PRIVACY POLICY

Privacy Policy according to Art. 13 GDPR

All personal designations are always meant to be gender-neutral and serve exclusively for simplified readability.

1. Controller for Data Processing

Controller according to Art. 4(7) EU General Data Protection Regulation (GDPR) is

Controller
Laguna Nautika d.o.o. (Ltd.)

Zelena Laguna 5
HR-52440 Poreč
Phone: +385 (0) 99/69 4000 4.

Email: info@kuestenpatent.info

2. Data Processing of Individuals in the Business Environment

We process data provided by various individuals through their own statements, such as in the context of an email inquiry, for the initiation and conclusion of a contract or business relationship. We also process data from individuals participating in events or attending training.

2.1 Data Subjects

For Prospects, we process the following data: Company, name of the contact person, and professional contact and address data.

For Customers, we process the following data: Company, titles and names of contact persons, professional address and contact details, bank information, contract data including creditworthiness data.

For Suppliers and Business Partners, we process the following data: Company, titles and names of contact persons, professional address and contact details, bank information, contract data.

2.2 Data Disclosure

Personal data is only disclosed to third parties by us if this is necessary for the purpose of contract processing and fulfillment or is required by legal regulations.

2.3 Storage/Deletion of Data

We delete the data as soon as storage is no longer necessary or legal obligations, such as tax-related storage obligations, have expired. If the basis for processing is consent, we restrict processing or delete the data upon revocation of consent – unless legal regulations oppose this.

2.4 Contact via Email

When you contact us via email, the data you provide will be stored by us based on your consent to answer your questions. The data collected in this context will be deleted once processing is no longer necessary, or processing will be restricted if legal storage obligations exist.

2.5 Legal Basis

The legal basis for data processing is

• • contract initiation and fulfillment according to Art. 6(1)(b) GDPR,

• • legal obligations according to Art. 6(1)(c) GDPR (e.g., legally required retention and documentation obligations),

• • legitimate interests of our company according to Art. 6(1)(f) GDPR (e.g., statistical evaluations),

• • consent according to Art. 6(1)(a) GDPR when obtaining consent (e.g., processing of image data or for advertising purposes).

3. Data Processing when Contacting us through our Website, Newsletter, and Job Application

3.1 Contact

If you have requested us to contact you or sent us a message through our web form, we will store the necessary contact data, including your first and last name, email address, and phone number. The data will be deleted when storage is no longer necessary or you object to processing.

Legal Basis: Art. 6(1)(a) GDPR

3.2 Newsletter

You have the option to subscribe to our newsletter. For this, we need your email address. You can cancel the newsletter subscription at any time. After unsubscribing, we will not use your data for further newsletter distribution. If we have no business relationship with you and are not subject to legal retention obligations, your data will be deleted after unsubscribing from the newsletter.

Legal Basis: Art. 6(1)(a) GDPR

3.3 Job Applicants

If you submit your job application documents, we process the personal data contained therein, as well as your resume and certificates, for the purpose of personnel selection and job placement. In case of rejection, we delete your documents 7 months after sending the rejection to you.

Legal Basis: Art. 6(1)(b) GDPR

If you consent to being kept on record for contact at a later date, we will contact you with a separate request for consent. If you explicitly grant this consent and there is no further opportunity for job placement with us within a year, we will delete all your applicant data one year after receiving your consent.

Legal Basis: Art. 6(1)(a) GDPR

4. Data Processing when Visiting our Website

4.1 Informational Use of the Website

When using the website for informational purposes, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect only the data that is technically necessary to display our website and ensure stability and security:

• • IP address

• • Date and time of the request

• • Time zone difference to Coordinated Universal Time (UTC)

• • Content of the request (specific page)

• • Access status/HTTP status code

• • Website from which the request comes

• • Browser

• • Operating system and its interface

• • Language and version of the browser software.

Legal Basis: Art. 6(1)(f) GDPR

4.2 Cookies

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used, and the related consents, we use the Consent Tool “Real Cookie Banner.” Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal basis for processing personal data in this context is Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies and the related consents.

Providing personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obligated to provide personal data. If you do not provide personal data, we cannot manage your consents.

In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive by the browser you are using and through which certain information flows to the entity setting the cookie (here, us). Cookies cannot execute programs or transfer viruses to your computer.

The cookie allows you to be recognized when you visit the website, without having to re-enter data you have already entered before.

The information contained in the cookies is used, for example, to determine whether you are logged in or which data you have already entered, or to recognize you as a user when a connection is established between our web server and your browser. Most web browsers automatically accept cookies.

By using our websites, you agree to the use of these cookies as long as cookies are accepted according to your browser settings.

4.2.1 Transient Cookies

Transient cookies are automatically deleted when you close the browser. This includes, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

4.2.2 Persistent Cookies

Persistent cookies are automatically deleted after a specified duration, which may vary depending on the cookie. You can delete the cookies at any time in your browser’s security settings.

4.2.3 Third-Party Cookies

These come from providers other than the operator of the website. They can be used, for example, to collect information for advertising, custom content, and web statistics.

4.2.4 Browsers

Most browsers are set to accept all cookies by default. You can configure your browser to inform you about the setting of cookies, allow cookies only in individual cases, exclude the acceptance of cookies for specific cases, or generally, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of our website.

You can remove cookies stored on your PC at any time by deleting temporary internet files.

Legal basis: Art. 6(1)(f) GDPR (for technical cookies), Art. 6(1)(a) GDPR (for all other cookies)

4.3 Data Processing in the USA

It cannot be ruled out that when visiting our website, personal data may be transmitted to the USA. If this is the case, we will point this out in a separate section of this privacy policy.

The GDPR requires appropriate safeguards pursuant to Art. 46 GDPR for data transfers to a third country or an international organization. Such safeguards do not exist for the USA.

Possible risks that cannot currently be ruled out in connection with the above information, especially for you as the data subject, include:

• • Your personal data may possibly be disclosed by the respective service provider to other third parties (e.g., US authorities) beyond the actual purpose of order fulfillment.

• • You may not be able to sustainably assert or enforce your rights of access against the respective service provider.

• • There may be a higher probability of incorrect data processing since the technical and organizational measures for the protection of personal data may not fully meet the requirements of the GDPR quantitatively and qualitatively.

With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can delete cookies stored on your PC at any time by deleting temporary internet files.

Legal basis: Art. 6(1)(a) GDPR

5. Data Processing with Facebook Connect

For registration on the website, you can also use the Facebook profile through Facebook Connect from the social network Facebook (Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland).

By clicking on the designated button, a pop-up in the design of the Facebook login mask opens. Here, you enter your Facebook login details, agree to the data transfer, and are thus logged into our website. If you are already logged in to Facebook, you do not need to register on our website again. The connection between Facebook and our website is established automatically. However, consent to access certain data on Facebook must still be given.

We have a contract with Facebook Ireland; nevertheless, it may happen that Facebook Ireland transfers personal data to Facebook USA.

By using this service, there is a transfer of personal data to the USA or such transfer cannot be ruled out! – More details under 4.3 in this statement.

For more information, please refer to Facebook’s data policy at https://de-de.facebook.com/policy.php.

Legal basis: Art. 6(1)(a) GDPR

6. Data Processing with Google Services

We have a contract with Google Ireland Limited (“Google”), a company registered and operated under Irish law (registration number: 368047) with headquarters at Gordon House, Barrow Street, Dublin 4, Ireland. Nevertheless, it may happen that data from Europe is transmitted to the USA, over which we as a company have no influence.

By using this service, there is a transfer of personal data to the USA or such transfer cannot be ruled out! – More details under 4.3 in this statement.

Legal basis: Art 6 Abs 1 lit a DSGVO

6.1 Google Analytics

This website uses the “IP anonymization” function (i.e., Google Analytics has been extended with the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses, known as IP masking). This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

According to Google, Google will use the information obtained to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. However, Google may transfer this information to third parties if required by law or if third parties process this data on behalf of Google. You can prevent the storage of cookies by adjusting your browser software accordingly. However, please note that if you do this, you may not be able to use all the features of the website to their full extent. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your anonymized IP address) and Google’s processing of this data by downloading and installing the browser plugin available at the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://support.google.com/analytics/answer/6004245?hl=de.

6.2 Google Analytics Conversion Tracking (Google Ads)

This website also uses Google Conversion Tracking. Google Ads sets a cookie on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer receives a different cookie. Cookies cannot therefore be tracked across Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for Ads customers who have decided to use conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required setting of a cookie – for example, via browser settings that generally deactivate the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com.”

Google’s Privacy Policy can be found here.

When using SSL search, Google’s encrypted search function, search terms are usually not sent as part of the URL in the referral URL. However, there are some exceptions, for example, if you use certain less common browsers. For more information about SSL search, please refer to https://policies.google.com/faq?hl=de.

6.3 Google Fonts

We use Google Fonts. The use of Google Fonts is without authentication, and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account data is transmitted to Google during the use of Google Fonts. Google only records the use of CSS and the fonts used and securely stores this data. For more information on these and other questions, please visit https://developers.google.com/fonts/faq.

Information on what data Google collects and how this data is used can be found at https://www.google.com/intl/de/policies/privacy/.

6.4 Google APIs / AJAX and JQUERY

For optimizing the loading speed, usability, and indexing of our website, we use JavaScript technologies as well as corresponding libraries and CDNs (Content Delivery Networks) from external providers. In this specific case, we use the JavaScript library jQuery from the jQuery Foundation, the Google APIs programming interface, and the Google AJAX Search API from Google. By accessing our website, these external providers may receive personal information about your visit to our website, particularly through the transmission of your IP address. Processing of this data outside the EU is possible. You can prevent this by installing a JavaScript blocker or disabling JavaScript in your browser. Disabling or blocking JavaScript may result in functional limitations on websites using JavaScript technologies. For more information on data processing by Google, please refer to Google’s privacy policy, currently available at: https://www.google.de/intl/de/policies/privacy/, and in the case of jQuery on the JS Foundation’s privacy policy page: https://js.foundation/about/governance/privacy-policy.

6.5 Google+ Button

We have integrated the +1 button from Google Plus on our website. When you visit our website, your browser establishes a connection to Google’s server. According to Google, if you do not click the button, no personal data is processed. Personal data is only processed if you are logged into your Google Plus account. If you want to prevent data processing by Google Plus, you can log out of Google Plus before visiting our website.

6.6 Google Gstatic

Gstatic is a domain used by Google to load static content into another domain name to reduce bandwidth usage and increase network performance for end-users.

6.7 Google Maps

On this website, we use the Google Maps service. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. By visiting the website, Google receives information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under the section “Informational Use of the Website” is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account.

6.8 Google Remarketing

We use the Google Remarketing service on our website. Google Remarketing allows ads to be displayed to users who have visited our website in the past. This enables the presentation of ads on our site tailored to their interests within the Google advertising network. Google Remarketing uses cookies for this evaluation.

6.9 Google Tag Manager

To recognize your user behavior, we use the so-called Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags that may, in turn, collect data. Google Tag Manager does not access this data. If deactivation is performed at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager.

More information can be found here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6 para. 1 lit. a GDPR

7. Data Processing with Server Log Files

To optimize this website in terms of system performance, user-friendliness, and providing useful information about our services, the website’s provider automatically collects and stores information in so-called server log files that your browser automatically transmits to us. This includes the Internet Protocol address (IP address) of the requesting computer (including mobile devices), browser and language settings, operating system, referrer URL, your Internet service provider, and date/time.

These data are not merged with personal data sources. We reserve the right to check these data subsequently if we become aware of specific indications of illegal use and, in the event of a hacking attack, to disclose the data to law enforcement authorities. There is no further disclosure to third parties.

 

Legal basis: Art. 6 para. 1 lit. f GDPR

8. Recipient Categories / Bookings

We transfer data to the following categories of recipients, which largely correspond to the definition of processors in accordance with Art. 28 para. 1 GDPR (with corresponding contracts in accordance with Art. 28 para. 3 GDPR): payroll accounting, accounting, tax advice; IT and system administration; project and customer management, time tracking; newsletter software; email, web, and ICT providers; lawyers or debt collection services; and all the aforementioned recipients mentioned in the privacy statement.

Otherwise, Laguna Nautika will only collect, store, read, and use the data provided by the customer (name, address, telephone number, email address, photo, date of birth, and payment data, etc.) to the extent necessary to fulfill the purpose of the contract, especially for conducting courses and training, preparing for and organizing examinations, and making hotel bookings on behalf of the customer, including the possible organization of corresponding transport. The mentioned data will only be disclosed to third parties (Croatian authorities, partner companies that conduct courses and exams, hotel and transport companies, and payment service providers) to the extent necessary to fulfill the stated purposes. There is no further disclosure of data to third parties. Mandatory legal provisions, especially retention periods, remain unaffected.

9. Images / Advertising / Marketing

The customer agrees that Laguna Nautika may collect, store, use, read, publish, and transmit images and videos sent by him/her unsolicited for marketing purposes, specifically for the presentation of graduates of the courses offered on its own homepage, in social networks, and in advertising brochures (including digital newsletters and information letters). The data may be transmitted to third parties (the respective recipients of the advertising brochures). The customer can revoke this consent at any time. The legality of data processing carried out until the revocation remains unaffected.

10. Data Processing with hCaptcha

We use hCaptcha from Intuition Machines, Inc., based in the USA, on our website. This service allows distinguishing whether a contact request comes from a natural person or is automated by a program.

By using this service, there is a transfer of personal data to the USA, and such transfer cannot be ruled out! – The GDPR requires suitable safeguards under Art. 46 GDPR for data transfers to a third country or an international organization. Such safeguards are currently not in place for the USA, especially since US intelligence agencies can access your data without informing you in advance. For this reason, the European Court of Justice declared the previous adequacy decision (Privacy Shield) invalid in case C-311/18. For more information, see section 4.3 of this statement.

Further information can be found in hCaptcha’s privacy policy: https://www.hcaptcha.com/privacy.

Legal basis for data processing: Consent according to Art. 49 para. 1 lit a in conjunction with Art. 6 para. 1 lit a GDPR

11. Your Rights

You have the following rights regarding your personal data:

• • Right to information, correction, and deletion

• • Right to restriction of processing

• • Right to object to processing

• • Right to data portability

Please send your requests and concerns by email to info@kuestenpatent.info or contact us using the provided contact details.

If you believe that we have violated Austrian or European data protection law in the processing of your data and thus infringed your rights, we ask you to contact us to clarify any questions. You also have the right to lodge a complaint with the supervisory authority, which is the Austrian Data Protection Authority:

Austrian Data Protection Authority, Barichgasse 40 – 42, 1030 Vienna, Phone: +43 1 52 152-0

Email: dsb@dsb.gv.at

12. Amendment of this Privacy Policy

We reserve the right to make adjustments to our privacy policy from time to time. All changes to the privacy policy will be published on this page. Please check the current version of our privacy policy.