This Privacy Policy of GLOBAL OFFSHORE ENGINEERING d.o.o., Ulica hrvatskih branitelja 5, Sutivan, 21403, OIB: 49233521452, as the Data Controller, establishes the terms and methods for collecting and processing personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter referred to as: Regulation), as well as in accordance with the Law on the Implementation of the General Data Protection Regulation (Official Gazette No. 42/18).

1. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The Data Controller highly values the protection of the security and privacy of your personal data in our business operations, and therefore we operate in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable data protection laws. We hope that the policy described below will help you understand what data the Company may collect, how it uses and stores that data, and with whom we are allowed to share it.

1.1. As the Data Controller, we process your personal data necessary for the following purposes:
a) processing of personal data in business operations,
b) issuing invoices,
c) handling complaints,
d) processing inquiries about services,
e) processing job applications.

The Company is the Data Controller for personal data that it possesses, and it collects, processes, and stores the personal data of:

  • company employees,
  • candidates participating in recruitment processes,
  • external collaborators,
  • customers of the company’s services,

in accordance with the methods and deadlines specified by legal and regulatory provisions governing the company’s business, and in accordance with applicable data protection regulations.

1.2. Personal data, which is not covered by the above and is collected as part of the Company’s business activities, is processed solely based on the prior consent of the data subject in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR) 2016/679.

We process your personal data based on consent in accordance with Article 6(1)(a) of the General Data Protection Regulation for:

  • improving the functionality of all features of the website https://goe-group.com/ and https://arc-rec-project.eu/ to provide a better user experience;
  • monitoring and improving the quality of services: Your satisfaction is very important to us, and for this purpose, we use surveys where you can evaluate our services and provide feedback. You decide whether to complete such surveys and to what extent you provide personal data in them;
  • connecting with us via social networks for responding to your inquiries;
  • processing your job application or inquiry in our business units;
  • sending newsletters.

The need to collect the aforementioned data may arise from our legal obligations, for the conclusion and execution of services from a contract, based on legitimate interest, or based on your consent. When consent is the basis for data collection, we will clearly indicate it. The processing of personal data is limited to the purpose for which it was collected in accordance with the terms of this Privacy Policy.

1.3. PROCESSING OF PERSONAL DATA THROUGH VIDEO SURVEILLANCE

The Company also uses a video surveillance system for the purpose of protecting property and ensuring the safety of service users, employees, and visitors. The surveillance is limited to the acceptable areas within the business premises, and the perimeters of the cameras are clearly marked with visible notices. Video surveillance recordings are stored for a maximum of six months from the date of recording.

The processing of personal data through video surveillance is conducted in accordance with the Law on the Implementation of the General Data Protection Regulation, as follows:

  • Data Controller: GLOBAL OFFSHORE ENGINEERING d.o.o., Ulica hrvatskih branitelja 5, Sutivan, 21403, OIB: 49233521452
  • Purpose: protection of individuals and property
  • Legal Basis: legitimate interest of the company
  • Recipients: video recordings may be provided upon request to relevant authorities (police, court) if necessary for legal proceedings in accordance with special regulations
  • Storage: video surveillance recordings are kept for a maximum of six months, or longer if they are included as evidence in court, administrative, arbitration, or other proceedings.

2. USE OF COOKIES

Our websites use “cookies” – text files that are placed on a user’s computer by a web server through which the service provider accesses the Internet and displays the website. Cookies are created when a browser on a user’s device loads a visited web destination, which then sends data to the browser and creates a text file (cookie). The browser retrieves and sends the cookie back to the web server upon the user’s return to the website. The Electronic Communications Act stipulates that we may store cookies on your device if they are strictly necessary for the functioning of this website. For all other types of cookies, we need your consent. This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

This site uses technical cookies, which are necessary for the operation of the website, and functional cookies, which allow the site to provide enhanced functionality and personalisation.

Although you can use our website without providing any personal data, after contacting us via our contact form or directly via our email addresses, the Company collects information about you. The information you fill out (personal information such as your name and email address) or send in a direct email message will be processed and stored so we can contact you and respond to your request. The Company will not share your personal data with any third party, nor will it allow them access. The data will only be used for the purposes of further communication and responding to your inquiry.

If you are under 16 years of age, you must provide consent from a parent or guardian before providing personal data. The Company does not knowingly collect personal data from children under 16 years of age via its website without appropriate consent from a parent or guardian. If you are under 16, please do not send us any personal data, including your name, address, phone number, or email address, without parental or guardian consent. In any case where we discover that we have collected or received personal data from a child under 16 years of age without parental consent, we will promptly delete such data. If you have information that we have received data from a child under 16 years of age, please contact us at data.protection@goe-group.com. Our websites contain links to other websites and social media pages, which are not covered by our Privacy Policy. We recommend that you read the privacy policies of each website and social network you visit, especially those where you provide your data.

Necessary Cookies


Necessary cookies help make the website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies. Necessary cookies can be stored independently of the user’s consent in accordance with legal regulations.

Cookie name: PH_HPXY_CHECK
Provider: mpg.hr
Purpose: Necessary for user browsing. Serves for the normal functioning of the website.
Duration: session

Cookie name: cookieControl and cookieControlPrefs
Provider: mpg.hr
Purpose: Necessary for accepting cookie consent.
Duration: 30 days

Analytical Cookies


These cookies collect information about how visitors use the website, such as which pages visitors visit most frequently. We use them to improve the functioning of our website. However, some of them may be third-party cookies, and the data we collect may be classified for purposes that are unknown to us as the website owner. For more information, see the privacy policies of these third-party processors.

Cookie name: _ga
Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000 Barrow St, Grand Canal Dock, Dublin, 4, Ireland
Purpose: Used by Google Analytics to distinguish users
Duration: By default, expires after 2 years. Based on the user’s consent.

Cookie name: _gat
Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000 Barrow St, Grand Canal Dock, Dublin, 4, Ireland
Purpose: Used by Google Analytics to regulate the request rate
Duration: Temporary cookie, expires after 1 minute. Based on the user’s consent.

Cookie name: _gid
Provider: Google Analytics | Google Ireland Ltd. | analytics.google.com | +35314361000 Barrow St, Grand Canal Dock, Dublin, 4, Ireland
Purpose: Used to identify users
Duration: Temporary cookie, expires after 24 hours. Based on the user’s consent.

Consent management


You can always revoke any consents given to us. If you revoke your consent, we will no longer process your data for the stated purposes, but this does not affect the lawfulness of processing prior to revocation.

3. WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA?

To exercise your rights, you can contact us in writing or via email using the contact details provided in this Privacy Policy available on the Company’s website.

Your rights are as follows:

3.1. Right of Access to Personal Data


You have the right to access your personal data that we process, and you can request detailed information, especially about the purpose of the processing, the type/categories of personal data processed, including access to your personal data, information on recipients or categories of recipients, and the expected retention period of the personal data. Access to personal data may be restricted only in cases prescribed by Union law or our national legislation, or when such a restriction respects the essence of the fundamental rights and freedoms of others.

3.2. Right to Rectification of Personal Data


You have the right to request the correction or completion of personal data if your data is inaccurate, incomplete, or not up-to-date. To do so, submit your request to us as the Data Controller in writing, by post or electronically.
Please note that in your request, you must specify exactly what is inaccurate, incomplete, or not up-to-date and in what way it should be corrected, along with providing supporting documentation for your claims.

3.3. Right to Erasure


You have the right to request the erasure of personal data relating to you if one of the following conditions is met:

  • Your personal data is no longer necessary for the purposes for which it was collected or processed;
  • You have withdrawn consent on which the processing is based, in accordance with Article 6(1)(a) or Article 9(2)(a), and if there is no other legal basis for processing;
  • You have objected to the processing of your personal data in accordance with Article 21(1) of the General Data Protection Regulation (GDPR), and there are no overriding legitimate grounds for processing;
  • The personal data has been unlawfully processed;
  • The personal data must be erased to comply with a legal obligation under Union law or the law of the state to which the Data Controller is subject;
  • The personal data has been collected in connection with the offer of information society services referred to in Article 8(1) of the GDPR.

3.3.1. Exceptions to the Exercise of the Right to Erasure Provided in Article 17(3) of the GDPR


The aforementioned rights are not applicable to the extent that the processing is necessary:

  • For exercising the right to freedom of expression and information;
  • For compliance with a legal obligation that requires processing under Union law or the law of the Member State to which the Data Controller is subject or for performing a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  • For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, in accordance with Article 89(1), to the extent that the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • For the establishment, exercise, or defence of legal claims.

3.4. Right to Restriction of Processing


You have the right to request the restriction of processing if:

  • You contest the accuracy of the data;
  • The processing is unlawful, but you oppose the erasure of the data;
  • The Data Controller no longer needs the personal data, but you require it for the establishment, exercise, or defence of legal claims;
  • You have objected to the processing of your personal data.

3.5. Right to Object


If we process your data based on our legitimate interests, you can object to such processing.
Data subjects also have the right to withdraw, at any time, any consent previously given for the processing of their personal data for one or more purposes. Please note that withdrawing consent does not affect the lawfulness of processing based on the consent before it was withdrawn. Upon valid withdrawal of consent, the Data Controller will cease further processing and erase the personal data of the Data Subject that was based on consent, assuming no other lawful basis justifies the continued retention of such data.

Special attention is drawn to the right to object to the processing of personal data where the lawfulness of the processing is based on the performance of a task carried out in the public interest or the exercise of official authority vested in the Data Controller or where the processing is based on the legitimate interest of the Data Controller or a third party. This includes profiling based on these lawful grounds. The Data Controller shall no longer process personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise, or defence of legal claims.

The Data Subject can exercise their rights by submitting a request or objection in writing or by personally delivering it to the following address: GLOBAL OFFSHORE ENGINEERING d.o.o., Ulica hrvatskih branitelja 5, Sutivan, 21403, OIB: 49233521452, Data Protection Officer, with the envelope marked “Personal Data” or electronically via email to: data.protection@goe-group.com.

4. RECIPIENTS OF PERSONAL DATA:

We may share your personal data with processors with whom we have entered into contracts that specify the handling of personal data. Therefore, they are unable to process your personal data without our authorisation and share it with third parties, as follows:

  • providers of IT and communication solutions and services;
  • entities authorised to process personal data, who are subject to the appropriate legal confidentiality obligations (processors);
  • law enforcement agencies and public authorities when required by applicable law or in good faith (for the protection and defence of our rights and/or property or to act in emergency situations to protect the safety of property and individuals, in accordance with the legal obligations we have as a service provider in accordance with registered activities);
  • our legal advisors in case of using data forwarding for legal proceedings;
  • business partners for their needs only in accordance with appropriate legal bases.

Personal data of candidates intending to enter into an Employment Contract may also be provided to the educational institution where the candidate obtained their qualification for the purpose of verifying the accuracy of the data.

In certain circumstances, we have a legal obligation to forward your personal data, and the processing of personal data may involve international transfers of the same. The legal obligation may arise from national regulations or EU regulations. Thus, your data may be shared with other recipients when we are bound by relevant regulations to the extent necessary to achieve the established purpose.

Your personal data will not be forwarded to third parties for the purposes of direct marketing.

5. SECURITY OF PERSONAL DATA

The data controller takes appropriate technical and organisational measures to ensure an adequate level of security for the personal data of the respondent, considering the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity to the rights and freedoms of individuals. The personal data of the respondent are processed lawfully, confidentially, and solely for the purpose for which they were collected, in accordance with the regulations governing the protection of personal data and information security. All employees of the Data Controller are committed to safeguarding personal data by signing a confidentiality statement.

6. TIME FRAME FOR STORAGE OF PERSONAL DATA

The personal data of the respondent are processed until the purpose of processing personal data is fulfilled. After the purpose for which they were collected ceases, personal data will no longer be used, and they will remain in the storage system and be retained in accordance with acts on the protection of archival and registration material, for up to five years. For the selected respondent with whom an Employment Contract is signed, personal data are retained permanently.

If the personal data are evidence in judicial, administrative, arbitration, or other equivalent proceedings, they will be retained longer than the legally or otherwise prescribed retention period, until the final conclusion of the proceedings.

7. DATA PROTECTION OFFICER CONTACT INFORMATION

To exercise your rights, you can contact the appointed personal data protection officer by sending a written notice or request to the personal data protection officer by mail to the address: GLOBAL OFFSHORE ENGINEERING d.o.o. Ulica hrvatskih branitelja 5, Sutivan, 21403, OIB: 49233521452, Data Protection Officer, noting on the envelope “Personal Data” or electronically at the email address: data.protection@goe-group.com.

8. RIGHT TO FILE A COMPLAINT TO THE COMPETENT AUTHORITY

You can file a complaint directly with the competent supervisory authority at any time, particularly in the EU country where you have your habitual residence, workplace, or where the infringement of personal data occurred, or if you believe that the processing of your personal data is not lawful.

Direct contact with the competent supervisory authority in the Republic of Croatia is: Agency for Personal Data Protection (AZOP)

Selska cesta 136

HR – 10 000 Zagreb

e-mail: azop@azop.hr

Tel. +385 (0)1 4609-000

Fax. +385 (0)1 4609-099

Web: http://www.azop.hr

9. CHANGES TO THE PRIVACY POLICY

We regularly update the privacy policy to ensure it is accurate and current, and we reserve the right to change its content if we deem it necessary. You will be promptly informed of all changes and amendments via our website in accordance with the principle of transparency.

10. QUESTIONS AND COMMENTS

The Data Controller will respond to all requests from respondents in accordance with the General Data Protection Regulation 2016/679 (GDPR). If you have any questions or comments about the data protection policy and for answers to any of your inquiries regarding the processing of your personal data, please contact us in writing at the email address of the appointed data protection officer: data.protection@goe-group.com.