All companies that, as a data processing manager, act as part of the group "Čazmatrans" (hereinafter referred to as "Čazmatrans"), are concerned with the security and protection of your personal data when collecting, processing, using and possibly delivering to third parties and executives in order to process requested services.
Data Protection is conducted in accordance with the provisions of the General Regulation on data protection 2016/679 of the European Parliament and of the Council on April 27, 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter: the General Regulation), the Implementation of the General Data Protection and Electronic Media Act (hereinafter: Laws) and the Book of Rules on the Collection, Processing, Use and Protection of Personal Data (hereinafter: the Ordinance).
For this purpose, in cooperation with relevant agencies and services, a web site owned by "Čazmatrans-Nova" d.o.o. Čazma, Milana Novačića 10, 43240 Čazma with an integrated online ticketing system was created.
Data processing is performed in the Republic of Croatia or in the EU member states, and in third countries it is possible only on the basis of the EU Commission decision on adequacy, with the application of Art. 45 of the General Regulation.
By entering our website at www.cazmatrans.hr, you give your consent to dealing with your information as described in this Statement, therefore you are advised to read the text below.
Information you voluntarily provide, either personally on paper or online, pursuant to Art. 6. sec.1. al. (b) of the General Regulations may relate to the execution of a contract at the request of the respondent for the purpose of purchasing a bus ticket, submitting various requests, inquiries and privileges or seeking information, as well as submitting a complaint to the service.
For the purpose of realizing any of the above mentioned services, you may be asked for the following information: name and surname, date of birth, personal identification number, address of residence, email address, phone number and/or credit/debit card information (for card payment).
The information we collect about you from other sources may refer to: your visit to one of our web sites; when we work with business partners and agencies for the purpose of selling our/their services exclusively related to transportation; when cooperating with online payment authorization providers.
The data we do not collect and do not process are: data that technical devices can record when using our web pages and wi-fi services on the bus; special categories of personal data or sensitive person data in the sense of Art. 9. of the General regulations (origin, political or other affiliation, membership in associations, etc.); information about a child or a child under 16 years of age is not collected without the parents' consent and we pay particular attention to it.
LEGAL BASIS AND PROCESSING PURPOSE
We will process your information in order to achieve the purpose and perform the services you have requested, realize the contract or your request, and if there is a legitimate interest that is not against the interests of protecting your personal information.
All the personal information you provide is necessary for the purpose of executing a card sales contract or online payment, and for the fulfillment of our legal obligation when we, as a processing manager, are obliged to respond to inquiries or complaints.
EXCHANGE OF COLLECTED DATA
Some of your collected personal data will be forwarded for processing for specific purposes to the following categories of recipients:
a) Online Payment Service WSPay - Web Studio d.o.o., 10 Ćićarijska street, Rijeka 51000, Croatia, as processing executor.
In the process of purchasing buscards, we provide this online credit card authorization service to your personal information: name and surname, phone contact details, email address and address of residence. We do not store your payment card number because payments are only made via WSPay.
WSPay is in compliance with PCI DSS and GDPR standards. The user's personal information is used solely for the execution of the basic contract.
On WSPay's Terms and Conditions under Article 6 you can find the terms 'Data Protection and Confidentiality' under the General Terms and Conditions of Use of WSPay.
b) Fiscal Accounting Service, solo.com.hr, maintained by COAX, Web Design and Marketing, 29 Lermanova Street, Zagreb 10090, Croatia
As we are required by law to issue a fiscal ticket, we also forward your data to the SOLO Fiscal Accounting Service.
For personal data used by SOLO service, GDPR standards are also applied, so you can report to Solo - Security and Privacy.
c) To another carrier, in a justified case of a bus failure or force majeure due to which "Čazmatrans" is unable to perform the contracted service but only to the extent and quantity necessary for the realization of the requested service. For this purpose, the second carrier-partner may process the forwarded data solely for the purpose of meeting his assigned task.
d) To the competent supervisory body in the performance of its duties aiming to establish the security of processing, in accordance with the General Regulation and the Law.
The processing manager processes the collected data in accordance with Art. 28. of the General Regulations, which specifically regulates the process of data processing on behalf of the processing manager.
"Čazmatrans" shall carry out the appropriate technical and organizational measures to ensure that in an integrated manner only the personal data necessary for each particular purpose of processing are processed.
The entry and transfer of personal data and credit card number data is protected by an SSL protocol (128/256-bit encryption) provided by the SSL certificate issued by RapidSSL.
Authorization and credit card payment is done by using the WSPay system for realtime authorization and billing.
In accordance with PCI DSS standards, WSPay protects your data transfer and privacy with TLS 1.2 cryptographic protocols.
The processing manager keeps the data as necessary to fulfill the purpose for which they were collected and to respect the prescribed deadlines for keeping under the Companies Act, the Accounting Act, the General Tax Code and the Ordinance, as follows:
- all documents and data on passengers and customers such as incoming and outgoing invoices, calculations, contracts and other duplicate acts, decisions and solutions - 11 years;
- all correspondence, memos and papers including emails - 5 years;
- passenger consents and privileges as well as inquiries and requested information - 2 years;
- objections and correspondence with passengers on complaints - 1 year after termination of the procedure;
- records of objections - 2 years.
Cookies can be divided into session cookies or persistent cookies. Session cookies are temporarily stored on your computer and are automatically deleted after you close your web browser. They are used to get temporary information such as the status of your basket in the web shop.
Permanent cookies remain stored on your computer and after you close your web browser, but most often have a shelf life. Such cookies are used to facilitate access to registered users and store information such as username and password, which allows you the "remember me" login functionality so you do not have to enter a username and password each time you visit this site. Permanent cookies can remain on your computer for days, months, and even years.
Cookies can be further distinguished as first-party cookies and third-party cookies. First-party cookies come from the site you are currently in, while third-party cookies come through an ad or through external services from other sites. First-party cookies are used for the proper functioning of the website page, as well as for statistical web activity monitoring. Data collected for this purpose includes user IP address, browser data, language, operating system, and other standard statistical data that are collected and analyzed solely in anonymous and mass form. Third-party cookies are most commonly used by advertising networks to analyze user behaviour on various websites. The purpose of the analysis is user profiling according to demographics, interests, etc. - which is most commonly used for advertising purposes.
But how do cookies actually work?
The cookie information is stored in the form of "keys" and "values" in text files.
For example, cookies can store the language at which you are currently viewing the page. If it is Croatian, the record will most often look like this: language = hr
When you first select a language, a web page will create and save a language cookie with your browser. Then, at each subsequent visit, if that cookie still exists, the page will know of your selection and will show you the content in your preferred language.
When accessing the site, čazmatrans.hr cookies identify search parameters, but not the users themselves. In short, the purpose of the cookie is good-natured, not harmful and can not carry viruses. They are ment to provide a better user experience when browsing.
If you do not agree with the cookies you can change your preferences at any time in the cookie settings, or you can easily delete (or prevent) them on your computer by adjusting the browser settings you are using. More information about managing cookies is available on the browser pages you are using or on www.allaboutcookies.org.
Types of cookies
Technical cookies are necessary and do not store any personal data about you; they make the website usable by enabling basic functions such as page navigation, cookie settings, form filling, and access to secure areas of the website. The website cannot function properly without these cookies.
Functional cookies are a type of cookies that enhance functionality and user experience. For example, they remember user settings, track shopping cart contents, or enable automatic login.
Statistical cookies are used to collect anonymous information about visitors to better understand user behavior. This includes data on the number of visitors, traffic sources, user behavior analysis, and helps optimize performance and customize content.
Marketing cookies are a type of cookies on websites that track user activities to enable targeted advertising. They assist in displaying personalized ads, measuring campaign effectiveness, managing ad frequency, and analyzing user behavior.
This website Čazmatrans.hr uses technical (essential) cookies that cannot be disabled, as well as statistical cookies that you can either accept or reject. You can change your preferences at any time in the cookie settings.
We do everything in our power to ensure that all redirects from our website will guide you and/or your child to websites that are of a high quality content in the sense that they do not encourage negativity. However, web pages and addresses are changing rapidly, and we can not always guarantee the content of any address you are redirected to.
RIGHT TO ACCESS, COMPLAINTS AND DATA PROTECTION
In order to inform you of all aspects of the processing of the data provided, you have the right to free access to all the information we have about you, the right to delete them, limit the processing, correction and referral on the basis of the General Regulations, the Act and the Ordinance. Also, in accordance with the aforementioned, you have the right at any moment to withdraw your privilege that you have given us, which will in no way have any negative impact on the exercise of your rights and legitimate interests.
We will answer all your inquiries regarding the protection of your rights and the use of our services without unnecessary delays, at the latest within 30 days.
For all questions about your data and processing for the foregoing purposes, please contact us at "Čazmatrans-Nova" Llc., 10 Milana Novačića street, Čazma 43240 or by e-mail: firstname.lastname@example.org or tel: 043 / 277-320.
If you are not satisfied with our response you can contact the privacy protection administrator at "Čazmatrans-Nova" Llc. via e-mail: email@example.com, who will provide further information on how to exercise your rights.
Anyone who finds that he/she has been violated a right guaranteed by the General Rule or the Law may apply for a violation of the right to the Personal Data Protection Agency, 14 Martićeva street, Zagreb 10000, www.azop.hr, tel: 01/4609 000 or via e-mail: firstname.lastname@example.org..