Language
English
  • Sign In
  • Create an Account
Toggle Nav
My Cart
Search
Advanced Search
  • Compare Products
Menu
Account
Settings
Language
English

PRIVACY POLICY

Notice on the processing of personal data through this website

The General Data Protection Regulation 2016/679 (GDPR) has established the imperative of protecting personal data in the legal systems of European Union member states. In compliance with these requirements and applying recommended security standards and best practices, this privacy policy provides information about the collecting and processing of personal data through this website. For any additional information, please contact us.

CONTROLLER

CROATIAN NATURAL HISTORY MUSEUM

Seat: Zagreb, Demetrova 1

Contact phone number: +385 1 4851700

Contact e-mail: hpm@hpm.hr

DATA PROTECTION OFFICER (DPO)

A Controller appointed a professional personal data protection officer (DPO). DPO can be contacted for other information about the processing of personal data, to request access to personal data, to submit an objection or complaint about the processing or to request other information regarding the processing of one's personal data.

Contact: info@hpm.hr

COLLECTED AND PROCESSED DATA

The purpose of collecting personal data

Personal data can be collected through this website for the following purposes:

  1. for user registration and login
  2. for the purchase and delivery of products
  3. to inform about news and special offers
  4. for the better functioning of the features of this website and to enable a better user experience.

Categories of personal data collected

The following categories of personal data may be collected through this website:

1. basic information about the user (e. g. name and surname);

2. contact information (e. g. e-mail, telephone contact);

3. order information (e. g. type of product, quantity);

4. payment information (e. g. method of payment, payment date). 

The specified categories of personal data are used exclusively for the proper processing and execution of orders and for communication with the User in connection with transactions and services.

Legal basis for processing personal data

This website uses legal bases to collect personal data as follows:

Service execution: Data is processed to enable user registration to purchase credit and purchase products. 

Legal obligation: Data is processed whenever necessary to fulfil our legal obligations. For example, the processing of personal data for the purpose of financial accounting obligations.

Legitimate interests: Data is processed based on the legitimate interests of the company or third parties, except when the superior interests, rights and freedoms of the data subject prevail over these interests. This includes data used for marketing purposes, such as sending emails to deliver information and news about our products and services.

User consent: If the user expressly consents to the processing of his personal data for a specific purpose, this data is processed. This includes data collected through cookies that the user consents to.

When we collect personal data in order to provide a service at the User's request and/or fulfil our legal obligations, then it is necessary to provide us with all the requested data. Without this information, we may not be able to provide the requested service. For example, if you do not fill in all fields during registration and do not specify the address for product delivery, then we will not be able to provide the requested service. 

LEGITIMATE INTERESTS

In certain situations, personal data may be processed based on an established legitimate interest. When the processing of data is based on that basis, an objection to such processing can be submitted. Processing may not be limited or suspended if there are compelling legitimate reasons for such processing that exceed the interests, rights and freedoms of the data subject or when such processing is necessary for establishing, exercising or defending legal claims. Such processing is in accordance with Article 6, Paragraph 1, Point (f) of the General Regulation (GDPR). The processing we carry out on the basis of legitimate interest is as follows: 

NEWSLETTER

Data that can be processed: e-mail address

Purpose of processing: marketing. The newsletter may provide information about our services and may include information about our special offers and benefits. Method of collection: directly from the data subject. In the event that the e-mail address to which the newsletter is sent is collected in another way, the data subject will be informed about it at the first contact. At any time, an objection to the processing of an e-mail address for marketing purposes can be raised, and the processing can be limited or completely prohibited.

RECIPIENTS OF THE PERSONAL DATA

Collected personal data can be forwarded to providers of information and communication solutions and services that act as our processors, such as providers of payment systems. The aforementioned processors provide reasonable guarantees and have taken appropriate technical and organizational protection measures in order to adequately ensure data protection and conduct in accordance with the requirements of the General Regulation. An agreement/contract on the processing of personal data was concluded with such processors based on Commission Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors as a separate part of the contract. The aforementioned agreement/contract prescribes the handling of personal data in detail, therefore they are not able to process personal data without our order and pass them on to third parties. Personal data is not passed on to third parties for direct marketing purposes.

DATA STORAGE PERIOD

Personal data collected for the purpose of providing the requested service is processed until the purpose for which it was collected is fulfilled. Once the purpose has been fulfilled, the data is no longer processed. Personal data collected on the basis of legal requirements are kept in accordance with the period prescribed by law. Personal data that is processed based on legitimate interest is stored until the purpose of processing is fulfilled or until the moment when such processing is limited or completely prohibited in accordance with received objections or unsubscribing from the list of recipients. Personal data processed on the basis of the user's consent are kept until the purpose of collecting is fulfilled or until the user withdraws his consent.

USE OF COOKIES

Through this website, personal data may be collected for the purpose of better functioning of the website features and to provide a better user experience. Non-intrusive cookies are used for this purpose, and the user's consent is requested before their use, unless they are necessary cookies. Such data is anonymous and do not contain identification data about an individual. Through the cookie settings the user can manage data processed on the basis of consent and withdraw their consent. It is important to note that the withdrawal of consent does not affect the legality of the processing that took place before the moment of withdrawal of consent. Our purpose is to ensure transparency and respect for user privacy while using this website. Therefore, we use personal data exclusively for the purpose communicated in advance and in accordance with the applicable data protection regulations.

General information about cookies

WHAT ARE COOKIES?

Cookies, also known as HTTP cookies, are small text files that websites store on the user's device (such as a computer, mobile phone or tablet) when you visit a particular website. These cookies allow the website to remember the user's actions and preferences over time. When the user visits the same website again, cookies are sent back to the web server, allowing the website to recognize the user and provide a personalized experience.

WHAT INFORMATION COOKIES CAN STORE?

Internet cookies can store different types of information related to the user and the way the user uses a particular website. This includes identification information, user preferences, shopping cart content on webshop, user account login information, information about user activities on the website, user interests in personalizing content and ads, duration of visits (sessions), and data on user security and authentication. Cookies are a tool that allows websites to improve user experience and provide personalized services.

WHAT IS THE PURPOSE OF COOKIES?

The purpose of cookies is to optimize and improve the user experience when visiting websites.

COOKIES BY FUNCTION

Technical cookies–required cookies

(technical cookies), known as required cookies, are always active because they are necessary for the proper functioning of websites and cannot be turned off in our systems. These cookies are typically set in response to your actions involving a request for services, such as setting cookies, logging in, or filling out forms. It is possible to configure your browser to block these cookies or receive a warning about them, but this may result in certain parts of the site not working. It is important to note that these cookies do not store any information that could identify you.

Functional cookies

(may be excluded) – enable the Internet site to provide enhanced functionality and personalisation. 

Statistical cookies

(may be excluded) – enable recording of visits and traffic sources in order to measure and improve the efficiency of the Internet site.

Marketing cookies

(may be excluded) – serve to track users through websites and display targeted ads. 

TEMPORARY COOKIES (Session cookies)

Temporary cookies or session cookies are removed from your computer after you close your Internet browser. Temporary cookies are used by websites to store temporary data, such as items in a shopping cart.

PERMANENT COOKIES (Persistent cookies)

The permanent or saved cookies remain on your computer after you close Internet browser. With the help of these cookies, websites store information, such as a login name and password, so that you do not have to log in every time you visit a particular site. Persistent cookies will stay on your computer for days, months, even years.

FIRST PARTY COOKIES

First-party cookies come from websites the user visits and can be permanent or temporary. With the help of these cookies, websites can store data that they will use again during the next visit to that website.

THIRD PARTY COOKIES

Third-party cookies come from advertisements from other websites (such as pop-up or other advertisements) that are placed on the website the user is visiting. With these cookies, websites can track Internet usage for marketing purposes.

Use of cookies by this website 

COOKIES USED ON THIS WEBSITE

This site uses cookies to provide the user with a better user experience. In doing so, we use technical cookies that are necessary for the functioning of this website, they cannot be turned off and do not require the user's consent, as well as statistical and marketing cookies for the use of which we request the user's consent and enable the user to manage them for the entire time of using this website. 

WEBSITE VISIT STATISTICS

The site uses Google Analytics - a service for measuring website traffic. If you want to disable the saving of cookies by this service, disable them at the following link:
https://tools.google.com/dlpage/gaoptout

HOW TO DISABLE COOKIES

You can manage cookies that are not necessary on this website in the control window. 

By turning off cookies, the user decides whether to allow cookies to be stored on his computer. Additionally, you can accept or reject some or all cookies by adjusting your browser settings. Cookie settings can also be controlled and configured in the Internet browser. The following links provide information on how to change settings for some of the most commonly used Internet browsers:

  • Chrome
  • Firefox
  • Internet Explorer 9
  • Internet Explorer 7 i 8
  • Opera
  • Safari

ADDITIONAL INFORMATION ABOUT DISABLING COOKIES

Some browsers allow browsing the website in "anonymous" mode, limiting the amount of data placed on your computer and automatically deleting persistent cookies placed on a computer or mobile device when you end your browsing session. There are also many third-party applications that you can add to your browser to block or manage cookies. You can also delete cookies that were previously placed in your browser by selecting the option to delete browsing history and turning on the option to delete cookies. More detailed information about cookies and adjusting browser settings can be found at the following links:

SECURITY OF PERSONAL DATA PROCESSING
We collect and process personal data with the aim of ensuring adequate security and confidentiality during their processing. Our activity is based on the principles of data protection, which includes the reduction of the amount of data, the scope of processing, the period of storage and the control over the availability of this data. In order to achieve a high level of security, we have implemented appropriate technical and organizational protection measures. These measures ensure a level of security that is adapted to the risks that data processing represents, taking into account the nature of the personal data being protected and the costs of its introduction. We paid special attention to the security of the payment system. We provide users with the highest level of data protection. We use the WebPay system to ensure secure data transfer between the user's computer and our servers. Pages for web payment are secured by using Secure Socket Layer (SSL) protocol with 128-bit data encryption. SSL encryption is a data coding procedure for prevention of unauthorized access during data transfer. This enables a secure data transfer and prevents unauthorized data access during communication between user and Monri WebPay Payment Gateway and vice versa. Monri WebPay Payment Gateway and financial institutions exchange data by using their virtual private network (VPN) which is also protected from unauthorized access. Monri Payments is PCI DSS Level 1 certified payment service provider. It is important to know that at no time do we dispose of, collect or process personal data entered for the purpose of processing and charging cards. We regularly review all processing processes that may pose a risk to the rights and freedoms of individuals, and we also have taken appropriate measures to ensure the protection of personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. This is particularly important in cases where the processing involves the transmission of personal data over the network. It is our commitment to ensure that all personal data is protected from all forms of unlawful processing. Maintaining a high level of security is one of the fundamental principles of our business in order to protect the trust of our users and ensure that their personal data is used in a responsible and secure manner.

EXERCISE OF THE RIGHTS

Right of access

At any time, you can request confirmation of whether your personal data is being processed and detailed information about the processing, in particular about its type of processing, about the type/categories of personal data being processed, including insight into your personal data, about the recipients or categories of recipients, and about the intended period in which personal data will be stored. 

Right to rectification

We guarantee the right to rectification, and you can obtain the correction of incorrect and incomplete personal data without delay.

Right to erasure

You have the right to request erasure of your personal data. If the request is justified and if the law does not oblige us to store data, the data will be deleted without undue delay.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data in the cases provided for in the General Regulation. In particular, we emphasize that you can limit the processing of personal data based on legitimate interest as a legal basis for processing.

Right to object

You have the right to object to the processing of your personal data in all cases provided for in the General Regulation. We especially point out that you can raise an objection to processing based on legitimate interest as a legal basis for processing and limit or completely prohibit processing.

Right to lodge a complaint 

If you believe that the processing has resulted in a violation of your personal data and a violation of the provisions of the General Regulation, you can submit a complaint to the supervisory body, the Croatian Personal Data Protection Agency, Zagreb, Selska ulica 136.

CONTACT INFORMATION
For other information about the processing of personal data or to exercise your rights, you can contact us through the Data Protection Officer or our other contacts (info@hpm.hr).

After your identification, we deliver the answer without delay within 30 days in the usual electronic form, unless otherwise requested.

OTHER INFORMATION
This privacy policy is regularly reviewed, supplemented, and changed in order to always reflect the actual state of collection and processing of personal data through this website. Please check regularly for such changes. In case of changes that may affect your rights or significantly change the previous processing notice, especially in the case of changing the purpose of processing, disclosure of data and transfer to third countries, the notice will be displayed in a pop-up window when you arrive at this website.

Last update: October/2023

Fixed conversion rate: 7,53450

Web shop was financed within the project KK.06.1.1.06.0001 "THE GUARDIAN OF CULTURAL HERITAGE AS A CATALYST OF DEVELOPMENT, RESEARCH AND LEARNING - THE NEW CROATIAN NATURAL HISTORY MUSEUM". The project was co-financed by the European Union, European Fund for Regional Development and project partner City of Zagreb.
Copyright © 2023-present Croatian Natural History Museum. All rights reserved.