DATA WE COLLECT

Access to the website www.cloudandcojewelry.com is free and registration is not required. By contacting us via contact forms or e-mail, you enter your personal data. The data are available exclusively to the website www.cloudandcojewelry.com to which they are submitted, for the purpose of responding to your inquiry. Providing your personal data is voluntary. We do not process more personal data than is truly necessary to respond to your inquiry.

PROTECTION OF YOUR PERSONAL DATA

The website www.cloudandcojewelry.com respects your privacy and processes your personal data responsibly and in accordance with the law. We store your personal data in electronic form and, for protection purposes, apply appropriate technical and organizational data protection measures and procedures to prevent unauthorized access to personal data.

Perleraj d.o.o., as the service provider of the website www.cloudandcojewelry.com, is committed to protecting the privacy of personal data. If you wish to contact us regarding your personal data, please use the following contact details:

Perleraj d.o.o.

Ulica Republike Austrije 9, 10000 Zagreb

OIB: 64436673944

We process your personal data to comply with legal obligations, where necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract, or for the purposes of legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

HOW DO WE PROTECT YOUR DATA?

We undertake to protect customers’ personal data by collecting only the necessary, basic customer data required to fulfill our obligations.

Cloud&Co. places exceptional importance on the protection of personal data and has implemented various precautionary measures to protect users’ personal data. Users can access personal data on the website www.cloudandcojewelry.com using a password and an e-mail address.

All user data are kept strictly confidential and are accessible only to employees who require such data to perform their work. All our employees are responsible for respecting privacy protection principles.

When a user participates in certain activities on the website www.cloudandcojewelry.com such as opening a user account, using the online store, completing surveys, posting comments, publishing content, participating in contests or giveaways, sending feedback, requesting information about services, applying for a job, Cloud&Co. may request that the user provide certain additional personal data. In such cases, before providing additional personal data, users are advised to carefully review the Data Protection Information.

As the data controller, Cloud&Co. collects personal data for the purpose of concluding and performing a sales contract, delivering products, preparing documentation related to the sale, providing technical support, and authorizing payments by credit and debit cards, for which the legal basis is set out in Article 6(1)(b) of the General Data Protection Regulation (GDPR), i.e., processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Furthermore, we process personal data for the purpose of keeping records of customers’ orders, unique user identification, and business analysis, for which the basis is set out in Article 6(1)(f) of the GDPR, as processing is necessary for the legitimate interests of improving business operations, adjusting production, and recognizing market needs. In specific cases, where you have given us valid consent, we may also use your contact details for direct marketing purposes, for which the legal basis is Article 6(1)(a) of the GDPR, i.e., the data subject has given consent to the processing of his/her personal data for one or more specific purposes.

Upon the entry into force of this privacy statement, it is possible that existing users will receive an e-mail from us requesting that you confirm your consent to receive notifications from us by mail, telephone, SMS, or e-mail. This is because we cannot confirm or find in our archive the exact manner in which you provided your address. Therefore, if you wish to continue receiving marketing materials from us, you will need to provide clear and unambiguous consent; otherwise, we will not be able to continue informing you.

If you have any questions related to personal data protection, you may contact us directly at Perleraj d.o.o., Republike Austrije 9, 10000 Zagreb or at our e-mail address: info@cloudandcojewelry.com

The user, as the data subject, is responsible and obligated to review and study www.cloudandcojewelry.com before each provision of personal data.

PERSONAL DATA PROCESSED AND USE OF PERSONAL DATA

On the website www.cloudandcojewelry.com, Cloud&Co. collects the following personal data of data subjects:

• first and last name,
• password,
• phone number,
• address,
• e-mail address,
• shipping address,
• billing address,
• postal code,
• city,
• gender,
• date of birth,

• company name and OIB (companies only).

In addition to the above personal data that we process when you visit the website, below we also provide details of other types of personal data, the purposes of collection and their use, which we collect and process in the course of performing our regular obligations:

• Cloud&Co. collects customer data in order to fulfill all obligations arising from applicable regulations. In the event of a purchase, we will collect data such as your first and last name, e-mail address, phone number, gender, delivery address, IP address, and payment data. For example, when you make a purchase in stores, via the Cloud&Co. website, or via an order form at fairs, depending on the case, we will request that you provide certain personal data necessary for the proper processing of your purchase. This will occur especially if, in addition to purchasing our products, you decide to use one of the services, such as delivery. Also, in order to process an order and ensure that personal and financial information is accurate, we use reliable third-party payment systems to ensure that your payment is secure and that your data are not used for fraud. If you wish to pay for a selected product online, the data controller will request payment-related information, including the credit or debit card number, card expiration date, CVV code, and billing address. To ensure that the products and services you purchase are delivered to the correct address, we share the personal data necessary for the provision of certain services with trusted external partners (e.g., your name, delivery address, and delivery notes you provided—such as the time of day when you wish to receive delivery).
• When you wish to become a registered user, we collect your first and last name, e-mail address, and date of birth. We provide various benefits to our registered users and facilitate shopping via our website.
• From suppliers and other clients or partners, for the purpose of fulfilling contractual obligations, we collect and process data such as: the first and last name of the responsible person in a legal entity; and the contact details of the person responsible for communication and for fulfilling contractual obligations.
• From job candidates, for the purpose of potential employment, the data we collect and process may include: first and last name, address, contact details, level of education, citizenship, title and occupation, data on previous work experience, data on professional training and courses, and test results that may also reflect the candidate’s ability to perform all work obligations required by the position applied for.
• From newsletter subscribers, for the purpose of informing you about our new products and benefits you can receive, we collect data such as your e-mail address.
• In many cases you may wish to ask us something; for this purpose we collect your e-mail address, first and last name, and phone number. The subject and content of the message depend on what you want to ask. For example, if you wish to return a product or exercise any of your consumer rights, we will collect additional data contained in the Withdrawal Statement (first and last name, address, IBAN, phone number, e-mail address).
• Customer service – if you request a product return, are not satisfied with the service, etc., we need your contact details in order to resolve the issue you are contacting us about. The data you provide will be used only for this purpose. In certain cases, we will use the services of other legal entities to which we entrust your data only to the extent necessary to resolve your case (e.g., authorized repair services or authorized companies providing customer support on our behalf).

• When you request unilateral termination of a concluded contract, we collect your first and last name, address, purchase date, bank account/IBAN, phone number, e-mail, and invoice details, depending on the chosen payment method.

• When you contact us via social networks, we collect the data you have made available to us when submitting an inquiry or request.
• When you contact us or purchase by phone, the data controller processes your data, such as: first and last name, address, delivery address, phone number and/or e-mail address, for the purpose of providing our services to you.
• When you visit our premises, through video surveillance we may process your personal data such as a recording of your image, manner of walking, physiognomy, etc.

Access to users’ personal data, within the scope of performing work duties related to sales contracts that customers conclude with Cloud&Co., may be granted to the following persons: legal entities involved in the performance of sales contracts such as delivery services, accounting services, IT support, etc., with whom we carefully define, through contractual relationships, both the scope and data protection requirements.

Cloud&Co. may provide such data to third parties for the purpose of contract performance, protecting the interests of users and Cloud&Co., preventing possible misuse, better insight and understanding of users’ individual needs and requests, and developing the ability to provide higher-quality services of Cloud&Co., resulting in increased user satisfaction, for which the legal basis is the legitimate interest of the controller described in Article 6(1)(f) of the GDPR.

STORAGE OF PERSONAL DATA

Cloud&Co. will ensure that users’ personal data are kept in a secure location (including reasonable administrative, technical and physical safeguards to prevent unauthorized use, access, disclosure, copying or modification of personal data) accessible only to authorized persons of Cloud&Co..

Cloud&Co. does not record or store users’ transaction data required for card payments. Cloud&Co. will retain personal data for as long as necessary for purposes prescribed by specific legal regulations (e.g., we retain data on financial transactions pursuant to the Accounting Act for 11 years) or until the withdrawal of the right of use where this is the wish of the data subject, provided it does not conflict with legal regulations.

The controller of the personal data filing system has taken technical, staffing and organizational measures required to protect personal data from accidental loss or destruction and from unauthorized access, unauthorized alteration, unauthorized disclosure and any other misuse, and has required employees involved in data processing to sign a confidentiality statement.

PROCESSING OF PERSONAL DATA DURING PAYMENT

When paying in our online store, you use CorvusPay – an advanced system for the secure acceptance of payment cards over the internet.

CorvusPay ensures complete confidentiality of your card data from the moment you enter them into the CorvusPay payment form. Payment data are transmitted in encrypted form from your web browser to the bank that issued your card. Our store never comes into contact with the complete details of your payment card. In addition, the data are not accessible even to CorvusPay system employees. The isolated core independently transmits and manages sensitive data, keeping them completely secure.

The form for entering payment data is protected by SSL transport encryption of the highest reliability. All stored data are additionally protected by encryption, using a cryptographic device certified according to the FIPS 140-2 Level 3 standard. CorvusPay meets all security requirements for online payments prescribed by leading card brands and operates in accordance with the PCI DSS Level 1 standard – the highest security standard in the payment card industry. When paying with cards included in the 3-D Secure program, your bank, in addition to validating the card itself, also confirms your identity using a token or password.

CorvusInfo considers all collected information to be a banking secret and treats it accordingly. The information is used exclusively for the purposes for which it is intended. Your sensitive data are fully secure, and their privacy is guaranteed by state-of-the-art protection mechanisms. Only the data necessary to perform the service in accordance with prescribed online payment procedures are collected.

Security controls and operational procedures applied to our infrastructure ensure the current reliability of the CorvusPay system. In addition, by maintaining strict access control, regular security monitoring and in-depth checks to prevent network vulnerabilities, and planned implementation of information security provisions, the level of system security is continuously maintained and improved, protecting your card data.

For the above purpose, your personal data as a customer (e.g., the customer’s name and surname, customer address, customer card data) are temporarily stored by the processing and charging service provider (MasterCard, Visa, Maestro, etc.), which stores such data in accordance with the highest level of protection and confidentiality. The customer initiates the card processing and charging procedure by confirming (clicking) the “Pay” link.

Cloud&Co. does not at any time have access to, collect, or process personal data entered for the purpose of card processing and charging. If you are interested in details regarding your personal data collected for this purpose, customers are asked to inform themselves about personal data processing by Corvus Pay d.o.o. on the website where the payment process takes place.

https://www.corvuspay.com/politika-zastite-osobnih-podataka/

Data processing during payment is necessary in order to carry out all actions preceding the purchase and the conclusion of a contract with the controller. Regarding the legal basis for processing data related to specific types of payment and the legal entities providing such services, payment data such as name, surname, reference/identifier, amount, account number, or other transaction codes are shared with the card company, bank, or the third party through which the payment is made, at the request of the data subject who independently chooses the payment method.

Cloud&Co. does not at any time have access to, collect, or process personal data entered for the purpose of card processing and charging.

Cloud&Co. warns customers to take care of the data shown on the card so that such data are not available to third parties and are not misused.

INFORMATION REGARDING YOUR RIGHTS

In accordance with applicable data privacy regulations, you are entitled to the following rights:

• The right to information about your personal data that we have stored
• The right to request correction, deletion, or restriction of processing of your personal data
• The right to object to the processing of data for reasons of our own legitimate interest, public interest, or profiling, unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing is carried out for the establishment, exercise, or defense of legal claims
• The right to data portability
• The right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP).
• You may withdraw your consent regarding the collection, processing and use of your personal data at any time with effect for the future. For further information, see the sections above describing data processing based on your consent.

Cloud&Co. respects that every user should have the opportunity to ensure the accuracy, completeness and timeliness of their personal data. If a user believes that their personal data are incomplete, inaccurate or not up to date, they may contact Cloud&Co. by sending an e-mail to: info@cloudandcojewelry.com.

You will receive our response no later than within 30 days from the date of submitting the request.

If you are not satisfied with how we collected or used your personal data, you may submit a formal complaint to the Croatian Personal Data Protection Agency (AZOP).

COOKIES

What is a cookie?

A cookie is information stored on a user’s computer by the website they visited. Cookies usually store user settings and settings for the website, such as a preferred language or address. Later, when the user opens the same website again, the internet browser sends back the cookies belonging to that website.

This enables Cloud&Co. to display information tailored to the needs of each individual user. Cookies may store a wide range of information including personal information (such as the user’s name or e-mail address). However, this information can be stored only if the user allows it – websites cannot access information for which the user has not given permission and cannot access other files on the user’s computer.

The default activities of storing and sending cookies are not visible to users. However, the user can change their internet browser settings so that they can decide whether to approve or reject cookie storage requests, delete stored cookies automatically when closing the browser, etc.

In addition to personal data, Cloud&Co. may request other data that cannot identify you and are not considered personal data (for example, data about how the website is used, computer, internet server, preferences, hobbies, interests, activities), which enable Cloud&Co. to select information for users in a higher-quality, more precise and more personalized way, improve the website and further target and tailor its content to users. Based on such data, Cloud&Co. learns which content is most popular among which users.

The website www.cloudandcojewelry.com uses so-called cookies to provide the user with a fully functional service and the highest-quality content. Cookies are a set of data generated by the website server and stored by the internet browser on the user’s disk as a small text file. We strive to provide our users with the best possible user experience, and it should be noted that our website works optimally only if cookies are enabled. In order to use cookies in accordance with the Electronic Communications Act, the Personal Data Protection Act and EU Directives, we need your consent. By using this website, you give your consent and agree to the use of cookies. By blocking cookies, you can still browse the website, but some features may not be available to you.

EMBEDDED CONTENT FROM OTHER WEBSITES

Articles on this website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor had visited that other website.

SECURITY MEASURES

The website www.cloudandcojewelry.com uses technological and security measures, rules and other procedures to protect users’ personal data from unauthorized access, misuse, disclosure, loss or destruction. To ensure the confidentiality of user data, we use industry-standard security measures such as a firewall and password protection. However, the user is obliged to ensure that the computer they use is secure and protected from malicious software such as trojans, computer viruses and worms. The user is aware that without adequate security measures (e.g., secure browser configuration, updated antivirus programs, personal firewall programs, not using software from suspicious sources), there is a risk that data and passwords used to prevent access to personal data may be disclosed to unauthorized third parties.

SERVER STATISTICS

This website uses the Google analytics to measure visitor statistics.

LIMITATION OF LIABILITY

Although we take available technical and organizational measures to prevent unauthorized disclosure of your personal data, we cannot guarantee that some of the personal data we collect will never be accidentally disclosed contrary to these Privacy Policy provisions. To the maximum extent permitted by law, we exclude liability for damage caused to users or third parties by accidental disclosure of personal data.

LINKS TO OTHER WEBSITES

This Data Protection Information applies only to the use and processing of data collected by Cloud&Co. from data subjects.

Other websites that can be accessed via www.cloudandcojewelry.com have their own confidentiality statements and privacy policies. If, via www.cloudandcojewelry.com, a user visits one or more other websites, Cloud&Co. recommends that users review the data confidentiality statement of those websites, as Cloud&Co. is not responsible for the manner and conditions of operation of other websites.

OTHER INFORMATION

Under European Union law, Cloud&Co. informs users that the website www.cloudandcojewelry.com uses cookies to ensure the highest quality of service.

Cookies in the user’s browser enable Cloud&Co. to ensure the operation of all portal functions, tailor certain content for individual users, and continuously improve the portal through visit analysis.

Users can configure how cookies are stored in their browser settings. In order to improve the browsing experience, Cloud&Co. must store a small amount of information (cookies) on the user’s computer. Over 90% of all websites use this practice; however, according to European Union regulations effective from 25/03/2011, Cloud&Co. is obliged to request the user’s consent before storing cookies.

By using the website www.cloudandcojewelry.com, the user agrees to the use of cookies. By blocking cookies, the user may still browse the website, but some features may not be available.

ENTRY INTO FORCE AND CHANGES TO THE PRIVACY POLICY

These rules enter into force upon publication on the website.

Cloud&Co. reserves the right to amend and supplement the Privacy Policy at any time by publishing the amended text on the website www.cloudandcojewelry.com.