Privacy Policy
In order to better understand privacy protection when using our project and business management system Orchestrum, which is owned by the company CIKLOPEA d.o.o., Zagreb, Međimurska ulica 21, OIB: 49842955502 (hereinafter: Data Controller), in the sections below, you can read which data is collected, what is the purpose of data collection and how it is processed.
Our Privacy Policy explains what types of personal data we collect, how we use that data, how we store it, protect it, and with whom we share it. We also provide information about your rights regarding your personal data in accordance with the General Data Protection Regulation (GDPR) and how you can exercise these rights.
SCOPE AND PURPOSE OF PERSONAL DATA PROCESSING
This Privacy Policy applies to the processing of personal data within the Orchestrum project and business management system, including the collection, storage, use, and sharing of data necessary for managing processes related to users, employees, and suppliers.
GENERAL INFORMATION
This Policy applies solely to data collected through Orchestrum and does not apply to offline data collection practices. We advise you to read this Policy carefully to fully understand our data processing practices. If you have questions or need additional information, please feel free to contact us by e-mail at the address gdpr@ciklopea.com.
This document regulates the principles and rules that the Data Controller as an organization and all its associates, contractual partners and other physical and legal persons working on behalf of the Data Controller adhere to when collecting, processing and storing all groups of personal data in order to comply with the high standards aligned with current legal provisions.
The Data Controller may periodically update this Policy. In the event of significant changes, we will notify you via a system notice and update the last revision date at the top of this page.
WHAT IS PERSONAL DATA, AND WHAT MEASURES DO WE TAKE TO PROTECT IT?
In order to be able to provide our services, we need to collect certain personal data. We undertake to collect only data that is necessary to achieve our purpose while safeguarding your privacy. If data is used for marketing or other purposes without a legal basis or outside our legitimate interest, we will ask for your additional written consent.
We have taken all appropriate technical and organizational measures to protect your personal data.
For example:
- Access control is based on assigned user roles, ensuring that each account has clearly defined permissions and access only to the data necessary for performing specific tasks. This guarantees that only authorized individuals can access the data.
- Two-factor authentication: Users with access to personal data utilize two-factor authentication when logging into the system.
- Data protection is ensured through SSL protocols.
- System security is verified through regular audits.
- The system is tested with penetration testing and security scans.
- Data backups are routinely performed.
All measures are regularly checked and adapted to current technology and regulations. If your personal data were to be breached in such a way that it could significantly impact your rights, we will notify you of this in accordance with applicable regulations. Please note that you are responsible for safeguarding your personal data by securely storing your user information and/or passwords and keeping them confidential.
PERSONAL DATA WE COLLECT
We collect different types of personal data in order to provide you with translation services and meet other business needs.
Type of data we collect:
- Name and surname
- Education information
- OIB (VAT ID)
- Address
- Telephone number
- e-mail address
Data that you provide to us:
- Identification data: This includes your name, surname, e-mail address, phone number, country of residence, company/organization name and industry.
- Correspondence information: This includes information contained in messages you send to us by e-mail, telephone or through an online contact form, including copies of correspondence.
- Job application information: If you are applying for cooperation, we may collect information such as your name, contact information, resume, information about your education and work experience, references and other information that you provide to us.
- Project Documentation: Includes details such as project names, specifications, status, deadlines, assigned tasks, and accompanying materials (e.g., source documents, translations, and version history) required for the effective management and execution of projects, which may contain personal data.
PURPOSE OF COLLECTION OF PERSONAL DATA
The processing of personal data within Orchestrum is carried out to ensure effective project management, enhance the user experience, and provide high-quality services.
The purposes of processing include the following:
- Identification and personalization:
We collect personal data such as name, surname, email address, and phone number to identify users and tailor our communication and services to their needs.
This data enables clear, accurate, and timely communication with users, including responding to inquiries, providing cost estimates for projects, creating customized quotes, and entering into contracts.
Personalization is crucial for ensuring the accuracy and relevance of quotes, which contributes to better collaboration and meeting customer expectations.
- Preparation and performance of translation services:
We collect data such as name, surname, email address, OIB (VAT ID), home address, and phone number to enable effective collaboration with suppliers and employees.
These data are used for project management, including assigning tasks to suppliers, monitoring their competencies, receiving deliveries, and ensuring the high quality of services provided.
After the service is completed, the collected data enables the creation of reports for invoicing and maintaining records necessary for further collaboration and performance tracking.
The management of these processes is based on transparency, accuracy, and timeliness, ensuring compliance with contractual obligations and quality standards.
- Improvement of services and user experience:
We analyse data about user interaction with the system, including feedback and usage patterns, to identify opportunities for improving functionality and processes.
The collected data helps us understand user needs and expectations, allowing us to customise our services, optimize the system, and develop new features and services.
Our goal is to continuously improve the quality of the user experience, including ensuring easy access to the system, improving communication efficiency, and increasing user satisfaction with our services.
LEGAL BASIS OF PERSONAL DATA COLLECTION:
- Contractual basis: For the purpose of collaborating with external suppliers and translation service providers, we collect personal data (such as names, email addresses, phone numbers, and other contact details) to effectively manage business relationships and projects within our business management system (BMS). This data enables us to assign projects in a timely manner, maintain communication throughout the project duration, monitor supplier competencies, and evaluate their performance. Additionally, the personal and business data of suppliers is essential for receiving deliveries, providing necessary instructions, and ensuring the quality of delivered services. At the end of a project, this data is used to create reports for invoicing the provided services, ensuring proper record-keeping and billing for completed tasks.
- Legitimate interest: Occasionally, we may contact you with information about news, updates or additional services that we think will be useful to you. This communication is based on our legitimate interest in providing you with relevant information that can improve your user experience with our services. You have the right to object to this type of communication at any time, without consequences and without providing reasons, after which we will immediately stop such communication.
- Consent: We will ask for your explicit consent to send you personalized marketing communications, special offers, and promotional updates that are not directly related to the services you use. You can give your consent voluntarily and have the right to withdraw it at any time without affecting the lawfulness of the processing carried out before the withdrawal.
- Legal basis: We may also process your personal data when it is necessary to fulfil our legal obligations, including keeping records, fulfilling obligations under tax laws or responding to official requests from competent authorities.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We retain personal data for as long as necessary to fulfil the purpose for which it was collected or in accordance with applicable legal obligations, including those related to accounting, taxation, and record-keeping.
- Data related to the provision of services and business collaboration:
Personal data collected for the provision of services, project management, and communication with clients and suppliers is retained for the duration of the contractual relationship.
After the end of the contractual relationship, data is retained for a maximum of 11 years in compliance with legal obligations arising from accounting and tax regulations.
- Data required for continuous collaboration:
Data necessary for ongoing business collaboration (e.g., supplier competence records or project archives) will be retained as long as they remain relevant for continued cooperation, unless you request their deletion, and there is no legal or contractual basis for further retention.
- Data collected based on consent:
Personal data collected based on consent will be processed and stored until you withdraw your consent.
Upon withdrawal of consent, the data will be deleted, unless there is some other legal basis for retention (e.g., legal obligation or legitimate interest).
- Data no longer required:
When personal data is no longer needed for the purpose it was collected for, or there is no legal basis for its continued retention, it will be deleted or anonymized according to our internal data protection policies.
In all cases, personal data will be processed according to the principle of data retention limitation (Article 5 of the General Data Protection Regulation – GDPR), meaning it will not be kept longer than necessary. We regularly review the retention periods, ensuring that any data no longer required is permanently erased or anonymized.
DISCLOSURE OF YOUR INFORMATION
Personal information is accessible exclusively to authorized individuals within Orchestrum, specifically to:
- Project Managers: For project management, task assignment and progress tracking.
- Human Resource Administrators: For employee record-keeping, communication, and ensuring compliance with legal obligations.
- Vendor managers: For coordinating and monitoring collaboration with external suppliers and evaluating their performance.
- System Administrators: Individuals responsible for technical support and system maintenance, whose access to data is strictly limited to technical needs such as troubleshooting and ensuring system functionality.
Data sharing within affiliated companies and branches
Your personal data may be shared within our group with affiliated companies and branches, solely for the following purposes:
- Providing technical and administrative support for business operations.
- Aligning business activities and facilitating collaboration between affiliated companies.
- Ensuring business continuity and service quality.
Sharing data with third parties
We only share your personal data with trusted third parties in the following cases:
- Legal obligation: When we are required to provide data to regulatory authorities in accordance with applicable laws and regulations.
- Contractual Partners: To fulfil contractual obligations to clients, such as external collaborators or service providers who act in accordance with our instructions and data protection obligations.
- Technical support: Providers of technical services and infrastructure (e.g., cloud service providers), who are contractually bound to ensure data protection.
No data sharing for marketing purposes
We will not share your personal data with third parties for marketing purposes without your explicit consent.
YOUR RIGHTS REGARDING PERSONAL DATA
As a data subject, you have the rights guaranteed by the GDPR, including:
- Right of access: You have the right to request a copy of all your data that we process.
- Right to rectification: You have the right to request the correction or completion of your data that we process if the data is incorrect or incomplete.
- Right to erasure: If there is no legal basis for further processing and storage of personal data, you can request the deletion of your personal data.
- Right to revoke consent: You have the right to withdraw the given consent at any time. In that case, we will delete your personal data if there is no other legal basis for processing that data.
- Right to object to the processing of personal data based on our legitimate interest: You have the right to object at any time, citing reasons related to your specific interests, fundamental rights, or freedoms to the processing based on our legitimate interest. If we process your personal data for the purpose of researching the satisfaction of data subjects based on our legitimate interest, you have the right to object at any time without giving reasons, after which we will no longer process your data for the stated purpose.
- Right to restriction of processing: You have the right to request a temporary stop of the processing of your personal data in the following cases: if you dispute the accuracy of the data, if the processing is not lawful but you object to its deletion, if we no longer need the data but you need it for legal proceedings, or if you filed a complaint and expect confirmation that your reasons override our legitimate reasons.
- Right to data portability: You have the right to transfer your data, which we process, to another data controller, if we process your data based on consent or on the basis of a contract, provided that the processing of this data is carried out in an automated way.
- Right to object to automated individual decision-making: If a decision regarding your personal data is made by automated means, you can dispute that decision at any time, express your position in relation to the above, request an explanation of such a decision, and seek human intervention.
- Right to legal action: In the event that we refuse to comply with the right of access, we will provide a reason for the refusal.
To exercise any of your rights, please contact us by email at gdpr@ciklopea.com.
At any time, you can file a complaint with the supervisory authority, the Agency for Personal Data Protection, Selska cesta 136, Zagreb, azop@azop.hr
CONTACT AND INFORMATION
CIKLOPEA d.o.o., Zagreb, Međimurska ulica 21
Contact e-mail: gdpr@ciklopea.com