Privacy Policy

Definitions 

In the interest of clarity and precision, we use the following definitions throughout this Privacy Policy: 

Privacy Policy: This Policy as fulfillment of our information obligations to you under Articles 13 and 14 of the GDPR. 

Data: Personal data, i.e., any information about an identified or identifiable person to whom the Data relates. Concerning the above-mentioned individual, the obligation to provide information is fulfilled by making the information contained in the Privacy Policy available on an ongoing basis. 

You:  You, and therefore the person whose Data we process in accordance with the Privacy Policy. 

We/Controller: WHITE TECH d.o.o., OIB 22301840862, MBS 060486036, address: Obala hrv. preporoda 7, 21000, Split, Hrvatska. You can contact us by post at the address above, emailing info@white-tech.io

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 

Customer: An entity with whom the Controller has entered into or is negotiating an agreement under which the Controller will provide it with its services. 

Representative: A person who contacts the Controller on behalf of the Customer or another entity with whom the Controller cooperates or communicates.

Data and effects of refusal to provide Data 

This Policy applies to the processing of Data collected from: 

  1. People contacting Us, in particular by e-mail.
  2. People accessing the website https://white-tech.io/, where data may be collected via cookies. 

Purposes, legal basis and duration of processing of Data 

We process your personal data for the purposes set out below. For each purpose, we specified the legal basis for the processing and the criteria for the duration of processing for that purpose.

PURPOSE

LEGAL BASIS

PROCESSING PERIOD CRITERIA

Processing data to provide services and ongoing contact with Customers. Providing resources and services to Customers

Article 6 (1) (b) (f) of the GDPR – conducting a binding contract and legitimate interest of the Controller, which is the delivery of resources and services to Customers as well as providing communication.

Until the termination of cooperation with a given Customer and the statute of limitations for claims.

Website usage statistics.  Analysis of website utilization statistics

Article 6 (1) (a) (f) of the GDPR – the consent for analytical and third-party cookies or legitimate interest for necessary (functional) cookies – which are necessary for the proper functioning of our website and systems and enable you to navigate our website and use its features.

The cookies we use are installed for varying periods. Some expire when you close your browser, while others remain active for days, months, or even years, primarily so that your choices are not lost. After this period, they are deleted.

We only process Data for as long as it is necessary. Once the data has fulfilled the purpose for which it was processed, it will be deleted or anonymized, unless we are required or authorized by law to retain some or all of it.

Data We don’t process.

We do not collect or store any Data about children under 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided Us with Data, please contact us. If We become aware that We have collected Data from children without verification of parental consent, We take steps to remove that information.

We also do not process any Sensitive Personal Information, such as racial or ethnic origin, membership in political parties or political opinions, religious or philosophical beliefs, trade union membership, genetic/biometric data, health, sex life or sexual orientation. Nor do we collect any information about criminal convictions and offenses.

If you believe that We have collected such information, please directly contact Us immediately in order to delete this information and resolve issues.

Data recipients 

In some situations, we transfer your Data to third parties. Their recipients may be: 

  • Entities to whom we outsource Data processing services will include our contractors, accounting entities, law firms, hosting, CRM, tools, and other entities necessary to fulfill our obligations; 
  • Public authorities, including the Police and other law enforcement agencies, in connection with their proceedings under the relevant provisions of law. 

We ensure that our processors are fulfilling all obligations and requirements stemming from art. 28 GDPR.

Your rights

You have the following rights under the above-mentioned regulations:

  • Right to withdraw - you have the right to withdraw your consent where you have previously given your consent to the processing of your Data;
  • Right to object - you have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent.
  • Right to be informed - you can ask Us what categories of your Data is being collected;
  • Right to opt-out - you can ask Us to stop using your Data for business and other benefits;
  • Right to erasure (right to be forgotten) - you can ask Us to delete your Data;
  • Right of access - you can ask Us to provide the list of actual Data values collected;
  • Right to non-discrimination - We provides equal services, meaning they cannot discriminate against your rights;
  • Right to rectification - you can ask Us to correct your Data in a situation when such data available Us or disclosed to third parties is inaccurate or incomplete;
  • Right to restrict - you can ask Us to introduce the restriction regime on the processing of your Data, so that in each case the data may be processed only upon separate consent from you.
  • Right to data portability - if We process your Data based on your consent, or the processing is carried out by automated means, you may request to receive your Data in a structured, commonly used and machine-readable format, and to have Us transfer your Data directly to another Controller, where technically feasible unless the exercise of this right adversely affects the rights and freedoms of others. (Controller is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of your Data).
  • Right to lodge a complaint - if you believe that we have infringed your rights, We encourage you to contact us first so that We can try to resolve your issue or dispute informally. You also have a right to lodge a complaint with a competent supervisory authority.
  • Storage of your personal information - We will try to limit the storage of your Data to the extent that storage is necessary to serve the purpose(s) for which the Data was processed, to resolve disputes, enforce our agreements, and as required or permitted by law.

To exercise any of these rights, please contact Us and We will respond to your request within a reasonable timeframe and notify you of the actions taken.

International Data Transfer

If you are located in the EU, make a notice that your Data may be transferred to countries that are not part of the EU. 

We will take additional measures in order to establish that your Data is treated just as safely and securely as it would be within the European Union and under the Data Protection Legislation as follows: 

  • choosing only partners and services that are compliant with the EU standards; 
  • limiting access to your Data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; 
  • procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data) including notifying you and the governing authority where We are legally required to do so.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other Data.

Some of Our external third parties are based outside of the European Economic Area (EEA) so their processing of your Data will involve a transfer of data outside the EEA. 

Once We transfer your Data outside the EEA, We shall observe the criteria set within the EEA. 

For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries:(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Where We share Data with fraud and crime prevention agencies and fraud and/or criminal history checking service providers in the EEA, they may transfer your Data outside of the EEA, in this case they impose contractual obligations on the recipients of that data to protect your Data to the standard required in the EEA and/or they may require the recipient to subscribe to certain standards, intended to enable secure data sharing. 

Please contact Us if you want further information on the specific mechanism used by Us when transferring your personal data out of the EEA.

Personal Information retention

We will only retain your Data for as long as reasonably necessary to fulfil the purposes for its collection, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

We will not keep your Data for any longer than is necessary for the scope of the reason(s) for which it was collected. 

Your Data will be stored according to the following factors which determine the period of how long it will be kept: 

  • our objectives and requirements; 
  • the types of Personal Information in question; 
  • the purposes for which Personal Information in question is collected, held and processed; 
  • our legal basis for collecting, holding and processing that Personal Information; 
  • any legal obligation to store such information.

We ensure that Data kept is regularly reviewed against such criteria to assess whether it should be kept any longer.

Automated Decision Making 

We do not make decisions by automated means, including profiling.

Privacy Policy changes

This Privacy Policy is effective as of the date of publishing on this Website and will remain in effect except with respect to any changes in its provisions in the future, that come into force and will be applied immediately after they are published on the Website.

We may update and/or change the terms of this Privacy Policy, and We will notify you by revising the date at the top of this policy and, in some cases, We may provide you with additional notice such as adding a statement to Website by emailing you directly prior to these changes taking effect, so that you aware of the type of Data We collect, proceeds and storage, and how it will be used, and under what circumstances, if any, We may disclose such information.

This Privacy Policy was last updated on April 09, 2025.