Protection of personal data and privacy

Gandalf Tattoo

ALGIZ d.o.o. (hereinafter: the Company) in its business conducts personal data protection measures in accordance with the General Data Protection Regulation (GDPR), legal and regulatory obligations. If you have any questions concerning the processing of your personal data and the exercise of your rights under the General Data Protection Regulation, you may contact: [email protected]

We are fully committed to ensuring the continued and effective establishment of this policy, and we expect the same from our employees and business partners.

This policy sets forth the expected behavior of the Company, its permanent, temporary and temporary employees and business partners and third parties with respect to the collection, use, storage, transfer, disclosure or destruction of personal data processed in the Company's business processes.

PERSONAL DATA PROTECTION RULES define the purpose and manner of use of personal data, the categories of personal data we collect, the time period in which we process them, and the means of information regarding the processing of your data.

PRIVACY POLICY ON THE WEB defines how we collect and store the information we collect through the Company's website.


These rules apply to the privacy practices that the Company applies when contracting and providing services to its customers. We have defined these data protection rules to clarify the purpose and use of personal data, the categories of personal data we collect, the time period during which we process them, and to familiarize you with all ways of informing you regarding the processing of your data.


During various forms of interaction with the Company (use of the Company's publisher's websites, sending inquiries / requests by email, mailing, participating in sweepstakes and competitions, entering into advertising contracts, cooperation agreements), personal information is collected which implies, but is not limited to the following

During various forms of interaction, the Company may also collect non-personally identifiable information, including but not limited to:


We process and use personal information only for the purposes for which it was collected. The processing of personal data is only allowed to the extent that at least one of the following is fulfilled:

Use of data

The Company uses personal information for the following purposes:

Methods of data collection

Personal information is collected in one of the following ways:


The Company provides the realization of the rights of users in relation to:

The user submits the claims for the exercise of his rights in writing or verbally. If an individual files a claim relating to any of the foregoing rights, the Company will consider any such claim in accordance with all applicable data protection laws and regulations. The Company reserves the right to charge for processing customer requests in exceptional cases where requests are unreasonable.

Users have the right to be informed, upon successful submission of their request, of the following, after successful verification of their identity:

All requests for access or correction of personal information must be made by e-mail: [email protected] and each receipt will be recorded. The response to each request shall be submitted within 30 days of receipt of the user's written request.


In certain cases, the Company may seek the consent of users to process personal data for certain purposes. When the processing of a user's personal data is based on consent, the user may withdraw the consent given at any time, but this will not affect the lawfulness of the consent-based processing before it is withdrawn.


The club will not retain personal information for longer than is necessary for the purposes for which it was originally collected. The Company will retain your personal information for as long as it is necessary for the provision of products or services; as long as required in accordance with these Rules or the time of collection; as long as is necessary because of our legal obligations, the resolution of disputes and the execution of our contracts; or to the extent permitted by law. When the retention period expires, the Company will erase personal data in a way that ensures that they cannot be reconstructed or read.


The Company implements physical, technical and organizational measures that guarantee the security of personal information (eg prevention of loss or damage, unauthorized alteration, access or processing and other threats to which personal data caused by human activity or the physical / natural environment may be exposed).

The security measures implemented are aimed at:


In certain circumstances, personal information is allowed to be shared without the knowledge or consent of the user. And when disclosure of personal information is required for any of the following purposes:


In case of complaints regarding compliance with these and other rules regarding the protection of personal data, please contact us by e-mail [email protected]. In the event of a complaint, we will investigate the entire situation regarding the use and disclosure of personal information in accordance with these policies and will attempt to resolve it as soon as possible.


Although the Company is focused on informing the general public, we are well aware that children deserve special protection in every respect, including the protection of personal data, since they may be less aware of the risks and possible consequences of disclosing their information.

Pursuant to Article 19, paragraph 1 of the Law on Implementation of the General Data Protection Regulation (NN 42/2018), the Company considers all persons under the age of 16 to be children, and does not seek or collect personal information about or about children without the consent of the holder of parental responsibility.

Therefore, the Company will make every reasonable effort to process the information it receives from children only with the consent of the holder of parental responsibility.

If the Company learns that the personal information of the children has been sent to it but without the valid consent of the holder of parental responsibility, the Company will make reasonable efforts to do the following:

If a parent or guardian has questions regarding our processing of their child's personal information, please feel free to contact us using the details in the next section.


We process your information within the European Economic Area. If there is a need to transfer personal data outside the area, such transfer will only take place if the European Commission has confirmed that the third country has fulfilled a certain level of data protection or if there are appropriate safeguards under applicable law (eg binding corporate rules, standard contractual clause).


You may object to the processing of your personal data at any time if you believe that in the processing of your data we have breached the Croatian or European data protection regulations to the supervisory authority of the Personal Data Protection Agency, Martićeva 14, Zagreb, [email protected]


The Company recognizes and appreciates your right to confidentiality of information and is committed to maintaining the security of the information it collects through the Company's website. Your personal information is collected and used only on the basis of information you have voluntarily provided to the Company, using the Website (personal information such as name, address, city, e-mail, year of birth). The collected personal information is stored electronically and all appropriate technical and organizational measures are applied to prevent the personal data being violated. E-mails received with your personal information will be used by the Company only for the purpose of fulfilling your requests.


Cookies allow you to collect statistics about user behavior on web pages (e.g., what parts of the webpage are retained by users for the longest and where the shortest), which browser (e.g., Internet Explorer, Opera, Safari, Google Chrome, Firefox) is used and similar to.

A cookie is a small packet of data sent from a server to a user's computer and serves as an anonymous identifier. The purpose of cookies is to improve the user experience when using the Website. Cookies on the Company's Web site are anonymized and are not used for the purpose of accessing user data or for tracking user activity after leaving.

The Company's website monitors the statistical traffic of its pages solely to obtain the necessary information about the attractiveness and performance of its pages.

Search engine owners are keeping you informed about how cookies are managed. Read more at the related links.

For the remaining search engines, please consult the documentation provided by the search engine-owned company in question.


The club sends out promotional materials through digital communication channels to individuals with whom at some point it has achieved some form of cooperation (subscribers, participants in sweepstakes and prize competitions) and who have provided us with contact information for such form of communication. The users of the Company's services have the right at any time to disable the service of receiving promotional material, and the Company will provide tools to enforce the right to be deleted from the notification database. The legal basis for processing the data for these purposes is the legitimate interest of the Company.

Contact information, such as your name and e-mail address, is necessary if you wish to use the services of receiving promotional material from the Company. Promotional material includes information about services and special offers as well as newsletters.

The customer will be notified at the time of first contact or at any stage of the service's use of their information for digital marketing purposes.

The general opt-out option is not available for some forms of non-marketing communications, such as communications related to the download of a product or service, sales transactions, prize money you participated in, legal compliance statements and (when permitted by law).

The Company may use the technical services of external business partners to deliver newsletters. In this case, we only process the email address you provided to receive the Newsletter for processing. We also ensure that the selected business partner uses the newsletter only for the delivery of our Newsletters, for the duration of your subscription, and may not use it for other purposes. Except as provided in the circumstances, the Company will not share your contact information that you provide to sign up for the Newsletter with third parties.


The Company takes all precautionary measures to protect user information, during entry and transfer, data processing and storage. Access to data is restricted and is available only to those and employees of the Company who need it to perform business activities.

The personal data provided to the Company at the time of registration will be kept during the existence of the Website or for the duration of registration of users. All information provided to the Company when registering on the Website will be destroyed at the latest upon shutting down the Website.

At any time, users have the right to request notification of their personal data being processed by the Company, or to modify or delete it, by sending a request to: [email protected].


We regularly review our privacy policies and see if they reflect the way the Company processes personal information. The current version is always available on our site, and if any major changes affect your rights and freedoms, we will notify you directly.

The Company reserves the right to transfer personal data within its business group as well as to third parties, respecting the principle of an adequate level of legal protection for users' rights and freedoms.

The transfer of personal data is carried out if at least one of the following conditions is met:

In order to operate effectively, it is necessary to transfer personal information from one of the above listed companies and associations to another. In these cases, Algiz d.o.o. is responsible for protecting the personal data transmitted.