Privacy and personal data protection rules

This Privacy and Personal Data Protection Policy (hereinafter: Rules), based on Regulation of the European Parliament and of the Council (EU) 2016/679 of 27. April 2016 on the protection of individuals in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (hereinafter referred to as the General Data Protection Regulation), explain what personal data is collected in connection with the provision of our services and products, how we process, use and protect this data, for what purposes we use it, as well as what your rights are.

In order to know how and for what purposes M SAN Grupa doo, as a data controller, processes your data, please read these rules. Your privacy and the protection of personal data are extremely important to us.

If you would like to contact us regarding these policies or regarding your personal information, please use the following contact information:

M SAN Grupa d.o.o.

2018 BookingSuite

10372 Rugvica, Croatia, EU

Phone: +385 (0) 1 3654 900
Fax: +385 (0) 1 3654 926


You can contact the Data Protection Officer at: v


  1. Who processes your personal data?

M SAN Grupa doo collects personal data for marketing purposes, for the purpose of improving business and your user experience.

M SAN Grupa d.o.o. also has a website and adheres  to all applicable regulations with the aim of protecting the privacy of its Customers or Users.

This document describes how the processing manager of M SAN Grupa doo processes the personal data of customers and/or potential customers or other users. M SAN Grupa doo takes care of ensuring all security measures for your personal data.

For all questions regarding personal data, you can contact our data protection officer via

Customers of M SAN Grupa d.o.o. (hereinafter: Customers) or Users of our products and services, Users who are recipients of our notifications about products and services and Users who access our website (hereinafter: Users) are instructed to read all of the above in this Policy in order to easier understand which data M SAN Grupa d.o.o.  collects and processes, for what purpose, on what legal basis, with whom and why it shares them, what protective measures it implements, and what are the rights of Customers or Users as respondents.


  1. What categories of personal data do we process?

When performing the tasks for which we are registered as a company, we will process different categories of personal data.

  1. a) Customer support

If you contact our office or customer support or through any other means of communication available to you, we need your contact information in order to resolve the issue you are contacting us with. In addition to the above, we will have to identify you in a manner that is prescribed in detail in our other internal acts. We will use the data you provide us only for the specified purpose. In certain cases, we will use the services of other legal entities to whom we entrust your data only to the extent that this will be necessary to solve your case (eg authorized companies that provide customer support for us or maintain the system or perform some repairs).

  1. b) Website

When you send any type of inquiry through our website, we collect your first and last name and contact information (email address, phone number).  M SAN Grupa d.o.o.  automatically collects personal information from your computer, and there are situations in which we collect other types of information such as the date and time of access to our website, information about the hardware, software or internet browser you use, as well as about your computer’s operating system and application version and your language settings. We may collect information about the clicks and   your access to our pages that are shown to you.

  1. c) Employees and associates

M SAN Grupa d.o.o.  collects and processes personal data from its employees and other associates for the purpose of executing employment contracts signed with employees and consulting contracts and/or service contracts signed with associates relating to personnel, administrative or other business/contractual purposes. In the latter case, we collect and process data such as: name, surname, gender; marital status, citizenship, residence, date and place of birth, personal identification number; title, occupation, information on professional training, information related to health insurance, work experience; information about the account number (IBAN), signature, etc.

  1. d) Suppliers and our business partners

We collect and process data from suppliers and other clients, ie associates and business partners, for the purpose of fulfilling contractual obligations, such as: name and surname of the responsible person in the legal entity; contact details of the person in charge of communication and fulfillment of contractual obligations.

  1. e) Tender procedure

From job candidates, all for the purpose of possible employment, data that M SAN Grupa doo collects and processes may include: name, surname, address, contact information, level of education, citizenship, title and occupation, information on previous work experience, information on professional development and training, as well as test results that may reflect the candidate’s ability to perform all work duties that the specific position applied for places before him/her. Processing is based on consent for the clearly indicated purpose of data collection. We will inform you about everything when the tender procedure is opened.

  1. f) Receiving information about our services and products/newsletter

We collect information such as e-mail address from subscribers to our newsletter, for the purpose of informing them about our new products and benefits that you can enjoy. The processing of this category of data is based on consent or on the basis of our legitimate interests, primarily to control and ensure a high standard of quality of our services and products, and thus to achieve your satisfaction, especially for the purpose of sending information about our products and services with which you can achieve additional savings, reduce the cost of using electricity and increase satisfaction with our services.

  1. g) Exercising the rights of respondents and responding to the requests of Users and Customers

When processing your requests for the protection of rights, your personal data such as name, surname, OIB, or address will be processed. We must process the data in order to fulfill the obligations arising from the applicable regulations.


  1. What are your rights in terms of personal data protection?

M SAN Grupa doo respects that every user should be able to ensure the accuracy, completeness and updating of their personal data. If the user believes that his personal data is incomplete, inaccurate or not up-to-date, he can contact M SAN Grupa d.o.o.   by sending e-mails to .


Please note that at any time you have the right to request the following    from M SAN Grupa d.o.o.:


Yes give you access to your personal data


You can ask the data controller which of your personal data it uses, and you can also request access to this personal data. You have the right to know the purpose of the processing, which categories of your personal data we keep, the bodies or categories of bodies with which we share your personal data, the data retention period, as well as the data source in case the data is collected indirectly.

You can contact us if you want a copy of some or all of the personal data we keep about you.

Request correction of incorrect data

We want your personal information to be accurate and up-to-date. You can ask us to correct or remove information that you think is inaccurate or out of date.

Request deletion of personal data

You can ask the controller to stop processing or even delete your personal data. If we need your personal data to perform some contractual obligation towards you, the data controller may cease to be able to perform such contractual obligations. Also, if your personal data is required to fulfill certain legal obligations (eg tax obligations), your request may not be fulfilled.

Limiting access to your data (to us and/or third parties) in certain processes or completely

If you want to dispute the accuracy of the data, or we no longer need personal data for the purpose of processing, but you need them for the establishment, execution or processing of legal requirements, or you objected to the processing on a basis that we consider legitimate, you have the right to request the restriction of the processing of personal data.

Submit an objection to the way we use your data

Remember that you have the right to object to the processing of personal data based on a legal basis that M SAN Grupa doo considers legitimate.

Request the transfer of data to another processor (transferability of rights)

If the processing is based on your consent or is done by automatic means, you have the right to ask M SAN Grupa doo to transfer the data to another processor.


In order to exercise any of the above rights, please use the contact information provided at the beginning of these Rules.


If you are not satisfied with the way we have collected or used your personal data, you can file a formal complaint with the Personal Data Protection Agency.


  1. Where your personal data is stored and who has access to your data

We store the personal data we collect about you in a secure environment. Your personal information is protected from unauthorized access, disclosure, use, alteration or destruction by any organization or individual.

The processed data is stored in our premises and IT systems, but sometimes we store the data on the servers of our trusted service providers.

M SAN Grupa doo will ensure that personal data is kept in a secure place (which includes reasonable administrative, technical and physical protection to prevent unauthorized use, access, disclosure, copying or modification of personal data), which can only be accessed by authorized persons.

Data collected for the purposes specified in these Rules will be stored only for as long as it is necessary to fulfill the specified purposes. Your personal data will not be stored in a form that allows you to be identified for longer than M SAN Grupa doo reasonably considers necessary to achieve the purpose for which it was collected or processed. If you are interested in specific data retention periods, you can always contact our data protection officer.

M SAN Grupa doo will store certain personal data for the period of time prescribed by the law or regulation that obliges M SAN Grupa doo to store data.

If you have given us your consent, we will process your personal data until you withdraw your consent. If you declare a well-founded objection to the processing of personal data based on a legitimate interest, we will not process your personal data in the future.

In addition to all of the above, it is important to point out that if a judicial, administrative or extrajudicial proceeding has been initiated, personal data may be stored until the end of such proceedings, including the possible period for filing legal remedies. Yes , M SAN Grupa d.o.o. will store certain personal data for the period prescribed by the law or regulation that obliges the data controller to store data.

Privacy protection is important to us, so we will never share your personal information with third parties except for the purposes described in these Rules.


  1. Does M SAN Grupa doo share data with third parties?

M SAN Grupa doo cooperates with other companies. This means that we sometimes share your personal data, using secure IT systems. When we act in this way, the data is transferred to servers located in the EU or in a country that provides an adequate level of protection in accordance with EU legislation.

M SAN Grupa doo, as the manager of personal data processing, can transfer personal data outside the EU if they are necessary for the execution of the contract between M SAN Grupa doo and the processor and/or another data manager or to fulfill legal obligations. In the latter case, M SAN Grupa doo transfers personal data only to countries that provide an appropriate level of protection, through model contracts that contain binding provisions or through binding corporate rules; or in accordance with an approved certification mechanism and/or privacy protection framework when transferring personal data from the European Union and Switzerland.

M SAN Grupa doo uses tools and services of social networks that do not operate in the territory of the European Union, and we are obliged to inform you that these third parties that manage social networks can transfer your data to the USA, where they are shared with the intelligence services in accordance with the regulations in force in USA.

We care about the protection of your personal data, and that is precisely why we have launched mechanisms that will enable an even greater level of your protection. The temporary transfer of data in relation to the service providers Google, LinkedIn and Facebook is carried out based on the consent of the respondent to the proposed transfer, whereby we always note that there are risks in making such transfers due to the absence of a decision on adequacy and appropriate protective measures by Google Ireland Ltd., Linkedin Ireland Unlimited Company and Facebook Ireland Ltd. as independent data processors.

M SAN Group will send a special notice to Users and Customers in the following cases:

–              that the transfer of data is necessary for the execution of the contract or the implementation of pre-contractual measures at the request of the respondent; or

–              that the transfer is necessary for the purpose of concluding or executing a contract concluded in the interest of you as a Customer or User, between us as a data controller and another natural or legal person; or

–              that the transfer is necessary for establishing, realizing or defending certain legal claims.

We will inform you additionally and in a timely manner about all the measures taken, and we will also change our internal documents after the completion of the ongoing procedures.

We may provide your personal information to our trusted partners who maintain our IT system or provide services on behalf of M SAN Grupa doo, for example, for the purposes of marketing, delivery, finance, advertising, service services, debt collection services, legal services and other services in outside of M SAN Grupa doo, without which we would not be able to adequately fulfill our obligations and contracted services. These service providers are nevertheless obliged, according to the relevant contracts, to use the data entrusted to them only in accordance with our guidelines and exclusively for the purpose that we have strictly determined. We also oblige them to adequately protect your data and to consider it a business secret. In addition, you do not have to worry because regular audits check the compliance of our partners with the valid regulations of the Republic of Croatia.


  1. Period and location of data storage

The storage period of the personal data we collect depends on the purpose of the processing for which it was collected.

We retain your personal data during the process of entering into a contract and during the use of our services or products, and we delete them upon termination of the contractual relationship, upon the expiration of all legal obligations or the termination of the existence of legal bases from the General Data Protection Regulation, related to the processing of your personal data. Yes , we have to inform you that in certain situations we will not be able to delete your data because we are obliged to keep them by other valid regulations of the Republic of Croatia.

We retain your personal data, in the event that the procedure for forced collection of unpaid claims has been initiated, until the legal end of the procedure or, if a complaint about the product or service has been filed within the deadline, until the final completion of the complaint procedures in accordance with the applicable regulations.


  1. Other websites

These Privacy Policy refer only to the use and use of data that M SAN Grupa doo collects from users (respondents). Other websites that can be accessed through the website of M SAN Grupa doo have their own statements on confidentiality and data collection and the methods of their use and publication.

M SAN Grupa d.o.o.  is not responsible for the methods and conditions of work of third parties. You can read more about the privacy policies of third parties on their websites.







In the event that you have questions regarding the collection and processing of data by Facebook, YouTube, Instagram and/or LinkedIn or wish to exercise any of your rights guaranteed by the General Data Protection Regulation, please contact:


FACEBOOK IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Contact of the data protection officer:

 If you are not satisfied with the way your personal data is collected and processed, you can contact the lead supervisory authority of Facebook, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.


Google Ireland, Ltd., Gordon House Barrow St, Dublin 4, Ireland

Contact of the data protection officer:

If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority for YouTube, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.



FACEBOOK IRELAND Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

 Contact of the data protection officer:

If you are not satisfied with the way your personal data is collected and processed, you can contact the leading supervisory authority for Instagram, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.


Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland

Contact of the data protection officer:

If you are not satisfied with the way in which your personal data is collected and processed, you can contact the leading supervisory authority for LinkedIn Ireland, the Irish Data Protection Commissioner or the Personal Data Protection Agency of the Republic of Croatia.


  1. Use of Internet cookies (“cookies”)

In order to maintain the website and ensure its functionality, M SAN Grupa doo uses technology commonly known as “cookies”.

A cookie is a small text file that is stored on your computer or mobile device when you visit a particular website. With cookies, the website can remember your actions and settings (such as login, language, font size and other display-related settings) for a set time, so that you do not have to re-enter them every time you return to the page or browse different other M SAN Grupa doo pages. Cookies can be temporary or permanent, for example, JavaScript or Flash technology. Thanks to cookies on our site, you can search content without difficulty and you will be shown results that are relevant to you.

Read more in the Cookie Policy.


  1. Use of Google Analytics tools

For statistical analysis and measurement of the effectiveness of  the we use Google Analytics – a service for measuring attendance and related Google services.

You can find out more about Google’s privacy policy at .

These rules do not apply to services and third parties that have separate privacy rules, however, in accordance with the regulations related to the protection of personal data, M SAN Grupa doo is obliged to inform its users about the data collected by Google when providing its services to other physical and legal entities.

M SAN Grupa doo cannot fully influence the processing of data by Google as part of your use of their services. Please read the sections of this policy carefully to learn how Google processes your personal data.

Data collected by Google includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number.

In addition, Google collects data about the interaction of applications, browsers and devices with Google services, including IP address, crash reports, system activity, and the date, time and referral URL of the respondent’s web request.

Google collects data when a Google service on your device contacts Google servers – for example, when you install an app from the Play Store or when the service checks for automatic updates. If you use an Android device with Google apps, your device periodically contacts Google’s servers to provide device information and connect to their services. This includes information such as device type, carrier name, crash reports and apps you have installed.

Read more about the Google and other cookies used in the Cookie Policy.


  1. Entry into force and changes to the Rules

These Rules enter into force upon publication on the website.

M SAN Grupa doo reserves the right to amend these Rules and they will be published on the website. In the event that the change greatly affects your rights or represents a risk in relation to the exercise of your rights, we will inform you about the changes in another, depending on the specific situation, most adequate way.