Your first point of contact for privacy aspects at Q is our Data Protection Officer (DPO). You can contact our DPO or us by phone (+385 1 481 6175), email (gdpr@q.agency) or by mail at our registered office address at Reljkovićeva ulica 4, 10000 Zagreb, Croatia.

You have the right to file a complaint with the Croatian Personal Data Protection Agency (AZOP), the national supervisory authority for data protection issues in Croatia (https://azop.hr/).

Consent is a freely given, specific, informed and unambiguous indication of a data subject’s wishes by which he or she, by a statement or a clear affirmative action signifies agreement to the processing of personal data.

Cookies are small text files in the source code of a website which are downloaded by the browser to your device. You can find out more about cookies and how we use them in our Cookie Policy.

Data controller is the person or organization (any natural or legal person) that decides how and why personal data is processed.

Data processor is the person or organization (any natural or legal person) that processes personal data on behalf of the data controller.

Data subject or you, refers to any natural person who shares their personal data with us.

Personal data refers to any information or pieces of information that could identify you either directly or indirectly from one or more identifiers or from factors specific to the individual.

Processing means any operation or set of operations performed on personal data, whether or not by automated means. This includes collecting, storing, using, sharing, even deletion and destruction.

We only collect data which is necessary, relevant and adequate for the purpose for which you are providing them. We collect personal data:

When you visit our website

We collect personal data about you when you use our website (https://q.agency/). Without it, we may not be able to provide the services you requested.

Automatically collected data

We use cookies and similar technologies on our website. The cookies are either placed automatically (necessary cookies) or you will have to provide your consent for them (functional and performance and marketing cookies).

For more information and your opt-out options, please visit our Cookie Policy.

Data you provide to us

Name and surname

E-mail address

Affiliation

Additional information

This data may include your contact and other information when you give your personal data to us by (i) filling out our “Contact Us” form provided on our website, (ii) sending us an email or (iii) when you apply for a job or internship with us.

If you contact us via our “Contact us” form on our website, we will ask you to provide your name, surname and email address. At your discretion, you may provide us with additional information about you, such as affiliations, company on behalf you are getting in touch with us, country, and any other information you decide to share with us.

In case you decide to submit an application for a job position at Q, we will ask you to provide your name and surname, email address, place of residence, information about your education, previous work experience, and any other information you share with us in your resume (CV) when you apply for a position via our careers site. We may also collect other additional information about you from other web sites (such as business networking sites) if your resume (CV) or application contains links to such sources and other publicly available sources.

When you visit our offices

We may collect your personal data such as your name, surname, affiliation and contact details. For processing of this data, we will ask you to provide your consent. If you visit our offices we may also process your personal data via CCTV recordings, as some entrances and spaces are under CCTV surveillance to manage and control access and guarantee safety and security for our employees and other persons. You will be notified about such processing and all your related rights prior to your entry to such spaces.

When you provide your products or services to us

We may collect name and surname, address, phone number, email address, as well as your billing information, including your bank account details, billing address, VAT number and any other information we are legally required to obtain or necessary to obtain to enter into an agreement if you are our supplier.

We may collect your personal data either directly from you when you interact with us directly, correspond with us or submit information to us by email, phone, on social media, when you visit our offices, enter into contractual relationship with us or automatically when you access and browse our website, when we collect information about your usage and activity on our website, using certain technologies, such as cookies.

Please note that we also use publicly available information.

Our website may include links to third-party websites, plug-ins and applications. Following those links or enabling those connections may allow third parties to collect or process data about you, but please be advised that we do not control these third-party websites and we are not responsible for their privacy practices, so we encourage you to read their privacy policies.

We will not retain your personal information for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of personal information.

• Information we collect when you visit our website

How long we keep it depends on the type of cookies. Please visit our Cookie Policy for more details on data retention periods for cookies.

• Information we collect from you when you visit our offices

Information collected via CCTV (video surveillance) will be automatically deleted after 30 days.

• Information we collect from you provide your products or services 

Some personal information of a supplier will be deleted 12 months after the end of our business relationship with the supplier. However, some information will be deleted after 6 or 11 years, and some will have to be kept permanently due to obligations prescribed by Croatian laws and regulations.

Other data you provide to us, such as data needed to process your request or inquiry or communicate with you when you directly contact us, will be deleted after 6 months, unless we have entered into a contract with you where other data retention rules will apply.

We rely on the following legal basis for processing:

Consent

We rely on your consent for the following purposes: cookies (other than necessary cookies), for certain instances of personal data you provide to us when we use your products or services.

You have the right to withdraw consent at any time, without affecting the lawfulness of the processing based on your consent prior to such withdrawal.

Contractual relationship

We need to process certain data which may include personal data, prior to entering into an agreement with you and to fulfill our obligations under the contract we have with you, including processing your request, providing the agreed services, and managing and fulfilling our contractual obligations.

To comply with a legal obligation

We may need to process your personal information to comply with various legal obligations, including responding to legal requests and legal processes, complying with laws and regulations, and maintaining records for tax, audit and other legal purposes.

Legitimate interest

Sometimes, it is in our legitimate interest to process your personal information for reasons such as improving our services, ensuring security of our services or analyzing and understanding our audience to enhance user experience.

We will not use the data for any purpose nor on any basis other than those listed above. If we need to process personal information for reasons other than those mentioned above, we will explicitly ask for your permission.

Q does not conduct any decision making process without human intervention, so-called automated decision making, that could have a significant impact on you.

We are committed to privacy and safety, and we have taken appropriate organizational and technical measures for the protection of the personal data.

The security of the processing of your personal data is confirmed by the ISO 27001:2013 and ISO/IEC 27701:2019 standards.

We ensure that our employees receive thorough, complete and regular training on data protection practices to ensure they handle personal data appropriately and securely.

As a data subject, you have the following rights which you can exercise by reaching directly to our Data Protection Officer via email: gdpr@q.agency or via phone: +385 1 481 6175 as a first instance.

Right to access means that you have the right to learn whether we process your personal information, and the right to request a copy of your personal information.

Right to rectification if you believe that any of the information is inaccurate or incomplete.

Right to be forgotten means the right to require us to delete and remove any of your personal information we have.

Right to restriction of processing of your personal information.

Right to portability allows you to obtain and reuse your personal information across services, enabling you to request a copy of your data from us, as well as to transfer your data easily from us as the Data Controller to another data controller.

Right to object to using your personal information for a particular purpose.

If this does not lead to a satisfactory outcome, then there is always the right to file a complaint with the Personal Data Protection Agency (Agencija za zaštitu osobnih podataka – AZOP); the supervisory authority in the area of privacy.