PGM Ragusa d.d. respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and protect your data in accordance with the General Data Protection Regulation (GDPR) and the Croatian Act on the Implementation of the General Data Protection Regulation.
1. Data controller
PGM Ragusa d.d.
Vukovarska 17, 20000 Dubrovnik, Croatia
OIB: 68907889567
E-mail: uprava@pgm-ragusa.hr
Phone: 020 492 400
For any questions regarding the protection of personal data you can contact us using the details above.
2. What personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
Data you provide to us directly:
- Name and surname
- Company name and position
- E-mail address
- Phone number
- Postal address
- Content of your inquiry or message
Data collected automatically:
- IP address
- Browser type and version
- Operating system
- Date and time of visit
- Pages you visited
- Source of arrival to the site
3. Purpose and legal basis of processing
| Purpose of processing | Legal basis |
|---|---|
| Responding to inquiries and communication | Legitimate interest / Performance of a contract |
| Conclusion and performance of a contract | Performance of a contract |
| Invoicing and accounting | Legal obligation |
| Website improvement | Legitimate interest |
| Sending product notifications (with consent) | Consent |
4. Cookies
Our website uses cookies to improve the user experience. Cookies are small text files stored on your device.
Types of cookies we use:
- Necessary cookies – required for the basic functioning of the site. You cannot disable them.
- Analytical cookies – help us understand how visitors use the site (e.g. Google Analytics).
- Functional cookies – remember your settings and preferences.
You can control and delete cookies through your browser settings. Please note that disabling some cookies may affect the functionality of the site.
5. Sharing data with third parties
We do not sell or rent your personal data to third parties. We may share data only in the following cases:
- Service providers – companies that help us in our operations (hosting, accounting, IT support) and that are contractually obliged to protect your data
- Legal obligations – when we are legally obliged to disclose data (courts, state authorities)
- Business restructuring – in the event of a merger, acquisition or sale of part of the business
6. Transfer of data outside the EU/EEA
As a rule, your data is processed within the European Union. If a transfer of data outside the EU/EEA occurs (e.g. by using cloud services), we ensure appropriate safeguards in accordance with the GDPR, such as standard contractual clauses.
7. Data retention period
We keep your personal data only for as long as necessary to fulfil the purpose for which it was collected:
- Inquiry data – up to 2 years after the last communication
- Contract data – 10 years from the performance of the contract (legal obligation)
- Accounting documentation – 11 years (Accounting Act)
- Consent data – until consent is withdrawn
8. Your rights
Under the GDPR, you have the following rights:
- Right of access – you can request information about whether we process your data and a copy of it
- Right to rectification – you can request correction of inaccurate or incomplete data
- Right to erasure – you can request deletion of your data ("right to be forgotten")
- Right to restriction of processing – you can request restriction of processing in certain situations
- Right to portability – you can request the transfer of data to another controller
- Right to object – you can object to processing based on legitimate interest
- Right to withdraw consent – if processing is based on consent, you can withdraw it at any time
To exercise your rights, contact us at uprava@pgm-ragusa.hr. We will respond to your request within 30 days.
9. Right to complain
If you believe that the processing of your data does not comply with regulations, you have the right to lodge a complaint with the supervisory authority:
Croatian Personal Data Protection Agency (AZOP)
Selska cesta 136, 10000 Zagreb
Web: www.azop.hr
10. Data security
We apply appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction or disclosure, including:
- SSL encryption for data transfer
- Restricted access to personal data to authorized persons only
- Regular backups
- Physical protection of servers and equipment
11. Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy. We will notify you of any significant changes via the website. We recommend reviewing this page periodically.
Last updated: December 2025.