To enter this website, you must be of legal age to consume and purchase alcoholic beverages

Please confirm that you are above legal drinking age in your country

No
Badel 1862 dd wines, alcoholic and non-alcoholic beverages, Ulica grada Gospića 7, Zagreb, Croatia
Skip to main content

Personal Data Protection Policy

The latest version of this Policy is applicable.
Date: 14 February 2025

BADEL 1862 d.d., a company with a registered office in Zagreb (hereinafter referred to as “Controller“, “BADEL 1862“, or “we“), places great emphasis on the protection of personal data, respects the privacy of employees, visitors, business partners, and all other natural persons whose data it processes, and undertakes to keep all personal data as confidential information. BADEL 1862 processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the General Data Protection Regulation), the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/2018), and other relevant regulations applicable in the Republic of Croatia.

With this Personal Data Protection Policy (hereinafter referred to as the “Policy”), BADEL 1862 aims to provide all individuals with clear information about the processing and protection of personal data, as well as enable them to easily monitor and manage their personal data and consents..

The company responsible for data processing in accordance with data protection regulations is:

BADEL 1862 d.d.
Ulica grada Gospića 7
10 000 Zagreb
E-Mail address: pravni.poslovi@badel1862.hr

If you have any questions or suggestions regarding the protection of personal data, please feel free to contact us.

You can contact our data protection officer as follows:

E-Mail address: osobni.podaci@badel1862.hr

1. DEFINITIONS

For better understanding, below are the definitions of relevant terms used in this Policy:

Personal data means any information relating to an identified or identifiable natural person (the so-called data subject), where an identifiable natural person is a person who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, etc. Your personal data includes any information relating to you. This includes data such as your name, residence address, email address, or phone number, as well as other information about you that we process during your employment.

Data subject means an identifiable natural person that is, a person who can be identified directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Special category of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic and biometric data processed for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person’s sex life or sexual orientation.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, using either automated or non-automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller means a natural or legal person, public authority, agency or other body to which the personal data are disclosed, regardless of whether it is a third party. For the purposes of this Policy, the controller is BADEL 1862 d.d.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

Lawfulness, fairness and transparency
When processing personal data, we act in accordance with legal regulations and within the limits they lay down, providing all information in a clear and easily accessible manner while applying all measures for the protection of personal data.

Limitation of purpose of processing
We collect and process personal data only for a specific and lawful purpose and do not further process them in a manner that is incompatible with the purpose for which they were collected.

Data minimisation
We always use only personal data of data subjects that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Data accuracy
The personal data we process must be accurate, complete, and up to date. It is important that the data subject informs us of any changes to their personal data immediately or as soon as possible.

Storage period limitation
We store and process personal data only for as long as necessary to fulfil the specific purpose, unless applicable regulations require a longer or shorter storage period for a specific purpose or in other cases explicitly specified by law. After that, the data are permanently deleted.

Integrity and confidentiality
We process personal data in a secure manner, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical and organizational security measures.

3. DATA WE COLLECT, PURPOSE OF COLLECTION, LEGAL BASIS, AND STORAGE PERIOD

Data you provide to us for employment purposes

When you apply for a job, we collect the following personal data:

  • your full name, contact details (email address and phone number), as well as your place of residence, along with information about your education, previous work experience, and any other details you choose to share with us in your resume or application when expressing interest in joining our team.
  • If you are invited to an interview and undergo our selection process, we may collect additional information obtained during the interview, the results of any evaluation tests conducted, and notes from our colleagues who interviewed you.

When you provide your personal data for the purpose of employment, we will use these data exclusively for the specific position you are currently applying for. Your data will be kept throughout the entire job application process, after which the data will be deleted. Alternatively, you have the option to give us your consent to retain your data for one year after the completion of the respective job posting. In this case, if a position matching your profile and qualifications becomes available during this period, we will contact you.

Data you provide to us for the purpose of resolving an individual inquiry

Through communication channels listed under the category “Contact”, for the purpose of resolving a specific inquiry, you may provide us with certain personal data such as your name and surname, contact details (email address and phone number), as well as data contained in the specific inquiry.

We process your data to respond to the inquiry you submitted, based on your explicit consent or, where applicable, legitimate interest.

We retain your data as long as we have your consent, if we process them based on consent, or as long as there is a legitimate interest for such processing, if we process them based on legitimate interest.

Podaci koje automatski prikupljamo kada posjetite našu internetsku stranicu

Furthermore, when you visit our website, we automatically collect certain information, such as your IP address, user settings, cookie identifiers, and other unique identifiers, as well as details about your browser or device. For more information on how we collect data through cookies, please visit our Cookie Policy.

Data we collect when you visit our offices and premises

When you visit one of our offices or other premises of the Controller, we may ask you to provide certain information such as your full name, type of personal document, number of document, country of issuance, and vehicle registration number.

If you visit one of our offices, we may collect video footage in which you are visible, as some of the entrances and premises of the Controller are under video surveillance.

We collect and use your personal data to manage the control of access to our offices and premises and to ensure the safety of our employees, visitors, and property.

Most of data you voluntarily provide to us as a visitor is processed based on your consent, while the processing of data collected through video surveillance, as well as the processing of data related to access control, is carried out based on our legitimate interest in protecting property and individuals.

Personal data collected for the above-mentioned purposes will be deleted once they are no longer needed for those purposes. Video surveillance recordings are stored for a maximum of 6 months.

4. CONSENT

For purposes where your consent is required, it is considered that you have given your consent for the processing of personal data if you voluntarily and unambiguously provide your consent for the processing of personal data. Consent is given in the form of a statement or a clear affirmative action.

You can withdraw your consent at any time, and in such case, we will stop processing the data we process based on such consent. However, the withdrawal of consent does not affect the lawfulness of processing prior to its withdrawal. You can withdraw your consent by contacting our data protection officer using the contact details provided at the beginning of this Policy.

5. RECIPIENTS OF DATA

Within the Controller, access to your personal data is granted only to those individuals who require it for the purposes specified in each individual case.

We may engage external service providers to assist us in processing your personal data for activities we carry out as the controller. Before engaging any new service provider, we conduct a security and privacy assessment. When such a provider acts as our processor, we ensure that the processing of personal data is governed by a written Data Processing Agreement.

Your personal data will be shared with external recipients only if permitted by law or if we have your consent. As a rule, we do not share personal data with third parties, except when necessary. In such cases, we may share data with, for example:

  • public authorities (e.g., courts and other judicial bodies, administrative authorities, ministries, agencies, inspections, and similar);
  • processors who process personal data as instructed by and on behalf of BADEL 1862 as the controller, such as providers of accounting services, partners for providing health insurance service, contracted partners for providing occupational health service, service providers, services and tools used by BADEL 1862 in its operations;
  • if necessary, any other individual with your consent.

A list of all associated persons or other external recipients to whom we disclose your personal data or who currently process that personal data on our behalf is available upon request.

6. INTERNATIONAL DATA TRANSFER

If we transfer your personal data to organizations with a registered office or data processing location outside the European Union, another country that is a signatory to the Agreement on the European Economic Area (so-called third countries), or a country covered by the European Commission Adequacy Decision, we will implement appropriate safeguards to ensure an adequate level of protection for your data. Specifically, we may rely on the European Commission’s standard contractual clauses for data transfers to third countries.

If the data transfer is based on Article 46, 47, or the second subparagraph of Article 49(1) of the General Data Protection Regulation, you may obtain a copy of the safeguards we have implemented to ensure an adequate level of data protection in relation to the transfer of data or the location where they have been made available.

As a rule, we do not transfer your personal data to third countries.

7. SECURITY OF PROCESSING

BADEL 1862 is committed to ensuring the security of personal data it processes and takes reasonable physical, electronic, and organizational security measures to protect data from unauthorized or inappropriate access or use.

For this purpose, the controller implements technical and organizational measures to ensure an adequate level of protection of personal data, all in accordance with applicable data protection regulations.

All employees involved in the processing of personal data are obliged to sign a data processing confidentiality statement and must undergo training and be aware of their obligation to protect the personal data they handle in their daily work.

Before we engage a data processor, we verify their security practices and compliance with applicable privacy laws. Following the engagement, we continue to monitor their performance on a regular basis.

8. YOUR RIGHTS

The General Data Protection Regulation grants you, as the data subject, a range of rights. You have the following rights:

Right of access to personal data: You have the right to obtain information about your personal data we process. You can request access to your personal data we process, and we will make every effort to respond to your request within one month. However, there are certain exceptions to exercising this right, meaning access to certain personal data may be denied, including in cases where applicable regulations prohibit the disclosure of such data.

Right to rectification: You can request the rectification (or updating) of any of your personal data that is inaccurate, outdated, or incomplete.

Right to erasure: You can request the erasure of your personal data that we process (e.g., if the processing of personal data is no longer necessary for the employment relationship or if you withdraw your consent).

Right to restriction of processing: You can request that we limit the processing of your data, provided that certain conditions are met.

Right to data portability: If you have provided us with data based on a contract or consent, you can, if the legal conditions are met, request that the data you have provided be delivered in a structured, commonly used, and machine-readable format or that we transfer them to another controller.

Right to object: You have the right to object at any time to the processing of your data that we perform for the purposes of our legitimate interests, if you have grounds for doing so. If you exercise your right to object, we will cease processing your data unless we can prove compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.

Objection to direct marketing: If we process your personal data for direct marketing purposes, you have the right to object to our processing of your data for this purpose at any time. If you exercise your right to object, we will cease processing your data for this purpose.

Withdrawal of consent: If you have given us consent to process your personal data, you can withdraw it at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Your contact with us and exercising your rights: You can contact us if you have any questions regarding the processing of your personal data and your rights as data subject. In case you wish to withdraw your consent, you can do so in the same manner in which you originally provided it to us.

If you wish to contact us or exercise your rights mentioned above, please contact us using the contact details provided at the beginning of this Policy.

9. AUTOMATED DECISION-MAKING

Automated decision-making, as defined by Article 22 of the General Data Protection Regulation, means that certain decisions are based solely on automated processing, including profiling, without human intervention. If such decisions produce legal effects concerning you or similarly significantly affect you, you have the right to request that such decisions do not apply to you.

BADEL 1862 does not use such automated decision-making when processing your personal data.

10. THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you wish to exercise any of your rights guaranteed by personal data protection regulations, particularly the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation, please contact BADEL 1862 as the controller first.

If we fail to resolve your concern and you believe that you have not been able to exercise your rights and that your right to personal data protection has been violated, , you may contact the Personal Data Protection Agency with a request to determine the violation of your rights via the email address: azop@azop.hr

11. PUBLICATION AND AMENDMENTS TO THIS POLICY

BADEL 1862 publishes this Policy on its website.

The terms of this Policy may change over time.

The date of the last modification can always be checked at the beginning of this Policy.