Privacy Policy

PRIVACY POLICY - RENAISSANCE CAPITAL GROUP

Members of the RENAISSANCE CAPITAL Group (hereinafter: RC Group) as controllers of your personal data, use and protect all information that users provide when using the webpages of RC Group members and our other services, especially with regard to the processing of personal data in the provision of their services.

Members of the RC Group consist of the following companies:

Renaissance Capital d.o.o., Horvatova ulica 80a, Zagreb, OIB: 96121446961

            email: renaissance@renaissance.hr;

Renaissance Real Estate d.o.o., Horvatova ulica 80a, Zagreb, OIB: 83616773299

e-mail: realestate@renaissance.hr;

Premium Chicken Company d.o.o., Sajmište 2/1, Petrinja, OIB: 46357342026

e-mail: office@premium-chicken.com;

Renaissance Bioenergy d.o.o., Horvatova ulica 80a, Zagreb, OIB: 30719553232;
            email: bioenergy@renaissance.hr

Members of the RC Group act as joint controllers of personal data in relation to individual processing of personal data, in those situations where they jointly determine the purposes and means of processing. In particular, since the setting up and management of the RC Group webpage www.renaissance.hr is in the domain of all members of the RC Group together, in relation to the processing of personal data via the said webpage, all members of the RC Group are to be considered joint controllers of personal data processing.

In relation to the webpages of individual members of the RC Group, the controllers are as follows:
www.bioenergy.hr – Renaissance Bioenergy d.o.o.

www.premium-chicken.hr – Premium Chicken Company d.o.o.

www.rre.hr - Renaissance Real Estate d.o.o.

All members of the RC Group have appointed, each by their own decision, a data protection officer. You can contact the Data Protection Officer at any time regarding the exercise of your rights and regarding any query related to the processing of your personal data, as follows.

The contact details of the data protection officer are:

Data Protection Officer

Horvatova ulica 80a, Zagreb

dpo@renaissance.hr

What is personal data?

Personal data is any information relating to a specific or identifiable natural person. In particular, personal data are considered to be all data that determine the identity of the user (for example, name and surname, e-mail address, address of residence, etc.).

Processing is any operation or set of operations carried out on personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, withdrawal, inspection, use, disclosure by transmission, publication or otherwise making available, classification or combination, blocking, erasure or destruction, and the performance of logical, mathematical and other operations with that data.

How we collect your personal data

We collect your personal data in the following cases:

• when registering on our page with your personal data via the application form for the procurement process;
• when submitting documentation through our webpage in procurement procedures;
• when browsing our webpage
• when applying for open job vacancies
• when concluding a contract with us
• When obtaining employment
• when contacting us via e-mail

What personal data we collect and process

In the above cases, we collect the following personal data:

How your data can be used and when are they deleted

The use of your personal data is in accordance with the regulations on the protection of personal data, more precisely in accordance with the General Data Protection Regulation / Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 (hereinafter: GDPR) and the Act on the Implementation of the General Data Protection Regulation ("Official Gazette" no. 42/18) and must be justified on the basis of one of the legal grounds. Below we present the legal grounds for the collection and processing of the above personal data.

Justified legal grounds for data processing may, inter alia, be:

• legitimate interest of the controller
• data processing is necessary for the performance of contracts to which the data subject is a party, or for the execution of acts at the request of the data subject prior to the conclusion of the contract
• legal obligation of the controller
• consent of the data subject

Processing of personal data pursuant to §6.1(f) GDPR – LEGITIMATE INTEREST

If, prior to the deletion of any of the above personal data, a dispute arises regarding any of the above mentioned personal data between any member of the RC Group and another person, the data necessary for proper representation before courts and other administrative /state bodies shall be forwarded to legal representatives and courts, i.e. competent administrative/state bodies, and shall be kept and processed further regardless of the established deletion deadlines. This is necessary for the protection and defense of the RC Group legal claims and such processing of personal data represents the legitimate interest of an individual member of the RC Group.

DELETION: The above data are kept for 10 years from the date of the final decision of the competent body and after that they are irretrievably deleted, except for those data that must be kept for a longer period based on some other grounds.

Data processing pursuant to §6.1(b) GDPR – PERFORMANCE OF A CONTRACT TO WHICH THE DATA SUBJECT IS A PARTY / TAKING ACTION AT THE REQUEST OF THE DATA SUBJECT PRIOR TO THE CONCLUSION OF THE CONTRACT

Members of the RC Group use this legal ground to process your personal data in situations when you, during the registration on our webpage, log in or register as our user. Namely, in accordance with the Terms of use, when registering on our webpage, you leave the above-mentioned data in the application form for the purpose of entering the web procurement platform where you will be able to apply to procurement procedures. This data are necessary to provide you with services within the procurement platform or to enable you to apply to the desired procurement procedures. Furthermore, in situations where you apply for a procurement procedure, depending on the amount of each individual procurement procedure, we may require certain additional data (for example, the submission of a statement on criminal clearance or the statement on the absence of litigations against persons authorized to represent the company/members of the company), which are necessary for taking action before making a decision on the conclusion of a contract with a particular supplier or where at your request (registration of your company in the procurement procedure) we process the submitted data (including personal data), all in order to conclude a contract with you.

DELETION: If you are not selected in the procurement process, we keep the data you provided us with during the procurement process for another 5 years from the date of conclusion of the contract with the selected supplier. If you have not applied to any of the procurement procedures between the time you registered on our webpage and the date of deactivation of your user profile, all data you left in the registration form will be deleted at the time of deactivation of your profile. If you are selected in one of the procurement procedures, we delete the data in accordance with the deadlines specified in the next paragraph.

In relation to the phase after the conclusion of the contract with you, we continue to process the data specified in the contract (name and surname of the contracting party, name and surname of persons authorized to represent the contracting party, OIB, address of permanent/temporary residence, contact information of employees - contact person of you as a contracting party) since they are necessary for the execution of the contract to which you are a party.

DELETION: We keep the data collected in this way until the execution of the aforementioned contracts with you, i.e. after the termination of the contract, and for a maximum of 11 years from the last payment made under the contract, in accordance with the Accounting Act, unless longer storage is required due to the protection and defense of the Company's legal claims in accordance with §17.3(e) GDPR. In relation to personal data related to contracts by which any of the RC Group members acquire property for themselves, we keep them permanently, also in accordance with the Accounting Act.

If you obtain employment in one of the members of the RC Group, the data that we have collected about you during the period preceding the establishment of the employment relationship and after it, data which were not collected on the basis of a legal ground, but on the basis of the fact that they are necessary for making a decision on the establishment of an employment relationship, i.e. so that we could  fulfil of our obligations as an employer to you for the duration of the employment relationship, are kept and processed as long as you are in the employment relationship. Namely, data about your professional qualifications, evidence of completed education levels, various certificates that you submitted to us, CV and letters of recommendation, etc. are needed, so that we could, as an employer, make a decision before the conclusion of the contract on whether to hire you and later, after establishing an employment relationship, so that we could fulfil our obligations to you (assigning tasks that match your qualifications, sending you to additional educations/seminars in accordance with already completed educations/seminars, etc.).

DELETION: Data collected in this way is kept by us until the termination of your employment relationship with us, at which point it is irrevocably deleted.

In relation to the data that we collect about you, as a candidate, in the period between your application for an open job vacancy and the decision making, we collect them at your request in order to perform actions (evaluation of you as a candidate, conducting job interviews, etc. .) that precede the conclusion of the employment contract.

DELETION: If you have not been selected in the job vacancy process, all data we have collected about you in this way will be irrevocably deleted, unless you have given us explicit consent to retain the personal data and further process them for the purpose of contacting you again in the future for another position that corresponds to your qualifications.

All inquiries that you send us by e-mail within the sphere of business communication, for the purpose of certain requirements for concluding a contract, interest in business cooperation with us, communication that we conduct after the conclusion of the contract with you, and for the purpose of fulfilling our obligations to you, fulfilling your obligations to us, the delivery of data necessary for the continuation of business cooperation or its completion, as well as all communication carried out via e-mail for the purpose of collecting data necessary for the conclusion of the contract and the taking of actions at your request, are collected and processed on the basis of this legal ground.

DELETION: Depending on the type of data and the purpose of their collection, different storage or deletion periods apply. In relation to specific personal data collected through e-mail communication, deletion deadlines are determined in accordance with the type of specific data and the purpose for which they are collected, as stated in other chapters of this Policy in relation to certain types of data. If the e-mail correspondence is of such a type that its content is relevant for the assessment of the validity of the creation and conclusion of the contractual relationship between the parties, i.e. it is essential for the performance of certain obligations arising from the contract, it is attached and archived with the contracts themselves in accordance with the deadlines prescribed for the preservation of contracts.

Data processing pursuant to §6.1(c) GDPR – COMPLIANCE WITH THE LEGAL OBLIGATIONS OF THE CONTROLLER

We use this legal ground for data processing in relation to all personal data that we collect from you at the time of establishing an employment relationship (apart from the data mentioned in the previous paragraph, which we collected based on necessity for the performance of the contract) based on labour law regulations. Namely the Labor Act ("Official Gazette" no. 93/14, 127/17, 98/19, 151/22, 64/23), the Ordinance on the content and method of maintenance of employees' registry ("Official Gazette" no. 73/17) and accounting regulations, regulations in the field of tax law and health insurance, which refer to registration / deregistration of workers, prescribe obligations that we as an employer must fulfil. Personal data collected from employees are listed in the table in the previous chapter, and they correspond to the types and categories of personal data that are prescribed by the labor law, tax/ accounting regulations.

DELETION: Data collected in this way in accordance with the legal retention periods, i.e. in relation to employee payrolls, registration of applications to state/administrative bodies regarding workers, records of workers who were employed by us, as well as all payments made to workers (including the personal data of employees connected with such payments) we keep permanently, apart from the data mentioned in the previous paragraph, which we delete upon termination of the employment relationship.

Processing of personal data pursuant to §6.1(a) GDPR – CONSENT

We use consent as a legal ground for the processing of personal data in the following situations:

• when you give us your consent upon applying for a job vacancy or during the duration of the recruitment process for the purpose of storing and processing the personal data you have provided so that we could contact you again if a new vacancy opened that would suit your interests and abilities
• when sending an open job application via e-mail or post – the above is considered your consent in relation to those personal data that you have submitted in an open application for the purpose of processing them so that we could make a decision on your employment
• when accepting nonmandatory (optional) cookies on the webpages of RC Group members, in accordance with the cookie settings and the Cookie Policy published on the webpage of each RC Group member.

If you are applying for an open job vacancy of any member of the RC Group, you have an option in the webpage settings during registration to give us, the controller, your consent to retain and process all the data you provided when applying for the open job vacancy, as well as to store your CV.

Consent refers only to the stated purpose of processing (i.e. exclusively for the purposes of contacting you in the future for future vacant positions that match your qualifications) and personal data categories of the data subject listed in the table in the row "APPLICATION FOR OPEN JOB VACANCIES" and the processing of personal data must not be used for other purposes. The processing of these personal data categories will be carried out in accordance with the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation. If the consent is at any time withdrawn, this will not affect the lawfulness of the processing that preceded the consent withdrawal.  

DELETION: The consent is valid for 2 years from the date of its declaration. In relation to the sending of open job applications, consent will be deemed to have been given on the day of receipt of the open application by any of the RC Group members. Upon expiry of the time limit of the consent or upon withdrawal of consent, the collected data will no longer be used for the purpose for which the consent was given. You can renew your consent before the expiration date by contacting us and requesting it or confirming the validity period upon our inquiry. At any time, you can withdraw your consent to the storage of your personal data or withdraw the application for the advertised position / open application by sending a notice of withdrawal to the contact e-mail address of the controller.

Recipients and transfer of data to third countries

In principle, we do not transfer your data to third parties, unless we are legally obliged to (for example if instructed so by law enforcement authorities) or unless they are needed for conducting business processes or within the framework of a data processing contract. Third parties are, for example, providers of software solutions through which we process personal data within the company, generally IT Also, we can share data between RC Group members based on the business cooperation agreement that we concluded with each other, and the personal data processing agreement that takes effect between RC Group members. Depending on the types of personal data processing in question, members of the RC Group can have different roles in the processing itself – as controller / processor. These roles are elaborated in detail by individual business cooperation agreements or accompanying contracts on the processing of personal data, which determine which member of the RC Group in relation to which type of processing and which type and category of personal data, has which role in the processing – controller / processor.  In all cases, we strictly comply with the legal provisions. It is also possible to transfer data to other countries where the aforementioned contractual partners may have their headquarters or process the data. These are primarily countries of the European Economic Area (EEA) and individual countries outside the EEA. These countries may apply data protection regulations that are differently or less protective than European Union (EU) regulations. A possible consequence of this is, for example, that your data may be processed by state authorities for the purpose of control and supervision, possibly without the possibility of a legal remedy. In the event that personal data are processed outside the European Union and there is no decision of the European Commission on the adequacy, we implement appropriate safeguards, including contracting standard contractual clauses of the European Union on data protection, i.e. including them in personal data processing contracts we conclude with such contracting parties that have their headquarters in countries in relation to which there is no decision of the European Commission on adequacy.

How we take care about the security of your data

We use a variety of security measures, including encryption and authentication, to protect and maintain the security, integrity and availability of your data.

Among other things, we use the following measures:

• strictly limited personal access to your data according to the principle of "necessary access" – only certain employees of the controller have access to your data, and only those who, as part of their work responsibilities related to certain categories / types of personal data must have access to your data in order to perform their work tasks
• secure transfer of collected data
• installing firewalls on IT systems for the purpose of prohibiting unauthorized access;
• installing strong antivirus protection to prevent unauthorized access to personal data and prevent external attacks on systems that store your personal data
• permanent monitoring of access to IT systems in order to detect and prevent misuse of personal data

All your data is stored on our secure servers and the secure servers of our partners/processors and accessed and used in accordance with our policies and security standards. The protection of the privacy of your data is permanent, and we take all measures necessary to protect it. We process personal data in a secure manner, including protection against unauthorized or unlawful processing and loss.

RC Group recognizes the importance of privacy, security and data protection and the goal of RC Group is to incorporate personal data protection into all its business activities and to comply with all legal rules and principles of personal data processing established by the General Regulation on Personal Data Protection, in particular:

• Lawfulness, fairness and transparency of the processing means that the processing should comply with a specific legal ground, and that the individual is informed of the processing operation and its purposes, and that the controller is obliged to provide the data subject with all additional information necessary to ensure fair and transparent processing taking into account the specific circumstances and context of the processing of personal data

• purpose limitation - means that data should be collected for specific, explicit and lawful purposes and may not be further processed in a way that is inconsistent with those purposes

• data reduction - means that data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

• Accuracy means that the data must be accurate and, where necessary, kept up-to-date; every reasonable measure must be taken to ensure that personal data which are inaccurate, taking into account the purposes for which they are processed, are erased or rectified without delay

• storage limitation - means that the data must be kept in a form that allows the identification of the data subject only for as long as necessary for the purposes for which the personal data are processed

• integrity and confidentiality means that data must be processed in a way that ensures an adequate level of security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage

• reliability - means that the controller/processor is responsible for respecting the principles and must be able to demonstrate compliance with the provisions of the General Data Protection Regulation.

We undertake not to misuse personal data from registration forms or collected through cookies, nor to hand them over to third parties without your permission, except in cases where the law expressly prescribes this and in cases where it is necessary to fulfil obligations.

All user data are strictly confidential and available only to employees who need these data to perform their work. All employees and business partners have committed to the confidentiality of the RC Group and to respecting the principles of privacy protection. We undertake to protect your personal data by collecting only basic data that is necessary to fulfil the purpose of the given consent, contractual basis, legal ground or legitimate interest.

According to the applicable national and supranational legislation, in order to protect the confidentiality of personal data, we are particularly committed to:

• treating your data in accordance with the law and in good faith
• collecting data exclusively for specific and lawful purposes
• not forwarding personal data to countries outside the EU if these countries do not ensure an adequate level of data protection
• ensuring adequate, secure storage of personal data, in such a way that it does not exceed the purpose for which the data were collected and for which they are processed
• ensuring the accuracy of personal data
• ensuring the processing of personal data only for the time and purpose for which they is necessary
• taking all necessary and appropriate technical and organizational measures to prevent the destruction, damage or loss of your personal data.

Your rights

Right to access data - You have the right to request information on whether we are processing your personal data, what data we are processing and to request access (insight) to your personal data that we are processing. If there is a larger amount of data, we could request a more precise specification of the request for the submission of certain groups of data.

Right to rectification - If you notice that we are processing inaccurate or incomplete data about you, or if you want to change them, you have the right to request the correction of these data or the completion of incomplete personal data. In order to ensure that we always process only accurate personal data, it is necessary that you notify us of any changes to them without delay.

Right to deletion ( oblivion) - Deletion of personal data can be requested, for example, if you have withdrawn your consent to the processing of certain data, when your personal data are processed illegally or when they are no longer necessary in relation to the purposes for which they were collected or processed in any way. However, please note that we will not be able to delete the data if they are necessary to fulfil legal obligations, contractual obligations or other legal grounds from the General Data Protection Regulation. In all situations where it is possible, we will irrevocably delete all your personal data from our systems and leave only general statistical data that cannot be linked to your identity.

Right to restriction of processing - You have the right to obtain a restriction of the processing of your personal data, which can be requested, for example, if you have filed an objection to data processing, if you doubt the accuracy of the personal data being processed or the legality of their processing, but you do not want this data to be deleted, or it are still necessary for the fulfilment of legal requirements.

Right to data portability - If the processing is based on your consent or is carried out for the purpose of executing a contract concluded with you, and at the same time is carried out by automated means, you have the right to receive your personal data that we have received from you. If you request it, we will transfer your personal data directly to another controller, if it is technically feasible.

Right to object - At any time, considering your particular situation, you are authorized to file an objection to the processing of personal data relating to you, which is why we will limit its processing. Also, we will delete the said data and stop processing them, unless we prove that there are well founded and justified legal grounds for the processing. In addition, you have the right to object at any time to the processing of your personal data for purposes for which you have not given your consent. After submitting an objection, your personal data will stop being processed for the stated purpose.

Right to withdraw consent - If the processing of your personal data is based on your consent, you have the right to withdraw it at any time, without any negative consequences.

In case you no longer want us to process your data in any way, or request the deletion, correction, or transfer of your data, please notify us via e-mail to the e-mail address of the Data Protection Officer: dpo@renaissance.hr. The officer may contact you to verify the authenticity of the request.

At any time, you can request:

• access to the Privacy Policy
• confirmation of whether the data are processed in relation to you and the possibility of reviewing the personal data contained in the personal data storage system
• forwarding of your personal data contained in the data storage system
• providing of a list of third parties to whom personal data have been transferred, when they have been transferred to them, on what basis and for what purpose
• providing of information about the sources on which the records are based, which personal data the storage system contains about the individual and the method of processing
• providing of information on the purpose of the processing and the type of personal data being processed, as well as any necessary explanations in this regard
• an explanation of the technical or logical-technical decision-making procedures if the controller performs automated decision-making procedures by processing the personal data of the individual.

Personal data that are no longer needed are either irreversibly anonymized or destroyed in a secure manner.

If you object to the processing of your data, you can file your objection with the competent state authority, i.e. the Personal Data Protection Agency, Zagreb, Selska cesta 136, in accordance with the General Data Protection Regulation and the Act on the Implementation of the General Data Protection Regulation.

Last updated: April 2024