bus car check-small check chevron-down-small chevron-down chevron-large chevron-left chevron-right chevron-small chevron-up-circle circle-arrow clock close-small close cloud-light cloud-rain cloud-snow cloud crown-light crown delete-small download-small facebook gift-cards globe googleplus heart-filled heart instagram tiktok map-compass map-marker menu-light menu minus-small no-circle-arrow people plus-medium plus-small rain search service-airplane service-baby-care service-camera service-car service-cash-machine service-charging service-coffee service-defibrillator service-dog service-e-auto service-eat service-first-aid service-ice-cream service-info service-kids-buggy service-kids-playground service-lockers service-parking service-phone service-shopper service-shuttle-bus service-suitcase service-train service-wardrobe service-wc-men service-wc-wheelchair service-wc-women-men service-wc-women service-wheelchair service-wifi shopping-taxi snow sun-cloud-light sun-cloud-rain sun-cloud sun tax-free TAX FREE Shopping tickets train trash-medium twitter vimeo wishlist-facebook wishlist-googleplus wishlist-twitter wishlist-whatsapp youtube zoom
5
5 8 1
Wed 9 1
Thu 13 4
Fri 6 -2
Sat 3 -3
Sun -0 -1
Open today 10:00 - 21:00 Closed Today

Opening hours Monday 10:00 - 21:00 Tuesday 10:00 - 21:00 Wednesday 10:00 - 21:00 Thursday 10:00 - 21:00 Friday 10:00 - 21:00 Saturday 10:00 - 21:00 Check our opening hours

Open today 10:00 - 21:00 Closed Today

Opening hours Monday 10:00 - 21:00 Tuesday 10:00 - 21:00 Wednesday 10:00 - 21:00 Thursday 10:00 - 21:00 Friday 10:00 - 21:00 Saturday 10:00 - 21:00 Check our opening hours

DESIGNER OUTLET CROATIA

Personal data protection

Privacy Policy in accordance with Articles 13 and 14 of the EU General Data Protection Regulation – Fulfilment of the information obligation


1    Joint controllers
The following companies are joint controllers for certain personal data processing operations in accordance with Article 4(7) of the EU General Data Protection Regulation (GDPR) and Article 26 of the GDPR:


•    Designer Outlet Croatia d.o.o. Sop (Municipality of Rugvica)
Alfreda Nobila 4, 10 361 Sesvete – Kraljevac
Phone: +385 1 6472 430
E-mail: infodesk.croatia@ros-management.com


•    ROS Croatia Management d.o.o.
Heinzelova 70, 10000 Zagreb
Phone: +385 1 6472 430
E-mail: infodesk.croatia@ros-management.com


They will hereinafter be referred to as “controllers”.
Joint controller means that each controller processes your data jointly, taking into account the highest data protection standards. An appropriate agreement has been concluded between the controllers. Even in cases of joint responsibility, the controllers fulfil their obligations under data protection legislation in accordance with their respective responsibilities. Within the framework of joint responsibility, you may exercise your rights regarding the processing of your data with any of the controllers.
In the first instance, please direct all your questions and enquiries to ROS Croatia Management, Heinzelova 70, 10000 Zagreb, phone:  +385 1 6472 430, e-mail: infodesk.croatia@ros-management.com
Furthermore, the company has appointed an external expert as the data protection officer, who can be contacted at the following e-mail: datenschutz-ros@meineberater.at.
 

2    General data processing


2.1    Data processing in accordance with Article 13 of the GDPR
We process the data provided to us by data subjects, for example in the context of enquiries sent by e-mail, for the purpose of initiating and concluding a contract or business relationship.


2.2    Data processing in accordance with Article 14 of the GDPR
In addition, we process data which we have received from persons who may form part of a contractual relationship, with prior consent in the context of information provided by third parties (e.g. directors providing us with the data of their employees or colleagues). 


2.3    Data subjects to whom the personal data relate 
For participants in prize draws, we process the following data: name and surname, e-mail address, date of birth. We collect these personal data for the purpose of enabling participation in prize draws on the legal basis of the Games of Chance Act and the Ordinance on organising prize draws, i.e. for to comply with the controller’s legal obligations. 
For newsletter recipients and VIP Club members, we process the following data: name and surname, e-mail address, date of birth. Based on your consent, we collect the above personal data for the purpose of sending general or personalised direct marketing messages (newsletter) to promote our activities, offers and products and our partners. We keep them until the withdrawal of consent by the data subject or until a request for deletion is submitted. 
For tenants’ contact persons, we process the following data: company name, name and surname of the contact person, business address and contact details, bank details, contract data. We process these personal data for the purpose of carrying out economic, financial and/or administrative management activities on the legal basis of contract performance.
For suppliers and business partners, we process the following data that is necessary for the initiation or conclusion of a contract: company name, name and surname of the contact person, business address and contact details, bank details, contract data. We collect these personal data for the purpose of exercising the rights and obligations under the contract, on the legal basis of contract performance.
For event participants, we process the following data: name, contact details and address details. The purpose and legal basis for the data processing are specified in a separate provision further in the Privacy Policy.
 

2.4    Recipients of personal data 
Third parties will be recipients of personal data only when this is necessary for the performance of a contract or if required by law.
 

2.5    Data retention
1.    Expiry of contractual obligations: If contractual provisions stipulate how long personal data must be retained, the controller will ensure compliance with these deadlines. After the expiry of these deadlines, the data will be deleted or anonymised by the controller.
2.    Withdrawal of consent: If a person withdraws consent to the processing of their personal data, the controller will delete these data, unless there is another legal basis for the processing.
3.    Expiry of legal obligations:  In some cases, there may be exceptions that not only allow but require the data controller to continue storing personal data for a certain period, such as the storage of tax or accounting records. After the expiry of these legal periods, the controller will also ensure that the data is anonymised or deleted.
4.    Accounting documents (e.g. invoices and receipts for vouchers/awards): 11 years (accounting regulations).
5.    Data obtained on the basis of consent (e.g. e-mail address for newsletters): only as long as a valid consent exists.
6.    Database of potential tenants / business associates: no more than 12 months;
7.    Visitor messages (compliments, complaints, suggestions, etc.): for the period necessary to consider and respond to your message, depending on its content and our capabilities (approximately 2 weeks).
8.    Records of consumer complaints will be kept for 1 year from the receipt of the written complaint (consumer protection regulations).
9.    Data in processing operations that may give rise to claims for damages: in accordance with the statutory limitation periods (up to 5 years).
10.    Prize draws and competitions: for as long as there is a need to resolve complaints (depending on the period defined by the rules of the game / competition), or exceptionally longer due to inspection or threatened legal proceedings, in accordance with the limitation periods (no more than 4 – 5 years).
11.    Video surveillance footage: as a rule, up to 20 days from their creation. If an incident recorded on footage has been reported, a longer retention period may be required due to the need for conducting appropriate legal proceedings.
12.    Legal proceedings: if legal proceedings arise, the personal data necessary for their conduct will be retained until the final conclusion of the proceedings. Enforced claims for damages will be retained for 10 years from the date of the final decision or settlement (statute of limitations).

 

2.6    Contact us by e-mail
When you contact us by e-mail, we will store the data you provide (name and surname, e-mail address) to be able to respond to your enquiries. We will delete these data once they are no longer necessary for processing or restrict processing if legal retention periods apply. We process these personal data on the legal basis of legitimate interest and for the purpose of providing support services or responding to enquiries.
Legal basis: Article 6(1)(f) of the GDPR
 

2.7    Disclosing the names of content authors
We are legally required to disclose the names of the authors of visual content (photos or videos) whenever we publish such visual data. We automatically delete these personal data as soon as we stop using the visual content.
 

2.8    Legal basis
The following points constitute the legal basis for data processing:
•    Conclusion and performance of a contract in accordance with Article 6(1)(b) of the GDPR
•    Legal obligations in accordance with Article 6(1)(c) of the GDPR (e.g. legal retention and documentation obligations)
•    Legitimate interest of our company within the meaning of Article 6(1)(f) of the GDPR (e.g. software use)
•    Article 6(1)(a) of the GDPR for obtaining consent (e.g. when processing visual recordings for advertising purposes)
 

3    Processing of VIP club members’ data
If you decide to become a member of our VIP club, we will process the data you enter in our form: name and surname, e-mail address, address, postal code, date of birth, gender, mobile phone number (online or printed).
Membership in our VIP club with numerous financial benefits requires authorisation to the Outlet to send you offers, information, advertisements, invitations to prize competitions and promotions from outlet partners via e-mail.
In order to complete the process of your registration in the VIP club, we need your name and surname as well as a valid e-mail address or further confirmation that you are indeed the intended recipient of the messages sent to you. For this purpose, we will send a confirmation e-mail to the entered e-mail address with a link (double opt-in); only after clicking on this link will the registration be completed.
If you want to receive special birthday vouchers as a VIP club member, we also need your date of birth. However, you can also become a member without providing your date of birth. The legal basis for this processing purpose is our legitimate interest in providing the customer with a personalised service.
In this context, we collect further data only to the extent that you provide it, but this is not required for receiving advertisements.
If you no longer wish to receive messages, you can informally terminate your membership at any time by sending an e-mail to the contact details provided in the first section of this Privacy Policy. When you terminate your membership, we will immediately delete your personal data processed for this purpose.
When you become a member of our VIP club, you enter into a contract with us in order to receive discounts, and we in turn process your data. The processing of your data is therefore necessary for the performance of a contract to which you are a party.
Legal basis: Article 6(1)(b) of the GDPR
 

4    Processing of prize draw participants’ data
If you participate in our prize draws, we will process your data for the purpose of conducting the prize draw, identifying and notifying the winner, and delivering the prize offered. For this purpose, we must process your name and e-mail address. Without these data, you cannot participate in the prize draw.
We process your name and surname for the purpose of holding prize draws based on legal obligations, specifically the Games of Chance Act and the Ordinance on organising prize draws.
As participants must be at least 18 years old to participate in prize draws, you must also provide your date of birth. We process your date of birth for the purpose of verifying your age in accordance with the rules of the prize draw, and on the basis of legitimate interest.
You may also provide your telephone number voluntarily. If you do so, we will use these data to contact you by phone if you have not responded to the e-mail notification about the prize. However, these data are not required for registering for the prize draw. We process these personal data based on our legitimate interest in ensuring that the winner receives the appropriate prize. We collect such data based on our legitimate interest, which implies ensuring the possibility of demonstrating the fulfilment of our obligations to the winner, i.e. defending and exercising legal claims.
The data will be deleted after the winner has been identified and the prize draw has ended.
When you participate in our game, you enter into a contract with us under which you have the opportunity to win a prize, and in return we process your data. The processing of your data is therefore necessary for the performance of a contract to which you are a party.
Legal basis: Article 6(1)(b) of the GDPR
 

5    Data processing through our website
 

5.1    Contact
If you have requested that we contact you via our web form or if you have sent us a message, we will store the data that is necessary to contact you – your name and e-mail address. In addition, we process the data that you voluntarily provide. We delete the data as soon as storage is no longer necessary or when you object to the processing. The processing of your data for this purpose is based on our legitimate interest in responding to enquiries and questions from our clients.
Legal basis: Article 6(1)(f) of the GDPR
 

5.2    Applicants/Candidates
If you send us your application documents, we process your personal data contained therein, as well as your CV and references for the purpose of selecting candidates/employees and filling the position. The processing of your data is necessary to take steps at your request before entering into a contract with you. In the event of rejection, we will delete your documents 7 months after we have sent you the rejection notice.
Legal basis: Article 6(1)(b) of the GDPR
If you agree to us keeping you in our records for the purpose of contacting you later, we will contact you with a specific request for the transfer of consent. If you expressly give us this consent, we will store your consent. If there is no longer an opportunity to fill a vacant position with us within one year, we will delete all your application data one year after you have sent us your consent.
Legal basis: Article 6(1)(a) of the GDPR
 

6    Data processing when you visit our website
 

6.1    Use of the website for information purposes
In the case of use of the website for information purposes, we only collect personal data that your browser transmits to our server (server log files). If you want to view our website, the most data we collect relates to those that we technically need to show you our website and ensure its stability and security:
• IP address
• Date and time of the request
• Time zone difference in relation to Universal Coordinated Time (UTC)
• Content of the request (separate page)
• Access status / HTTP status code
• Website from which the request originated
• Browser
• Operating system and its interface
• Language and version of the browser software.
These data are not linked to the sources of personal data. We reserve the right to retroactively check these data if we become aware of concrete indications of illegal use and to forward the data to law enforcement authorities in the event of hacking. Also, the data will not be passed on to third parties.
Legal basis: Article 6(1)(f) of the GDPR
 

6.2    Cookies
Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and that provide the person who sets the cookie (in this case us) with certain information. Cookies cannot run programs or transmit viruses to your computer.
A cookie allows you to be recognised when you visit a website without having to re-enter data that you have already entered.
The data contained in cookies are used, for example, to determine whether you are logged in or what data you have already entered or to recognise you as a user when a connection is established between our web server and your browser.
We distinguish between technical cookies, which are used exclusively to ensure the operation of the website, and other cookies, which we set for the purpose of statistical analysis, tracking or advertising/marketing by us or third parties.
Legal basis: Article 6(1)(f) of the GDPR (for technical cookies), Legal basis: Article 6(1)(a) of the GDPR (for all other cookies)
 

7    Social networks
We operate the social media pages: Facebook and Instagram. When you visit our social media pages, personal data, including your IP address, is processed by the respective service provider and cookies are used to collect the data. For detailed information on the specific data that are transmitted, please refer to the privacy policies of Facebook and Instagram. There you will also find contact details and various privacy settings.
Our priority is overall user satisfaction and we primarily use these services to collaborate and communicate with you.
In the services with a US connection, the data collected are usually transferred to a server in the USA and stored there. We have no control or ability to monitor the nature or scope of the data processed by these services, the way in which they are processed and used, or the disclosure of these data to third parties. To restrict the processing of these data within the settings of these services, please refer to the detailed descriptions provided in the privacy policies of the respective service providers.
We also point out that you use certain services and their features at your own risk. This applies in particular to the use of interactive functions such as sharing, commenting or rating.
The social media service providers have provided us with appropriate contracts – in most cases, these are joint responsibility agreements for data processing. The use of social media is based on our legitimate, operational interest.
Legal basis: Article 6(1)(f) of the GDPR
 

8    Cloud.typography
Our website uses external fonts from Hoefler & Co, 611 Broadway, Room 725, New York, NY 10012-2608, USA.
This service provides the Cloud.typography fonts, which are displayed on the user’s end devices. With each session, your browser establishes a direct connection to the company’s servers in the USA, whereby your IP address can be retrieved.
For more information, please see the privacy policy for Typography:
www.typography.com/policies/privacy 
With this service, the transfer of personal data to the USA is not excluded! The GDPR requires appropriate safeguards according to Article 46 for any transfer of data to a third country or international organisation. Such safeguards do not exist for the USA.
Furthermore, Hoefler & Co. is currently not certified under the US Data Privacy Framework or Privacy Shield. Therefore, certain risks cannot be completely excluded for you as a data subject. These risks include:
• The relevant service provider may share your personal data with third parties (e.g. US authorities).
• You may not be able to sustainably verify or exercise your access rights with the relevant service provider.
• There is a higher likelihood of incorrect data processing because the technical and organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.
Legal basis: Article 6(1)(a) of the GDPR
 

9    Facebook 
 

9.1    Facebook Pixel
Our website uses Facebook Pixels from the Facebook social network (Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland) to analyse, optimise and economically operate our online offer.
Facebook can use the Pixel to identify website visitors as the target group for displaying ads (so-called “Facebook Ads”). Accordingly, we use it to display Facebook only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products defined on the basis of visited websites) that we transfer to Facebook (so-called “Custom Audiences”). The goal is to ensure that our Facebook ads match the user’s interest and are not intrusive. On the other hand, we may use the Pixel to track the effectiveness of Facebook ads for statistical and market research purposes by determining if users are redirected to our website after clicking on a Facebook ad (so-called “conversion”).
Your activities are stored in one or more cookies. These cookies allow Facebook to associate your user data (such as IP address, user ID) with your Facebook account data. The data collected are anonymous and not visible to us and can only be used in the context of advertising. If you wish to prevent the association with your Facebook account, you have the option to log out before taking any action.
We have concluded an agreement with Facebook Ireland, but it may happen that Facebook Ireland transfers personal data to Facebook USA. Meta Platforms, Inc. has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the transfer of data is permitted under Article 45 of the GDPR.
For further information please see Facebook’s data management policy, at the link: en-gb.facebook.com/business/help/742478679120153.
For specific information on Facebook pixels, please visit the link: en-gb.facebook.com/business/help/742478679120153.
Legal basis: Article 6(1)(a) of the GDPR
 

10    Google Services
We have signed an agreement with Google Ireland Limited (“Google”), a company incorporated and operating under the laws of Ireland (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland. However, data may be transferred from Europe to the USA, over which we as a company have no control.
Google has certified itself under the EU-U.S. Data Privacy Framework for the transfer of personal data from the EU to the United States. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a company in the United States certified under the EU-U.S. Data Privacy Framework. Consequently, the transfer of data is permitted under Article 45 of the GDPR.
Legal basis: Article 6(1)(a) of the GDPR
 

10.1    Google Ads Remarketing for Google Analytics
We have integrated Google Ads Remarketing into our website. This service allows us to display interest-based ads to website visitors. The browser stores cookies that allow the website user to be recognised if the user visits other websites that belong to the Google advertising network. On those sites, advertising campaigns related to content previously accessed by the user on other websites may be displayed.
 

10.2    Google Analytics
We have integrated Google Analytics, a web analytics service from Google, on our website, which allows us to analyse visitor traffic and the length of time spent on our website.
This website uses the “Activation of IP anonymisation” function (i.e. Google Analytics has been extended with the code “gat._anonymize Ip();” to ensure anonymous collection of IP addresses (so-called IP masking)). This means that Google will first shorten your IP address within EU member states or in other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On the other hand, Google will use the information obtained to evaluate your use of the website, compile reports on website activity and provide us with other services relating to website and internet use. The IP address transmitted by your browser as part of Google Analytics will not be linked to other Google data. However, Google may transfer this information to third parties if required to do so by law or if these third parties process the information on Google’s behalf. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of the website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and relating to your use of the website (including your anonymised IP address) by Google, as well as the processing of these data by Google, by downloading and installing the browser add-on available at the following link (https://tools.google.com/dlpage/gaoptout?hl=en).
You can find more information about the terms of use and data protection at:
marketingplatform.google.com/about/analytics/terms/us/ or at support.google.com/analytics/answer/6004245.
 

10.3    Google Analytics Conversion Tracking (Google Ads)
This website also uses Google Conversion Tracking. Google Ads places a cookie on your computer if you have accessed our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages of an Ads client’s website and the cookie has not yet expired, Google and the client can recognise that the user clicked on an ad and was redirected to that page. Each Ads client receives a different cookie. Therefore, cookies cannot be tracked on the websites of Ads clients. The data obtained using conversion cookies are used to generate conversion statistics for Ads clients who have opted in to conversion tracking. Ads clients learn the total number of users who clicked on their ad and were redirected to a page marked with a conversion tracking tag. However, they do not receive any information that would identify users. If you do not want to participate in the tracking process, you can also refuse the setting of the cookies required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate conversion tracking cookies by setting your browser so that cookies from the domain “www.googleadservices.com” are blocked. Google’s privacy policy can be found here.
When using SSL Search, Google’s encrypted search feature, search terms are typically not sent as part of the URL in the referrer URL. However, there are some exceptions, for example, if you are using certain less common browsers. For more information about SSL Search, click here. Search queries or information in the referrer URL can also be viewed through Google Analytics or the application programming interface (API). In addition, advertisers can get information about the exact search terms that triggered the ad click.
policies.google.com/faq;
 

10.4    Google Fonts
We use Google Fonts on our website. In order to ensure a uniform and attractive display of fonts and icons, your browser loads the necessary fonts into the browser cache. To do this, it is necessary that the browser you are using contacts the Google Fonts servers, which results in Google Fonts becoming aware that our website has been accessed via your IP address.
You can find information about what data Google collects about you and for what purposes it is used at policies.google.com/privacy;
 

10.5    Google Maps
We use the Google Maps service on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data already listed under the point “Use of the website for information purposes” will be transmitted. This happens regardless of whether you have a Google user account with which you are signed in or not. If you are signed in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must sign out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and/or to design its website in accordance with the requirements. This assessment is particularly conducted (even for users who are not signed in) in order to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles and must contact Google to exercise this right.
For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy:
policies.google.com/privacy;
 

10.6    Google ReCAPTCHA
We use Google ReCAPTCHA service to determine whether a human or a computer enters a specific entry in our contact or newsletter form. Google uses the following data to verify whether you are a human or a computer: the IP address of the terminal device used, the website you visit with the embedded captcha, the date and duration of the visit, data identifying the browser type and operating system used, your Google account if you are logged in to Google, mouse movements in ReCAPTCHA areas and tasks requiring image identification.
 

10.7    Google Tag Manager
We use Google Tag Manager to recognise your user behaviour. Google Tag Manager is a solution with which marketers can manage website tags via an interface. The tool itself processes the following personal data: user’s IP address. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access these data. Google Tag Manager can set cookies, at least in admin review and debug mode, but also outside of it. If deactivation has been performed at the domain or cookie level, this setting applies to all tracking tags implemented using Google Tag Manager.
More detailed information is available here: support.google.com/tagmanager/
 

11    YouTube
We operate a YouTube channel and have embedded YouTube videos on our website, which can be found at www.YouTube.com. The operator of YouTube is YouTube, LLC, with its registered office at 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube videos in enhanced privacy mode. With this setting, YouTube does not store cookies when you access our website. A connection to the YouTube servers is only established when you start playing the installed videos. YouTube uses cookies for data collection and statistical analysis. YouTube is informed about the pages you visit. If you are logged in to YouTube, your data are directly linked to your account. YouTube uses your data for advertising and market research purposes.

By using this service, the transfer of personal data to the USA occurs or cannot be excluded. Google has certified itself under the EU-U.S. Privacy Shield, i.e. the EU-U.S. Data Privacy Framework. The European Commission has determined that there is an adequate level of protection for personal data transferred from the EU to a U.S. company certified under the EU-U.S. Privacy Shield, which allows the transfer of data in accordance with Article 45 of the GDPR.

By consenting to the processing of data by YouTube, you agree that YouTube may load additional cookies and services, in particular from Google.

For more information on YouTube’s Privacy Policy, please see the provider’s privacy policy at: 
www.google.com/intl/en/policies/privacy/.

Legal basis: Article 6(1)(a) of the GDPR
 

12    Your rights
You have the following rights when it comes to the processing of your personal data:
•    Right to access information, right to rectification and right to erasure
•    Right to access personal data
•    Right to restriction of processing
•    Right to object to processing
•    Right to data portability
•    Right to object to automated individual decision-making, including profiling
 

Please send your enquiries and requests by e-mail to infodesk.croatia@ros-management.com or contact us using the contact details provided.
If you believe that we have violated Croatian or European data protection legislation when processing your data and thereby violated your rights, please contact us so that we can clarify any questions you may have.
 

You have the right to lodge a complaint at any time with an independent public authority for the protection of personal data:

Croatian Personal Data Protection Agency
Selska cesta 136, HR - 10 000 Zagreb
E-mail: azop@azop.hr 
Phone +385 (0)1 4609-000
Fax +385 (0)1 4609-099
Web: azop.hr/ 
 

13    Changes to this Privacy Policy
We reserve the right to change this Privacy Policy at any time. Any changes to the Privacy Policy will be published on this page. In this regard, please see the current version of our Privacy Policy.