer necessary in relation to the purpose of the processing, in case you have withdrawn your consent to the processing, etc.
4. Right to restriction of processing (GDPR Article 18) – in certain situations you have the right to request that the processing be limited with the exception of storage and some other types of processing;
6. Right to data portability (GDPR Article 20 – means you have the right to receive your personal data previously provided to the us in a structured form and in a commonly used and machine-readable format and transmit it to another controller if the processing is carried out by automated means and is based on the consent or contract;
7. Right to object (GDPR Article 21) – in certain circumstances, depending on the purposes for processing and legal basis for processing, you can object to the processing of your personal data. E.g., if you don’t agree with processing for the purposes of direct marketing based on our legitimate interest, let us know.
8. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you (GDPR Article 22) – (this is just a legal possibility – we won’t be deciding on your rights based on automated processing)
If data was collected based on your consent, you can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
For more information and for executing your rights, please contact Infinum’s data protection officer at antispam firstname.lastname@example.org antispam .
We are holders of the certificate ISO / IEC 27001 so you can rely on that all of our processes, protocols, systems, transfers, databases, etc. are tested, secure, and verified. In short, this means that in order to protect data privacy, we implement physical, technical, and administrative measures such as:
– regular updating and testing our systems and security technology;
– implementing technology of highest security standards;
– ensuring that our partners are GDPR compliant;
– providing access to personal data only to authorized employees using multiple level password systems;
– training employees about GDPR and taking appropriate disciplinary measures to enforce employees’ privacy responsibilities.
Supervisory body and dispute resolution