Privacy Policy

Introductory Information

Dear users, clients, business partners and visitors,

this Privacy Policy informs you about how X konzept adria d.o.o., hereinafter referred to as the “Company”, collects, processes, stores and shares your personal data in accordance with the legal regulations on the protection of personal data, in particular the General Data Protection Regulation, GDPR.

“Personal data” means any information by which a specific natural person can be identified, either directly or in combination with other data.

Who is the controller of personal data?

The controller of personal data is:

X konzept adria d.o.o.
Registered office: Cesta Lovranska Draga 43, 51415 Lovran
Registered with the Commercial Court in Rijeka under number MBS 040429076
OIB: 45791159020

The Company independently determines the purposes and means of processing your personal data. Contact details for privacy and personal data enquiries can be found in the section “Enquiries and Contact”.

Which personal data do we process and for which purposes?

a) Clients

• Basic identification and contact data
  Examples: First and last name, date of birth, email address, mobile phone number, address.
  Purpose of processing: Conclusion and performance of contracts, communication, invoicing, fulfilment of legal obligations, including tax, accounting and statistical obligations.
  Legal basis: Conclusion and performance of the contract; legitimate interest in collecting receivables.
• Membership data
  Examples: Type of membership, membership duration, financial terms, billing method.
  Purpose of processing: Performance of the contract and maintenance of financial records.
  Legal basis: Conclusion and performance of the contract.
• Photographs
  Examples: Profile photo, photo for access card.
  Purpose of processing: Authorised access to the facility and identification of the member.
  Legal basis: Client consent.
• Security data
  Examples: Video surveillance recordings, access system data, QR code.
  Purpose of processing: Protection of property, clients and staff, prevention of theft and other criminal activities.
  Legal basis: Legitimate interest in protecting the facility and persons.
• Marketing data
  Examples: First and last name, email address, mobile phone number, address, data on membership and discounts.
  Purpose of processing: Sending information about new memberships, events, promotions and marketing campaigns.
  Legal basis: Client consent to receive marketing communications; legitimate interest in direct marketing.
• Website usage data
  Examples: IP address, cookies, duration of visit, data on the use of the website and app.
  Purpose of processing: Improvement of services, analytics, personalised content and advertising.
  Legal basis: Legitimate interest in analysis and optimisation, with consent where required.

b) Business Partners

• Basic data and payment data
  Examples: First and last name, position, company name, email address, mobile phone number, address, payment and delivery details.
  Purpose of processing: Conclusion and performance of contracts, bookkeeping and tax records, collection of receivables.
  Legal basis: Conclusion and performance of the contract; legitimate interest in collection.
• Marketing data
  Examples: First and last name, position, company, email address, mobile phone number.
  Purpose of processing: Promotion of joint projects, sending information about new services and products.
  Legal basis: Consent, for example based on a provided business card or separate registration; legitimate interest in direct marketing.

c) Visitors to the Facility

• Security data
  Examples: Image of a person recorded by video surveillance, data in the access system.
  Purpose of processing: Access control, protection of property and persons, prevention of crime.
  Legal basis: Legitimate interest in protecting the facility and persons.

Which data sources do we use?

We collect personal data:

• directly from you, for example through online forms, contracts, registrations, telephone contacts and emails;
• from your visits to the facility, for example through access systems and video surveillance;
• from the use of our website and app, for example through cookies and analytics tools.

Do we share your data with others?

a) External Service Providers

For the purpose of fulfilling our obligations, we may share data with external service providers that we engage, in particular:

• bookkeeping, accounting and tax advisors;
• external legal advisors;
• collection and debt recovery service providers;
• marketing, promotion and IT partners, for example hosting, analytics and email marketing.

All these processors provide guarantees for data protection and act in accordance with our instructions.

b) State and Supervisory Authorities

We may transfer data in cases prescribed by law to:

• public administration bodies and financial authorities;
• banks, insurers and other financial institutions;
• police and public prosecutor’s office;
• other legally designated bodies.

Transfer of Data Outside the EEA

We transfer personal data to third countries, for example countries outside the European Economic Area, only if there are legal grounds and appropriate safeguards, such as standard contractual clauses or approved mechanisms for data transfer.

How do we protect your data?

We implement technical and organisational measures, for example encryption, controlled access, regular updates and access restrictions, to ensure the confidentiality, integrity and availability of your data.

Access to personal data is granted only to persons who need it to perform their work tasks and who are bound by a statutory or contractual obligation of confidentiality.

How long do we keep data?

We retain personal data only for as long as necessary for the purpose for which it was collected or for the period required to protect legitimate interests and fulfil legal obligations.

• Clients: Data is retained for the duration of the contract and thereafter for up to 11 years for tax, accounting and archiving obligations, and until the final conclusion of court or other proceedings if the data is used as evidence.
• Business partners: Usually 11 years or as long as necessary for legal and accounting obligations.
• Security data, in particular video surveillance: Usually no longer than 6 months, unless a longer period is required for proceedings.

Your Rights Regarding Personal Data

In accordance with the GDPR, you have the following rights:

• the right to transparent information about how your data is processed;
• the right of access to personal data and additional information about its processing;
• the right to rectification of inaccurate or incomplete data;
• the right to erasure of data where there is a basis for this;
• the right to restriction of processing;
• the right to object to processing based on legitimate interest;
• the right to withdraw consent at any time;
• the right to data portability, meaning the transfer of data to another controller;
• the right to contact the Croatian Personal Data Protection Agency, Agencija za zaštitu osobnih podataka, Ulica grada Vukovara 54, 10000 Zagreb, if you believe that your rights have been violated.

We process your requests within the statutory period, no later than within 30 days. In exceptional cases, we will inform you of an extension of this period.

Cookies

Cookies are small text files that a website or app stores on your device in order to:

• enable the proper functioning of the website;
• remember your settings and preferences;
• analyse visits and user behaviour;
• provide personalised ads and marketing content.

We use cookies for technical, analytical and marketing purposes. You can manage your consent and the blocking of cookies yourself in your browser settings or through the prompt shown on your first visit.

Enquiries and Contact

If you wish to exercise your rights, have a privacy-related question or suspect a violation of rights, please contact us:

X konzept adria d.o.o.
Address: Cesta Lovranska Draga 43, 51415 Lovran
Email: matej.bezjak@hr.easyfitness.club
Phone: +385 91 180 1385

Changes to this Privacy Policy

We may update this Privacy Policy at any time. The updated content will be published on the website and, where necessary, we will inform you of material changes.