We are committed to safeguarding the privacy of the Commondo website.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors. In other words, where we determine the purposes and means of the processing of that personal data.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
2. Collecting personal information
We may collect, store and use the following kinds of personal information:
- information that you provide to us when using our online contact forms or when subscribing to our email notifications and/or newsletters (including your name and email address)
- information that you provide when completing your profile and submit your personal data on our website (including your name, profile pictures, employment details);
- information that you provide to us when registering with our website or using our web sites: information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths)
- information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication) and
- any other personal information that you choose to send to us.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy
3. Using your personal data
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.
We may use your personal information to:
- enable your use of the services available on our website
- personalize our website for you
- send you email notifications that you have specifically requested, newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter)
- send you marketing communications relating to our business or the businesses of selected third parties
- send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you, by post, email or similar technology (you can inform us at any time if you no longer require marketing communications)
- send you non-marketing commercial communications
- administrate our websites and keep our it secure
- provide third parties services with statistical information about our users (but those third parties will not be able to identify any individual user from that information)
- deal with enquiries and complaints made by or about you relating to our website
- verify compliance with the terms and conditions governing the use of our website
If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.
Your privacy settings where in use can be used to limit the publication of your information on our website and can be adjusted using privacy controls on the website.
We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
4. Providing your personal data to others
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
- to the extent that we are required to do so by law
- in connection with any ongoing or prospective legal proceedings
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this policy, we will not provide your personal information to third parties.
Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
5. International transfers of your personal data
In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA) in which we operate in order to enable us to use the information in accordance with this policy.
Information that we collect may be transferred to the following countries which do not have data protection laws equivalent to those in force in the European Economic Area: the United States of America, Russia, Turkey, UAE, KSA, Japan, China and India.
The hosting facilities for our website are situated in the European Economic Area (EEA).
Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
You expressly agree to the transfers of personal information described in this section 5.
6. Retaining and deleting personal data
This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Security of personal information
We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
8. Your rights
In this Section 8, we have listed the rights that you have under data protection law. Your principal rights under data protection law are:
- the right to access - you can ask for copies of your personal data
- the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data
- the right to erasure - you can ask us to erase your personal data
- the right to restrict processing - you can ask use to restrict the processing of your personal data
- the right to object to processing - you can object to the processing of your personal data
- the right to data portability - you can ask that we transfer your personal data to another organization or to you
- the right to complain to a supervisory authority - you can complain about our processing of your personal data and
- the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. You may exercise any of your rights in relation to your personal data by written notice to us providing evidence of your identity. We may withhold personal information that you request to the extent permitted by law.
9. About cookies
Our website uses both session and persistent cookies on our website.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.
Most browsers allow you to refuse to accept cookies, block or delete cookies. Blocking all cookies might have a negative impact upon the usability of many websites. Deleting cookies might have a negative impact on the usability of many websites.
10. Amendments and updates
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
You should provide updates of your personal data that we hold if that needs to be corrected or updated.
11. Our details
This website is owned and operated by Commondo LLC. We are registered in Croatia under registration number MBS 080863450 at Commercial Court Zagreb, and our registered office is at Rudeška cesta 173, HR-10000 Zagreb, Croatia. You can contact us: by post, using the postal address given above; using our website contact forms; by telephone, on the contact number published on our website; or by email
Guidance for the creation of this document was provided by SEQ Legal (http://www.seqlegal.com)
GDPR rights and Subject Access Request (SAR)
The legal right to access information about yourself is covered by the General Data Protection Regulations (GDPR). GDPR protects the personal data that is processed for activities and transactions that occur within the European Union (EU).
The GDPR gives individuals the right to request and in most cases to be given, a copy of the information which Commondo holds about them. This is called a subject access request - SAR.
Please note that the Regulations only entitles an individual to see, or be given a copy of, their own information. You are not entitled to see someone else’s information unless they have given their permission for you to do so. Likewise, someone else cannot ask for your information unless you have given permission for them to do so. This applies to spouses, relatives, friends etc.
If you want to see, or be given, a copy of information that Commondo holds about you, you will need to make your request using our SAR request form. Your request must include enough information about yourself and the information that you are seeking to enable Commondo to identify you and your information, and you must provide proof of identity.
To submit a request, please complete and return our subject access request form. You can put in a request:
- by downloading, completing, printing and sending us a paper version of the subject access request form OR
- by sending us an electronic copy of the completed form by email: firstname.lastname@example.org