Privacy Policy

Rules on the processing and protection of personal data

Data Controller:

DEGI JANKOMIR d.o.o., Zagreb, Velimira Škorpika 34, OIB: 56878641149 (further in the text: SES) Contact details of the Data Controller: [email protected].

Personal data is any data that identifies you. This includes data such as your name and surname, OIB (tax identification number), etc., but also any data that can lead to your identification (address, e-mail address, etc.)

     1. General Provisions

1.1 In these Personal Data Processing and Protection Rules (hereinafter: Rules), we, as the data controller pursuant to art. 4(7) GDPR, describe what data we collect from Users when they visit our website and for what purpose we process that data.

1.2 These Rules inform the User about the type, scope, and purpose of our processing of personal data in connection with our website and the related web pages, functionalities, and content. These Rules apply regardless of the domains, systems, platforms, and devices on which the website is accessed. Regarding the terms used, such as “personal data”, we use the definitions from art. 4 of the General Data Protection Regulation (GDPR).

1.3 Please use the above contact information if you have any concerns regarding our processing of your personal data or if you wish to exercise your rights (see section 5.7.).

     2. Data Processing Related to Website Provision and Creation of Log Files

2.1 Description and Scope of Data Processing

2.1.1 Whenever our website is accessed, our system automatically collects data and information from the accessing computer’s system.

2.1.2 The following data is collected:

• User’s shortened IP address
• Names of accessed pages
• Date and time of access
• Browser type and version information
• User’s operating system
• Browser window’s internal resolution
• Click behavior on the website
• Java settings, Javascript activation, screen resolution, color depth
• Request (requested file name)
• Amount of data transferred
• Referrer URL (web pages from which the system accesses our site)
• Form content

2.1.3 This data is also stored in our system’s log files.

2.2 Purpose

2.2.1 This data is used exclusively to ensure the smooth operation and content improvement of our website. Temporary storage of your IP address is necessary to allow the website to be delivered to the User’s device. The IP address must remain stored for the duration of the session. Storage in log files serves to ensure the functionality of our website, optimize it, and guarantee the security of our IT systems. We also have a legitimate interest in data processing according to art. 6(1)(f) GDPR.

2.3 Legal Basis

2.3.1 The legal basis for the temporary storage of data and log files is art. 6(1)(f) GDPR.

2.4 Storage Period

2.4.1 Data is deleted or anonymized at the end of the relevant session.

2.4.2 If stored in log files, the data will be deleted after 3 days. After this period, data will not be stored in a form that allows identification of the data subject.

2.5. We sometimes use service providers (data processors) for data processing. We use the following processor:

• SPAR Business Services GmbH, Europastraße 3, 5015 Salzburg

      3. Cookies

Click here for information on cookies.

     4. Matomo

Click here for information on Matomo.

     5. Newsletter

5.1 Purpose

5.2 The email address you provide will be processed by the Data Controller for the purpose of sending the subscribed newsletters.

5.3 We process all information you voluntarily provide to deliver targeted content.

Required data:

• Personal email address – necessary to send the newsletter.

Voluntary data:

• Your name and surname
• Date of birth
• Newsletter segmentation by region (e.g., ZIP code for local store openings)

5.4 Additionally, we determine the optimal time for sending and measure newsletter success by tracking newsletter opens (yes/no) (“opening rate”), clicked articles (“click behavior”), and technical deliverability (“bounces”, e.g., due to invalid email addresses). This data is generated by the system.

5.5 Legal Basis

5.6 Processing of your email address is based on your consent pursuant to art. 6(1)(a) GDPR.

5.7 You have the right to withdraw your consent at any time, free of charge. Your withdrawal does not affect the lawfulness of processing based on consent before the withdrawal. To withdraw consent, click the unsubscribe link in the newsletter or contact the Data Controller (see contact info below).

5.8 Processing of voluntarily provided data and newsletter performance data is based on the legitimate interests of the Data Controller (marketing purposes) under art. 6(1)(f) GDPR.

5.9 Upon unsubscribing, your consent record is stored for documentation purposes. This is based on the legitimate interests of the Data Controller.

5.10 You provide your data voluntarily, with no legal or contractual obligations. However, providing your email address is required to receive the newsletter. Not providing it means we cannot send the newsletter. Not providing optional data means you may not receive targeted content, but you’ll still receive the general newsletter.

5.11 Storage/Deletion

5.12 Your unsubscription is automatically recorded in the newsletter database. This notice means that you will no longer receive newsletters from the moment you unsubscribe. The final deletion of your data will take place within one month of the date of your unsubscribe, provided that legal retention obligations do not prevent deletion and that we do not need the data in individual cases for the defense or exercise of legal claims.

Your newsletter consent is stored for 12 months after unsubscription.

     6. Contests

6.1 Purpose

6.1.1 The personal data provided by participants to participate in prize games/ contests conducted by the Data Controller, such as name and surname, email address, address and competition entry (e.g. selected answer option, uploaded photos, texts) are processed for the purpose of processing the contest (drawing/selection and notification of winners).

6.1.2 The data submitted by the winners, such as name and surname, email address, competition entry (e.g. selected answer option, uploaded photos, texts), address as well as the prize, proof of prize delivery and correspondence will be processed by the Data Controller for the purpose of processing the prize competition (drawing/selection and notification of winners, sending prizes) as well as for documentation and evidence purposes.

6.1.3 If you have given us consent to publish your name and prize in the event of a win, we will also process your name and prize for the purpose of publishing the winner on our website (king-cross.hr).

6.2 Legal Basis

6.2.1 The processing of data of participants and winners is necessary for participation in the prize competition, notification of winners and sending of prizes (art. 6(1)(b) GDPR). Failure to provide the above data means that you will not be able to participate in the prize competition.

6.2.2 The announcement of the winner is based on your consent, if you have it, in accordance with art. 6(1)(a) of the GDPR. You have the right to withdraw your consent at any time without compensation (see legal remedy and contact details below).

6.2.3 After the competition ends, the Data Controller will store the data of the winners (including any consent to the publication of the winner) on the basis of legitimate interests (art. 6(1)(f) GDPR). The legitimate interests consist of the necessary documentation for evidentiary purposes.

• Storage/Deletion

6.3.1. The data of all participants will be deleted three months after the end of the participation, unless legal retention obligations prevent deletion and we do not require the data in individual cases for the defense or exercise of legal claims. The data of the winners will be deleted three years after the prize is delivered, provided that there are no legal retention obligations that prevent deletion and we do not require the data in individual cases for the defense or exercise of legal claims. All data processed for the purpose of announcing the winners will be deleted from the website and from our systems three months after the announcement.

6.4 Data Processors

6.4.1 During the processing of the prize game, the Dana Controller may use the cooperation partners of the prize game (e.g. for direct delivery of prizes) as processors.

     7. Video Surveillance

7.1 Purpose

7.1.1 Our shopping center is under video surveillance. Footage (location, date, time) is used solely to prevent and respond to criminal activity, protecting people (especially employees and customers) and property In the event of an incident, we process – to the extent that it is visible from the recordings – further personal data about the identity/role of the person concerned.

7.1.2 By entering our shopping center, you voluntarily accept video surveillance.

7.1.3 Footage is not used for automated decision-making or profiling.

7.2 Legal Basis

7.2.1 Video surveillance (= processing of your data) is carried out on the basis of our legitimate interests in accordance with art. 6(1)(f) GDPR. Our legitimate interests are the protection of our assets and the protection of employees and customers from criminal acts.

7.3 Recipients

7.3.1 From a technical point of view, we use SPAR Business Services GmbH and security companies (G4S Security Systems GmbH, Siemens AG Österreich, Tyco Integrated Fire & Security Austria Gmbh) as processors.

7.3.2 In the event of an incident, footage is shared with authorities, courts, or insurers.

7.3.3 Footage is not transferred to third countries.

7.4 Storage/Deletion

7.4.1 Video recordings will be stored for up to 30 days, unless longer storage is necessary in individual cases for the defense or enforcement of legal claims.

     8. Rights of users/data subjects under REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation or GDPR)

8.1 Right to Information – Access to personal data

According to art. 15 of the General Data Protection Regulation, you have the right to obtain from the Dana Controller confirmation as to whether personal data concerning you are being processed, and if such personal data are being processed, you have the right to obtain access to such personal data as well as the following information: the purpose of the processing, the types/categories of personal data processed, including access to your personal data, the recipients or categories of recipients, and the intended period for which the personal data will be stored. To exercise your right, please send your request in writing to the address of the Controller of Personal Data Processing or electronically to the e-mail address: [email protected].

8.2 Right to Rectification and Erasure

8.2.1. According to art. 16 of the General Data Protection Regulation, you have the right to request the correction or completion of your personal data if your data is not accurate, complete and up-to-date. To do this, please send your request in writing to the address of the Data Controller or electronically to the e-mail address: [email protected].

8.2.2. According to art. 17 of the General Data Protection Regulation, you have the right to request the deletion of your personal data, if the conditions for such deletion are met, in writing to the address of the Data Controller or electronically to the e-mail address: [email protected].

8.3 Right to Withdraw Consent

8.3.1 If the Controller stores and processes your personal data on the basis of your consent, you have the right to withdraw your consent at any time pursuant to art. 7, Paragraph 3 of the General Data Protection Regulation. However, this does not affect the lawfulness of the processing carried out up to the moment of your withdrawal of consent. The withdrawal of consent has the consequence that the Controller may no longer process the data in question for the purposes specified in the declaration of consent from the date of receipt of the notification of the withdrawal of consent. To do this, please send your request in writing to the address of the Controller of Personal Data Processing or electronically to the e-mail address: [email protected].

8.4 Right to Restrict Processing

8.4.1 Pursuant to Article 18 of the General Data Protection Regulation, data subjects also have the right to request the Controller to restrict processing if (i) they contest the accuracy of the data concerning them, for a period of time sufficient to enable the Controller to verify their accuracy, (ii) the processing is unlawful and the data subjects oppose the erasure of the personal data and instead request the restriction of their use, (iii) the Controller no longer needs the personal data for the purposes of the processing, but the data subjects require them for the establishment, exercise or defence of legal claims, or (iv) the data subjects have lodged an objection to the processing pursuant to Article 21(1) pending confirmation as to whether the legitimate grounds of the controller override those of the data subject. To do so, please send your request in writing to the address of the Controller of Personal Data or electronically to the e-mail address: [email protected].

8.5 Right to Object

8.5.1 Furthermore, pursuant to Article 21 of the General Data Protection Regulation, data subjects have the right to object to the processing of personal data concerning them. In the event of such an objection, the Controller shall no longer process the personal data unless the Controller (i) demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or (ii) for the establishment, exercise or defence of legal claims. To do so, please send your request in writing to the address of the Controller or electronically to the e-mail address: [email protected].

8.6 Right to Data Portability

8.6.1 You have the right to receive your personal data, which you have previously provided to the controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, if the processing is carried out by automated means and is based on consent or a contract. To do this, send your request in writing to the address of the Controller of Personal Data Processing or electronically to the e-mail address: [email protected].

8.7 The right to address the supervisory authority of the Republic of Croatia

8.7.1 To exercise all of the rights listed here, please contact the Data Controller in writing as specified for each individual right. Of course, the Data Controller is also available at any time for other inquiries related to the use and security of your data. If you believe that the Data Controller is using your data in an unauthorized manner, you can also file a complaint with the Data Protection Agency (AZOP), which is possible under Article 77 of the General Data Protection Regulation.

     9. Technical security measures regarding the protection of personal data

9.1. We take organizational, contractual and technical security measures in accordance with the latest developments to ensure compliance with the regulations and rules of data protection legislation and thus protect data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. For security reasons and to protect the transmission, this website uses SSL encryption. Users can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://”. The personal data provided by the User will be processed on the server of SPAR Business Services GmbH, Europastrasse 3, 5015 Salzburg.

     10. Contact

10.1 You can contact us using the following contact details:

Shopping Center KING CROSS JANKOMIR

Velimira Škorpika 34

10010 Zagreb

Croatia

Phone: +385 1 3499 228

Fax.: +385 1 3475 180

E-mail: [email protected]

Last updated on 01.03.2023. 

Content of this regulations is available in the Croatian version on Zaštita privatnosti with the Croatian version being the authoritative one for interpretation in the event of any discrepancy.